Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

OpenCloud Security threat on my computer: Malwarebytes closes within seconds of scan


  • This topic is locked This topic is locked
24 replies to this topic

#1 Elle Scorcho

Elle Scorcho

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 18 September 2011 - 06:54 PM

Problem:
After turning on my computer last night, the OpenCloud Security program popped up. I ran Rkill until it finished, and then tried to run Malwarebytes. After about three seconds, the program will quit. If I try to rerun the program, a popup says "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

How I've tried to fix it:
I tried uninstalling and reinstalling Malwarebytes, but I still run into the same problem. Renaming the file gives me the same results.

After creating a DDS log, I then I then tried creating a GMER Log, but that too will immediately close out and give me the "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item" if I try to rerun it."

Additional info
I haven't seen the OpenCloud Security screen pop up all day, but my computer is now running abnormally slow. Thank you in advance to anyone who may offer some help!

(Edit: 9/18/11 10:09pm)
I was just told by my boyfriend that the OpenCloud program itself hasn't popped up because he manually deleted its files earlier. The problem with running Malwarebytes still applies.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_22
Run by Owner at 19:45:40 on 2011-09-18
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3061.2062 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\sttray.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Windows\System32\ctfmon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5478
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5478
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5478
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\google\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [OpenCloud Security] c:\users\owner\appdata\roaming\opencloud security\OpenCloud Security.exe
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8B5ECFE3-2191-41E3-824E-F47064CD202C} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{CD404086-8A76-43C3-8A83-D41277CA6D6E} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\yvvgj10p.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-6 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-6 301528]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-4-21 218688]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-6 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-6 53592]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2007-2-18 5376]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-6 24652]
R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;c:\windows\system32\drivers\AVer88xHD.sys [2007-6-5 401408]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-6-5 5504]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-6 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-5 136176]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2007-4-6 36312]
S3 athrusb;XPC 802.11b/g Wireless Kit Driver;c:\windows\system32\drivers\athrusb.sys [2006-12-22 449536]
S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\drivers\athru6.sys [2007-7-5 873472]
S3 Boonty Games;Boonty Games;c:\program files\common files\boonty shared\service\Boonty.exe [2008-8-18 69120]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2007-11-6 20608]
S3 DHTRACE;Intel® DHTrace Controller;c:\program files\common files\intel\inteldh\bin\DHTraceController.exe [2007-4-6 39896]
S3 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2007-2-12 208896]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-5 136176]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-3-30 28672]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2007-4-6 158168]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 NMSCore;Intel® NMSCore;c:\program files\common files\intel\inteldh\nms\nmscore\NMSCore.exe [2007-4-6 313816]
S3 QualityManager;Intel® Quality Manager;c:\program files\intel\inteldh\intel media server\media server\bin\QualityManager.exe [2007-4-6 272856]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-09-18 04:59:41 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-18 04:31:46 -------- d--h--w- c:\windows\PIF
2011-09-18 04:27:23 -------- d-----w- c:\windows\pss
2011-08-29 17:19:35 0 ----a-w- c:\users\owner\appdata\local\yrpq.exe
2011-08-29 17:19:35 0 ----a-w- c:\users\owner\appdata\local\rgax.exe
2011-08-29 17:19:35 0 ----a-w- c:\users\owner\appdata\local\ogcx.exe
2011-08-29 17:19:35 0 ----a-w- c:\users\owner\appdata\local\ahil.exe
2011-08-29 17:19:35 0 ----a-w- c:\programdata\rhko.exe
2011-08-29 17:19:35 0 ----a-w- c:\programdata\qunk.exe
2011-08-29 17:19:35 0 ----a-w- c:\programdata\igsg.exe
2011-08-29 17:19:35 0 ----a-w- c:\programdata\eftt.exe
.
==================== Find3M ====================
.
2011-07-23 20:47:13 256 ----a-w- c:\windows\system32\pool.bin
2011-07-06 14:56:47 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
============= FINISH: 19:46:44.33 ===============

Edited by Elle Scorcho, 18 September 2011 - 09:11 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 AM

Posted 23 September 2011 - 06:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/419508 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Elle Scorcho

Elle Scorcho
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 23 September 2011 - 09:31 PM

My problem remains the same as noted in my original post. I have tried to run Malwarebytes multiples times with no luck (I've tried reinstalling and renaming the file as suggested by several sources).

I am also now unable to open up the GMER zip at all , as I'm given the message "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item".

My computer is running Windows Vista 32 bit.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_22
Run by Owner at 22:22:39 on 2011-09-23
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3061.1988 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\ctfmon.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5478
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5478
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5478
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\google\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [OpenCloud Security] c:\users\owner\appdata\roaming\opencloud security\OpenCloud Security.exe
mRun: [volmgr] c:\windows\system32\config\systemprofile\appdata\local\volmgr.exe
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8B5ECFE3-2191-41E3-824E-F47064CD202C} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{CD404086-8A76-43C3-8A83-D41277CA6D6E} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 95.64.61.141 www.google.com
Hosts: 95.64.61.142 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\yvvgj10p.default\
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-6 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-6 301528]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-4-21 218688]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-6 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-6 53592]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2007-2-18 5376]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-6 24652]
R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;c:\windows\system32\drivers\AVer88xHD.sys [2007-6-5 401408]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-6-5 5504]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-6 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-5 136176]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2007-4-6 36312]
S3 athrusb;XPC 802.11b/g Wireless Kit Driver;c:\windows\system32\drivers\athrusb.sys [2006-12-22 449536]
S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\drivers\athru6.sys [2007-7-5 873472]
S3 Boonty Games;Boonty Games;c:\program files\common files\boonty shared\service\Boonty.exe [2008-8-18 69120]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2007-11-6 20608]
S3 DHTRACE;Intel® DHTrace Controller;c:\program files\common files\intel\inteldh\bin\DHTraceController.exe [2007-4-6 39896]
S3 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2007-2-12 208896]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-5 136176]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-3-30 28672]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2007-4-6 158168]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 NMSCore;Intel® NMSCore;c:\program files\common files\intel\inteldh\nms\nmscore\NMSCore.exe [2007-4-6 313816]
S3 QualityManager;Intel® Quality Manager;c:\program files\intel\inteldh\intel media server\media server\bin\QualityManager.exe [2007-4-6 272856]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-09-22 03:35:27 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
2011-09-22 03:35:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-22 03:35:16 -------- d-----w- c:\programdata\Malwarebytes
2011-09-22 03:35:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-20 20:26:15 -------- d-----w- c:\users\owner\appdata\roaming\OpenCloud Security
2011-09-18 04:31:46 -------- d--h--w- c:\windows\PIF
2011-09-18 04:27:23 -------- d-----w- c:\windows\pss
2011-08-29 17:19:35 0 ----a-w- c:\users\owner\appdata\local\yrpq.exe
2011-08-29 17:19:35 0 ----a-w- c:\users\owner\appdata\local\rgax.exe
2011-08-29 17:19:35 0 ----a-w- c:\users\owner\appdata\local\ogcx.exe
2011-08-29 17:19:35 0 ----a-w- c:\users\owner\appdata\local\ahil.exe
2011-08-29 17:19:35 0 ----a-w- c:\programdata\rhko.exe
2011-08-29 17:19:35 0 ----a-w- c:\programdata\qunk.exe
2011-08-29 17:19:35 0 ----a-w- c:\programdata\igsg.exe
2011-08-29 17:19:35 0 ----a-w- c:\programdata\eftt.exe
.
==================== Find3M ====================
.
2011-07-23 20:47:13 256 ----a-w- c:\windows\system32\pool.bin
2011-07-06 14:56:47 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
============= FINISH: 22:23:32.43 ===============

Attached Files


Edited by Elle Scorcho, 23 September 2011 - 09:33 PM.


#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:46 PM

Posted 24 September 2011 - 10:21 AM

Hello Elle Scorcho and welcome to BC. :)


Viewpoint Warning:

I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player



P2P Warning:

BitLord 1.1

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes .

These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."



=====================================


Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 Elle Scorcho

Elle Scorcho
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 24 September 2011 - 05:29 PM

Thank you very much for replying to my topic. :)

EDIT: What I previously wrote here should be disregarded. It took a while, but Combofix finally did it's thing.

ComboFix 11-09-24.04 - Owner 09/24/2011 20:17:22.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3061.2033 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Settings
c:\program files\Search Settings\kb128\SearchSettingsRes409.dll
c:\programdata\eftt.exe
c:\programdata\igsg.exe
c:\programdata\qunk.exe
c:\programdata\rhko.exe
c:\programdata\Windows
c:\users\Owner\AppData\Local\{186405C2-56E5-4B44-815F-24B073E84FE9}
c:\users\Owner\AppData\Local\{186405C2-56E5-4B44-815F-24B073E84FE9}\chrome.manifest
c:\users\Owner\AppData\Local\{186405C2-56E5-4B44-815F-24B073E84FE9}\chrome\content\_cfg.js
c:\users\Owner\AppData\Local\{186405C2-56E5-4B44-815F-24B073E84FE9}\chrome\content\overlay.xul
c:\users\Owner\AppData\Local\{186405C2-56E5-4B44-815F-24B073E84FE9}\install.rdf
c:\users\Owner\AppData\Local\ahil.exe
c:\users\Owner\AppData\Local\ApplicationHistory
c:\users\Owner\AppData\Local\ApplicationHistory\DownloadOrganiser.exe.2f9d1d43.ini
c:\users\Owner\AppData\Local\ApplicationHistory\DownloadOrganiser.exe.8d2f3509.ini
c:\users\Owner\AppData\Local\ApplicationHistory\DownloadOrganiser.exe.e7fe0b08.ini
c:\users\Owner\AppData\Local\ApplicationHistory\lj-net.exe.8b2106bb.ini
c:\users\Owner\AppData\Local\ApplicationHistory\ngen.exe.2c05686e.ini
c:\users\Owner\AppData\Local\ApplicationHistory\onplay.exe.68c032e3.ini
c:\users\Owner\AppData\Local\ApplicationHistory\Sims2CollectionMaker.exe.ee0abfa2.ini
c:\users\Owner\AppData\Local\ApplicationHistory\Sims2Pack Clean Installer.exe.1ad8ac02.ini
c:\users\Owner\AppData\Local\ApplicationHistory\TheCompressorizer.exe.aeeaa9b4.ini
c:\users\Owner\AppData\Local\ApplicationHistory\TurbineInvoker.exe.ccffdf2c.ini
c:\users\Owner\AppData\Local\ApplicationHistory\TurbineLauncher.exe.b804356.ini
c:\users\Owner\AppData\Local\ApplicationHistory\WardrobeWrangler.exe.7b02995e.ini
c:\users\Owner\AppData\Local\ogcx.exe
c:\users\Owner\AppData\Local\rgax.exe
c:\users\Owner\AppData\Local\yrpq.exe
c:\users\Owner\AppData\Roaming\9E3E.C61
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Templates\cynu.exe
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Templates\eyvc.exe
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Templates\ulxp.exe
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Templates\wepc.exe
c:\users\Owner\AppData\Roaming\OpenCloud Security
c:\users\Owner\s3rc.exe
c:\windows\$NtUninstallKB47118$
c:\windows\$NtUninstallKB47118$\1133324983
c:\windows\$NtUninstallKB47118$\2147104779\@
c:\windows\$NtUninstallKB47118$\2147104779\cfg.ini
c:\windows\$NtUninstallKB47118$\2147104779\Desktop.ini
c:\windows\$NtUninstallKB47118$\2147104779\keywords
c:\windows\$NtUninstallKB47118$\2147104779\L\qnbwvoto
c:\windows\$NtUninstallKB47118$\2147104779\U\00000001.@
c:\windows\$NtUninstallKB47118$\2147104779\U\00000002.@
c:\windows\$NtUninstallKB47118$\2147104779\U\80000000.@
c:\windows\$NtUninstallKB47118$\2147104779\U\80000032.@
c:\windows\188283519
c:\windows\system32\comct332.ocx
c:\windows\system32\xa34826911.exe
c:\windows\system32\xa34828627.exe
c:\windows\Update.bat
D:\Autorun.inf
J:\Autorun.inf
.
Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_7ffa380b
-------\Service_Boonty Games
.
.
((((((((((((((((((((((((( Files Created from 2011-08-25 to 2011-09-25 )))))))))))))))))))))))))))))))
.
.
2011-09-22 03:35 . 2011-09-22 03:35 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2011-09-22 03:35 . 2011-09-22 03:35 -------- d-----w- c:\programdata\Malwarebytes
2011-09-22 03:35 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-22 03:35 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-18 04:31 . 2011-09-18 04:31 -------- d--h--w- c:\windows\PIF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 14:56 . 2011-08-10 18:16 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-09-08 02:54 . 2011-07-19 07:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13584928]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"SigmatelSysTrayApp"="sttray.exe" [2007-03-01 303104]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-05 136176]
R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2007-04-06 36312]
R3 athrusb;XPC 802.11b/g Wireless Kit Driver;c:\windows\system32\DRIVERS\athrusb.sys [2006-12-23 449536]
R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\DRIVERS\athru6.sys [2007-07-05 873472]
R3 DHTRACE;Intel® DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-04-06 39896]
R3 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 208896]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-05 136176]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2007-03-20 28672]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 NMSCore;Intel® NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-04-06 313816]
R3 QualityManager;Intel® Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-04-06 272856]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-11-21 717296]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-21 218688]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-19 5376]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;c:\windows\system32\drivers\AVer88xHD.sys [2007-04-09 401408]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2007-06-05 5504]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-05 07:29]
.
2011-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-05 07:29]
.
2011-09-24 c:\windows\Tasks\User_Feed_Synchronization-{360627FB-F5FD-42E3-90D5-409F6559A081}.job
- c:\windows\system32\msfeedssync.exe [2008-09-24 07:33]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5478
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\yvvgj10p.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-OpenCloud Security - c:\users\Owner\AppData\Roaming\OpenCloud Security\OpenCloud Security.exe
AddRemove-Direct KiSS - k:\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-24 20:39
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2390978826-3084064312-1346969681-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:27,2a,c6,16,2d,c5,ee,93,b4,f6,7a,fc,d0,90,96,ed,2f,c8,6c,5b,ec,0d,87,
3c,0d,db,4d,96,d5,2b,74,55,36,00,f9,88,de,2b,e9,21,0b,6d,4a,05,97,f4,9b,d9,\
"??"=hex:46,65,13,9a,3e,d6,f3,a0,7b,78,4a,26,88,b4,a9,0a
.
[HKEY_USERS\S-1-5-21-2390978826-3084064312-1346969681-1001\Software\SecuROM\License information*]
"datasecu"=hex:07,3a,89,01,91,d3,80,f5,1a,b6,70,f6,b5,f0,17,cb,9b,fc,bc,21,f5,
46,c9,f4,04,08,08,d3,b7,57,23,4b,72,b1,70,3d,39,e4,cb,36,c6,50,0e,a5,2e,f9,\
"rkeysecu"=hex:06,2c,dc,59,69,15,2c,83,d6,47,65,a4,4c,9a,95,e4
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\System32\rundll32.exe
c:\windows\sttray.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-09-24 20:50:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-25 00:50
.
Pre-Run: 223,800,975,360 bytes free
Post-Run: 238,929,731,584 bytes free
.
- - End Of File - - C8BEB41CAA5CB0297EE55C751CADC98B

