Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan-clicker.win32.wistler.a on external hard drive


  • Please log in to reply
11 replies to this topic

#1 Derialc

Derialc

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 11 October 2011 - 12:52 PM

Hi all,

As my subject line says Kaspersky has found a Trojan-clicker.win32.wistler.a on my external hard drive. I reformatted the drive but it's still showing up... Is there something else I can try or do I need to dump it and buy a new one? My pc is running Windows XP.

Thanks in advance for any help!
Claire.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:37 PM

Posted 11 October 2011 - 01:13 PM

Hello and welcome

Please scan that drive with these.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.6.4.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
[color=green]Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


Troubleshoot Malwarebytes' Anti-Malware
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Derialc

Derialc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 17 October 2011 - 02:38 PM

Hi, thanks for your reply. I'll scan the drive this evening if I get a chance and then post the logs.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:37 PM

Posted 17 October 2011 - 07:53 PM

No problem,I'll look back.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Derialc

Derialc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 27 October 2011 - 02:37 PM

Hi,
Finally found the time to try and sort this out!

Just ran the TDSSKiller, actually ran it twice because it never gave me a reboot option so I just ran it a second time in case I'd missed something. Found 2 objects but would only let me select Cure for one of them, for the other my options were Skip, Delete, Copy to Quarantine. I left it at the default which was Skip...

