Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chain reaction "Sphere security 2012" then "privacy.exe"


  • Please log in to reply
20 replies to this topic

#1 lienko11

lienko11

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 06 November 2011 - 01:51 AM

Windows Vista 64 Home Premium
service pack 2

It's been ages since I got infected like this :S
Ok, I'll start from when it all began.

1-The infection process started at the moment I pressed "Allow" taskmgr.exe after having multile pop-ups
making it impossible to close because closing one was opening another and just closing the browser did
the same thing. So I pressed CTRL ALT DELETE to end the process, now I'm unsure due to the stress I had
if my memory is good, but it closed without a problem. Then I re-open Firefox and it kept my windows so
I had to do the same again though this time ctrl alt delete took longer to appear and so my computer
was asking me If I wanted to launch taskmgr.exe ( unindentified source ) but I felt like it was me
trigering it right ? So I clicked yes and there you go, Sphere security 2012 launched and started
making false virus scans and saying anything I tried to launch was infected. I managed to suppress it
following theses steps "Alertane Security Sphere 2012 removal instructions:" (Note the mistype *Alternate*)
from
http://deletemalware.blogspot.com/2011/09/how-to-remove-security-sphere-2012.html

In their 4th step they ask you to "download exe_fix.reg and run it. Click "Yes" to safe the changes."
I did that but the program told me "not all could be written since some are in use"

I skipped it thinking it was normal and I went with step 5, download malwarebytes and run it.

Problem was, it wasn't updated. Somehow, I don't have issues with sphere security 2012 because I
also went where the file was and renamed it so I could run the anti-malware, though I also took no
risk and manually put it in the trash can. The scan is finished and asks to reboot. I reboot.


2-Everything seems fine, I run spybot - search and destroy 1.6.2.46 because that program saved me
alot of trouble in the past. I also run malwarebytes and microsoft security essentials. I realised
I couldn't update my definitions on any of my anti-malware programs. So I go and launch firefox.
I couldn't search anything on the web since " proxy server unavailable" or something close to that.
I felt as much as my computer wasn't safe yet, now I lost a bit of what went wrong though I tried
many times to search and I even physically disconnected from internet, unplugging everything and
replugging, Not if If I restarted after that, but once internet came back to normal
( probably after unchecking Proxy server in internet options ) Along Came Privacy Protection a.k.a
"privacy.exe" I had a bigger problem shutting this one up. I had to go in safe mode again and try
and manually delete the hiddenfile that was in programmdata "privacy.exe" and had to download
TDSSkiller and Rkill on my GF laptop and transfer it on my computer in safe mode. Doing that
seemed like it helped me go back in normal mode, launch Rkill and somehow I didn't have privacy.exe
blocking me. I AM UNSURE if it is because I manually deleted it or because I run the program Rkill.
Now that was done, i was able to update my definitions with my anti-malicious programs programs :P
Now My spybot have found 2 entries TrojansC-02 "Win32.Palevo that has two different reg keys that lead
to two different paths

Malwarebytes' Anti-malware (update 5th of november )had found 5 so far but is not finished
scanning.


So I am here waiting for my other programs to finish scanning and wondering If I should FIX the ones
my spybot found or wait that the other finish ? I am also here to ask anyone if they can help me by
reading logs that they will ask me to make so I'll get a " Your computer is ok" from someone who Knows
what's he talking about. Cause I still feel insecure After all thoses scans and well scarred.

I hope my long and descriptive post wasn't a burden to read, because I wrote all that for the sake of
helping you guys understand what happened and how it went. Sorry If I put to many useless information.
I thank you for you time. Looking forward to fight the programs with official help from someone.


-Lienko


Edit : Nov 6th 2011

I rebooted my computer after quarantine and removal. But I would really love assistance and run some tests
to check if everything as been taken care of without any flaws.

Edited by lienko11, 06 November 2011 - 02:55 PM.


BC AdBot (Login to Remove)

 


#2 lienko11

lienko11
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 04 February 2012 - 10:52 PM

Ok so after a couple of months there aren't any answers and I am here to ask for help again.
It is still about thoses virus attacks my computer got harmed from and about some after effects.

After all that happened, it seems that my windows firewall cannot be run since I had installed security essentials.
That program anti viruse security essentials programs blocked me from streaming videos to my ps3 or rather making my
pc invisible to my ps3 and vice versa even if in my network and sharing settings, media sharing and discovery are on.
So Without any answers to why Microsoft Security Essentials couldnt let my ps3 and pc communicate, I decided to uninstall
it in hope that I could stream again. Failure is the result since my streaming still doesn't work and that I can't even open
windows firewall. I searched the web to know what it could be it seems to be related to the driver mpsdrv.sys, or so I read.

Now I really do feel there are still some leftovers of thoses viruses and again I come here in hope that someone would gently
assist me into clearing this all up. I heard Combofix was really good a fixing stuff but they strongly recommend you to ask for
assistance.

Thank you.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:12 PM

Posted 05 February 2012 - 11:32 AM

Hello and welcome. We will look at these logs. Please do all.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


>>>>
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 lienko11

lienko11
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 05 February 2012 - 01:29 PM

I thank you so much for the help!

I have done the first step of scanning with minitool box
I had 3 times an error message popping :

The ordinal 1108 could not be located in the dynamic link library
WSOCK32.DLL

then

nslookup has stopped working
a problem....to stop working correctly

Figured I'd let you know before doing step two.
So here' the log and should I continue with the other steps now ?

MiniToolBox by Farbar Version: 18-01-2012
Ran by FRVME (administrator) on 05-02-2012 at 13:15:22
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "*.local"

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

There are 15095 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) = Local Area Connection (Connected)
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.