Edited by Elle Scorcho, 24 September 2011 - 07:55 PM.


#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:46 PM

Posted 08 October 2011 - 07:41 AM

Hi Elle Scorcho,

I am so sorry for my late response and it's because I didn't receive an email notification that you responded. Do you still need help?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 Elle Scorcho

Elle Scorcho
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 08 October 2011 - 08:53 PM

Hi sempai,

These things happen. I didn't realize that I should have sent you a pm, I'm just grateful that you're helping me out in the first place. :)

I am still experiencing problems, unfortunately. After running Combofix, I was able to run Malwarebytes and my antivirus program again. The OpenCloud Security threat seems to be gone permanently.

However, I have notice4d that I also seem to be victim of the Google redirect bug. I didn't notice this previously because I usually use DuckDuckGo for my searches. I also seem to be experiencing a sort of "new tab" bug. From time to time, when I click on a link, another new tab will open up to a nonsense page. The link I intended to go to will still open in its original window. I'm not sure what triggers this to happen; it seems to be random.

One more slight oddity: once in a while, my screen will do some sort of "shake", kind of as is the whole thing is doing a very quick reload. It lasts for a second. Sometimes this causes the top of my Firefox toolbar to go somewhat transparent. I'm not sure if this is just my computer acting up (though it's never happened before I started experiencing my initial problems) or the result of something else.

Thank you in advance.

#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:46 PM

Posted 09 October 2011 - 11:41 AM

Let's start fresh.


:step1: Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" is Cure (Please click on it and change it to skip).
  • Click on Report to generate a log.
  • Please post that log when you reply.



:step2: Download OTL by OldTimer from one of the links below:

Link 1
Link 2

  • Save it to your desktop.
  • Close all open windows on the Task Bar.
  • Double click the OTL icon to run the program (run as Administrator for Windows Vista/7).
  • Put a check mark on Scan All Users.
  • Click the Run Scan button and let it run uninterrupted.
  • It will create two reports namely OTL.txt (will be opened) and Extras.txt (will be minimized).
  • Post the contents of both reports when you reply.
  • Exit OTL.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 Elle Scorcho

Elle Scorcho
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 09 October 2011 - 06:31 PM

The OTL logs are attached to this post.