20:27:47.0081 2472 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
20:27:47.0191 2472 ============================================================
20:27:47.0191 2472 Current date / time: 2011/10/27 20:27:47.0191
20:27:47.0191 2472 SystemInfo:
20:27:47.0191 2472
20:27:47.0191 2472 OS Version: 5.1.2600 ServicePack: 3.0
20:27:47.0191 2472 Product type: Workstation
20:27:47.0191 2472 ComputerName: CLAIRE
20:27:47.0191 2472 UserName: User
20:27:47.0191 2472 Windows directory: C:\WINDOWS
20:27:47.0191 2472 System windows directory: C:\WINDOWS
20:27:47.0191 2472 Processor architecture: Intel x86
20:27:47.0191 2472 Number of processors: 2
20:27:47.0191 2472 Page size: 0x1000
20:27:47.0191 2472 Boot type: Normal boot
20:27:47.0191 2472 ============================================================
20:27:48.0159 2472 Initialize success
20:28:43.0909 3104 ============================================================
20:28:43.0909 3104 Scan started
20:28:43.0909 3104 Mode: Manual;
20:28:43.0909 3104 ============================================================
20:28:44.0409 3104 Abiosdsk - ok
20:28:44.0425 3104 abp480n5 - ok
20:28:44.0503 3104 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:28:44.0503 3104 ACPI - ok
20:28:44.0581 3104 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:28:44.0581 3104 ACPIEC - ok
20:28:44.0597 3104 adpu160m - ok
20:28:44.0644 3104 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:28:44.0644 3104 aec - ok
20:28:44.0784 3104 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:28:44.0784 3104 AFD - ok
20:28:44.0800 3104 Aha154x - ok
20:28:44.0816 3104 aic78u2 - ok
20:28:44.0831 3104 aic78xx - ok
20:28:44.0847 3104 AliIde - ok
20:28:44.0863 3104 amsint - ok
20:28:44.0878 3104 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:28:44.0894 3104 Arp1394 - ok
20:28:44.0894 3104 asc - ok
20:28:44.0909 3104 asc3350p - ok
20:28:44.0925 3104 asc3550 - ok
20:28:44.0988 3104 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:28:44.0988 3104 AsyncMac - ok
20:28:45.0003 3104 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:28:45.0003 3104 atapi - ok
20:28:45.0019 3104 Atdisk - ok
20:28:45.0066 3104 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:28:45.0066 3104 Atmarpc - ok
20:28:45.0144 3104 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:28:45.0144 3104 audstub - ok
20:28:45.0206 3104 b57w2k (2acf06176b9d011567d7f25b83ddd066) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:28:45.0222 3104 b57w2k - ok
20:28:45.0269 3104 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
20:28:45.0269 3104 BANTExt - ok
20:28:45.0316 3104 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:28:45.0316 3104 Beep - ok
20:28:45.0316 3104 bvrp_pci - ok
20:28:45.0363 3104 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:28:45.0378 3104 cbidf2k - ok
20:28:45.0378 3104 cd20xrnt - ok
20:28:45.0441 3104 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:28:45.0441 3104 Cdaudio - ok
20:28:45.0456 3104 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:28:45.0456 3104 Cdfs - ok
20:28:45.0519 3104 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:28:45.0519 3104 Cdrom - ok
20:28:45.0566 3104 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
20:28:45.0566 3104 cercsr6 - ok
20:28:45.0581 3104 Changer - ok
20:28:45.0597 3104 CmdIde - ok
20:28:45.0706 3104 COMMONFX.DLL (1ef05b641e9a67ded74ac8ad40055dbf) C:\WINDOWS\system32\COMMONFX.DLL
20:28:45.0738 3104 COMMONFX.DLL - ok
20:28:45.0753 3104 Cpqarray - ok
20:28:45.0816 3104 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL
20:28:45.0831 3104 CT20XUT.DLL - ok
20:28:45.0909 3104 ctac32k (8ac5f77e30e37d2d11bd99eff0c53d8c) C:\WINDOWS\system32\drivers\ctac32k.sys
20:28:45.0925 3104 ctac32k - ok
20:28:45.0941 3104 ctaud2k (673241d314e932f4890509ae8ebf26db) C:\WINDOWS\system32\drivers\ctaud2k.sys
20:28:45.0956 3104 ctaud2k - ok
20:28:45.0972 3104 CTAUDFX.DLL (472b82d7e549e7fab428852e4d16f21d) C:\WINDOWS\system32\CTAUDFX.DLL
20:28:45.0988 3104 CTAUDFX.DLL - ok
20:28:46.0034 3104 ctdvda2k (ed316d4c3d39c5b6c23de067e275c183) C:\WINDOWS\system32\drivers\ctdvda2k.sys
20:28:46.0081 3104 ctdvda2k - ok
20:28:46.0128 3104 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL
20:28:46.0128 3104 CTEAPSFX.DLL - ok
20:28:46.0159 3104 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL
20:28:46.0159 3104 CTEDSPFX.DLL - ok
20:28:46.0191 3104 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL
20:28:46.0191 3104 CTEDSPIO.DLL - ok
20:28:46.0222 3104 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL
20:28:46.0222 3104 CTEDSPSY.DLL - ok
20:28:46.0238 3104 CTERFXFX.DLL (d3fbd9983325435b06795f29cb57ed3d) C:\WINDOWS\system32\CTERFXFX.DLL
20:28:46.0238 3104 CTERFXFX.DLL - ok
20:28:46.0331 3104 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL
20:28:46.0425 3104 CTEXFIFX.DLL - ok
20:28:46.0503 3104 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL
20:28:46.0503 3104 CTHWIUT.DLL - ok
20:28:46.0519 3104 ctprxy2k (34e7f8a499fd8361df14fedb724c0ad3) C:\WINDOWS\system32\drivers\ctprxy2k.sys
20:28:46.0519 3104 ctprxy2k - ok
20:28:46.0566 3104 CTSBLFX.DLL (679ae21eb7f48a08184813aebabdec7c) C:\WINDOWS\system32\CTSBLFX.DLL
20:28:46.0581 3104 CTSBLFX.DLL - ok
20:28:46.0613 3104 ctsfm2k (32098497cb4dfe9ea7660fa62dd91060) C:\WINDOWS\system32\drivers\ctsfm2k.sys
20:28:46.0613 3104 ctsfm2k - ok
20:28:46.0628 3104 dac2w2k - ok
20:28:46.0644 3104 dac960nt - ok
20:28:46.0722 3104 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:28:46.0722 3104 Disk - ok
20:28:46.0784 3104 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:28:46.0800 3104 dmboot - ok
20:28:46.0831 3104 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:28:46.0831 3104 dmio - ok
20:28:46.0863 3104 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:28:46.0863 3104 dmload - ok
20:28:46.0925 3104 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:28:46.0925 3104 DMusic - ok
20:28:46.0988 3104 dpti2o - ok
20:28:46.0988 3104 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:28:47.0003 3104 drmkaud - ok
20:28:47.0081 3104 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
20:28:47.0097 3104 dtsoftbus01 - ok
20:28:47.0113 3104 emupia (2885f72d2daffd0329272f12e16d6579) C:\WINDOWS\system32\drivers\emupia2k.sys
20:28:47.0113 3104 emupia - ok
20:28:47.0159 3104 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:28:47.0159 3104 Fastfat - ok
20:28:47.0175 3104 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:28:47.0191 3104 Fdc - ok
20:28:47.0206 3104 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:28:47.0206 3104 Fips - ok
20:28:47.0222 3104 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:28:47.0222 3104 Flpydisk - ok
20:28:47.0269 3104 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:28:47.0284 3104 FltMgr - ok
20:28:47.0300 3104 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:28:47.0300 3104 Fs_Rec - ok
20:28:47.0316 3104 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:28:47.0316 3104 Ftdisk - ok
20:28:47.0378 3104 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
20:28:47.0378 3104 gameenum - ok