Windows IP Configuration

Host Name . . . . . . . . . . . . : FRVME-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-23-54-A4-FC-A3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1c54:d877:85c6:9fff%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.197(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 5 f‚vrier 2012 13:03:39
Lease Expires . . . . . . . . . . : 6 f‚vrier 2012 13:03:39
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 167781204
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-10-F7-0E-00-23-54-A4-FC-A3
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:34cd:b3e:3f57:ff3a(Preferred)
Link-local IPv6 Address . . . . . : fe80::34cd:b3e:3f57:ff3a%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{02C27EFF-2590-4D17-B825-4738F313C248}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{02C27EFF-2590-4D17-B825-4738F313C248}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Pinging google.com [74.125.226.80] with 32 bytes of data:
Reply from 74.125.226.80: bytes=32 time=16ms TTL=56
Reply from 74.125.226.80: bytes=32 time=15ms TTL=56

Ping statistics for 74.125.226.80:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 15ms, Maximum = 16ms, Average = 15ms

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=65ms TTL=49
Reply from 209.191.122.70: bytes=32 time=64ms TTL=49

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 64ms, Maximum = 65ms, Average = 64ms

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10 ...00 23 54 a4 fc a3 ...... Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
16 ...00 00 00 00 00 00 00 e0 isatap.{02C27EFF-2590-4D17-B825-4738F313C248}
17 ...00 00 00 00 00 00 00 e0 isatap.{02C27EFF-2590-4D17-B825-4738F313C248}
18 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.197 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.197 276
192.168.0.197 255.255.255.255 On-link 192.168.0.197 276
192.168.0.255 255.255.255.255 On-link 192.168.0.197 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.197 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.197 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 18 ::/0 On-link
1 306 ::1/128 On-link
11 18 2001::/32 On-link
11 266 2001:0:4137:9e76:34cd:b3e:3f57:ff3a/128
On-link
10 276 fe80::/64 On-link
11 266 fe80::/64 On-link
10 276 fe80::1c54:d877:85c6:9fff/128
On-link
11 266 fe80::34cd:b3e:3f57:ff3a/128
On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/05/2012 01:18:42 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb7341c, exception code 0xc0000138, fault offset 0x0006f51f,
process id 0xf64, application start time 0xnslookup.exe0.

Error: (02/05/2012 01:18:29 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb7341c, exception code 0xc0000138, fault offset 0x0006f51f,
process id 0x3b0, application start time 0xnslookup.exe0.

Error: (02/05/2012 01:18:02 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb7341c, exception code 0xc0000138, fault offset 0x0006f51f,
process id 0xfbc, application start time 0xnslookup.exe0.

Error: (02/04/2012 10:59:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2012

Error: (02/04/2012 10:59:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2012

Error: (02/04/2012 10:59:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/04/2012 10:59:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014

Error: (02/04/2012 10:59:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1014

Error: (02/04/2012 10:59:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/04/2012 10:04:14 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2043


System errors:
=============
Error: (02/04/2012 10:32:26 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.199 for the Network Card with network address 002354A4FCA3 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/04/2012 07:00:56 PM) (Source: Service Control Manager) (User: )
Description: Windows FirewallWindows Firewall Authorization Driver%%183

Error: (02/04/2012 07:00:56 PM) (Source: Service Control Manager) (User: )
Description: Windows Firewall Authorization Driver%%183

Error: (02/04/2012 07:00:52 PM) (Source: Service Control Manager) (User: )
Description: Windows FirewallWindows Firewall Authorization Driver%%183

Error: (02/04/2012 07:00:52 PM) (Source: Service Control Manager) (User: )
Description: Windows Firewall Authorization Driver%%183

Error: (02/04/2012 07:00:46 PM) (Source: Service Control Manager) (User: )
Description: Windows FirewallWindows Firewall Authorization Driver%%183

Error: (02/04/2012 07:00:46 PM) (Source: Service Control Manager) (User: )
Description: Windows Firewall Authorization Driver%%183

Error: (02/04/2012 06:57:00 PM) (Source: Service Control Manager) (User: )
Description: is3srv
szkg5

Error: (02/04/2012 06:56:57 PM) (Source: Service Control Manager) (User: )
Description: LibUsb-Win32 - Daemon, Version 0.1.10.1%%2

Error: (02/04/2012 06:56:57 PM) (Source: Service Control Manager) (User: )
Description: Windows FirewallWindows Firewall Authorization Driver%%183


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Anchor Service x64 CS4 (Version: 2.0)
Adobe CMaps x64 CS4 (Version: 2.0)
Adobe CSI CS4 x64 (Version: 1)
Adobe Drive CS4 x64 (Version: 1)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.55)
Adobe Fonts All x64 (Version: 2.0)
Adobe Linguistics CS4 x64 (Version: 4.0.0)
Adobe PDF Library Files x64 CS4 (Version: 9.0)
Adobe Photoshop CS4 (64 Bit) (Version: 11.0)
Adobe Type Support x64 CS4 (Version: 9.0)
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1)
AMD APP SDK Runtime (Version: 2.5.732.1)
AMD Catalyst Install Manager (Version: 3.0.842.0)
Apple Mobile Device Support (Version: 4.0.0.97)
ATI AVIVO64 Codecs (Version: 11.6.0.51125)
ATI Problem Report Wizard (Version: 3.0.804.0)
Bonjour (Version: 3.0.0.10)
ccc-utility64 (Version: 2011.0908.1355.23115)
GameRanger
iCloud (Version: 1.0.2.17)
iTunes (Version: 10.5.3.3)
Java™ 6 Update 30 (64-bit) (Version: 6.0.300)
Logitech Gaming Software 64 (Version: 4.60)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 6.3 (Version: 6.30.191.0)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit MUI (French) 2007 (Version: 12.0.6425.1000)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft Virtual PC 2007 (Version: 6.0.156.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.58298)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (Version: 9.0.30729)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (Version: 3.5.30729)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (Version: 6.1.5295.17011)
MobileMe Control Panel (Version: 3.1.8.0)
MétéoÉclair
MyDefrag v4.3.1 (Version: 4.0.0.0)
Photoshop Camera Raw_x64 (Version: 5.0)
Unity Web Player (Version: 2.6.1f3_31223)
Ventrilo Client for Windows x64 (Version: 3.0.4.0)
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 57%
Total physical RAM: 4094.19 MB
Available physical RAM: 1737.16 MB
Total Pagefile: 8429.65 MB
Available Pagefile: 6452.86 MB
Total Virtual: 4095.88 MB
Available Virtual: 3995.44 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:465.76 GB) (Free:16.49 GB) NTFS
8 Drive k: (ARCHIVE HQ) (Fixed) (Total:298.08 GB) (Free:27.84 GB) NTFS
10 Drive m: (ARCHIVE) (Fixed) (Total:1397.26 GB) (Free:949.79 GB) NTFS