TDSSKiller log:
18:40:24.0445 2028 TDSS rootkit removing tool 2.6.6.0 Oct 7 2011 12:45:24
18:40:24.0834 2028 ============================================================
18:40:24.0834 2028 Current date / time: 2011/10/09 18:40:24.0834
18:40:24.0834 2028 SystemInfo:
18:40:24.0834 2028
18:40:24.0834 2028 OS Version: 6.0.6001 ServicePack: 1.0
18:40:24.0834 2028 Product type: Workstation
18:40:24.0834 2028 ComputerName: OWNER-PC
18:40:24.0834 2028 UserName: Owner
18:40:24.0834 2028 Windows directory: C:\Windows
18:40:24.0834 2028 System windows directory: C:\Windows
18:40:24.0834 2028 Processor architecture: Intel x86
18:40:24.0834 2028 Number of processors: 4
18:40:24.0834 2028 Page size: 0x1000
18:40:24.0834 2028 Boot type: Normal boot
18:40:24.0834 2028 ============================================================
18:40:25.0175 2028 Initialize success
18:40:35.0949 3744 ============================================================
18:40:35.0949 3744 Scan started
18:40:35.0949 3744 Mode: Manual;
18:40:35.0949 3744 ============================================================
18:40:36.0278 3744 ac97intc (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys
18:40:36.0281 3744 ac97intc - ok
18:40:36.0338 3744 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
18:40:36.0342 3744 ACPI - ok
18:40:36.0372 3744 adfs - ok
18:40:36.0411 3744 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
18:40:36.0419 3744 adp94xx - ok
18:40:36.0442 3744 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
18:40:36.0448 3744 adpahci - ok
18:40:36.0469 3744 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
18:40:36.0471 3744 adpu160m - ok
18:40:36.0494 3744 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
18:40:36.0497 3744 adpu320 - ok
18:40:36.0547 3744 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
18:40:36.0552 3744 AFD - ok
18:40:36.0576 3744 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
18:40:36.0577 3744 agp440 - ok
18:40:36.0603 3744 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:40:36.0606 3744 aic78xx - ok
18:40:36.0628 3744 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
18:40:36.0629 3744 aliide - ok
18:40:36.0660 3744 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
18:40:36.0662 3744 amdagp - ok
18:40:36.0699 3744 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
18:40:36.0700 3744 amdide - ok
18:40:36.0734 3744 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
18:40:36.0735 3744 AmdK7 - ok
18:40:36.0784 3744 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
18:40:36.0785 3744 AmdK8 - ok
18:40:36.0845 3744 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
18:40:36.0847 3744 arc - ok
18:40:36.0879 3744 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
18:40:36.0881 3744 arcsas - ok
18:40:36.0938 3744 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:40:36.0939 3744 AsyncMac - ok
18:40:36.0958 3744 atapi (4f4fcb8b6ea06784fb6d475b7ec7300f) C:\Windows\system32\drivers\atapi.sys
18:40:36.0959 3744 atapi - ok
18:40:37.0010 3744 athrusb (59db74ef3b328852a736578dff3fcad6) C:\Windows\system32\DRIVERS\athrusb.sys
18:40:37.0019 3744 athrusb - ok
18:40:37.0059 3744 athrusb6 (be701d39fb0543083ddf74227638bcf3) C:\Windows\system32\DRIVERS\athru6.sys
18:40:37.0085 3744 athrusb6 - ok
18:40:37.0135 3744 AVer88xHD (ee02618bbb1df4a6decb524a502ed61e) C:\Windows\system32\drivers\AVer88xHD.sys
18:40:37.0142 3744 AVer88xHD - ok
18:40:37.0195 3744 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
18:40:37.0197 3744 bcm4sbxp - ok
18:40:37.0225 3744 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:40:37.0226 3744 Beep - ok
18:40:37.0240 3744 blbdrive - ok
18:40:37.0287 3744 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
18:40:37.0289 3744 bowser - ok
18:40:37.0305 3744 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:40:37.0306 3744 BrFiltLo - ok
18:40:37.0321 3744 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:40:37.0322 3744 BrFiltUp - ok
18:40:37.0364 3744 BRGSp50 (ee0f41fa0466189a2c8b9caf7d1cddd5) C:\Windows\system32\Drivers\BRGSp50.sys
18:40:37.0365 3744 BRGSp50 - ok
18:40:37.0387 3744 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:40:37.0390 3744 Brserid - ok
18:40:37.0408 3744 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:40:37.0410 3744 BrSerWdm - ok
18:40:37.0429 3744 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:40:37.0430 3744 BrUsbMdm - ok
18:40:37.0451 3744 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:40:37.0452 3744 BrUsbSer - ok
18:40:37.0472 3744 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:40:37.0474 3744 BTHMODEM - ok
18:40:37.0512 3744 catchme - ok
18:40:37.0543 3744 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:40:37.0545 3744 cdfs - ok
18:40:37.0571 3744 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:40:37.0573 3744 cdrom - ok
18:40:37.0597 3744 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
18:40:37.0598 3744 circlass - ok
18:40:37.0633 3744 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
18:40:37.0638 3744 CLFS - ok
18:40:37.0683 3744 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
18:40:37.0684 3744 CmBatt - ok
18:40:37.0704 3744 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
18:40:37.0705 3744 cmdide - ok
18:40:37.0728 3744 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:40:37.0729 3744 Compbatt - ok
18:40:37.0742 3744 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
18:40:37.0743 3744 crcdisk - ok
18:40:37.0762 3744 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
18:40:37.0763 3744 Crusoe - ok
18:40:37.0796 3744 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
18:40:37.0797 3744 CVirtA - ok
18:40:37.0837 3744 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
18:40:37.0839 3744 DfsC - ok
18:40:37.0916 3744 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
18:40:37.0918 3744 disk - ok
18:40:37.0953 3744 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\Windows\system32\DRIVERS\dne2000.sys
18:40:37.0956 3744 DNE - ok
18:40:38.0000 3744 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:40:38.0001 3744 drmkaud - ok
18:40:38.0044 3744 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:40:38.0048 3744 dtsoftbus01 - ok
18:40:38.0087 3744 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
18:40:38.0104 3744 DXGKrnl - ok
18:40:38.0135 3744 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
18:40:38.0139 3744 e1express - ok
18:40:38.0175 3744 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:40:38.0177 3744 E1G60 - ok
18:40:38.0212 3744 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
18:40:38.0215 3744 Ecache - ok
18:40:38.0249 3744 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
18:40:38.0255 3744 elxstor - ok
18:40:38.0300 3744 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
18:40:38.0304 3744 exfat - ok
18:40:38.0325 3744 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
18:40:38.0328 3744 fastfat - ok
18:40:38.0352 3744 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
18:40:38.0353 3744 fdc - ok
18:40:38.0386 3744 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:40:38.0387 3744 FileInfo - ok
18:40:38.0417 3744 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:40:38.0419 3744 Filetrace - ok
18:40:38.0442 3744 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
18:40:38.0443 3744 flpydisk - ok
18:40:38.0490 3744 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
18:40:38.0494 3744 FltMgr - ok
18:40:38.0505 3744 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:40:38.0506 3744 Fs_Rec - ok
18:40:38.0529 3744 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
18:40:38.0531 3744 gagp30kx - ok
18:40:38.0578 3744 GEARAspiWDM (df6e37b27a9a1a498c6d9f29995b7a03) C:\Windows\system32\Drivers\GEARAspiWDM.sys
18:40:38.0579 3744 GEARAspiWDM - ok
18:40:38.0637 3744 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:40:38.0642 3744 HdAudAddService - ok
18:40:38.0670 3744 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:40:38.0672 3744 HDAudBus - ok
18:40:38.0698 3744 HECI (cc2c8c23417cc7ddf5eddb17e60a14db) C:\Windows\system32\DRIVERS\HECI.sys
18:40:38.0699 3744 HECI - ok
18:40:38.0716 3744 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:40:38.0718 3744 HidBth - ok
18:40:38.0743 3744 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
18:40:38.0744 3744 HidIr - ok
18:40:38.0776 3744 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
18:40:38.0776 3744 HidUsb - ok
18:40:38.0799 3744 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
18:40:38.0800 3744 HpCISSs - ok
18:40:38.0858 3744 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:40:38.0884 3744 HSF_DPV - ok
18:40:38.0910 3744 HSXHWBS2 (5f60f0ad32d43b9ab9ac9373117d8e54) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
18:40:38.0914 3744 HSXHWBS2 - ok
18:40:38.0944 3744 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
18:40:38.0951 3744 HTTP - ok
18:40:38.0971 3744 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
18:40:38.0972 3744 i2omp - ok
18:40:39.0015 3744 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:40:39.0016 3744 i8042prt - ok
18:40:39.0091 3744 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys
18:40:39.0117 3744 ialm - ok
18:40:39.0156 3744 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\DRIVERS\iaStor.sys
18:40:39.0159 3744 iaStor - ok
18:40:39.0171 3744 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
18:40:39.0176 3744 iaStorV - ok
18:40:39.0211 3744 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:40:39.0213 3744 iirsp - ok
18:40:39.0240 3744 IntelDH (b7a420e4b137176234272d5ca9d51a49) C:\Windows\system32\Drivers\IntelDH.sys
18:40:39.0241 3744 IntelDH - ok
18:40:39.0264 3744 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
18:40:39.0265 3744 intelide - ok
18:40:39.0293 3744 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:40:39.0294 3744 intelppm - ok
18:40:39.0333 3744 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:40:39.0335 3744 IpFilterDriver - ok
18:40:39.0346 3744 IpInIp - ok
18:40:39.0406 3744 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
18:40:39.0408 3744 IPMIDRV - ok
18:40:39.0434 3744 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:40:39.0437 3744 IPNAT - ok
18:40:39.0463 3744 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:40:39.0464 3744 IRENUM - ok
18:40:39.0493 3744 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
18:40:39.0495 3744 isapnp - ok
18:40:39.0529 3744 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
18:40:39.0531 3744 iScsiPrt - ok
18:40:39.0562 3744 iteatapi (6944a9ddabb124bde6ba3ca5430b0398) C:\Windows\system32\drivers\iteatapi.sys
18:40:39.0563 3744 iteatapi - ok
18:40:39.0586 3744 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:40:39.0587 3744 iteraid - ok
18:40:39.0606 3744 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:40:39.0607 3744 kbdclass - ok
18:40:39.0626 3744 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
18:40:39.0627 3744 kbdhid - ok
18:40:39.0659 3744 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
18:40:39.0668 3744 KSecDD - ok
18:40:39.0719 3744 libusb0 (34d6730e198a5b0fce0790a6b4769ef2) C:\Windows\system32\drivers\libusb0.sys
18:40:39.0721 3744 libusb0 - ok
18:40:39.0739 3744 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:40:39.0740 3744 lltdio - ok
18:40:39.0771 3744 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
18:40:39.0773 3744 LSI_FC - ok
18:40:39.0794 3744 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
18:40:39.0796 3744 LSI_SAS - ok
18:40:39.0828 3744 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
18:40:39.0830 3744 LSI_SCSI - ok
18:40:39.0864 3744 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:40:39.0866 3744 luafv - ok
18:40:39.0905 3744 ManyCam (c6d085c7045200143528136a43a65fde) C:\Windows\system32\DRIVERS\ManyCam.sys
18:40:39.0906 3744 ManyCam - ok
18:40:39.0962 3744 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:40:39.0963 3744 mdmxsdk - ok
18:40:39.0988 3744 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
18:40:39.0990 3744 megasas - ok
18:40:40.0048 3744 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:40:40.0048 3744 Modem - ok
18:40:40.0079 3744 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:40:40.0080 3744 monitor - ok
18:40:40.0108 3744 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:40:40.0109 3744 mouclass - ok
18:40:40.0134 3744 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:40:40.0135 3744 mouhid - ok
18:40:40.0169 3744 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:40:40.0171 3744 MountMgr - ok
18:40:40.0202 3744 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
18:40:40.0204 3744 mpio - ok
18:40:40.0228 3744 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:40:40.0229 3744 mpsdrv - ok
18:40:40.0254 3744 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:40:40.0255 3744 Mraid35x - ok
18:40:40.0284 3744 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
18:40:40.0286 3744 MRxDAV - ok
18:40:40.0312 3744 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:40:40.0314 3744 mrxsmb - ok
18:40:40.0344 3744 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:40:40.0348 3744 mrxsmb10 - ok
18:40:40.0365 3744 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:40:40.0367 3744 mrxsmb20 - ok
18:40:40.0388 3744 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
18:40:40.0389 3744 msahci - ok
18:40:40.0411 3744 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
18:40:40.0413 3744 msdsm - ok
18:40:40.0454 3744 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:40:40.0455 3744 Msfs - ok
18:40:40.0492 3744 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:40:40.0493 3744 msisadrv - ok
18:40:40.0526 3744 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:40:40.0528 3744 MSKSSRV - ok
18:40:40.0573 3744 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:40:40.0574 3744 MSPCLOCK - ok
18:40:40.0607 3744 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:40:40.0608 3744 MSPQM - ok
18:40:40.0629 3744 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
18:40:40.0632 3744 MsRPC - ok
18:40:40.0649 3744 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:40:40.0650 3744 mssmbios - ok
18:40:40.0684 3744 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:40:40.0685 3744 MSTEE - ok
18:40:40.0715 3744 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
18:40:40.0717 3744 Mup - ok
18:40:40.0756 3744 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
18:40:40.0759 3744 NativeWifiP - ok
18:40:40.0808 3744 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
18:40:40.0826 3744 NDIS - ok