20:28:47.0456 3104 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:28:47.0472 3104 GEARAspiWDM - ok
20:28:47.0472 3104 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:28:47.0488 3104 Gpc - ok
20:28:47.0550 3104 ha10kx2k (da2c735b66d2e7b739f9a46146581a9d) C:\WINDOWS\system32\drivers\ha10kx2k.sys
20:28:47.0566 3104 ha10kx2k - ok
20:28:47.0581 3104 hap16v2k (5c7d6d68796e4621b4168c879908dae0) C:\WINDOWS\system32\drivers\hap16v2k.sys
20:28:47.0581 3104 hap16v2k - ok
20:28:47.0644 3104 hap17v2k (a595b88ad16d8b5693ddf08113caf30e) C:\WINDOWS\system32\drivers\hap17v2k.sys
20:28:47.0644 3104 hap17v2k - ok
20:28:47.0691 3104 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:28:47.0691 3104 hidusb - ok
20:28:47.0706 3104 hpn - ok
20:28:47.0784 3104 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:28:47.0784 3104 HPZid412 - ok
20:28:47.0878 3104 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:28:47.0878 3104 HPZipr12 - ok
20:28:47.0925 3104 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:28:47.0941 3104 HPZius12 - ok
20:28:48.0003 3104 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:28:48.0003 3104 HTTP - ok
20:28:48.0019 3104 i2omgmt - ok
20:28:48.0034 3104 i2omp - ok
20:28:48.0081 3104 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
20:28:48.0081 3104 i8042prt - ok
20:28:48.0253 3104 iastor (d593517879e65167df35f6015814ac59) C:\WINDOWS\system32\DRIVERS\iaStor.sys
20:28:48.0269 3104 iastor - ok
20:28:48.0331 3104 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:28:48.0331 3104 Imapi - ok
20:28:48.0331 3104 ini910u - ok
20:28:48.0472 3104 IntelC51 (fcab28ffd3a8964581e16455efaf81c8) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
20:28:48.0488 3104 IntelC51 - ok
20:28:48.0519 3104 IntelC52 (a288e7e3a6255255b9066686d860fbc5) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
20:28:48.0534 3104 IntelC52 - ok
20:28:48.0550 3104 IntelC53 (d5e5a1abf6bdba7ca49941a044f04598) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
20:28:48.0550 3104 IntelC53 - ok
20:28:48.0566 3104 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:28:48.0566 3104 IntelIde - ok
20:28:48.0581 3104 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:28:48.0581 3104 intelppm - ok
20:28:48.0644 3104 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:28:48.0659 3104 Ip6Fw - ok
20:28:48.0691 3104 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:28:48.0691 3104 IpFilterDriver - ok
20:28:48.0706 3104 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:28:48.0722 3104 IpInIp - ok
20:28:48.0800 3104 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:28:48.0800 3104 IpNat - ok
20:28:48.0831 3104 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:28:48.0831 3104 IPSec - ok
20:28:48.0878 3104 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:28:48.0878 3104 IRENUM - ok
20:28:48.0909 3104 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:28:48.0909 3104 isapnp - ok
20:28:48.0941 3104 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:28:48.0956 3104 Kbdclass - ok
20:28:48.0956 3104 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:28:48.0972 3104 kbdhid - ok
20:28:49.0003 3104 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\WINDOWS\system32\DRIVERS\kl1.sys
20:28:49.0003 3104 KL1 - ok
20:28:49.0066 3104 kl2 (713576569667ac9e0f8556076004a96b) C:\WINDOWS\system32\DRIVERS\kl2.sys
20:28:49.0066 3104 kl2 - ok
20:28:49.0159 3104 KLIF (44ec6b3dbe167c7fa818f9918d2cbf22) C:\WINDOWS\system32\DRIVERS\klif.sys
20:28:49.0159 3104 KLIF - ok
20:28:49.0238 3104 klim5 (8d6e11bfa9927978d25b1b8029554f07) C:\WINDOWS\system32\DRIVERS\klim5.sys
20:28:49.0253 3104 klim5 - ok
20:28:49.0269 3104 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
20:28:49.0269 3104 klmouflt - ok
20:28:49.0316 3104 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:28:49.0316 3104 kmixer - ok
20:28:49.0378 3104 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:28:49.0378 3104 KSecDD - ok
20:28:49.0394 3104 lbrtfdc - ok
20:28:49.0441 3104 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:28:49.0441 3104 mnmdd - ok
20:28:49.0503 3104 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:28:49.0503 3104 Modem - ok
20:28:49.0519 3104 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:28:49.0534 3104 MODEMCSA - ok
20:28:49.0534 3104 mohfilt (c6a08c4f34b3048a73bbb2951150f98d) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
20:28:49.0550 3104 mohfilt - ok
20:28:49.0566 3104 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:28:49.0566 3104 Mouclass - ok
20:28:49.0659 3104 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:28:49.0659 3104 mouhid - ok
20:28:49.0675 3104 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:28:49.0675 3104 MountMgr - ok
20:28:49.0691 3104 mraid35x - ok
20:28:49.0706 3104 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:28:49.0706 3104 MRxDAV - ok
20:28:49.0784 3104 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:28:49.0784 3104 MRxSmb - ok
20:28:49.0816 3104 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:28:49.0816 3104 Msfs - ok
20:28:49.0909 3104 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:28:49.0909 3104 MSKSSRV - ok
20:28:50.0019 3104 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:28:50.0019 3104 MSPCLOCK - ok
20:28:50.0066 3104 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:28:50.0066 3104 MSPQM - ok
20:28:50.0097 3104 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:28:50.0113 3104 mssmbios - ok
20:28:50.0206 3104 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:28:50.0222 3104 Mup - ok
20:28:50.0269 3104 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:28:50.0269 3104 NDIS - ok
20:28:50.0316 3104 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:28:50.0316 3104 NdisTapi - ok
20:28:50.0347 3104 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:28:50.0347 3104 Ndisuio - ok
20:28:50.0441 3104 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:28:50.0441 3104 NdisWan - ok
20:28:50.0488 3104 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:28:50.0488 3104 NDProxy - ok
20:28:50.0503 3104 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:28:50.0503 3104 NetBIOS - ok
20:28:50.0550 3104 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:28:50.0566 3104 NetBT - ok
20:28:50.0597 3104 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:28:50.0597 3104 NIC1394 - ok
20:28:50.0613 3104 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:28:50.0613 3104 Npfs - ok
20:28:50.0659 3104 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:28:50.0659 3104 Ntfs - ok
20:28:50.0738 3104 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:28:50.0738 3104 Null - ok
20:28:50.0863 3104 nv (7fe3f1721856365c882dae13f3600223) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:28:50.0972 3104 nv - ok
20:28:51.0066 3104 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:28:51.0066 3104 NwlnkFlt - ok
20:28:51.0081 3104 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:28:51.0081 3104 NwlnkFwd - ok