========================= Users: ========================================

User accounts for \\FRVME-PC

Administrator ASPNET FRVME
Guest

========================= Minidump Files ==================================

C:\Windows\Minidump\Mini110611-01.dmp
C:\Windows\Minidump\Mini120211-01.dmp
C:\Windows\Minidump\Mini120211-02.dmp

**** End of log ****

#5 lienko11

lienko11
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 05 February 2012 - 01:35 PM

I run tdsskiller and I didn't need to reboot plus no detection

13:30:23.0702 0296 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
13:30:23.0982 0296 ============================================================
13:30:23.0982 0296 Current date / time: 2012/02/05 13:30:23.0982
13:30:23.0982 0296 SystemInfo:
13:30:23.0982 0296
13:30:23.0983 0296 OS Version: 6.0.6002 ServicePack: 2.0
13:30:23.0983 0296 Product type: Workstation
13:30:23.0983 0296 ComputerName: FRVME-PC
13:30:23.0983 0296 UserName: FRVME
13:30:23.0983 0296 Windows directory: C:\Windows
13:30:23.0983 0296 System windows directory: C:\Windows
13:30:23.0983 0296 Running under WOW64
13:30:23.0983 0296 Processor architecture: Intel x64
13:30:23.0983 0296 Number of processors: 2
13:30:23.0983 0296 Page size: 0x1000
13:30:23.0983 0296 Boot type: Normal boot
13:30:23.0983 0296 ============================================================
13:30:25.0343 0296 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:30:25.0352 0296 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:30:25.0356 0296 Drive \Device\Harddisk2\DR2 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:30:36.0471 0296 \Device\Harddisk1\DR1:
13:30:36.0471 0296 MBR used
13:30:36.0472 0296 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
13:30:36.0472 0296 \Device\Harddisk0\DR0:
13:30:36.0472 0296 MBR used
13:30:36.0472 0296 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
13:30:36.0472 0296 \Device\Harddisk2\DR2:
13:30:36.0473 0296 MBR used
13:30:36.0473 0296 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAEA86702
13:30:36.0569 0296 Initialize success
13:30:36.0569 0296 ============================================================
13:32:58.0853 2940 ============================================================
13:32:58.0853 2940 Scan started
13:32:58.0853 2940 Mode: Manual;
13:32:58.0853 2940 ============================================================
13:32:59.0809 2940 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
13:32:59.0841 2940 ACPI - ok
13:32:59.0954 2940 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
13:32:59.0979 2940 adfs - ok
13:33:00.0146 2940 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
13:33:00.0193 2940 adp94xx - ok
13:33:00.0241 2940 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
13:33:00.0245 2940 adpahci - ok
13:33:00.0268 2940 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
13:33:00.0270 2940 adpu160m - ok
13:33:00.0304 2940 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
13:33:00.0307 2940 adpu320 - ok
13:33:00.0374 2940 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
13:33:00.0379 2940 AFD - ok
13:33:00.0402 2940 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
13:33:00.0404 2940 agp440 - ok
13:33:00.0445 2940 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
13:33:00.0447 2940 aic78xx - ok
13:33:00.0485 2940 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
13:33:00.0487 2940 aliide - ok
13:33:00.0535 2940 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
13:33:00.0536 2940 amdide - ok
13:33:00.0555 2940 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
13:33:00.0557 2940 AmdK8 - ok
13:33:00.0741 2940 amdkmdag (446a1aad34191665a8df6092bd8eb5a8) C:\Windows\system32\DRIVERS\atikmdag.sys
13:33:00.0876 2940 amdkmdag - ok
13:33:00.0939 2940 amdkmdap (f8f8a908fdb005a65ddf7238c814eea5) C:\Windows\system32\DRIVERS\atikmpag.sys
13:33:00.0943 2940 amdkmdap - ok
13:33:00.0982 2940 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
13:33:00.0984 2940 arc - ok
13:33:01.0004 2940 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
13:33:01.0006 2940 arcsas - ok
13:33:01.0029 2940 AsIO - ok
13:33:01.0039 2940 AsUpIO - ok
13:33:01.0049 2940 asusgsb - ok
13:33:01.0064 2940 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
13:33:01.0065 2940 AsyncMac - ok
13:33:01.0101 2940 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
13:33:01.0101 2940 atapi - ok
13:33:01.0190 2940 AtiHDAudioService (ffadd388d1e7f075857659928365d579) C:\Windows\system32\drivers\AtihdLH6.sys
13:33:01.0192 2940 AtiHDAudioService - ok
13:33:01.0226 2940 AtiHdmiService (6831c91c74afc9f1d88e1cccabada12b) C:\Windows\system32\drivers\AtiHdmi.sys
13:33:01.0244 2940 AtiHdmiService - ok
13:33:01.0663 2940 atikmdag (446a1aad34191665a8df6092bd8eb5a8) C:\Windows\system32\DRIVERS\atikmdag.sys
13:33:01.0719 2940 atikmdag - ok
13:33:01.0778 2940 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
13:33:01.0779 2940 blbdrive - ok
13:33:01.0832 2940 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
13:33:01.0839 2940 bowser - ok
13:33:01.0863 2940 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
13:33:01.0864 2940 BrFiltLo - ok
13:33:01.0885 2940 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
13:33:01.0886 2940 BrFiltUp - ok
13:33:01.0911 2940 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
13:33:01.0914 2940 Brserid - ok
13:33:01.0925 2940 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
13:33:01.0927 2940 BrSerWdm - ok
13:33:01.0949 2940 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
13:33:01.0951 2940 BrUsbMdm - ok
13:33:01.0966 2940 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
13:33:01.0967 2940 BrUsbSer - ok
13:33:01.0995 2940 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
13:33:01.0996 2940 BTHMODEM - ok