18:40:40.0842 3744 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:40:40.0843 3744 NdisTapi - ok
18:40:40.0874 3744 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:40:40.0875 3744 Ndisuio - ok
18:40:40.0901 3744 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
18:40:40.0904 3744 NdisWan - ok
18:40:40.0942 3744 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:40:40.0944 3744 NDProxy - ok
18:40:40.0974 3744 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:40:40.0975 3744 NetBIOS - ok
18:40:41.0000 3744 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
18:40:41.0003 3744 netbt - ok
18:40:41.0138 3744 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
18:40:41.0217 3744 NETw2v32 - ok
18:40:41.0245 3744 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:40:41.0246 3744 nfrd960 - ok
18:40:41.0291 3744 nmsunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\nmsunidr.sys
18:40:41.0291 3744 nmsunidr - ok
18:40:41.0308 3744 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
18:40:41.0309 3744 Npfs - ok
18:40:41.0331 3744 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:40:41.0332 3744 nsiproxy - ok
18:40:41.0378 3744 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
18:40:41.0404 3744 Ntfs - ok
18:40:41.0421 3744 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:40:41.0423 3744 ntrigdigi - ok
18:40:41.0449 3744 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:40:41.0450 3744 Null - ok
18:40:41.0711 3744 nvlddmkm (4152708c0c24e30dae7fa87d5afe1d7b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:40:41.0935 3744 nvlddmkm - ok
18:40:41.0960 3744 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
18:40:41.0963 3744 nvraid - ok
18:40:41.0980 3744 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
18:40:41.0981 3744 nvstor - ok
18:40:42.0022 3744 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
18:40:42.0024 3744 nv_agp - ok
18:40:42.0033 3744 NwlnkFlt - ok
18:40:42.0044 3744 NwlnkFwd - ok
18:40:42.0075 3744 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
18:40:42.0077 3744 ohci1394 - ok
18:40:42.0111 3744 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:40:42.0113 3744 Parport - ok
18:40:42.0142 3744 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
18:40:42.0144 3744 partmgr - ok
18:40:42.0159 3744 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:40:42.0160 3744 Parvdm - ok
18:40:42.0189 3744 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
18:40:42.0193 3744 pci - ok
18:40:42.0213 3744 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
18:40:42.0215 3744 pciide - ok
18:40:42.0244 3744 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
18:40:42.0248 3744 pcmcia - ok
18:40:42.0288 3744 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:40:42.0314 3744 PEAUTH - ok
18:40:42.0367 3744 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:40:42.0369 3744 PptpMiniport - ok
18:40:42.0399 3744 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
18:40:42.0401 3744 Processor - ok
18:40:42.0449 3744 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
18:40:42.0451 3744 PSched - ok
18:40:42.0482 3744 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
18:40:42.0484 3744 PxHelp20 - ok
18:40:42.0527 3744 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
18:40:42.0553 3744 ql2300 - ok
18:40:42.0572 3744 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:40:42.0574 3744 ql40xx - ok
18:40:42.0608 3744 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:40:42.0610 3744 QWAVEdrv - ok
18:40:42.0646 3744 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:40:42.0647 3744 RasAcd - ok
18:40:42.0668 3744 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:40:42.0670 3744 Rasl2tp - ok
18:40:42.0705 3744 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
18:40:42.0706 3744 RasPppoe - ok
18:40:42.0738 3744 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
18:40:42.0740 3744 RasSstp - ok
18:40:42.0762 3744 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
18:40:42.0766 3744 rdbss - ok
18:40:42.0800 3744 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:40:42.0801 3744 RDPCDD - ok
18:40:42.0828 3744 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
18:40:42.0833 3744 rdpdr - ok
18:40:42.0856 3744 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:40:42.0857 3744 RDPENCDD - ok
18:40:42.0892 3744 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
18:40:42.0895 3744 RDPWD - ok
18:40:42.0935 3744 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
18:40:42.0937 3744 RimUsb - ok
18:40:42.0990 3744 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
18:40:42.0991 3744 RimVSerPort - ok
18:40:43.0014 3744 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
18:40:43.0015 3744 ROOTMODEM - ok
18:40:43.0058 3744 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:40:43.0059 3744 rspndr - ok
18:40:43.0085 3744 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:40:43.0088 3744 sbp2port - ok
18:40:43.0115 3744 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
18:40:43.0118 3744 sdbus - ok
18:40:43.0145 3744 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:40:43.0147 3744 secdrv - ok
18:40:43.0174 3744 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:40:43.0177 3744 Serenum - ok
18:40:43.0196 3744 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:40:43.0199 3744 Serial - ok
18:40:43.0223 3744 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:40:43.0224 3744 sermouse - ok
18:40:43.0252 3744 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
18:40:43.0253 3744 sffdisk - ok
18:40:43.0265 3744 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
18:40:43.0267 3744 sffp_mmc - ok
18:40:43.0282 3744 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
18:40:43.0284 3744 sffp_sd - ok
18:40:43.0301 3744 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:40:43.0303 3744 sfloppy - ok
18:40:43.0336 3744 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
18:40:43.0338 3744 sisagp - ok
18:40:43.0353 3744 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
18:40:43.0355 3744 SiSRaid2 - ok
18:40:43.0380 3744 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
18:40:43.0383 3744 SiSRaid4 - ok
18:40:43.0416 3744 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
18:40:43.0418 3744 Smb - ok
18:40:43.0441 3744 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:40:43.0443 3744 spldr - ok
18:40:43.0496 3744 sptd (71e276f6d189413266ea22171806597b) C:\Windows\System32\Drivers\sptd.sys
18:40:43.0521 3744 sptd - ok
18:40:43.0554 3744 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
18:40:43.0560 3744 srv - ok
18:40:43.0592 3744 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
18:40:43.0595 3744 srv2 - ok
18:40:43.0613 3744 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
18:40:43.0616 3744 srvnet - ok
18:40:43.0647 3744 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
18:40:43.0649 3744 sscdbus - ok
18:40:43.0702 3744 STHDA (ea6204726ac084fece5086db72a12fdb) C:\Windows\system32\drivers\stwrt.sys
18:40:43.0711 3744 STHDA - ok
18:40:43.0747 3744 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:40:43.0748 3744 swenum - ok
18:40:43.0784 3744 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:40:43.0786 3744 Symc8xx - ok
18:40:43.0821 3744 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:40:43.0823 3744 Sym_hi - ok
18:40:43.0839 3744 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:40:43.0841 3744 Sym_u3 - ok
18:40:43.0900 3744 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
18:40:43.0925 3744 Tcpip - ok
18:40:43.0962 3744 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
18:40:43.0971 3744 Tcpip6 - ok
18:40:43.0995 3744 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
18:40:43.0996 3744 tcpipreg - ok
18:40:44.0021 3744 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:40:44.0022 3744 TDPIPE - ok
18:40:44.0045 3744 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:40:44.0047 3744 TDTCP - ok
18:40:44.0078 3744 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
18:40:44.0080 3744 tdx - ok
18:40:44.0108 3744 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
18:40:44.0109 3744 TermDD - ok
18:40:44.0188 3744 TSHWMDTCP (de8829c9da8fa4eda99948f1b78da80a) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
18:40:44.0191 3744 TSHWMDTCP - ok
18:40:44.0213 3744 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:40:44.0215 3744 tssecsrv - ok
18:40:44.0255 3744 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:40:44.0256 3744 tunmp - ok
18:40:44.0287 3744 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
18:40:44.0288 3744 tunnel - ok
18:40:44.0319 3744 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
18:40:44.0321 3744 uagp35 - ok
18:40:44.0351 3744 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
18:40:44.0356 3744 udfs - ok
18:40:44.0384 3744 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
18:40:44.0386 3744 uliagpkx - ok
18:40:44.0412 3744 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
18:40:44.0417 3744 uliahci - ok
18:40:44.0438 3744 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:40:44.0440 3744 UlSata - ok
18:40:44.0461 3744 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:40:44.0464 3744 ulsata2 - ok
18:40:44.0494 3744 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:40:44.0495 3744 umbus - ok
18:40:44.0530 3744 USBAAPL (026f7f224f088ee11e383bca448fff81) C:\Windows\system32\Drivers\usbaapl.sys
18:40:44.0532 3744 USBAAPL - ok
18:40:44.0561 3744 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:40:44.0564 3744 usbccgp - ok
18:40:44.0586 3744 usbcir (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys
18:40:44.0588 3744 usbcir - ok
18:40:44.0626 3744 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
18:40:44.0628 3744 usbehci - ok
18:40:44.0660 3744 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
18:40:44.0663 3744 usbhub - ok
18:40:44.0680 3744 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:40:44.0681 3744 usbohci - ok
18:40:44.0700 3744 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:40:44.0701 3744 usbprint - ok
18:40:44.0738 3744 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:40:44.0739 3744 usbscan - ok
18:40:44.0763 3744 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:40:44.0764 3744 USBSTOR - ok
18:40:44.0797 3744 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:40:44.0798 3744 usbuhci - ok
18:40:44.0835 3744 usb_rndisx (ee181a08e09db23cf4a49b46a1e66bb8) C:\Windows\system32\DRIVERS\usb8023x.sys
18:40:44.0836 3744 usb_rndisx - ok
18:40:44.0866 3744 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
18:40:44.0868 3744 vga - ok
18:40:44.0906 3744 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:40:44.0908 3744 VgaSave - ok
18:40:44.0941 3744 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
18:40:44.0943 3744 viaagp - ok
18:40:44.0964 3744 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
18:40:44.0965 3744 ViaC7 - ok
18:40:44.0986 3744 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
18:40:44.0988 3744 viaide - ok
18:40:45.0032 3744 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:40:45.0033 3744 volmgr - ok
18:40:45.0063 3744 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
18:40:45.0069 3744 volmgrx - ok
18:40:45.0099 3744 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
18:40:45.0104 3744 volsnap - ok
18:40:45.0122 3744 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
18:40:45.0125 3744 vsmraid - ok
18:40:45.0154 3744 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:40:45.0156 3744 WacomPen - ok
18:40:45.0188 3744 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:40:45.0189 3744 Wanarp - ok
18:40:45.0194 3744 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:40:45.0194 3744 Wanarpv6 - ok
18:40:45.0230 3744 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
18:40:45.0231 3744 Wd - ok
18:40:45.0260 3744 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:40:45.0278 3744 Wdf01000 - ok
18:40:45.0329 3744 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:40:45.0346 3744 winachsf - ok
18:40:45.0405 3744 WinUSB (f03110711b17ad31271cb2baf0dbb2b1) C:\Windows\system32\DRIVERS\WinUSB.sys
18:40:45.0407 3744 WinUSB - ok
18:40:45.0426 3744 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
18:40:45.0427 3744 WmiAcpi - ok
18:40:45.0456 3744 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
18:40:45.0458 3744 WpdUsb - ok
18:40:45.0492 3744 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:40:45.0493 3744 ws2ifsl - ok
18:40:45.0538 3744 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:40:45.0540 3744 WUDFRd - ok
18:40:45.0574 3744 XAudio (e3fcf2870b5d7979b3bf10e98a71c847) C:\Windows\system32\DRIVERS\xaudio.sys
18:40:45.0575 3744 XAudio - ok
18:40:45.0618 3744 ZD1211BU(ZyDAS) (478b4415dfb3a45b6fe61ec781e07d7b) C:\Windows\system32\DRIVERS\zd1211Bu.sys
18:40:45.0625 3744 ZD1211BU(ZyDAS) - ok
18:40:45.0658 3744 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\Windows\system32\Drivers\ZDPSp50.sys
18:40:45.0659 3744 ZDPSp50 - ok
18:40:45.0684 3744 MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0
18:40:45.0685 3744 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
18:40:45.0685 3744 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
18:40:45.0696 3744 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
18:40:45.0704 3744 \Device\Harddisk1\DR1 - ok
18:40:45.0709 3744 MBR (0x1B8) (6f6b894ab585105ef278f4ef085e2d69) \Device\Harddisk5\DR5
18:40:45.0715 3744 \Device\Harddisk5\DR5 - ok
18:40:45.0719 3744 Boot (0x1200) (788337aa3872cded72b14b125a4a9ba7) \Device\Harddisk0\DR0\Partition0
18:40:45.0719 3744 \Device\Harddisk0\DR0\Partition0 - ok
18:40:45.0733 3744 Boot (0x1200) (eea4e24cf9a52ca94990a56f5326f982) \Device\Harddisk0\DR0\Partition1
18:40:45.0734 3744 \Device\Harddisk0\DR0\Partition1 - ok
18:40:45.0739 3744 Boot (0x1200) (b40ec87fc775575fed91705d549472ab) \Device\Harddisk1\DR1\Partition0
18:40:45.0740 3744 \Device\Harddisk1\DR1\Partition0 - ok
18:40:45.0743 3744 Boot (0x1200) (afaa04ac3a81d30165a2d1c7fe8920ae) \Device\Harddisk5\DR5\Partition0
18:40:45.0744 3744 \Device\Harddisk5\DR5\Partition0 - ok
18:40:45.0745 3744 ============================================================
18:40:45.0745 3744 Scan finished
18:40:45.0745 3744 ============================================================
18:40:45.0766 3564 Detected object count: 1
18:40:45.0766 3564 Actual detected object count: 1
18:41:11.0686 3564 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - skipped by user
18:41:11.0686 3564 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Skip