20:28:51.0097 3104 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:28:51.0097 3104 ohci1394 - ok
20:28:51.0128 3104 ossrv (61c85afeaa6ef0c1b32d43f84f7bfbcf) C:\WINDOWS\system32\drivers\ctoss2k.sys
20:28:51.0128 3104 ossrv - ok
20:28:51.0175 3104 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:28:51.0191 3104 Parport - ok
20:28:51.0191 3104 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:28:51.0191 3104 PartMgr - ok
20:28:51.0222 3104 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:28:51.0222 3104 ParVdm - ok
20:28:51.0238 3104 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:28:51.0238 3104 PCI - ok
20:28:51.0253 3104 PCIDump - ok
20:28:51.0300 3104 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:28:51.0300 3104 PCIIde - ok
20:28:51.0347 3104 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:28:51.0347 3104 Pcmcia - ok
20:28:51.0425 3104 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
20:28:51.0425 3104 pcouffin - ok
20:28:51.0441 3104 PDCOMP - ok
20:28:51.0456 3104 PDFRAME - ok
20:28:51.0456 3104 PDRELI - ok
20:28:51.0472 3104 PDRFRAME - ok
20:28:51.0488 3104 perc2 - ok
20:28:51.0503 3104 perc2hib - ok
20:28:51.0534 3104 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:28:51.0534 3104 PptpMiniport - ok
20:28:51.0566 3104 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:28:51.0581 3104 PSched - ok
20:28:51.0581 3104 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:28:51.0597 3104 Ptilink - ok
20:28:51.0597 3104 ql1080 - ok
20:28:51.0613 3104 Ql10wnt - ok
20:28:51.0628 3104 ql12160 - ok
20:28:51.0644 3104 ql1240 - ok
20:28:51.0659 3104 ql1280 - ok
20:28:51.0738 3104 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:28:51.0738 3104 RasAcd - ok
20:28:51.0753 3104 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:28:51.0753 3104 Rasl2tp - ok
20:28:51.0769 3104 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:28:51.0769 3104 RasPppoe - ok
20:28:51.0784 3104 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:28:51.0784 3104 Raspti - ok
20:28:51.0863 3104 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:28:51.0863 3104 Rdbss - ok
20:28:51.0972 3104 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:28:51.0972 3104 RDPCDD - ok
20:28:52.0066 3104 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:28:52.0066 3104 RDPWD - ok
20:28:52.0081 3104 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:28:52.0081 3104 redbook - ok
20:28:52.0238 3104 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:28:52.0238 3104 SASDIFSV - ok
20:28:52.0253 3104 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:28:52.0253 3104 SASKUTIL - ok
20:28:52.0300 3104 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:28:52.0316 3104 Secdrv - ok
20:28:52.0331 3104 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:28:52.0331 3104 serenum - ok
20:28:52.0394 3104 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:28:52.0394 3104 Serial - ok
20:28:52.0472 3104 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:28:52.0472 3104 Sfloppy - ok
20:28:52.0488 3104 Simbad - ok
20:28:52.0503 3104 Sparrow - ok
20:28:52.0534 3104 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:28:52.0534 3104 splitter - ok
20:28:52.0659 3104 sptd (a199171385be17973fd800fa91f8f78a) C:\WINDOWS\system32\Drivers\sptd.sys
20:28:52.0659 3104 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a
20:28:52.0659 3104 sptd ( LockedFile.Multi.Generic ) - warning
20:28:52.0659 3104 sptd - detected LockedFile.Multi.Generic (1)
20:28:52.0675 3104 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:28:52.0675 3104 sr - ok
20:28:52.0722 3104 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:28:52.0738 3104 Srv - ok
20:28:52.0784 3104 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:28:52.0784 3104 swenum - ok
20:28:52.0800 3104 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:28:52.0800 3104 swmidi - ok
20:28:52.0816 3104 symc810 - ok
20:28:52.0831 3104 symc8xx - ok
20:28:52.0847 3104 sym_hi - ok
20:28:52.0863 3104 sym_u3 - ok
20:28:52.0878 3104 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:28:52.0894 3104 sysaudio - ok
20:28:52.0972 3104 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
20:28:52.0972 3104 taphss - ok
20:28:53.0097 3104 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:28:53.0113 3104 Tcpip - ok
20:28:53.0159 3104 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:28:53.0159 3104 TDPIPE - ok
20:28:53.0175 3104 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:28:53.0175 3104 TDTCP - ok
20:28:53.0222 3104 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:28:53.0222 3104 TermDD - ok
20:28:53.0238 3104 TosIde - ok
20:28:53.0300 3104 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:28:53.0300 3104 Udfs - ok
20:28:53.0316 3104 ultra - ok
20:28:53.0347 3104 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:28:53.0347 3104 Update - ok
20:28:53.0456 3104 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:28:53.0456 3104 USBAAPL - ok
20:28:53.0519 3104 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:28:53.0519 3104 usbccgp - ok
20:28:53.0566 3104 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:28:53.0566 3104 usbehci - ok
20:28:53.0597 3104 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:28:53.0597 3104 usbhub - ok
20:28:53.0691 3104 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:28:53.0691 3104 usbprint - ok
20:28:53.0753 3104 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:28:53.0753 3104 usbscan - ok
20:28:53.0800 3104 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:28:53.0800 3104 USBSTOR - ok
20:28:53.0816 3104 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:28:53.0816 3104 usbuhci - ok
20:28:53.0831 3104 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:28:53.0847 3104 VgaSave - ok
20:28:53.0847 3104 ViaIde - ok
20:28:53.0878 3104 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:28:53.0878 3104 VolSnap - ok
20:28:53.0894 3104 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:28:53.0909 3104 Wanarp - ok
20:28:53.0909 3104 WDICA - ok
20:28:53.0941 3104 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:28:53.0941 3104 wdmaud - ok
20:28:54.0066 3104 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:28:54.0081 3104 WudfPf - ok
20:28:54.0128 3104 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:28:54.0128 3104 WudfRd - ok
20:28:54.0175 3104 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:28:54.0300 3104 \Device\Harddisk0\DR0 - ok
20:28:54.0597 3104 MBR (0x1B8) (25709cbb0d7cbcfa8d0d88e26c7b26c6) \Device\Harddisk1\DR6
20:28:54.0691 3104 \Device\Harddisk1\DR6 ( Trojan-Clicker.Win32.Wistler.a ) - infected
20:28:54.0691 3104 \Device\Harddisk1\DR6 - detected Trojan-Clicker.Win32.Wistler.a (0)
20:28:54.0691 3104 Boot (0x1200) (88ed45abdffedc16f40044274daa0651) \Device\Harddisk0\DR0\Partition0
20:28:54.0706 3104 \Device\Harddisk0\DR0\Partition0 - ok
20:28:54.0706 3104 Boot (0x1200) (99438c700d312452d7b3877ab6a6391f) \Device\Harddisk1\DR6\Partition0
20:28:54.0706 3104 \Device\Harddisk1\DR6\Partition0 - ok
20:28:54.0706 3104 ============================================================