13:33:02.0006 2940 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
13:33:02.0008 2940 cdfs - ok
13:33:02.0105 2940 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
13:33:02.0111 2940 cdrom - ok
13:33:02.0272 2940 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
13:33:02.0273 2940 circlass - ok
13:33:02.0324 2940 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
13:33:02.0329 2940 CLFS - ok
13:33:02.0359 2940 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
13:33:02.0360 2940 cmdide - ok
13:33:02.0372 2940 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
13:33:02.0374 2940 Compbatt - ok
13:33:02.0496 2940 cpuz132 - ok
13:33:02.0508 2940 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
13:33:02.0509 2940 crcdisk - ok
13:33:02.0541 2940 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
13:33:02.0543 2940 DfsC - ok
13:33:02.0592 2940 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
13:33:02.0593 2940 disk - ok
13:33:02.0654 2940 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
13:33:02.0655 2940 drmkaud - ok
13:33:02.0708 2940 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
13:33:02.0718 2940 DXGKrnl - ok
13:33:02.0757 2940 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
13:33:02.0759 2940 E1G60 - ok
13:33:02.0778 2940 EagleX64 - ok
13:33:02.0842 2940 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
13:33:02.0847 2940 Ecache - ok
13:33:02.0861 2940 EIO64 - ok
13:33:02.0909 2940 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
13:33:02.0944 2940 elxstor - ok
13:33:02.0994 2940 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
13:33:02.0996 2940 ErrDev - ok
13:33:03.0031 2940 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
13:33:03.0034 2940 exfat - ok
13:33:03.0073 2940 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
13:33:03.0075 2940 fastfat - ok
13:33:03.0099 2940 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
13:33:03.0100 2940 fdc - ok
13:33:03.0113 2940 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
13:33:03.0115 2940 FileInfo - ok
13:33:03.0142 2940 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
13:33:03.0143 2940 Filetrace - ok
13:33:03.0183 2940 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:33:03.0184 2940 flpydisk - ok
13:33:03.0233 2940 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
13:33:03.0236 2940 FltMgr - ok
13:33:03.0295 2940 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
13:33:03.0296 2940 fssfltr - ok
13:33:03.0315 2940 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
13:33:03.0316 2940 Fs_Rec - ok
13:33:03.0336 2940 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
13:33:03.0338 2940 gagp30kx - ok
13:33:03.0374 2940 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:33:03.0375 2940 GEARAspiWDM - ok
13:33:03.0460 2940 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
13:33:03.0467 2940 HdAudAddService - ok
13:33:03.0520 2940 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:33:03.0530 2940 HDAudBus - ok
13:33:03.0555 2940 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
13:33:03.0557 2940 HidBth - ok
13:33:03.0579 2940 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
13:33:03.0580 2940 HidIr - ok
13:33:03.0634 2940 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
13:33:03.0636 2940 HidUsb - ok
13:33:03.0667 2940 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
13:33:03.0669 2940 HpCISSs - ok
13:33:03.0737 2940 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
13:33:03.0752 2940 HTTP - ok
13:33:03.0780 2940 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
13:33:03.0781 2940 i2omp - ok
13:33:03.0838 2940 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
13:33:03.0840 2940 i8042prt - ok
13:33:03.0857 2940 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
13:33:03.0860 2940 iaStorV - ok
13:33:03.0883 2940 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
13:33:03.0885 2940 iirsp - ok
13:33:03.0932 2940 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
13:33:03.0933 2940 intelide - ok
13:33:03.0942 2940 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
13:33:03.0943 2940 intelppm - ok
13:33:03.0986 2940 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:33:03.0988 2940 IpFilterDriver - ok
13:33:03.0997 2940 IpInIp - ok
13:33:04.0015 2940 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
13:33:04.0017 2940 IPMIDRV - ok
13:33:04.0040 2940 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
13:33:04.0042 2940 IPNAT - ok
13:33:04.0077 2940 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
13:33:04.0078 2940 IRENUM - ok
13:33:04.0088 2940 is3srv - ok
13:33:04.0118 2940 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
13:33:04.0120 2940 isapnp - ok
13:33:04.0168 2940 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
13:33:04.0170 2940 iScsiPrt - ok
13:33:04.0187 2940 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
13:33:04.0189 2940 iteatapi - ok
13:33:04.0207 2940 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
13:33:04.0209 2940 iteraid - ok
13:33:04.0239 2940 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
13:33:04.0240 2940 kbdclass - ok
13:33:04.0255 2940 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
13:33:04.0256 2940 kbdhid - ok
13:33:04.0309 2940 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
13:33:04.0315 2940 KSecDD - ok
13:33:04.0332 2940 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
13:33:04.0334 2940 ksthunk - ok
13:33:04.0353 2940 libusb0 - ok
13:33:04.0374 2940 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
13:33:04.0376 2940 lltdio - ok
13:33:04.0402 2940 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
13:33:04.0405 2940 LSI_FC - ok
13:33:04.0414 2940 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
13:33:04.0416 2940 LSI_SAS - ok