Attached Files



#10 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:46 PM

Posted 10 October 2011 - 06:10 AM

Please do not attach logs unless instructed.

Let's try to neutralize the main infection.
  • Close all other running programs.
  • Please run TDSSKiller.exe again and start the scan.
  • Do not change any setting after the scan and let it Cure any infections found.
  • Follow the prompts and reboot the computer when ask.
  • Once completed.. It will generate a report located at C:\TDSSKiller.Version_Date_Time_log.txt.
  • Please post the contents of that log when you reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#11 Elle Scorcho

Elle Scorcho
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 10 October 2011 - 04:07 PM

It's telling me that no threats have been found. It seems as if the person that shares this computer with me may have decided to run the program on his own time without my consent. I'm going to post the log that he ran earlier today first, followed by my log.

His log, 2:07pm:
14:06:13.0609 11296 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06
14:06:13.0921 11296 ============================================================
14:06:13.0921 11296 Current date / time: 2011/10/10 14:06:13.0921
14:06:13.0921 11296 SystemInfo:
14:06:13.0921 11296
14:06:13.0921 11296 OS Version: 6.0.6001 ServicePack: 1.0
14:06:13.0921 11296 Product type: Workstation
14:06:13.0921 11296 ComputerName: OWNER-PC
14:06:13.0921 11296 UserName: Owner
14:06:13.0921 11296 Windows directory: C:\Windows
14:06:13.0921 11296 System windows directory: C:\Windows
14:06:13.0921 11296 Processor architecture: Intel x86
14:06:13.0921 11296 Number of processors: 4
14:06:13.0921 11296 Page size: 0x1000
14:06:13.0921 11296 Boot type: Normal boot
14:06:13.0921 11296 ============================================================
14:06:14.0420 11296 Initialize success
14:06:28.0163 12036 ============================================================
14:06:28.0163 12036 Scan started
14:06:28.0163 12036 Mode: Manual;
14:06:28.0163 12036 ============================================================
14:06:29.0177 12036 ac97intc (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys
14:06:29.0177 12036 ac97intc - ok
14:06:29.0224 12036 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
14:06:29.0224 12036 ACPI - ok
14:06:29.0271 12036 adfs - ok
14:06:29.0333 12036 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
14:06:29.0333 12036 adp94xx - ok
14:06:29.0365 12036 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
14:06:29.0380 12036 adpahci - ok
14:06:29.0396 12036 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
14:06:29.0411 12036 adpu160m - ok
14:06:29.0443 12036 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
14:06:29.0443 12036 adpu320 - ok
14:06:29.0505 12036 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
14:06:29.0505 12036 AFD - ok
14:06:29.0552 12036 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
14:06:29.0552 12036 agp440 - ok
14:06:29.0583 12036 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:06:29.0583 12036 aic78xx - ok
14:06:29.0614 12036 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
14:06:29.0614 12036 aliide - ok
14:06:29.0645 12036 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
14:06:29.0645 12036 amdagp - ok
14:06:29.0661 12036 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
14:06:29.0661 12036 amdide - ok
14:06:29.0708 12036 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
14:06:29.0708 12036 AmdK7 - ok
14:06:29.0723 12036 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
14:06:29.0723 12036 AmdK8 - ok
14:06:29.0801 12036 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
14:06:29.0801 12036 arc - ok
14:06:29.0833 12036 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
14:06:29.0833 12036 arcsas - ok
14:06:29.0911 12036 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:06:29.0911 12036 AsyncMac - ok
14:06:29.0926 12036 atapi (4f4fcb8b6ea06784fb6d475b7ec7300f) C:\Windows\system32\drivers\atapi.sys
14:06:29.0926 12036 atapi - ok
14:06:29.0973 12036 athrusb (59db74ef3b328852a736578dff3fcad6) C:\Windows\system32\DRIVERS\athrusb.sys
14:06:29.0989 12036 athrusb - ok
14:06:30.0051 12036 athrusb6 (be701d39fb0543083ddf74227638bcf3) C:\Windows\system32\DRIVERS\athru6.sys
14:06:30.0067 12036 athrusb6 - ok
14:06:30.0207 12036 AVer88xHD (ee02618bbb1df4a6decb524a502ed61e) C:\Windows\system32\drivers\AVer88xHD.sys
14:06:30.0223 12036 AVer88xHD - ok
14:06:30.0316 12036 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
14:06:30.0316 12036 bcm4sbxp - ok
14:06:30.0379 12036 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:06:30.0379 12036 Beep - ok
14:06:30.0410 12036 blbdrive - ok
14:06:30.0472 12036 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
14:06:30.0488 12036 bowser - ok
14:06:30.0519 12036 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:06:30.0519 12036 BrFiltLo - ok
14:06:30.0535 12036 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:06:30.0535 12036 BrFiltUp - ok
14:06:30.0581 12036 BRGSp50 (ee0f41fa0466189a2c8b9caf7d1cddd5) C:\Windows\system32\Drivers\BRGSp50.sys
14:06:30.0581 12036 BRGSp50 - ok
14:06:30.0628 12036 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:06:30.0628 12036 Brserid - ok
14:06:30.0644 12036 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:06:30.0659 12036 BrSerWdm - ok
14:06:30.0691 12036 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:06:30.0691 12036 BrUsbMdm - ok
14:06:30.0722 12036 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:06:30.0722 12036 BrUsbSer - ok
14:06:30.0737 12036 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:06:30.0737 12036 BTHMODEM - ok
14:06:30.0815 12036 catchme - ok
14:06:30.0847 12036 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:06:30.0847 12036 cdfs - ok
14:06:30.0878 12036 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:06:30.0878 12036 cdrom - ok
14:06:30.0925 12036 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
14:06:30.0925 12036 circlass - ok
14:06:30.0971 12036 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
14:06:30.0971 12036 CLFS - ok
14:06:31.0034 12036 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
14:06:31.0034 12036 CmBatt - ok
14:06:31.0065 12036 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
14:06:31.0065 12036 cmdide - ok
14:06:31.0096 12036 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
14:06:31.0096 12036 Compbatt - ok
14:06:31.0112 12036 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
14:06:31.0112 12036 crcdisk - ok
14:06:31.0127 12036 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
14:06:31.0127 12036 Crusoe - ok
14:06:31.0190 12036 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
14:06:31.0190 12036 CVirtA - ok
14:06:31.0221 12036 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
14:06:31.0221 12036 DfsC - ok
14:06:31.0299 12036 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
14:06:31.0299 12036 disk - ok
14:06:31.0346 12036 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\Windows\system32\DRIVERS\dne2000.sys
14:06:31.0346 12036 DNE - ok
14:06:31.0424 12036 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:06:31.0424 12036 drmkaud - ok
14:06:31.0455 12036 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:06:31.0471 12036 dtsoftbus01 - ok
14:06:31.0517 12036 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
14:06:31.0533 12036 DXGKrnl - ok
14:06:31.0595 12036 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
14:06:31.0611 12036 e1express - ok
14:06:31.0658 12036 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:06:31.0658 12036 E1G60 - ok
14:06:31.0705 12036 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
14:06:31.0705 12036 Ecache - ok
14:06:31.0736 12036 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
14:06:31.0751 12036 elxstor - ok
14:06:31.0798 12036 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
14:06:31.0798 12036 exfat - ok
14:06:31.0829 12036 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
14:06:31.0829 12036 fastfat - ok
14:06:31.0876 12036 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
14:06:31.0876 12036 fdc - ok
14:06:31.0907 12036 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:06:31.0907 12036 FileInfo - ok
14:06:31.0939 12036 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:06:31.0939 12036 Filetrace - ok
14:06:31.0970 12036 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
14:06:31.0970 12036 flpydisk - ok
14:06:32.0001 12036 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
14:06:32.0017 12036 FltMgr - ok
14:06:32.0032 12036 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:06:32.0032 12036 Fs_Rec - ok
14:06:32.0079 12036 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
14:06:32.0079 12036 gagp30kx - ok
14:06:32.0141 12036 GEARAspiWDM (df6e37b27a9a1a498c6d9f29995b7a03) C:\Windows\system32\Drivers\GEARAspiWDM.sys
14:06:32.0141 12036 GEARAspiWDM - ok
14:06:32.0219 12036 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:06:32.0219 12036 HdAudAddService - ok
14:06:32.0251 12036 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:06:32.0251 12036 HDAudBus - ok
14:06:32.0282 12036 HECI (cc2c8c23417cc7ddf5eddb17e60a14db) C:\Windows\system32\DRIVERS\HECI.sys
14:06:32.0282 12036 HECI - ok
14:06:32.0313 12036 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:06:32.0313 12036 HidBth - ok
14:06:32.0329 12036 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
14:06:32.0344 12036 HidIr - ok
14:06:32.0375 12036 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
14:06:32.0375 12036 HidUsb - ok
14:06:32.0407 12036 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
14:06:32.0407 12036 HpCISSs - ok
14:06:32.0469 12036 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
14:06:32.0500 12036 HSF_DPV - ok
14:06:32.0516 12036 HSXHWBS2 (5f60f0ad32d43b9ab9ac9373117d8e54) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
14:06:32.0531 12036 HSXHWBS2 - ok
14:06:32.0563 12036 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
14:06:32.0563 12036 HTTP - ok
14:06:32.0594 12036 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
14:06:32.0594 12036 i2omp - ok
14:06:32.0656 12036 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:06:32.0656 12036 i8042prt - ok
14:06:32.0734 12036 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys
14:06:32.0781 12036 ialm - ok
14:06:32.0812 12036 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\DRIVERS\iaStor.sys
14:06:32.0812 12036 iaStor - ok
14:06:32.0859 12036 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
14:06:32.0859 12036 iaStorV - ok
14:06:32.0906 12036 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:06:32.0906 12036 iirsp - ok
14:06:32.0937 12036 IntelDH (b7a420e4b137176234272d5ca9d51a49) C:\Windows\system32\Drivers\IntelDH.sys
14:06:32.0937 12036 IntelDH - ok
14:06:32.0968 12036 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
14:06:32.0968 12036 intelide - ok
14:06:33.0015 12036 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:06:33.0015 12036 intelppm - ok
14:06:33.0062 12036 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:06:33.0062 12036 IpFilterDriver - ok
14:06:33.0077 12036 IpInIp - ok
14:06:33.0109 12036 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
14:06:33.0109 12036 IPMIDRV - ok
14:06:33.0140 12036 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:06:33.0140 12036 IPNAT - ok
14:06:33.0171 12036 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:06:33.0171 12036 IRENUM - ok
14:06:33.0218 12036 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
14:06:33.0218 12036 isapnp - ok
14:06:33.0249 12036 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
14:06:33.0249 12036 iScsiPrt - ok
14:06:33.0296 12036 iteatapi (6944a9ddabb124bde6ba3ca5430b0398) C:\Windows\system32\drivers\iteatapi.sys
14:06:33.0296 12036 iteatapi - ok
14:06:33.0311 12036 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:06:33.0311 12036 iteraid - ok
14:06:33.0343 12036 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:06:33.0343 12036 kbdclass - ok
14:06:33.0374 12036 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
14:06:33.0374 12036 kbdhid - ok
14:06:33.0421 12036 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
14:06:33.0421 12036 KSecDD - ok
14:06:33.0483 12036 libusb0 (34d6730e198a5b0fce0790a6b4769ef2) C:\Windows\system32\drivers\libusb0.sys
14:06:33.0483 12036 libusb0 - ok
14:06:33.0530 12036 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:06:33.0530 12036 lltdio - ok
14:06:33.0561 12036 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
14:06:33.0561 12036 LSI_FC - ok
14:06:33.0577 12036 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
14:06:33.0577 12036 LSI_SAS - ok
14:06:33.0608 12036 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
14:06:33.0608 12036 LSI_SCSI - ok
14:06:33.0655 12036 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:06:33.0655 12036 luafv - ok
14:06:33.0701 12036 ManyCam (c6d085c7045200143528136a43a65fde) C:\Windows\system32\DRIVERS\ManyCam.sys
14:06:33.0701 12036 ManyCam - ok
14:06:33.0748 12036 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:06:33.0764 12036 mdmxsdk - ok
14:06:33.0795 12036 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
14:06:33.0795 12036 megasas - ok
14:06:33.0857 12036 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:06:33.0857 12036 Modem - ok
14:06:33.0904 12036 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:06:33.0904 12036 monitor - ok
14:06:33.0935 12036 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:06:33.0951 12036 mouclass - ok
14:06:33.0982 12036 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:06:33.0982 12036 mouhid - ok
14:06:34.0013 12036 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:06:34.0013 12036 MountMgr - ok
14:06:34.0060 12036 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
14:06:34.0060 12036 mpio - ok
14:06:34.0091 12036 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:06:34.0091 12036 mpsdrv - ok
14:06:34.0107 12036 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:06:34.0123 12036 Mraid35x - ok
14:06:34.0154 12036 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
14:06:34.0154 12036 MRxDAV - ok
14:06:34.0201 12036 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:06:34.0201 12036 mrxsmb - ok
14:06:34.0232 12036 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:06:34.0232 12036 mrxsmb10 - ok
14:06:34.0263 12036 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:06:34.0263 12036 mrxsmb20 - ok
14:06:34.0294 12036 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
14:06:34.0294 12036 msahci - ok
14:06:34.0325 12036 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
14:06:34.0325 12036 msdsm - ok
14:06:34.0357 12036 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:06:34.0372 12036 Msfs - ok
14:06:34.0403 12036 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:06:34.0403 12036 msisadrv - ok
14:06:34.0450 12036 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:06:34.0450 12036 MSKSSRV - ok
14:06:34.0481 12036 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:06:34.0481 12036 MSPCLOCK - ok
14:06:34.0513 12036 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:06:34.0513 12036 MSPQM - ok
14:06:34.0575 12036 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
14:06:34.0575 12036 MsRPC - ok