20:28:54.0706 3104 Scan finished
20:28:54.0706 3104 ============================================================
20:28:54.0722 2256 Detected object count: 2
20:28:54.0722 2256 Actual detected object count: 2
20:29:42.0003 2256 sptd ( LockedFile.Multi.Generic ) - skipped by user
20:29:42.0003 2256 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
20:29:42.0003 2256 \Device\Harddisk1\DR6 - processing error
20:30:02.0534 2256 \Device\Harddisk1\DR6 - restored
20:30:02.0534 2256 \Device\Harddisk1\DR6 ( Trojan-Clicker.Win32.Wistler.a ) - User select action: Cure Restore
20:30:31.0222 2544 ============================================================
20:30:31.0222 2544 Scan started
20:30:31.0222 2544 Mode: Manual;
20:30:31.0222 2544 ============================================================
20:30:32.0019 2544 Abiosdsk - ok
20:30:32.0034 2544 abp480n5 - ok
20:30:32.0113 2544 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:30:32.0113 2544 ACPI - ok
20:30:32.0206 2544 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:30:32.0206 2544 ACPIEC - ok
20:30:32.0206 2544 adpu160m - ok
20:30:32.0269 2544 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:30:32.0269 2544 aec - ok
20:30:32.0347 2544 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:30:32.0347 2544 AFD - ok
20:30:32.0363 2544 Aha154x - ok
20:30:32.0363 2544 aic78u2 - ok
20:30:32.0378 2544 aic78xx - ok
20:30:32.0394 2544 AliIde - ok
20:30:32.0409 2544 amsint - ok
20:30:32.0472 2544 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:30:32.0472 2544 Arp1394 - ok
20:30:32.0488 2544 asc - ok
20:30:32.0488 2544 asc3350p - ok
20:30:32.0519 2544 asc3550 - ok
20:30:32.0566 2544 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:30:32.0566 2544 AsyncMac - ok
20:30:32.0581 2544 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:30:32.0581 2544 atapi - ok
20:30:32.0581 2544 Atdisk - ok
20:30:32.0613 2544 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:30:32.0613 2544 Atmarpc - ok
20:30:32.0675 2544 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:30:32.0675 2544 audstub - ok
20:30:32.0753 2544 b57w2k (2acf06176b9d011567d7f25b83ddd066) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:30:32.0753 2544 b57w2k - ok
20:30:32.0800 2544 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
20:30:32.0800 2544 BANTExt - ok
20:30:32.0831 2544 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:30:32.0831 2544 Beep - ok
20:30:32.0847 2544 bvrp_pci - ok
20:30:32.0894 2544 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:30:32.0894 2544 cbidf2k - ok
20:30:32.0909 2544 cd20xrnt - ok
20:30:32.0956 2544 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:30:32.0956 2544 Cdaudio - ok
20:30:32.0972 2544 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:30:32.0972 2544 Cdfs - ok
20:30:33.0019 2544 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:30:33.0019 2544 Cdrom - ok
20:30:33.0034 2544 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
20:30:33.0034 2544 cercsr6 - ok
20:30:33.0050 2544 Changer - ok
20:30:33.0066 2544 CmdIde - ok
20:30:33.0159 2544 COMMONFX.DLL (1ef05b641e9a67ded74ac8ad40055dbf) C:\WINDOWS\system32\COMMONFX.DLL
20:30:33.0159 2544 COMMONFX.DLL - ok
20:30:33.0175 2544 Cpqarray - ok
20:30:33.0222 2544 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL
20:30:33.0222 2544 CT20XUT.DLL - ok
20:30:33.0269 2544 ctac32k (8ac5f77e30e37d2d11bd99eff0c53d8c) C:\WINDOWS\system32\drivers\ctac32k.sys
20:30:33.0269 2544 ctac32k - ok
20:30:33.0300 2544 ctaud2k (673241d314e932f4890509ae8ebf26db) C:\WINDOWS\system32\drivers\ctaud2k.sys
20:30:33.0300 2544 ctaud2k - ok
20:30:33.0331 2544 CTAUDFX.DLL (472b82d7e549e7fab428852e4d16f21d) C:\WINDOWS\system32\CTAUDFX.DLL
20:30:33.0331 2544 CTAUDFX.DLL - ok
20:30:33.0394 2544 ctdvda2k (ed316d4c3d39c5b6c23de067e275c183) C:\WINDOWS\system32\drivers\ctdvda2k.sys
20:30:33.0394 2544 ctdvda2k - ok
20:30:33.0425 2544 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL
20:30:33.0425 2544 CTEAPSFX.DLL - ok
20:30:33.0456 2544 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL
20:30:33.0456 2544 CTEDSPFX.DLL - ok
20:30:33.0472 2544 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL
20:30:33.0472 2544 CTEDSPIO.DLL - ok
20:30:33.0503 2544 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL
20:30:33.0503 2544 CTEDSPSY.DLL - ok
20:30:33.0519 2544 CTERFXFX.DLL (d3fbd9983325435b06795f29cb57ed3d) C:\WINDOWS\system32\CTERFXFX.DLL
20:30:33.0519 2544 CTERFXFX.DLL - ok
20:30:33.0597 2544 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL
20:30:33.0613 2544 CTEXFIFX.DLL - ok
20:30:33.0675 2544 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL
20:30:33.0675 2544 CTHWIUT.DLL - ok
20:30:33.0691 2544 ctprxy2k (34e7f8a499fd8361df14fedb724c0ad3) C:\WINDOWS\system32\drivers\ctprxy2k.sys
20:30:33.0691 2544 ctprxy2k - ok
20:30:33.0706 2544 CTSBLFX.DLL (679ae21eb7f48a08184813aebabdec7c) C:\WINDOWS\system32\CTSBLFX.DLL
20:30:33.0706 2544 CTSBLFX.DLL - ok
20:30:33.0769 2544 ctsfm2k (32098497cb4dfe9ea7660fa62dd91060) C:\WINDOWS\system32\drivers\ctsfm2k.sys
20:30:33.0769 2544 ctsfm2k - ok
20:30:33.0769 2544 dac2w2k - ok
20:30:33.0784 2544 dac960nt - ok
20:30:33.0800 2544 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:30:33.0800 2544 Disk - ok
20:30:33.0863 2544 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:30:33.0878 2544 dmboot - ok
20:30:33.0894 2544 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:30:33.0894 2544 dmio - ok
20:30:33.0941 2544 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:30:33.0941 2544 dmload - ok
20:30:34.0003 2544 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:30:34.0003 2544 DMusic - ok
20:30:34.0019 2544 dpti2o - ok
20:30:34.0034 2544 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:30:34.0034 2544 drmkaud - ok
20:30:34.0113 2544 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
20:30:34.0128 2544 dtsoftbus01 - ok
20:30:34.0144 2544 emupia (2885f72d2daffd0329272f12e16d6579) C:\WINDOWS\system32\drivers\emupia2k.sys
20:30:34.0144 2544 emupia - ok
20:30:34.0191 2544 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:30:34.0191 2544 Fastfat - ok
20:30:34.0222 2544 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:30:34.0222 2544 Fdc - ok
20:30:34.0253 2544 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:30:34.0253 2544 Fips - ok
20:30:34.0284 2544 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:30:34.0284 2544 Flpydisk - ok
20:30:34.0331 2544 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:30:34.0331 2544 FltMgr - ok
20:30:34.0363 2544 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:30:34.0363 2544 Fs_Rec - ok
20:30:34.0378 2544 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:30:34.0378 2544 Ftdisk - ok
20:30:34.0378 2544 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
20:30:34.0394 2544 gameenum - ok
20:30:34.0409 2544 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:30:34.0409 2544 GEARAspiWDM - ok
20:30:34.0425 2544 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:30:34.0425 2544 Gpc - ok