13:33:04.0460 2940 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
13:33:04.0463 2940 LSI_SCSI - ok
13:33:04.0480 2940 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
13:33:04.0483 2940 luafv - ok
13:33:04.0508 2940 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
13:33:04.0509 2940 megasas - ok
13:33:04.0532 2940 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
13:33:04.0537 2940 MegaSR - ok
13:33:04.0555 2940 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
13:33:04.0557 2940 Modem - ok
13:33:04.0572 2940 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
13:33:04.0573 2940 monitor - ok
13:33:04.0583 2940 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
13:33:04.0584 2940 mouclass - ok
13:33:04.0600 2940 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
13:33:04.0601 2940 mouhid - ok
13:33:04.0615 2940 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
13:33:04.0617 2940 MountMgr - ok
13:33:04.0633 2940 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
13:33:04.0636 2940 mpio - ok
13:33:04.0656 2940 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
13:33:04.0657 2940 mpsdrv - ok
13:33:04.0677 2940 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
13:33:04.0679 2940 Mraid35x - ok
13:33:04.0738 2940 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
13:33:04.0742 2940 MRxDAV - ok
13:33:04.0762 2940 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:33:04.0764 2940 mrxsmb - ok
13:33:04.0806 2940 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:33:04.0809 2940 mrxsmb10 - ok
13:33:04.0824 2940 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:33:04.0826 2940 mrxsmb20 - ok
13:33:04.0846 2940 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
13:33:04.0848 2940 msahci - ok
13:33:04.0877 2940 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
13:33:04.0879 2940 msdsm - ok
13:33:04.0908 2940 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
13:33:04.0909 2940 Msfs - ok
13:33:04.0927 2940 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
13:33:04.0928 2940 msisadrv - ok
13:33:04.0956 2940 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
13:33:04.0957 2940 MSKSSRV - ok
13:33:05.0013 2940 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
13:33:05.0014 2940 MSPCLOCK - ok
13:33:05.0032 2940 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
13:33:05.0034 2940 MSPQM - ok
13:33:05.0077 2940 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
13:33:05.0081 2940 MsRPC - ok
13:33:05.0097 2940 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
13:33:05.0100 2940 mssmbios - ok
13:33:05.0125 2940 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
13:33:05.0126 2940 MSTEE - ok
13:33:05.0171 2940 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
13:33:05.0172 2940 MTsensor - ok
13:33:05.0208 2940 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
13:33:05.0210 2940 Mup - ok
13:33:05.0254 2940 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
13:33:05.0256 2940 NativeWifiP - ok
13:33:05.0315 2940 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
13:33:05.0322 2940 NDIS - ok
13:33:05.0339 2940 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
13:33:05.0340 2940 NdisTapi - ok
13:33:05.0351 2940 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
13:33:05.0352 2940 Ndisuio - ok
13:33:05.0362 2940 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
13:33:05.0364 2940 NdisWan - ok
13:33:05.0373 2940 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
13:33:05.0374 2940 NDProxy - ok
13:33:05.0382 2940 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
13:33:05.0383 2940 NetBIOS - ok
13:33:05.0435 2940 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
13:33:05.0437 2940 netbt - ok
13:33:05.0502 2940 netr7364 (b69d6bb680c85243af0263b3e01d5e77) C:\Windows\system32\DRIVERS\netr7364.sys
13:33:05.0509 2940 netr7364 - ok
13:33:05.0557 2940 NetworkX (2263727032e9b19231a706046b8c82d3) C:\Windows\system32\ckldrv.sys
13:33:05.0559 2940 NetworkX - ok
13:33:05.0585 2940 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
13:33:05.0586 2940 nfrd960 - ok
13:33:05.0662 2940 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
13:33:05.0663 2940 Npfs - ok
13:33:05.0676 2940 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
13:33:05.0677 2940 nsiproxy - ok
13:33:05.0741 2940 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
13:33:05.0766 2940 Ntfs - ok
13:33:05.0803 2940 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
13:33:05.0805 2940 Null - ok
13:33:05.0842 2940 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
13:33:05.0844 2940 nvraid - ok
13:33:05.0864 2940 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
13:33:05.0866 2940 nvstor - ok
13:33:05.0884 2940 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
13:33:05.0886 2940 nv_agp - ok
13:33:05.0893 2940 NwlnkFlt - ok
13:33:05.0902 2940 NwlnkFwd - ok
13:33:05.0944 2940 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
13:33:05.0946 2940 ohci1394 - ok
13:33:05.0969 2940 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
13:33:05.0971 2940 Parport - ok
13:33:06.0007 2940 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
13:33:06.0016 2940 partmgr - ok
13:33:06.0051 2940 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
13:33:06.0053 2940 pci - ok
13:33:06.0106 2940 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
13:33:06.0107 2940 pciide - ok
13:33:06.0147 2940 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
13:33:06.0150 2940 pcmcia - ok
13:33:06.0188 2940 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
13:33:06.0197 2940 PEAUTH - ok
13:33:06.0263 2940 Point64 (e27b59c24404f671802f209bd580f818) C:\Windows\system32\DRIVERS\point64k.sys
13:33:06.0264 2940 Point64 - ok