14:06:34.0622 12036 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:06:34.0622 12036 mssmbios - ok
14:06:34.0653 12036 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:06:34.0653 12036 MSTEE - ok
14:06:34.0684 12036 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
14:06:34.0700 12036 Mup - ok
14:06:34.0731 12036 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
14:06:34.0731 12036 NativeWifiP - ok
14:06:34.0793 12036 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
14:06:34.0809 12036 NDIS - ok
14:06:34.0840 12036 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:06:34.0840 12036 NdisTapi - ok
14:06:34.0871 12036 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:06:34.0871 12036 Ndisuio - ok
14:06:34.0918 12036 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
14:06:34.0918 12036 NdisWan - ok
14:06:34.0949 12036 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:06:34.0949 12036 NDProxy - ok
14:06:34.0996 12036 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:06:34.0996 12036 NetBIOS - ok
14:06:35.0027 12036 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
14:06:35.0043 12036 netbt - ok
14:06:35.0199 12036 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
14:06:35.0277 12036 NETw2v32 - ok
14:06:35.0308 12036 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:06:35.0308 12036 nfrd960 - ok
14:06:35.0355 12036 nmsunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\nmsunidr.sys
14:06:35.0355 12036 nmsunidr - ok
14:06:35.0386 12036 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
14:06:35.0402 12036 Npfs - ok
14:06:35.0417 12036 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:06:35.0433 12036 nsiproxy - ok
14:06:35.0511 12036 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
14:06:35.0558 12036 Ntfs - ok
14:06:35.0605 12036 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:06:35.0605 12036 ntrigdigi - ok
14:06:35.0636 12036 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:06:35.0651 12036 Null - ok
14:06:35.0979 12036 nvlddmkm (4152708c0c24e30dae7fa87d5afe1d7b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:06:36.0197 12036 nvlddmkm - ok
14:06:36.0260 12036 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
14:06:36.0260 12036 nvraid - ok
14:06:36.0291 12036 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
14:06:36.0291 12036 nvstor - ok
14:06:36.0400 12036 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
14:06:36.0400 12036 nv_agp - ok
14:06:36.0416 12036 NwlnkFlt - ok
14:06:36.0431 12036 NwlnkFwd - ok
14:06:36.0478 12036 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
14:06:36.0494 12036 ohci1394 - ok
14:06:36.0525 12036 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:06:36.0525 12036 Parport - ok
14:06:36.0572 12036 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
14:06:36.0572 12036 partmgr - ok
14:06:36.0587 12036 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:06:36.0587 12036 Parvdm - ok
14:06:36.0634 12036 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
14:06:36.0634 12036 pci - ok
14:06:36.0665 12036 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
14:06:36.0665 12036 pciide - ok
14:06:36.0697 12036 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
14:06:36.0697 12036 pcmcia - ok
14:06:36.0759 12036 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:06:36.0775 12036 PEAUTH - ok
14:06:36.0853 12036 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:06:36.0853 12036 PptpMiniport - ok
14:06:36.0899 12036 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
14:06:36.0899 12036 Processor - ok
14:06:36.0946 12036 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
14:06:36.0946 12036 PSched - ok
14:06:36.0977 12036 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
14:06:36.0977 12036 PxHelp20 - ok
14:06:37.0040 12036 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
14:06:37.0071 12036 ql2300 - ok
14:06:37.0102 12036 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:06:37.0102 12036 ql40xx - ok
14:06:37.0149 12036 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:06:37.0149 12036 QWAVEdrv - ok
14:06:37.0196 12036 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:06:37.0196 12036 RasAcd - ok
14:06:37.0243 12036 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:06:37.0243 12036 Rasl2tp - ok
14:06:37.0274 12036 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
14:06:37.0289 12036 RasPppoe - ok
14:06:37.0321 12036 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
14:06:37.0321 12036 RasSstp - ok
14:06:37.0367 12036 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
14:06:37.0367 12036 rdbss - ok
14:06:37.0414 12036 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:06:37.0414 12036 RDPCDD - ok
14:06:37.0445 12036 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
14:06:37.0445 12036 rdpdr - ok
14:06:37.0477 12036 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:06:37.0477 12036 RDPENCDD - ok
14:06:37.0523 12036 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
14:06:37.0523 12036 RDPWD - ok
14:06:37.0586 12036 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
14:06:37.0586 12036 RimUsb - ok
14:06:37.0633 12036 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
14:06:37.0633 12036 RimVSerPort - ok
14:06:37.0695 12036 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
14:06:37.0695 12036 ROOTMODEM - ok
14:06:37.0757 12036 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:06:37.0757 12036 rspndr - ok
14:06:37.0789 12036 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:06:37.0789 12036 sbp2port - ok
14:06:37.0835 12036 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
14:06:37.0835 12036 sdbus - ok
14:06:37.0882 12036 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:06:37.0882 12036 secdrv - ok
14:06:37.0929 12036 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:06:37.0929 12036 Serenum - ok
14:06:37.0976 12036 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:06:37.0976 12036 Serial - ok
14:06:38.0038 12036 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:06:38.0038 12036 sermouse - ok
14:06:38.0085 12036 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
14:06:38.0085 12036 sffdisk - ok
14:06:38.0101 12036 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
14:06:38.0101 12036 sffp_mmc - ok
14:06:38.0132 12036 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
14:06:38.0132 12036 sffp_sd - ok
14:06:38.0179 12036 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:06:38.0194 12036 sfloppy - ok
14:06:38.0225 12036 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
14:06:38.0225 12036 sisagp - ok
14:06:38.0241 12036 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
14:06:38.0241 12036 SiSRaid2 - ok
14:06:38.0272 12036 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
14:06:38.0272 12036 SiSRaid4 - ok
14:06:38.0303 12036 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
14:06:38.0319 12036 Smb - ok
14:06:38.0350 12036 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:06:38.0350 12036 spldr - ok
14:06:38.0413 12036 sptd (71e276f6d189413266ea22171806597b) C:\Windows\System32\Drivers\sptd.sys
14:06:38.0428 12036 sptd - ok
14:06:38.0459 12036 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
14:06:38.0475 12036 srv - ok
14:06:38.0506 12036 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
14:06:38.0506 12036 srv2 - ok
14:06:38.0537 12036 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
14:06:38.0537 12036 srvnet - ok
14:06:38.0569 12036 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
14:06:38.0569 12036 sscdbus - ok
14:06:38.0631 12036 STHDA (ea6204726ac084fece5086db72a12fdb) C:\Windows\system32\drivers\stwrt.sys
14:06:38.0631 12036 STHDA - ok
14:06:38.0693 12036 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:06:38.0693 12036 swenum - ok
14:06:38.0740 12036 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:06:38.0740 12036 Symc8xx - ok
14:06:38.0756 12036 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:06:38.0756 12036 Sym_hi - ok
14:06:38.0771 12036 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:06:38.0771 12036 Sym_u3 - ok
14:06:38.0834 12036 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
14:06:38.0865 12036 Tcpip - ok
14:06:38.0896 12036 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
14:06:38.0912 12036 Tcpip6 - ok
14:06:38.0927 12036 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
14:06:38.0927 12036 tcpipreg - ok
14:06:38.0959 12036 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:06:38.0959 12036 TDPIPE - ok
14:06:38.0990 12036 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:06:38.0990 12036 TDTCP - ok
14:06:39.0021 12036 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
14:06:39.0021 12036 tdx - ok
14:06:39.0052 12036 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
14:06:39.0052 12036 TermDD - ok
14:06:39.0146 12036 TSHWMDTCP (de8829c9da8fa4eda99948f1b78da80a) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
14:06:39.0146 12036 TSHWMDTCP - ok
14:06:39.0177 12036 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:06:39.0177 12036 tssecsrv - ok
14:06:39.0208 12036 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:06:39.0208 12036 tunmp - ok
14:06:39.0255 12036 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
14:06:39.0255 12036 tunnel - ok
14:06:39.0286 12036 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
14:06:39.0286 12036 uagp35 - ok
14:06:39.0349 12036 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
14:06:39.0349 12036 udfs - ok
14:06:39.0380 12036 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
14:06:39.0380 12036 uliagpkx - ok
14:06:39.0411 12036 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
14:06:39.0427 12036 uliahci - ok
14:06:39.0442 12036 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:06:39.0458 12036 UlSata - ok
14:06:39.0489 12036 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:06:39.0505 12036 ulsata2 - ok
14:06:39.0536 12036 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:06:39.0536 12036 umbus - ok
14:06:39.0567 12036 USBAAPL (026f7f224f088ee11e383bca448fff81) C:\Windows\system32\Drivers\usbaapl.sys
14:06:39.0583 12036 USBAAPL - ok
14:06:39.0614 12036 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:06:39.0614 12036 usbccgp - ok
14:06:39.0645 12036 usbcir (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys
14:06:39.0645 12036 usbcir - ok
14:06:39.0692 12036 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
14:06:39.0692 12036 usbehci - ok
14:06:39.0723 12036 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
14:06:39.0723 12036 usbhub - ok
14:06:39.0754 12036 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
14:06:39.0754 12036 usbohci - ok
14:06:39.0770 12036 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:06:39.0785 12036 usbprint - ok
14:06:39.0817 12036 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
14:06:39.0817 12036 usbscan - ok
14:06:39.0832 12036 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:06:39.0848 12036 USBSTOR - ok
14:06:39.0863 12036 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:06:39.0863 12036 usbuhci - ok
14:06:39.0910 12036 usb_rndisx (ee181a08e09db23cf4a49b46a1e66bb8) C:\Windows\system32\DRIVERS\usb8023x.sys
14:06:39.0910 12036 usb_rndisx - ok
14:06:39.0941 12036 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
14:06:39.0941 12036 vga - ok
14:06:39.0973 12036 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:06:39.0973 12036 VgaSave - ok
14:06:39.0988 12036 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
14:06:39.0988 12036 viaagp - ok
14:06:40.0019 12036 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
14:06:40.0019 12036 ViaC7 - ok
14:06:40.0051 12036 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
14:06:40.0051 12036 viaide - ok
14:06:40.0097 12036 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:06:40.0097 12036 volmgr - ok
14:06:40.0129 12036 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
14:06:40.0144 12036 volmgrx - ok
14:06:40.0175 12036 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
14:06:40.0175 12036 volsnap - ok
14:06:40.0222 12036 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
14:06:40.0222 12036 vsmraid - ok
14:06:40.0253 12036 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:06:40.0253 12036 WacomPen - ok
14:06:40.0285 12036 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:06:40.0285 12036 Wanarp - ok
14:06:40.0285 12036 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:06:40.0300 12036 Wanarpv6 - ok
14:06:40.0331 12036 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
14:06:40.0331 12036 Wd - ok
14:06:40.0378 12036 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:06:40.0394 12036 Wdf01000 - ok
14:06:40.0441 12036 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
14:06:40.0472 12036 winachsf - ok
14:06:40.0519 12036 WinUSB (f03110711b17ad31271cb2baf0dbb2b1) C:\Windows\system32\DRIVERS\WinUSB.sys
14:06:40.0519 12036 WinUSB - ok
14:06:40.0550 12036 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
14:06:40.0550 12036 WmiAcpi - ok
14:06:40.0597 12036 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
14:06:40.0597 12036 WpdUsb - ok
14:06:40.0628 12036 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:06:40.0643 12036 ws2ifsl - ok
14:06:40.0690 12036 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:06:40.0690 12036 WUDFRd - ok
14:06:40.0737 12036 XAudio (e3fcf2870b5d7979b3bf10e98a71c847) C:\Windows\system32\DRIVERS\xaudio.sys
14:06:40.0737 12036 XAudio - ok
14:06:40.0784 12036 ZD1211BU(ZyDAS) (478b4415dfb3a45b6fe61ec781e07d7b) C:\Windows\system32\DRIVERS\zd1211Bu.sys
14:06:40.0799 12036 ZD1211BU(ZyDAS) - ok
14:06:40.0831 12036 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\Windows\system32\Drivers\ZDPSp50.sys
14:06:40.0831 12036 ZDPSp50 - ok
14:06:40.0877 12036 MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0
14:06:40.0877 12036 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
14:06:40.0877 12036 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
14:06:40.0893 12036 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
14:06:40.0893 12036 \Device\Harddisk1\DR1 - ok
14:06:40.0909 12036 MBR (0x1B8) (6f6b894ab585105ef278f4ef085e2d69) \Device\Harddisk5\DR5
14:06:40.0909 12036 \Device\Harddisk5\DR5 - ok
14:06:40.0924 12036 Boot (0x1200) (788337aa3872cded72b14b125a4a9ba7) \Device\Harddisk0\DR0\Partition0
14:06:40.0924 12036 \Device\Harddisk0\DR0\Partition0 - ok
14:06:40.0940 12036 Boot (0x1200) (eea4e24cf9a52ca94990a56f5326f982) \Device\Harddisk0\DR0\Partition1
14:06:40.0940 12036 \Device\Harddisk0\DR0\Partition1 - ok
14:06:40.0940 12036 Boot (0x1200) (b40ec87fc775575fed91705d549472ab) \Device\Harddisk1\DR1\Partition0
14:06:40.0940 12036 \Device\Harddisk1\DR1\Partition0 - ok
14:06:40.0940 12036 Boot (0x1200) (afaa04ac3a81d30165a2d1c7fe8920ae) \Device\Harddisk5\DR5\Partition0
14:06:40.0940 12036 \Device\Harddisk5\DR5\Partition0 - ok
14:06:40.0955 12036 ============================================================
14:06:40.0955 12036 Scan finished
14:06:40.0955 12036 ============================================================
14:06:40.0971 10444 Detected object count: 1
14:06:40.0971 10444 Actual detected object count: 1
14:06:56.0431 10444 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
14:06:56.0431 10444 \Device\Harddisk0\DR0 - ok
14:06:56.0431 10444 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
14:07:02.0000 8628 Deinitialize success