20:30:34.0519 2544 ha10kx2k (da2c735b66d2e7b739f9a46146581a9d) C:\WINDOWS\system32\drivers\ha10kx2k.sys
20:30:34.0519 2544 ha10kx2k - ok
20:30:34.0597 2544 hap16v2k (5c7d6d68796e4621b4168c879908dae0) C:\WINDOWS\system32\drivers\hap16v2k.sys
20:30:34.0597 2544 hap16v2k - ok
20:30:34.0644 2544 hap17v2k (a595b88ad16d8b5693ddf08113caf30e) C:\WINDOWS\system32\drivers\hap17v2k.sys
20:30:34.0644 2544 hap17v2k - ok
20:30:34.0706 2544 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:30:34.0706 2544 hidusb - ok
20:30:34.0722 2544 hpn - ok
20:30:34.0800 2544 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:30:34.0816 2544 HPZid412 - ok
20:30:34.0847 2544 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:30:34.0847 2544 HPZipr12 - ok
20:30:34.0894 2544 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:30:34.0894 2544 HPZius12 - ok
20:30:34.0956 2544 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:30:34.0956 2544 HTTP - ok
20:30:34.0972 2544 i2omgmt - ok
20:30:34.0988 2544 i2omp - ok
20:30:35.0019 2544 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
20:30:35.0019 2544 i8042prt - ok
20:30:35.0128 2544 iastor (d593517879e65167df35f6015814ac59) C:\WINDOWS\system32\DRIVERS\iaStor.sys
20:30:35.0144 2544 iastor - ok
20:30:35.0159 2544 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:30:35.0159 2544 Imapi - ok
20:30:35.0175 2544 ini910u - ok
20:30:35.0300 2544 IntelC51 (fcab28ffd3a8964581e16455efaf81c8) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
20:30:35.0316 2544 IntelC51 - ok
20:30:35.0347 2544 IntelC52 (a288e7e3a6255255b9066686d860fbc5) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
20:30:35.0363 2544 IntelC52 - ok
20:30:35.0378 2544 IntelC53 (d5e5a1abf6bdba7ca49941a044f04598) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
20:30:35.0378 2544 IntelC53 - ok
20:30:35.0394 2544 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:30:35.0394 2544 IntelIde - ok
20:30:35.0472 2544 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:30:35.0472 2544 intelppm - ok
20:30:35.0519 2544 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:30:35.0519 2544 Ip6Fw - ok
20:30:35.0581 2544 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:30:35.0581 2544 IpFilterDriver - ok
20:30:35.0613 2544 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:30:35.0613 2544 IpInIp - ok
20:30:35.0691 2544 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:30:35.0706 2544 IpNat - ok
20:30:35.0722 2544 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:30:35.0722 2544 IPSec - ok
20:30:35.0753 2544 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:30:35.0753 2544 IRENUM - ok
20:30:35.0769 2544 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:30:35.0769 2544 isapnp - ok
20:30:35.0831 2544 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:30:35.0831 2544 Kbdclass - ok
20:30:35.0831 2544 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:30:35.0847 2544 kbdhid - ok
20:30:35.0878 2544 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\WINDOWS\system32\DRIVERS\kl1.sys
20:30:35.0878 2544 KL1 - ok
20:30:35.0894 2544 kl2 (713576569667ac9e0f8556076004a96b) C:\WINDOWS\system32\DRIVERS\kl2.sys
20:30:35.0894 2544 kl2 - ok
20:30:36.0019 2544 KLIF (44ec6b3dbe167c7fa818f9918d2cbf22) C:\WINDOWS\system32\DRIVERS\klif.sys
20:30:36.0019 2544 KLIF - ok
20:30:36.0113 2544 klim5 (8d6e11bfa9927978d25b1b8029554f07) C:\WINDOWS\system32\DRIVERS\klim5.sys
20:30:36.0113 2544 klim5 - ok
20:30:36.0128 2544 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
20:30:36.0128 2544 klmouflt - ok
20:30:36.0144 2544 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:30:36.0159 2544 kmixer - ok
20:30:36.0206 2544 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:30:36.0206 2544 KSecDD - ok
20:30:36.0222 2544 lbrtfdc - ok
20:30:36.0253 2544 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:30:36.0253 2544 mnmdd - ok
20:30:36.0269 2544 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:30:36.0284 2544 Modem - ok
20:30:36.0300 2544 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:30:36.0300 2544 MODEMCSA - ok
20:30:36.0316 2544 mohfilt (c6a08c4f34b3048a73bbb2951150f98d) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
20:30:36.0316 2544 mohfilt - ok
20:30:36.0331 2544 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:30:36.0331 2544 Mouclass - ok
20:30:36.0378 2544 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:30:36.0378 2544 mouhid - ok
20:30:36.0394 2544 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:30:36.0394 2544 MountMgr - ok
20:30:36.0409 2544 mraid35x - ok
20:30:36.0425 2544 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:30:36.0425 2544 MRxDAV - ok
20:30:36.0488 2544 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:30:36.0488 2544 MRxSmb - ok
20:30:36.0550 2544 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:30:36.0550 2544 Msfs - ok
20:30:36.0628 2544 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:30:36.0628 2544 MSKSSRV - ok
20:30:36.0644 2544 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:30:36.0644 2544 MSPCLOCK - ok
20:30:36.0659 2544 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:30:36.0659 2544 MSPQM - ok
20:30:36.0706 2544 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:30:36.0706 2544 mssmbios - ok
20:30:36.0738 2544 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:30:36.0738 2544 Mup - ok
20:30:36.0769 2544 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:30:36.0769 2544 NDIS - ok
20:30:36.0784 2544 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:30:36.0784 2544 NdisTapi - ok
20:30:36.0800 2544 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:30:36.0800 2544 Ndisuio - ok
20:30:36.0847 2544 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:30:36.0847 2544 NdisWan - ok
20:30:36.0894 2544 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:30:36.0894 2544 NDProxy - ok
20:30:36.0909 2544 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:30:36.0909 2544 NetBIOS - ok
20:30:36.0956 2544 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:30:36.0972 2544 NetBT - ok
20:30:37.0003 2544 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:30:37.0003 2544 NIC1394 - ok
20:30:37.0019 2544 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:30:37.0034 2544 Npfs - ok
20:30:37.0066 2544 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:30:37.0066 2544 Ntfs - ok
20:30:37.0175 2544 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:30:37.0175 2544 Null - ok
20:30:37.0363 2544 nv (7fe3f1721856365c882dae13f3600223) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:30:37.0378 2544 nv - ok
20:30:37.0472 2544 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:30:37.0472 2544 NwlnkFlt - ok
20:30:37.0488 2544 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:30:37.0488 2544 NwlnkFwd - ok
20:30:37.0519 2544 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:30:37.0534 2544 ohci1394 - ok
20:30:37.0566 2544 ossrv (61c85afeaa6ef0c1b32d43f84f7bfbcf) C:\WINDOWS\system32\drivers\ctoss2k.sys
20:30:37.0581 2544 ossrv - ok