13:33:06.0281 2940 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
13:33:06.0283 2940 PptpMiniport - ok
13:33:06.0300 2940 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
13:33:06.0302 2940 Processor - ok
13:33:06.0330 2940 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
13:33:06.0331 2940 PSched - ok
13:33:06.0371 2940 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
13:33:06.0396 2940 ql2300 - ok
13:33:06.0417 2940 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
13:33:06.0419 2940 ql40xx - ok
13:33:06.0441 2940 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
13:33:06.0442 2940 QWAVEdrv - ok
13:33:06.0455 2940 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
13:33:06.0457 2940 RasAcd - ok
13:33:06.0468 2940 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:33:06.0471 2940 Rasl2tp - ok
13:33:06.0513 2940 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
13:33:06.0515 2940 RasPppoe - ok
13:33:06.0538 2940 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
13:33:06.0540 2940 RasSstp - ok
13:33:06.0570 2940 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
13:33:06.0574 2940 rdbss - ok
13:33:06.0587 2940 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:33:06.0588 2940 RDPCDD - ok
13:33:06.0618 2940 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
13:33:06.0622 2940 rdpdr - ok
13:33:06.0631 2940 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
13:33:06.0631 2940 RDPENCDD - ok
13:33:06.0677 2940 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
13:33:06.0680 2940 RDPWD - ok
13:33:06.0713 2940 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
13:33:06.0715 2940 rspndr - ok
13:33:06.0755 2940 RTL8169 (8b91737da75add21cb1554b38089196a) C:\Windows\system32\DRIVERS\Rtlh64.sys
13:33:06.0758 2940 RTL8169 - ok
13:33:06.0809 2940 s115bus (e0f0977caafdf719929c8ca02a1c5147) C:\Windows\system32\DRIVERS\s115bus.sys
13:33:06.0812 2940 s115bus - ok
13:33:06.0845 2940 s115mdfl (136328e6c3086a19eb3154058bc7b3a3) C:\Windows\system32\DRIVERS\s115mdfl.sys
13:33:06.0847 2940 s115mdfl - ok
13:33:06.0884 2940 s115mdm (54552277de7eae1a2e108a4cff7abb07) C:\Windows\system32\DRIVERS\s115mdm.sys
13:33:06.0886 2940 s115mdm - ok
13:33:06.0910 2940 s115mgmt (e9b3966836cb9c2107264e44249267df) C:\Windows\system32\DRIVERS\s115mgmt.sys
13:33:06.0913 2940 s115mgmt - ok
13:33:06.0926 2940 s115obex (f6ab3b6e35981c4f3fed4198d3f29674) C:\Windows\system32\DRIVERS\s115obex.sys
13:33:06.0928 2940 s115obex - ok
13:33:06.0966 2940 s125bus (ae722fd346b75b776ca75f297347ee8a) C:\Windows\system32\DRIVERS\s125bus.sys
13:33:06.0969 2940 s125bus - ok
13:33:07.0006 2940 s125mdfl (651362aadc145d0028df288182989136) C:\Windows\system32\DRIVERS\s125mdfl.sys
13:33:07.0007 2940 s125mdfl - ok
13:33:07.0043 2940 s125mdm (0744248b0ee7c0f652882ae3b67e6429) C:\Windows\system32\DRIVERS\s125mdm.sys
13:33:07.0045 2940 s125mdm - ok
13:33:07.0104 2940 s125mgmt (51c6262ad6dd5da12543f623b0ee2ebf) C:\Windows\system32\DRIVERS\s125mgmt.sys
13:33:07.0106 2940 s125mgmt - ok
13:33:07.0135 2940 s125obex (5a5b9b10a9545a832b436884a1d1a848) C:\Windows\system32\DRIVERS\s125obex.sys
13:33:07.0138 2940 s125obex - ok
13:33:07.0160 2940 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
13:33:07.0163 2940 sbp2port - ok
13:33:07.0215 2940 SCDEmu (07237c66e05da6778e9f3cb67fa00736) C:\Windows\system32\drivers\SCDEmu.sys
13:33:07.0218 2940 SCDEmu - ok
13:33:07.0238 2940 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:33:07.0239 2940 secdrv - ok
13:33:07.0317 2940 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
13:33:07.0319 2940 Serenum - ok
13:33:07.0581 2940 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
13:33:07.0583 2940 Serial - ok
13:33:07.0597 2940 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
13:33:07.0598 2940 sermouse - ok
13:33:07.0625 2940 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
13:33:07.0626 2940 sffdisk - ok
13:33:07.0645 2940 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
13:33:07.0647 2940 sffp_mmc - ok
13:33:07.0664 2940 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
13:33:07.0665 2940 sffp_sd - ok
13:33:07.0676 2940 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
13:33:07.0677 2940 sfloppy - ok
13:33:07.0701 2940 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
13:33:07.0703 2940 SiSRaid2 - ok
13:33:07.0724 2940 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
13:33:07.0726 2940 SiSRaid4 - ok
13:33:07.0814 2940 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
13:33:07.0841 2940 Smb - ok
13:33:07.0895 2940 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
13:33:07.0896 2940 spldr - ok
13:33:08.0059 2940 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
13:33:08.0109 2940 srv - ok
13:33:08.0182 2940 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
13:33:08.0184 2940 srv2 - ok
13:33:08.0199 2940 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
13:33:08.0201 2940 srvnet - ok
13:33:08.0259 2940 StMp3Recx64 (63b2818651f111b08288b8ab7d2debf6) C:\Windows\system32\Drivers\StMp3Recx64.sys
13:33:08.0278 2940 StMp3Recx64 - ok
13:33:08.0303 2940 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
13:33:08.0305 2940 swenum - ok
13:33:08.0320 2940 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
13:33:08.0322 2940 Symc8xx - ok
13:33:08.0344 2940 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
13:33:08.0345 2940 Sym_hi - ok
13:33:08.0359 2940 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
13:33:08.0361 2940 Sym_u3 - ok
13:33:08.0377 2940 szkg5 - ok
13:33:08.0643 2940 Tcpip (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\drivers\tcpip.sys
13:33:08.0693 2940 Tcpip - ok
13:33:08.0726 2940 Tcpip6 (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\DRIVERS\tcpip.sys
13:33:08.0734 2940 Tcpip6 - ok