This is the log that I just generated at 5:01pm:

17:00:30.0878 3704 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06
17:00:31.0190 3704 ============================================================
17:00:31.0190 3704 Current date / time: 2011/10/10 17:00:31.0190
17:00:31.0190 3704 SystemInfo:
17:00:31.0190 3704
17:00:31.0190 3704 OS Version: 6.0.6001 ServicePack: 1.0
17:00:31.0190 3704 Product type: Workstation
17:00:31.0190 3704 ComputerName: OWNER-PC
17:00:31.0190 3704 UserName: Owner
17:00:31.0190 3704 Windows directory: C:\Windows
17:00:31.0190 3704 System windows directory: C:\Windows
17:00:31.0190 3704 Processor architecture: Intel x86
17:00:31.0190 3704 Number of processors: 4
17:00:31.0190 3704 Page size: 0x1000
17:00:31.0190 3704 Boot type: Normal boot
17:00:31.0190 3704 ============================================================
17:00:36.0962 3704 Initialize success
17:01:07.0773 1444 ============================================================
17:01:07.0773 1444 Scan started
17:01:07.0773 1444 Mode: Manual;
17:01:07.0773 1444 ============================================================
17:01:08.0085 1444 ac97intc (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys
17:01:08.0085 1444 ac97intc - ok
17:01:08.0131 1444 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
17:01:08.0147 1444 ACPI - ok
17:01:08.0178 1444 adfs - ok
17:01:08.0225 1444 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
17:01:08.0225 1444 adp94xx - ok
17:01:08.0256 1444 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
17:01:08.0256 1444 adpahci - ok
17:01:08.0272 1444 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
17:01:08.0272 1444 adpu160m - ok
17:01:08.0334 1444 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
17:01:08.0334 1444 adpu320 - ok
17:01:08.0397 1444 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
17:01:08.0397 1444 AFD - ok
17:01:08.0412 1444 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
17:01:08.0412 1444 agp440 - ok
17:01:08.0443 1444 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:01:08.0443 1444 aic78xx - ok
17:01:08.0475 1444 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
17:01:08.0475 1444 aliide - ok
17:01:08.0490 1444 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
17:01:08.0490 1444 amdagp - ok
17:01:08.0521 1444 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
17:01:08.0521 1444 amdide - ok
17:01:08.0537 1444 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
17:01:08.0537 1444 AmdK7 - ok
17:01:08.0553 1444 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
17:01:08.0553 1444 AmdK8 - ok
17:01:08.0615 1444 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
17:01:08.0615 1444 arc - ok
17:01:08.0631 1444 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
17:01:08.0646 1444 arcsas - ok
17:01:08.0709 1444 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:01:08.0709 1444 AsyncMac - ok
17:01:08.0740 1444 atapi (4f4fcb8b6ea06784fb6d475b7ec7300f) C:\Windows\system32\drivers\atapi.sys
17:01:08.0740 1444 atapi - ok
17:01:08.0787 1444 athrusb (59db74ef3b328852a736578dff3fcad6) C:\Windows\system32\DRIVERS\athrusb.sys
17:01:08.0787 1444 athrusb - ok
17:01:08.0833 1444 athrusb6 (be701d39fb0543083ddf74227638bcf3) C:\Windows\system32\DRIVERS\athru6.sys
17:01:08.0849 1444 athrusb6 - ok
17:01:08.0896 1444 AVer88xHD (ee02618bbb1df4a6decb524a502ed61e) C:\Windows\system32\drivers\AVer88xHD.sys
17:01:08.0896 1444 AVer88xHD - ok
17:01:08.0927 1444 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
17:01:08.0927 1444 bcm4sbxp - ok
17:01:08.0974 1444 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:01:08.0974 1444 Beep - ok
17:01:08.0989 1444 blbdrive - ok
17:01:09.0052 1444 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
17:01:09.0052 1444 bowser - ok
17:01:09.0067 1444 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:01:09.0067 1444 BrFiltLo - ok
17:01:09.0083 1444 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:01:09.0083 1444 BrFiltUp - ok
17:01:09.0130 1444 BRGSp50 (ee0f41fa0466189a2c8b9caf7d1cddd5) C:\Windows\system32\Drivers\BRGSp50.sys
17:01:09.0130 1444 BRGSp50 - ok
17:01:09.0161 1444 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:01:09.0161 1444 Brserid - ok
17:01:09.0177 1444 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:01:09.0177 1444 BrSerWdm - ok
17:01:09.0208 1444 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:01:09.0208 1444 BrUsbMdm - ok
17:01:09.0223 1444 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:01:09.0223 1444 BrUsbSer - ok
17:01:09.0239 1444 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:01:09.0239 1444 BTHMODEM - ok
17:01:09.0286 1444 catchme - ok
17:01:09.0301 1444 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:01:09.0301 1444 cdfs - ok
17:01:09.0333 1444 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:01:09.0333 1444 cdrom - ok
17:01:09.0379 1444 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
17:01:09.0379 1444 circlass - ok
17:01:09.0395 1444 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
17:01:09.0395 1444 CLFS - ok
17:01:09.0442 1444 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
17:01:09.0442 1444 CmBatt - ok
17:01:09.0457 1444 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
17:01:09.0457 1444 cmdide - ok
17:01:09.0473 1444 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
17:01:09.0473 1444 Compbatt - ok
17:01:09.0489 1444 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
17:01:09.0489 1444 crcdisk - ok
17:01:09.0520 1444 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
17:01:09.0520 1444 Crusoe - ok
17:01:09.0551 1444 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
17:01:09.0551 1444 CVirtA - ok
17:01:09.0582 1444 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
17:01:09.0582 1444 DfsC - ok
17:01:09.0645 1444 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
17:01:09.0645 1444 disk - ok
17:01:09.0676 1444 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\Windows\system32\DRIVERS\dne2000.sys
17:01:09.0676 1444 DNE - ok
17:01:09.0707 1444 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:01:09.0707 1444 drmkaud - ok
17:01:09.0754 1444 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:01:09.0754 1444 dtsoftbus01 - ok
17:01:09.0801 1444 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
17:01:09.0801 1444 DXGKrnl - ok
17:01:09.0847 1444 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
17:01:09.0847 1444 e1express - ok
17:01:09.0879 1444 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:01:09.0879 1444 E1G60 - ok
17:01:09.0910 1444 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
17:01:09.0910 1444 Ecache - ok
17:01:09.0941 1444 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
17:01:09.0941 1444 elxstor - ok
17:01:09.0988 1444 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
17:01:09.0988 1444 exfat - ok
17:01:10.0019 1444 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
17:01:10.0019 1444 fastfat - ok
17:01:10.0050 1444 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
17:01:10.0050 1444 fdc - ok
17:01:10.0081 1444 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:01:10.0081 1444 FileInfo - ok
17:01:10.0128 1444 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:01:10.0128 1444 Filetrace - ok
17:01:10.0144 1444 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
17:01:10.0144 1444 flpydisk - ok
17:01:10.0175 1444 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
17:01:10.0191 1444 FltMgr - ok
17:01:10.0191 1444 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
17:01:10.0191 1444 Fs_Rec - ok
17:01:10.0206 1444 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
17:01:10.0222 1444 gagp30kx - ok
17:01:10.0269 1444 GEARAspiWDM (df6e37b27a9a1a498c6d9f29995b7a03) C:\Windows\system32\Drivers\GEARAspiWDM.sys
17:01:10.0269 1444 GEARAspiWDM - ok
17:01:10.0315 1444 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
17:01:10.0315 1444 HdAudAddService - ok
17:01:10.0347 1444 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:01:10.0347 1444 HDAudBus - ok
17:01:10.0378 1444 HECI (cc2c8c23417cc7ddf5eddb17e60a14db) C:\Windows\system32\DRIVERS\HECI.sys
17:01:10.0378 1444 HECI - ok
17:01:10.0393 1444 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:01:10.0393 1444 HidBth - ok
17:01:10.0425 1444 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
17:01:10.0425 1444 HidIr - ok
17:01:10.0456 1444 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
17:01:10.0456 1444 HidUsb - ok
17:01:10.0471 1444 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
17:01:10.0471 1444 HpCISSs - ok
17:01:10.0534 1444 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
17:01:10.0534 1444 HSF_DPV - ok
17:01:10.0581 1444 HSXHWBS2 (5f60f0ad32d43b9ab9ac9373117d8e54) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
17:01:10.0581 1444 HSXHWBS2 - ok
17:01:10.0627 1444 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
17:01:10.0627 1444 HTTP - ok
17:01:10.0643 1444 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
17:01:10.0643 1444 i2omp - ok
17:01:10.0690 1444 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:01:10.0690 1444 i8042prt - ok
17:01:10.0737 1444 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys
17:01:10.0752 1444 ialm - ok
17:01:10.0799 1444 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\DRIVERS\iaStor.sys
17:01:10.0799 1444 iaStor - ok
17:01:10.0815 1444 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
17:01:10.0815 1444 iaStorV - ok
17:01:10.0861 1444 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:01:10.0861 1444 iirsp - ok
17:01:10.0893 1444 IntelDH (b7a420e4b137176234272d5ca9d51a49) C:\Windows\system32\Drivers\IntelDH.sys
17:01:10.0893 1444 IntelDH - ok
17:01:10.0908 1444 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
17:01:10.0908 1444 intelide - ok
17:01:10.0939 1444 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
17:01:10.0939 1444 intelppm - ok
17:01:10.0986 1444 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:01:10.0986 1444 IpFilterDriver - ok
17:01:11.0002 1444 IpInIp - ok
17:01:11.0017 1444 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
17:01:11.0017 1444 IPMIDRV - ok
17:01:11.0049 1444 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:01:11.0049 1444 IPNAT - ok
17:01:11.0080 1444 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:01:11.0080 1444 IRENUM - ok
17:01:11.0095 1444 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
17:01:11.0095 1444 isapnp - ok
17:01:11.0142 1444 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
17:01:11.0142 1444 iScsiPrt - ok
17:01:11.0173 1444 iteatapi (6944a9ddabb124bde6ba3ca5430b0398) C:\Windows\system32\drivers\iteatapi.sys
17:01:11.0173 1444 iteatapi - ok
17:01:11.0189 1444 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:01:11.0189 1444 iteraid - ok
17:01:11.0220 1444 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:01:11.0220 1444 kbdclass - ok
17:01:11.0236 1444 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
17:01:11.0236 1444 kbdhid - ok
17:01:11.0267 1444 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
17:01:11.0283 1444 KSecDD - ok
17:01:11.0329 1444 libusb0 (34d6730e198a5b0fce0790a6b4769ef2) C:\Windows\system32\drivers\libusb0.sys
17:01:11.0329 1444 libusb0 - ok
17:01:11.0345 1444 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:01:11.0345 1444 lltdio - ok
17:01:11.0376 1444 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
17:01:11.0376 1444 LSI_FC - ok
17:01:11.0407 1444 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
17:01:11.0407 1444 LSI_SAS - ok
17:01:11.0439 1444 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
17:01:11.0439 1444 LSI_SCSI - ok
17:01:11.0470 1444 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:01:11.0470 1444 luafv - ok
17:01:11.0501 1444 ManyCam (c6d085c7045200143528136a43a65fde) C:\Windows\system32\DRIVERS\ManyCam.sys
17:01:11.0501 1444 ManyCam - ok
17:01:11.0548 1444 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:01:11.0563 1444 mdmxsdk - ok
17:01:11.0579 1444 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
17:01:11.0579 1444 megasas - ok
17:01:11.0641 1444 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:01:11.0641 1444 Modem - ok
17:01:11.0673 1444 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:01:11.0673 1444 monitor - ok
17:01:11.0704 1444 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:01:11.0704 1444 mouclass - ok
17:01:11.0719 1444 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:01:11.0719 1444 mouhid - ok
17:01:11.0751 1444 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:01:11.0751 1444 MountMgr - ok
17:01:11.0782 1444 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
17:01:11.0782 1444 mpio - ok
17:01:11.0797 1444 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:01:11.0797 1444 mpsdrv - ok
17:01:11.0829 1444 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:01:11.0829 1444 Mraid35x - ok
17:01:11.0860 1444 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
17:01:11.0860 1444 MRxDAV - ok
17:01:11.0891 1444 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:01:11.0891 1444 mrxsmb - ok
17:01:11.0938 1444 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:01:11.0938 1444 mrxsmb10 - ok
17:01:11.0953 1444 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:01:11.0953 1444 mrxsmb20 - ok
17:01:11.0985 1444 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
17:01:11.0985 1444 msahci - ok
17:01:12.0000 1444 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
17:01:12.0000 1444 msdsm - ok
17:01:12.0047 1444 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:01:12.0063 1444 Msfs - ok
17:01:12.0094 1444 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:01:12.0109 1444 msisadrv - ok
17:01:12.0141 1444 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:01:12.0141 1444 MSKSSRV - ok
17:01:12.0172 1444 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:01:12.0172 1444 MSPCLOCK - ok
17:01:12.0203 1444 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:01:12.0203 1444 MSPQM - ok
17:01:12.0219 1444 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
17:01:12.0219 1444 MsRPC - ok
17:01:12.0234 1444 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:01:12.0234 1444 mssmbios - ok
17:01:12.0265 1444 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:01:12.0265 1444 MSTEE - ok
17:01:12.0281 1444 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
17:01:12.0281 1444 Mup - ok
17:01:12.0328 1444 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
17:01:12.0328 1444 NativeWifiP - ok
17:01:12.0375 1444 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
17:01:12.0390 1444 NDIS - ok
17:01:12.0406 1444 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:01:12.0406 1444 NdisTapi - ok
17:01:12.0437 1444 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:01:12.0437 1444 Ndisuio - ok
17:01:12.0453 1444 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
17:01:12.0468 1444 NdisWan - ok
17:01:12.0499 1444 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:01:12.0499 1444 NDProxy - ok
17:01:12.0515 1444 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:01:12.0515 1444 NetBIOS - ok
17:01:12.0531 1444 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
17:01:12.0531 1444 netbt - ok
17:01:12.0655 1444 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
17:01:12.0733 1444 NETw2v32 - ok
17:01:12.0765 1444 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:01:12.0765 1444 nfrd960 - ok
17:01:12.0811 1444 nmsunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\nmsunidr.sys
17:01:12.0811 1444 nmsunidr - ok
17:01:12.0827 1444 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
17:01:12.0827 1444 Npfs - ok
17:01:12.0858 1444 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:01:12.0858 1444 nsiproxy - ok
17:01:12.0921 1444 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
17:01:12.0952 1444 Ntfs - ok
17:01:12.0967 1444 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:01:12.0967 1444 ntrigdigi - ok
17:01:12.0999 1444 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:01:12.0999 1444 Null - ok
17:01:13.0248 1444 nvlddmkm (4152708c0c24e30dae7fa87d5afe1d7b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:01:13.0451 1444 nvlddmkm - ok
17:01:13.0482 1444 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
17:01:13.0482 1444 nvraid - ok
17:01:13.0498 1444 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
17:01:13.0498 1444 nvstor - ok
17:01:13.0545 1444 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
17:01:13.0545 1444 nv_agp - ok
17:01:13.0545 1444 NwlnkFlt - ok
17:01:13.0560 1444 NwlnkFwd - ok
17:01:13.0591 1444 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
17:01:13.0591 1444 ohci1394 - ok
17:01:13.0638 1444 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:01:13.0638 1444 Parport - ok
17:01:13.0669 1444 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
17:01:13.0669 1444 partmgr - ok
17:01:13.0685 1444 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:01:13.0685 1444 Parvdm - ok
17:01:13.0716 1444 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
17:01:13.0716 1444 pci - ok
17:01:13.0732 1444 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
17:01:13.0747 1444 pciide - ok
17:01:13.0763 1444 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
17:01:13.0779 1444 pcmcia - ok
17:01:13.0810 1444 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:01:13.0841 1444 PEAUTH - ok
17:01:13.0888 1444 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:01:13.0888 1444 PptpMiniport - ok
17:01:13.0919 1444 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
17:01:13.0919 1444 Processor - ok
17:01:13.0950 1444 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
17:01:13.0966 1444 PSched - ok
17:01:13.0997 1444 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
17:01:13.0997 1444 PxHelp20 - ok
17:01:14.0044 1444 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
17:01:14.0075 1444 ql2300 - ok
17:01:14.0091 1444 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:01:14.0091 1444 ql40xx - ok
17:01:14.0122 1444 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:01:14.0122 1444 QWAVEdrv - ok
17:01:14.0169 1444 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:01:14.0169 1444 RasAcd - ok
17:01:14.0184 1444 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:01:14.0184 1444 Rasl2tp - ok
17:01:14.0215 1444 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
17:01:14.0215 1444 RasPppoe - ok
17:01:14.0247 1444 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
17:01:14.0247 1444 RasSstp - ok
17:01:14.0278 1444 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
17:01:14.0278 1444 rdbss - ok
17:01:14.0309 1444 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:01:14.0309 1444 RDPCDD - ok
17:01:14.0340 1444 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
17:01:14.0340 1444 rdpdr - ok
17:01:14.0356 1444 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:01:14.0356 1444 RDPENCDD - ok
17:01:14.0387 1444 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
17:01:14.0403 1444 RDPWD - ok
17:01:14.0434 1444 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
17:01:14.0434 1444 RimUsb - ok
17:01:14.0496 1444 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
17:01:14.0496 1444 RimVSerPort - ok
17:01:14.0512 1444 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
17:01:14.0512 1444 ROOTMODEM - ok
17:01:14.0574 1444 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:01:14.0574 1444 rspndr - ok
17:01:14.0590 1444 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:01:14.0590 1444 sbp2port - ok
17:01:14.0621 1444 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
17:01:14.0621 1444 sdbus - ok
17:01:14.0652 1444 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:01:14.0652 1444 secdrv - ok
17:01:14.0668 1444 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
17:01:14.0668 1444 Serenum - ok
17:01:14.0683 1444 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:01:14.0683 1444 Serial - ok
17:01:14.0715 1444 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:01:14.0715 1444 sermouse - ok
17:01:14.0746 1444 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
17:01:14.0746 1444 sffdisk - ok
17:01:14.0761 1444 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
17:01:14.0761 1444 sffp_mmc - ok
17:01:14.0777 1444 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
17:01:14.0777 1444 sffp_sd - ok
17:01:14.0793 1444 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:01:14.0793 1444 sfloppy - ok
17:01:14.0824 1444 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
17:01:14.0824 1444 sisagp - ok
17:01:14.0855 1444 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
17:01:14.0855 1444 SiSRaid2 - ok
17:01:14.0871 1444 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
17:01:14.0871 1444 SiSRaid4 - ok
17:01:14.0902 1444 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
17:01:14.0917 1444 Smb - ok
17:01:14.0949 1444 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:01:14.0949 1444 spldr - ok
17:01:14.0995 1444 sptd (71e276f6d189413266ea22171806597b) C:\Windows\System32\Drivers\sptd.sys
17:01:15.0011 1444 sptd - ok
17:01:15.0042 1444 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
17:01:15.0058 1444 srv - ok
17:01:15.0073 1444 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
17:01:15.0073 1444 srv2 - ok
17:01:15.0105 1444 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
17:01:15.0105 1444 srvnet - ok
17:01:15.0136 1444 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
17:01:15.0136 1444 sscdbus - ok
17:01:15.0183 1444 STHDA (ea6204726ac084fece5086db72a12fdb) C:\Windows\system32\drivers\stwrt.sys
17:01:15.0183 1444 STHDA - ok
17:01:15.0229 1444 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:01:15.0229 1444 swenum - ok
17:01:15.0245 1444 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:01:15.0261 1444 Symc8xx - ok
17:01:15.0276 1444 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:01:15.0276 1444 Sym_hi - ok
17:01:15.0292 1444 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:01:15.0292 1444 Sym_u3 - ok
17:01:15.0339 1444 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
17:01:15.0370 1444 Tcpip - ok
17:01:15.0401 1444 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
17:01:15.0401 1444 Tcpip6 - ok
17:01:15.0463 1444 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
17:01:15.0463 1444 tcpipreg - ok
17:01:15.0495 1444 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:01:15.0495 1444 TDPIPE - ok
17:01:15.0510 1444 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:01:15.0526 1444 TDTCP - ok
17:01:15.0557 1444 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
17:01:15.0557 1444 tdx - ok
17:01:15.0588 1444 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
17:01:15.0588 1444 TermDD - ok
17:01:15.0666 1444 TSHWMDTCP (de8829c9da8fa4eda99948f1b78da80a) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
17:01:15.0666 1444 TSHWMDTCP - ok
17:01:15.0682 1444 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:01:15.0697 1444 tssecsrv - ok
17:01:15.0744 1444 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:01:15.0744 1444 tunmp - ok
17:01:15.0775 1444 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
17:01:15.0775 1444 tunnel - ok
17:01:15.0807 1444 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
17:01:15.0807 1444 uagp35 - ok
17:01:15.0869 1444 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
17:01:15.0869 1444 udfs - ok
17:01:15.0900 1444 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
17:01:15.0900 1444 uliagpkx - ok
17:01:15.0916 1444 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
17:01:15.0931 1444 uliahci - ok
17:01:15.0947 1444 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:01:15.0947 1444 UlSata - ok
17:01:15.0963 1444 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:01:15.0978 1444 ulsata2 - ok
17:01:16.0009 1444 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:01:16.0009 1444 umbus - ok
17:01:16.0041 1444 USBAAPL (026f7f224f088ee11e383bca448fff81) C:\Windows\system32\Drivers\usbaapl.sys
17:01:16.0041 1444 USBAAPL - ok
17:01:16.0072 1444 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:01:16.0072 1444 usbccgp - ok
17:01:16.0087 1444 usbcir (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys
17:01:16.0103 1444 usbcir - ok
17:01:16.0134 1444 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
17:01:16.0134 1444 usbehci - ok
17:01:16.0165 1444 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
17:01:16.0165 1444 usbhub - ok
17:01:16.0197 1444 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
17:01:16.0197 1444 usbohci - ok
17:01:16.0212 1444 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:01:16.0212 1444 usbprint - ok
17:01:16.0243 1444 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
17:01:16.0243 1444 usbscan - ok
17:01:16.0259 1444 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:01:16.0259 1444 USBSTOR - ok
17:01:16.0306 1444 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
17:01:16.0306 1444 usbuhci - ok
17:01:16.0337 1444 usb_rndisx (ee181a08e09db23cf4a49b46a1e66bb8) C:\Windows\system32\DRIVERS\usb8023x.sys
17:01:16.0353 1444 usb_rndisx - ok
17:01:16.0368 1444 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
17:01:16.0368 1444 vga - ok
17:01:16.0399 1444 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:01:16.0399 1444 VgaSave - ok
17:01:16.0415 1444 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
17:01:16.0415 1444 viaagp - ok
17:01:16.0446 1444 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
17:01:16.0446 1444 ViaC7 - ok
17:01:16.0462 1444 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
17:01:16.0462 1444 viaide - ok
17:01:16.0509 1444 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:01:16.0509 1444 volmgr - ok
17:01:16.0540 1444 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
17:01:16.0540 1444 volmgrx - ok
17:01:16.0571 1444 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
17:01:16.0571 1444 volsnap - ok
17:01:16.0587 1444 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
17:01:16.0587 1444 vsmraid - ok
17:01:16.0618 1444 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:01:16.0618 1444 WacomPen - ok
17:01:16.0649 1444 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:01:16.0649 1444 Wanarp - ok
17:01:16.0649 1444 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:01:16.0649 1444 Wanarpv6 - ok
17:01:16.0696 1444 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
17:01:16.0696 1444 Wd - ok
17:01:16.0743 1444 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:01:16.0758 1444 Wdf01000 - ok
17:01:16.0821 1444 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
17:01:16.0836 1444 winachsf - ok
17:01:16.0867 1444 WinUSB (f03110711b17ad31271cb2baf0dbb2b1) C:\Windows\system32\DRIVERS\WinUSB.sys
17:01:16.0867 1444 WinUSB - ok
17:01:16.0899 1444 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
17:01:16.0899 1444 WmiAcpi - ok
17:01:16.0930 1444 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
17:01:16.0930 1444 WpdUsb - ok
17:01:16.0945 1444 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:01:16.0945 1444 ws2ifsl - ok
17:01:16.0992 1444 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:01:16.0992 1444 WUDFRd - ok
17:01:17.0023 1444 XAudio (e3fcf2870b5d7979b3bf10e98a71c847) C:\Windows\system32\DRIVERS\xaudio.sys
17:01:17.0023 1444 XAudio - ok
17:01:17.0055 1444 ZD1211BU(ZyDAS) (478b4415dfb3a45b6fe61ec781e07d7b) C:\Windows\system32\DRIVERS\zd1211Bu.sys
17:01:17.0070 1444 ZD1211BU(ZyDAS) - ok
17:01:17.0101 1444 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\Windows\system32\Drivers\ZDPSp50.sys
17:01:17.0101 1444 ZDPSp50 - ok
17:01:17.0133 1444 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:01:17.0148 1444 \Device\Harddisk0\DR0 - ok
17:01:17.0148 1444 MBR (0x1B8) (6f6b894ab585105ef278f4ef085e2d69) \Device\Harddisk1\DR1
17:01:17.0148 1444 \Device\Harddisk1\DR1 - ok
17:01:17.0164 1444 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
17:01:17.0164 1444 \Device\Harddisk2\DR2 - ok
17:01:17.0179 1444 Boot (0x1200) (788337aa3872cded72b14b125a4a9ba7) \Device\Harddisk0\DR0\Partition0
17:01:17.0179 1444 \Device\Harddisk0\DR0\Partition0 - ok
17:01:17.0179 1444 Boot (0x1200) (eea4e24cf9a52ca94990a56f5326f982) \Device\Harddisk0\DR0\Partition1
17:01:17.0179 1444 \Device\Harddisk0\DR0\Partition1 - ok
17:01:17.0179 1444 Boot (0x1200) (afaa04ac3a81d30165a2d1c7fe8920ae) \Device\Harddisk1\DR1\Partition0
17:01:17.0179 1444 \Device\Harddisk1\DR1\Partition0 - ok
17:01:17.0195 1444 Boot (0x1200) (b40ec87fc775575fed91705d549472ab) \Device\Harddisk2\DR2\Partition0
17:01:17.0195 1444 \Device\Harddisk2\DR2\Partition0 - ok
17:01:17.0195 1444 ============================================================
17:01:17.0195 1444 Scan finished
17:01:17.0195 1444 ============================================================
17:01:17.0195 2812 Detected object count: 0
17:01:17.0195 2812 Actual detected object count: 0