20:30:37.0644 2544 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:30:37.0644 2544 Parport - ok
20:30:37.0659 2544 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:30:37.0659 2544 PartMgr - ok
20:30:37.0706 2544 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:30:37.0706 2544 ParVdm - ok
20:30:37.0722 2544 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:30:37.0722 2544 PCI - ok
20:30:37.0738 2544 PCIDump - ok
20:30:37.0769 2544 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:30:37.0769 2544 PCIIde - ok
20:30:37.0800 2544 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:30:37.0816 2544 Pcmcia - ok
20:30:37.0863 2544 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
20:30:37.0863 2544 pcouffin - ok
20:30:37.0878 2544 PDCOMP - ok
20:30:37.0894 2544 PDFRAME - ok
20:30:37.0894 2544 PDRELI - ok
20:30:37.0909 2544 PDRFRAME - ok
20:30:37.0925 2544 perc2 - ok
20:30:37.0941 2544 perc2hib - ok
20:30:37.0972 2544 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:30:37.0972 2544 PptpMiniport - ok
20:30:37.0988 2544 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:30:38.0003 2544 PSched - ok
20:30:38.0003 2544 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:30:38.0003 2544 Ptilink - ok
20:30:38.0019 2544 ql1080 - ok
20:30:38.0034 2544 Ql10wnt - ok
20:30:38.0050 2544 ql12160 - ok
20:30:38.0050 2544 ql1240 - ok
20:30:38.0066 2544 ql1280 - ok
20:30:38.0113 2544 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:30:38.0113 2544 RasAcd - ok
20:30:38.0128 2544 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:30:38.0159 2544 Rasl2tp - ok
20:30:38.0175 2544 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:30:38.0191 2544 RasPppoe - ok
20:30:38.0206 2544 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:30:38.0206 2544 Raspti - ok
20:30:38.0222 2544 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:30:38.0222 2544 Rdbss - ok
20:30:38.0238 2544 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:30:38.0238 2544 RDPCDD - ok
20:30:38.0331 2544 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:30:38.0331 2544 RDPWD - ok
20:30:38.0347 2544 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:30:38.0347 2544 redbook - ok
20:30:38.0519 2544 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:30:38.0519 2544 SASDIFSV - ok
20:30:38.0519 2544 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:30:38.0519 2544 SASKUTIL - ok
20:30:38.0566 2544 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:30:38.0566 2544 Secdrv - ok
20:30:38.0597 2544 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:30:38.0597 2544 serenum - ok
20:30:38.0628 2544 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:30:38.0628 2544 Serial - ok
20:30:38.0691 2544 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:30:38.0706 2544 Sfloppy - ok
20:30:38.0722 2544 Simbad - ok
20:30:38.0738 2544 Sparrow - ok
20:30:38.0753 2544 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:30:38.0753 2544 splitter - ok
20:30:38.0925 2544 sptd (a199171385be17973fd800fa91f8f78a) C:\WINDOWS\system32\Drivers\sptd.sys
20:30:38.0925 2544 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a
20:30:38.0925 2544 sptd ( LockedFile.Multi.Generic ) - warning
20:30:38.0925 2544 sptd - detected LockedFile.Multi.Generic (1)
20:30:38.0941 2544 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:30:38.0941 2544 sr - ok
20:30:38.0988 2544 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:30:38.0988 2544 Srv - ok
20:30:39.0066 2544 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:30:39.0066 2544 swenum - ok
20:30:39.0081 2544 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:30:39.0081 2544 swmidi - ok
20:30:39.0097 2544 symc810 - ok
20:30:39.0113 2544 symc8xx - ok
20:30:39.0128 2544 sym_hi - ok
20:30:39.0128 2544 sym_u3 - ok
20:30:39.0175 2544 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:30:39.0175 2544 sysaudio - ok
20:30:39.0253 2544 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
20:30:39.0269 2544 taphss - ok
20:30:39.0347 2544 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:30:39.0363 2544 Tcpip - ok
20:30:39.0394 2544 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:30:39.0409 2544 TDPIPE - ok
20:30:39.0425 2544 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:30:39.0425 2544 TDTCP - ok
20:30:39.0472 2544 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:30:39.0472 2544 TermDD - ok
20:30:39.0488 2544 TosIde - ok
20:30:39.0550 2544 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:30:39.0550 2544 Udfs - ok
20:30:39.0566 2544 ultra - ok
20:30:39.0597 2544 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:30:39.0597 2544 Update - ok
20:30:39.0675 2544 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:30:39.0675 2544 USBAAPL - ok
20:30:39.0722 2544 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:30:39.0722 2544 usbccgp - ok
20:30:39.0769 2544 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:30:39.0769 2544 usbehci - ok
20:30:39.0800 2544 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:30:39.0800 2544 usbhub - ok
20:30:39.0878 2544 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:30:39.0894 2544 usbprint - ok
20:30:39.0941 2544 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:30:39.0941 2544 usbscan - ok
20:30:39.0988 2544 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:30:39.0988 2544 USBSTOR - ok
20:30:40.0019 2544 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:30:40.0019 2544 usbuhci - ok
20:30:40.0034 2544 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:30:40.0034 2544 VgaSave - ok
20:30:40.0050 2544 ViaIde - ok
20:30:40.0097 2544 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:30:40.0097 2544 VolSnap - ok
20:30:40.0128 2544 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:30:40.0128 2544 Wanarp - ok
20:30:40.0144 2544 WDICA - ok
20:30:40.0175 2544 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:30:40.0191 2544 wdmaud - ok
20:30:40.0316 2544 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:30:40.0316 2544 WudfPf - ok
20:30:40.0363 2544 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:30:40.0363 2544 WudfRd - ok
20:30:40.0425 2544 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:30:40.0534 2544 \Device\Harddisk0\DR0 - ok
20:30:40.0597 2544 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR6
20:30:40.0613 2544 \Device\Harddisk1\DR6 - ok
20:30:40.0613 2544 Boot (0x1200) (88ed45abdffedc16f40044274daa0651) \Device\Harddisk0\DR0\Partition0
20:30:40.0613 2544 \Device\Harddisk0\DR0\Partition0 - ok
20:30:40.0628 2544 Boot (0x1200) (99438c700d312452d7b3877ab6a6391f) \Device\Harddisk1\DR6\Partition0
20:30:40.0628 2544 \Device\Harddisk1\DR6\Partition0 - ok
20:30:40.0628 2544 ============================================================
20:30:40.0628 2544 Scan finished
20:30:40.0628 2544 ============================================================
20:30:40.0628 1644 Detected object count: 1
20:30:40.0628 1644 Actual detected object count: 1
20:30:50.0675 1644 sptd ( LockedFile.Multi.Generic ) - skipped by user
20:30:50.0675 1644 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