13:33:08.0841 2940 tcpipreg (848f87c604b5e674602498cb51067db6) C:\Windows\system32\drivers\tcpipreg.sys
13:33:08.0860 2940 tcpipreg - ok
13:33:08.0890 2940 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
13:33:08.0892 2940 TDPIPE - ok
13:33:08.0923 2940 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
13:33:08.0925 2940 TDTCP - ok
13:33:08.0944 2940 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
13:33:08.0946 2940 tdx - ok
13:33:08.0990 2940 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
13:33:08.0992 2940 TermDD - ok
13:33:09.0023 2940 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:33:09.0024 2940 tssecsrv - ok
13:33:09.0053 2940 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
13:33:09.0055 2940 tunmp - ok
13:33:09.0090 2940 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
13:33:09.0092 2940 tunnel - ok
13:33:09.0113 2940 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
13:33:09.0115 2940 uagp35 - ok
13:33:09.0142 2940 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
13:33:09.0147 2940 udfs - ok
13:33:09.0166 2940 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
13:33:09.0167 2940 uliagpkx - ok
13:33:09.0189 2940 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
13:33:09.0193 2940 uliahci - ok
13:33:09.0211 2940 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
13:33:09.0213 2940 UlSata - ok
13:33:09.0237 2940 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
13:33:09.0240 2940 ulsata2 - ok
13:33:09.0249 2940 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
13:33:09.0250 2940 umbus - ok
13:33:09.0315 2940 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
13:33:09.0316 2940 USBAAPL64 - ok
13:33:09.0365 2940 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
13:33:09.0367 2940 usbaudio - ok
13:33:09.0427 2940 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
13:33:09.0429 2940 usbccgp - ok
13:33:09.0456 2940 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
13:33:09.0459 2940 usbcir - ok
13:33:09.0469 2940 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
13:33:09.0470 2940 usbehci - ok
13:33:09.0514 2940 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
13:33:09.0518 2940 usbhub - ok
13:33:09.0536 2940 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
13:33:09.0537 2940 usbohci - ok
13:33:09.0556 2940 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
13:33:09.0558 2940 usbprint - ok
13:33:09.0591 2940 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:33:09.0593 2940 USBSTOR - ok
13:33:09.0639 2940 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
13:33:09.0640 2940 usbuhci - ok
13:33:09.0668 2940 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
13:33:09.0670 2940 vga - ok
13:33:09.0690 2940 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
13:33:09.0691 2940 VgaSave - ok
13:33:09.0751 2940 VIAHdAudAddService (293a88fceaf4f264d8b47e422a654770) C:\Windows\system32\drivers\viahduaa.sys
13:33:09.0762 2940 VIAHdAudAddService - ok
13:33:09.0785 2940 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
13:33:09.0787 2940 viaide - ok
13:33:09.0861 2940 vmm (091e009ef749c9d65cf9adfad316d251) C:\Windows\system32\Drivers\vmm.sys
13:33:09.0882 2940 vmm - ok
13:33:10.0016 2940 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
13:33:10.0039 2940 volmgr - ok
13:33:10.0097 2940 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
13:33:10.0128 2940 volmgrx - ok
13:33:10.0220 2940 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
13:33:10.0236 2940 volsnap - ok
13:33:10.0275 2940 VPCNetS2 (bc2ea40b98b5e866d9a4f98afb66b682) C:\Windows\system32\DRIVERS\VMNetSrv.sys
13:33:10.0277 2940 VPCNetS2 - ok
13:33:10.0306 2940 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
13:33:10.0308 2940 vsmraid - ok
13:33:10.0328 2940 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
13:33:10.0330 2940 WacomPen - ok
13:33:10.0370 2940 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
13:33:10.0373 2940 Wanarp - ok
13:33:10.0376 2940 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
13:33:10.0377 2940 Wanarpv6 - ok
13:33:10.0404 2940 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
13:33:10.0406 2940 Wd - ok
13:33:10.0607 2940 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
13:33:10.0642 2940 Wdf01000 - ok
13:33:10.0691 2940 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
13:33:10.0715 2940 WmiAcpi - ok
13:33:10.0794 2940 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
13:33:10.0824 2940 WpdUsb - ok
13:33:10.0857 2940 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
13:33:10.0858 2940 ws2ifsl - ok
13:33:10.0893 2940 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:33:10.0895 2940 WUDFRd - ok
13:33:10.0912 2940 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
13:33:10.0915 2940 \Device\Harddisk1\DR1 - ok
13:33:10.0927 2940 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:33:10.0976 2940 \Device\Harddisk0\DR0 - ok
13:33:10.0980 2940 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
13:33:10.0983 2940 \Device\Harddisk2\DR2 - ok
13:33:10.0985 2940 Boot (0x1200) (d3885d0541cdf306ab8ba460ab0f895d) \Device\Harddisk1\DR1\Partition0
13:33:10.0986 2940 \Device\Harddisk1\DR1\Partition0 - ok
13:33:11.0006 2940 Boot (0x1200) (f40b448a4b64b731d2968b630360306b) \Device\Harddisk0\DR0\Partition0
13:33:11.0008 2940 \Device\Harddisk0\DR0\Partition0 - ok
13:33:11.0011 2940 Boot (0x1200) (8e3ae2d9096b5757a084fd8e05f2f891) \Device\Harddisk2\DR2\Partition0
13:33:11.0013 2940 \Device\Harddisk2\DR2\Partition0 - ok
13:33:11.0013 2940 ============================================================
13:33:11.0013 2940 Scan finished
13:33:11.0013 2940 ============================================================
13:33:11.0018 4796 Detected object count: 0
13:33:11.0018 4796 Actual detected object count: 0