Edited by Elle Scorcho, 10 October 2011 - 04:08 PM.


#12 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:46 PM

Posted 11 October 2011 - 06:34 AM

Please tell him/her not to run any other tools, this may hinder the cleaning process.

Delete your copy of Combofix (do not uninstall) and then download and run a new copy.

Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#13 Elle Scorcho

Elle Scorcho
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 11 October 2011 - 02:37 PM

ComboFix 11-10-11.02 - Owner 10/11/2011 13:36:58.3.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3061.2176 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-11 to 2011-10-11 )))))))))))))))))))))))))))))))
.
.
2011-10-11 17:51 . 2011-10-11 17:51 -------- d-----w- c:\users\Owner\AppData\Local\temp
2011-10-11 17:51 . 2011-10-11 17:51 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2011-10-11 17:51 . 2011-10-11 17:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-29 07:57 . 2011-09-29 18:23 -------- d-----w- C:\## aswSnx private storage
2011-09-29 03:52 . 2011-09-29 03:52 -------- d-----w- c:\programdata\WindowsSearch
2011-09-27 17:47 . 2011-09-27 17:47 -------- d-----w- c:\users\UpdatusUser
2011-09-27 17:46 . 2011-08-03 11:50 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-09-27 17:46 . 2011-08-03 11:50 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-09-27 17:45 . 2011-09-27 17:45 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-09-27 17:41 . 2011-08-03 11:50 6613096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-09-27 17:41 . 2011-08-03 11:50 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-09-27 17:41 . 2011-08-03 11:50 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-09-27 17:41 . 2011-08-03 11:50 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-09-27 17:41 . 2011-08-03 11:50 5404776 ----a-w- c:\windows\system32\nvcuda.dll
2011-09-27 17:41 . 2011-08-03 11:50 2391656 ----a-w- c:\windows\system32\nvcuvid.dll
2011-09-27 17:41 . 2011-08-03 11:50 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-09-27 17:41 . 2011-08-03 11:50 16595560 ----a-w- c:\windows\system32\nvoglv32.dll
2011-09-27 17:41 . 2011-08-03 11:50 10304104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-09-27 17:41 . 2011-08-03 11:50 17193576 ----a-w- c:\windows\system32\nvcompiler.dll
2011-09-27 06:43 . 2011-09-29 08:59 -------- d-----w- C:\My Music
2011-09-26 23:15 . 2011-10-09 13:45 -------- d-----w- c:\programdata\AVAST Software
2011-09-22 03:35 . 2011-09-22 03:35 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2011-09-22 03:35 . 2011-09-22 03:35 -------- d-----w- c:\programdata\Malwarebytes
2011-09-22 03:35 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-22 03:35 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-18 04:31 . 2011-09-18 04:31 -------- d--h--w- c:\windows\PIF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-03 11:50 . 2008-10-07 17:33 599144 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-03 11:50 . 2007-09-12 10:28 3730024 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:50 . 2007-09-12 10:28 2558568 ----a-w- c:\windows\system32\nvsvc.dll
2011-08-03 11:50 . 2007-09-12 10:28 2412136 ----a-w- c:\windows\system32\nvapi.dll
2011-08-03 11:50 . 2007-09-12 10:28 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:50 . 2007-06-05 20:22 12636776 ----a-w- c:\windows\system32\nvd3dum.dll
2011-08-03 07:31 . 2011-08-03 07:31 311912 ----a-w- c:\windows\system32\nvStreaming.exe
2011-09-30 07:22 . 2011-07-19 07:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"SigmatelSysTrayApp"="sttray.exe" [2007-03-01 303104]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-05 136176]
R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2007-04-06 36312]
R3 athrusb;XPC 802.11b/g Wireless Kit Driver;c:\windows\system32\DRIVERS\athrusb.sys [2006-12-23 449536]
R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\DRIVERS\athru6.sys [2007-07-05 873472]
R3 DHTRACE;Intel® DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-04-06 39896]
R3 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 208896]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-05 136176]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2007-03-20 28672]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 NMSCore;Intel® NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-04-06 313816]
R3 QualityManager;Intel® Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-04-06 272856]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-11-21 717296]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-21 218688]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-19 5376]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;c:\windows\system32\drivers\AVer88xHD.sys [2007-04-09 401408]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2007-06-05 5504]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-05 07:29]
.
2011-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-05 07:29]
.
2011-10-11 c:\windows\Tasks\User_Feed_Synchronization-{360627FB-F5FD-42E3-90D5-409F6559A081}.job
- c:\windows\system32\msfeedssync.exe [2008-09-24 07:33]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5478
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\yvvgj10p.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-11 13:51
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2390978826-3084064312-1346969681-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:27,2a,c6,16,2d,c5,ee,93,b4,f6,7a,fc,d0,90,96,ed,2f,c8,6c,5b,ec,0d,87,
3c,0d,db,4d,96,d5,2b,74,55,36,00,f9,88,de,2b,e9,21,0b,6d,4a,05,97,f4,9b,d9,\
"??"=hex:46,65,13,9a,3e,d6,f3,a0,7b,78,4a,26,88,b4,a9,0a
.
[HKEY_USERS\S-1-5-21-2390978826-3084064312-1346969681-1001\Software\SecuROM\License information*]
"datasecu"=hex:07,3a,89,01,91,d3,80,f5,1a,b6,70,f6,b5,f0,17,cb,9b,fc,bc,21,f5,
46,c9,f4,04,08,08,d3,b7,57,23,4b,72,b1,70,3d,39,e4,cb,36,c6,50,0e,a5,2e,f9,\
"rkeysecu"=hex:06,2c,dc,59,69,15,2c,83,d6,47,65,a4,4c,9a,95,e4
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-11 13:53:20
ComboFix-quarantined-files.txt 2011-10-11 17:53
ComboFix2.txt 2011-10-09 14:11
ComboFix3.txt 2011-09-25 00:50
.
Pre-Run: 245,206,339,584 bytes free
Post-Run: 246,412,050,432 bytes free
.
- - End Of File - - 4C8E9F1F108F42CA9BF68D44536FF7B3

#14 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:46 PM

Posted 12 October 2011 - 05:32 AM

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, but make sure you copy the logfile first.
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#15 Elle Scorcho

Elle Scorcho
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 12 October 2011 - 07:37 PM

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=e80fc970c8b9ea439590e3477b2cc70e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-10-13 12:10:56
# local_time=2011-10-12 08:10:56 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=768 16777215 100 0 50666326 50666326 0 0
# compatibility_mode=5892 16776574 66 100 15510038 155060329 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=375885
# found=24
# cleaned=0
# scan_time=11855
C:\Documents and Settings\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\18f94b81-3cee852b Java/TrojanDownloader.OpenStream.NCA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\741a2a8c-4a746e78 Java/TrojanDownloader.OpenStream.NCA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\189dd70f-70873328 Java/TrojanDownloader.OpenStream.NBW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\4cb66b1c-1c11d205 a variant of Java/Agent.AO trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\5070075d-7562a2a3 Java/TrojanDownloader.OpenStream.NCA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\58ec35a7-7a29511f a variant of Java/Exploit.CVE-2010-4452.A trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\6298b7e9-329d1228 Java/Agent.BZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\7bf72d70-53d6fb2a Java/TrojanDownloader.OpenStream.NCA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\7a2a6af2-133a8da7 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\71717b7-5c4532ec multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\58cce93f-72f2cbd8 Java/TrojanDownloader.OpenStream.NBW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Owner\Downloads\MusicConverterSetup.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\18f94b81-3cee852b Java/TrojanDownloader.OpenStream.NCA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\741a2a8c-4a746e78 Java/TrojanDownloader.OpenStream.NCA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\189dd70f-70873328 Java/TrojanDownloader.OpenStream.NBW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\4cb66b1c-1c11d205 a variant of Java/Agent.AO trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\5070075d-7562a2a3 Java/TrojanDownloader.OpenStream.NCA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\58ec35a7-7a29511f a variant of Java/Exploit.CVE-2010-4452.A trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\6298b7e9-329d1228 Java/Agent.BZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\7bf72d70-53d6fb2a Java/TrojanDownloader.OpenStream.NCA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\7a2a6af2-133a8da7 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\71717b7-5c4532ec multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\58cce93f-72f2cbd8 Java/TrojanDownloader.OpenStream.NBW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Owner\Downloads\MusicConverterSetup.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users