#6 Derialc

Derialc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 27 October 2011 - 02:50 PM

Here's my MBAM log. With a quick scan it didn't give me the option to select which drives to scan and I think it only scanned my C:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8030

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

27/10/2011 20:47:34
mbam-log-2011-10-27 (20-47-34).txt

Scan type: Quick scan
Objects scanned: 169292
Time elapsed: 7 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 Derialc

Derialc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 27 October 2011 - 02:52 PM

Ran a separate scan on my hard drive...
Thanks again for your time & help!

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8030

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

27/10/2011 20:50:20
mbam-log-2011-10-27 (20-50-20).txt

Scan type: Full scan (H:\|)
Objects scanned: 159286
Time elapsed: 1 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:37 PM

Posted 27 October 2011 - 02:55 PM

OK, yes my bad, MBAM needs to run FULL to see all drives.

Was one of the others a TDDs,tdlxxx type? Can you recalll?

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Derialc

Derialc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 27 October 2011 - 02:57 PM

Just disconnected the hard-drive and then reconnected it and scanned with Kaspersky and it found nothing! Looks like TDSSKiller did the job :-) Thanks again!

#10 Derialc

Derialc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 27 October 2011 - 02:59 PM

Oh, just saw your most recent post now. Should I still run those other programs even though the trojan seems to be gone?

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:37 PM

Posted 27 October 2011 - 03:01 PM

EDIT: cant hurt to run ESET it will find any remnants if the TDDS infection dropped them.

It propbably did ,it usually does on that.
those are probably CD emulators so we skip them..

You're welcome!!

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:

Edited by boopme, 27 October 2011 - 03:02 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Derialc

Derialc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 27 October 2011 - 03:02 PM

Great, will do that so!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users