#6 lienko11

lienko11
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 05 February 2012 - 01:42 PM

I'm scanning right now and they told me the scanning could be affected due to windows defender since it's another anti virus program.

Edited by lienko11, 05 February 2012 - 03:29 PM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:12 PM

Posted 05 February 2012 - 06:02 PM

ESET oonlie is usually good at getting around it
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 lienko11

lienko11
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 05 February 2012 - 07:42 PM

C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Program Files (x86)\Search Settings\SearchSettings.dll Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Program Files (x86)\Search Settings\SearchSettings.exe Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Program Files (x86)\Search Settings\SearchSettingsRes409.dll Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\CoolWWWSearchSvchost1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Users\FRVME\Downloads\SoftonicDownloader_for_vista-aero-theme.exe Win32/SoftonicDownloader application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\340dc61b-58ee0229 Java/TrojanDownloader.OpenStream.NCO trojan deleted - quarantined
C:\Windows\system64\consrv.dll Win64/Sirefef.G trojan cleaned by deleting - quarantined
M:\2010\Windows XP Professional 32-bit en-US - Black Edition v2010.9.19.iso multiple threats deleted - quarantined
M:\2010\Windows.xp.sp3.5512.CDR.august.2008.with.(sata+raid).iso multiple threats deleted - quarantined
M:\Eric Dossier\Nero 7 Premium\Nero_7_Premium.exe Win32/Toolbar.AskSBar application deleted - quarantined
Operating memory a variant of Win32/Sirefef.DN trojan

woh I did have some leftovers. Now eset online scanner is still open since you ask me to finish but not check the boxes "uninstall application on close and delete quarantined files ?

I did press the finish button and closed the program but after that I got a " This program might not have been installed correctly..."

Edited by lienko11, 05 February 2012 - 07:45 PM.


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:12 PM

Posted 06 February 2012 - 10:34 PM

Rerun it and remove any thing found.
Did you uninstall SpyBot?

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.



Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 lienko11

lienko11
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 06 February 2012 - 11:24 PM

Should i uninstall spybot before doing all this?
If your question was, have I close the program while running the scan,
I think I did. Usually teatimer is up and running probably 95% of the time my pc is on

Let me know if I must do anything before following thoses steps in that last reply.
Thanks for your help!

Btw how bad does it looks?
Am I close to the point where I should just do a clean format of everything? Start anew?

Edited by lienko11, 06 February 2012 - 11:25 PM.


#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:12 PM

Posted 07 February 2012 - 11:43 AM

We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Mode > Advanced Mode.
    Posted Image
  • You may be presented with a warning dialog. If so, click Yes
  • Click on Tools and then Resident
    Posted Image
  • Uncheck this checkbox: "Resident TeaTimer {protection of over-all system settings) active"
  • Close/Exit Spybot Search and Destroy


We already see,Sirefef.DN trojan, A malicious backdoor trojan that runs in the background and allows remote access to the compromised system. That said I feel it is important to say rhis.
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 lienko11

lienko11
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 07 February 2012 - 02:08 PM

Ironically, this morning my girlfriend wanted to start firefox on my computer and it froze. instead of doing ctrl alt delete like I teached her to do when an program doesn't respond she actually just reset the whole computer like she used to do before knowing that ctrl alt deleted existed. Now this is not the first time these past month that my windows doesn't start after " a change of program or update might be the cause" " put your windows installation cd and try to repair"

I had delt with that many times and one day I almost couldn't get my windows back to start it was the longest restore of my life. I am on my iphone right now and I will try to recover this broken windows again...

I think what i'm going to do is try my best to boot my windows correctly just so i can check aside programs if I have anything I would need to save. Though is my external "M" drive even safe now? Can a non operating system such as an usb/external hard drive or even my internet splitter d-link or modem be infected? I think it might not be possible since there is no operating system so there would be no way to "run" the virus up and make it active, though i'n asking this because I doubt my logic. A virus Has been identified on my external M drive but i have unique photos and files on that last one that I could not let go. If I do a fresh new reformat and install on my c drive, could my m drive reinfect it ? Or it cannot unless I literally transfer the virus to C since M isnt where windows is installed?

Thanks for your help thus far :P
I'll try later to boot my pc when the motivation to go all throught that again will be there.

#13 lienko11

lienko11
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 07 February 2012 - 02:13 PM

Btw is your meaning of "banking" tasks are the same as going on my bank web site to check my accounts and stuff would be part of what you call banking? :S

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:12 PM

Posted 07 February 2012 - 04:01 PM

Anything where you enter a passcode to do financials is banking.
Rootkits, backdoor Trojans, Botnets, and IRC Bots are very dangerous because they compromise system integrity by making changes that allow it to by used by the attacker for malicious purposes. Rootkits are used by Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:

What danger is presented by rootkits?
Rootkits and how to combat them
r00tkit Analysis: What Is A Rootkit

Your flashDrive can get infected and can transfer malware. I was going to say scan that drive but I do not see an Antivirus on here?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 lienko11

lienko11
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 07 February 2012 - 04:56 PM

All i have is the spybot search and destroy aside the teatimer from spybot. I used to have windows defender though i can't open it and i deleted windows security essentials.

So my "m" drive can infect my "c"
This does complicate things.

I have to much on this "m" drive to just to reformat it.
I'll let you know once I passed the restore process.

Again I thank you for you time




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users