Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with PING.exe and other TCP Related Stuff


  • This topic is locked This topic is locked
41 replies to this topic

#1 Ninja Chachi

Ninja Chachi

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 12 November 2011 - 04:46 PM

Hey guys I'm in a little situation with my computer it's a prebuilt system that's about 5 years old but we're trying to make it last. Its a Compaq Presario SR5130NX and has been working quite good lately until today.
I was just browsing the forums when a big scan thing called AV Security 2012 popped up along with a bunch of messages. I ran Malwarebytes as well as deleted some other files I googled.
Once that was off I keep getting a process called PING.exe that takes up all of my CPU and I can't seem to fix it! I ran Security Task Manager about an hour ago and quarantined the PING.exe file and it hasn't showed up since but there have been some other random processes having to do with network sharing and TCP/IPv4 popping up and disappearing. Please Help! Also I am getting redirects from google! Please Help!
Please don't suggest I get a new computer as I will be in a month or so.

[NOTICE] When I try to run GMER halfway through it gives me some weird blue screen then my computer restarts so I just have the DDS log right now[NOTICE]
Attached File  Attach.txt   19.07KB   2 downloads

Edited by Ninja Chachi, 12 November 2011 - 05:38 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 AM

Posted 17 November 2011 - 04:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/427601 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Ninja Chachi

Ninja Chachi
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 17 November 2011 - 06:54 PM

Yes I still have this problem and I think it's a leftover from that Security 2012 thing. I don't get PING.exe anymore since I blocked it with Security Task Manager but I still get Google redirects and my computer is still slower then normal.
-I don't have my original Windows CD available

Here is my updated DDS log:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Dan at 17:43:13 on 2011-11-17
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.895.40 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Soluto\soluto.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskhost.exe
C:\Users\Dan\AppData\Local\Akamai\netsession_win.exe
C:\Users\Dan\AppData\Local\Akamai\netsession_win.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\explorer.exe
C:\Windows\System32\RunDll32.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\RunDll32.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\JG00T6~1.COM
C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\jg00T6Y6K.com
C:\Windows\system32\jg00T6Y6K.com
C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 203.122.223.237:80
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Webblog: {c3947f4e-8894-4c04-98e0-df182c706ddf} - c:\program files\wbtooltb\wbtoolDx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Webblog: {c3947f4e-8894-4c04-98e0-df182c706ddf} - c:\program files\wbtooltb\wbtoolDx.dll
TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} -
TB: {167D9323-F7CC-48F5-948A-6F012831A69F} - No File
TB: {00000000-0000-0000-0000-000000000000} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [Google Update] "c:\users\dan\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe
uRun: [Akamai NetSession Interface] c:\users\dan\appdata\local\akamai\netsession_win.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{562D0E34-B694-4BC8-B31C-D82DE0C10C84} : NameServer = 205.171.2.65,205.171.3.25
TCP: Interfaces\{562D0E34-B694-4BC8-B31C-D82DE0C10C84} : DhcpNameServer = 192.168.0.1 205.171.3.25
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dan\appdata\roaming\mozilla\firefox\profiles\jw9318cg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=68925
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: network.proxy.http - 60.241.215.253
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\dan\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\dan\appdata\roaming\mozilla\plugins\np-mswmp.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: extentions.y2layers.installId - de6ba98f-f3a5-4b94-a764-f60db8bd8f12
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-8-12 64512]
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2011-7-30 51144]
R0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys [2011-3-24 20352]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-7-19 191008]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2011-8-1 73728]
S3 AsAudioDevice_349;AsAudioDevice_349;c:\windows\system32\drivers\AsAudioDevice_349.sys [2011-3-24 16640]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2011-9-17 23456]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-6-15 39272]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-22 15872]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [2011-3-23 26112]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-22 52224]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-3-24 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-3-24 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-3-24 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-3-24 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-3-24 25704]
.
=============== Created Last 30 ================
.
2011-11-17 00:53:27 -------- d-----w- c:\program files\PFConfig
2011-11-16 21:21:02 77824 ----a-w- c:\windows\system32\jg00T6Y6K.com
2011-11-15 22:00:55 77824 ----a-w- c:\windows\system32\jg00T6Y6K.com_
2011-11-13 21:12:20 -------- d-----w- c:\users\dan\appdata\local\ElevatedDiagnostics
2011-11-13 20:18:28 -------- d-----w- C:\IObit
2011-11-12 15:48:59 -------- d-----w- c:\programdata\SecTaskMan
2011-11-12 15:48:55 -------- d-----w- c:\program files\Security Task Manager
2011-11-11 22:49:16 6680 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-11-09 14:07:38 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 14:07:36 708608 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-09 14:07:36 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 00:06:17 -------- d-----w- c:\program files\PFPortChecker
2011-11-04 01:17:54 -------- d-----w- c:\users\dan\appdata\local\Akamai
2011-11-02 23:47:44 -------- d-----w- c:\users\dan\appdata\local\{F13496A8-1663-4602-BE7C-68DB44F73291}
2011-11-02 23:47:01 -------- d-----w- c:\users\dan\appdata\local\{669FC4A6-8018-4662-961B-D5DADCE67007}
2011-11-02 23:46:10 -------- d-----w- c:\users\dan\appdata\local\{0F31DC26-AC13-4435-878B-AE63E21F925D}
2011-11-02 23:45:27 -------- d-----w- c:\users\dan\appdata\local\{495B2841-A485-4D13-B1F9-62594C48B21E}
2011-11-02 23:44:31 -------- d-----w- c:\users\dan\appdata\local\{ADEDC2C3-74EB-4664-B5F8-1538A631DAF6}
2011-11-02 23:43:36 -------- d-----w- c:\users\dan\appdata\local\{C215886F-1C92-4550-B01D-035B1E086A36}
2011-10-31 23:47:46 -------- d-----w- c:\users\dan\appdata\local\LogMeIn Hamachi
2011-10-31 23:45:21 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-10-29 02:15:53 -------- d-----w- c:\program files\DeskPins
2011-10-27 21:01:51 -------- d-----w- c:\program files\PowerMenu
2011-10-26 13:00:54 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-10-23 18:34:48 -------- d-----w- c:\program files\SwiftKit
2011-10-23 00:14:14 -------- d-----w- c:\program files\RAMDisk
2011-10-23 00:05:41 -------- d-----w- c:\users\dan\appdata\roaming\IObit
2011-10-21 14:45:31 -------- d-----w- c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
.
==================== Find3M ====================
.
2011-11-03 18:06:56 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-23 03:57:41 13824 ----a-w- c:\windows\system32\slwga.dll
2011-10-23 03:57:40 811520 ----a-w- c:\windows\system32\user32.dll
2011-10-23 03:57:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2011-10-01 02:42:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-17 22:47:28 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-29 15:35:05 32 ----a-w- c:\windows\system32\rascom.dat.dll
2011-08-27 04:26:27 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-08-20 04:31:05 981504 ----a-w- c:\windows\system32\wininet.dll
.
============= FINISH: 17:47:05.54 ===============

#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:57 PM

Posted 18 November 2011 - 09:52 AM

Hi

uTorrent

Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 Ninja Chachi

Ninja Chachi
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 18 November 2011 - 05:05 PM

OK I ran Combofix and here is the log:

ComboFix 11-11-09.01 - Dan 11/18/2011 15:51:22.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.895.207 [GMT -6:00]
Running from: c:\users\Dan\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\windows\7Loader.TAG
.
.
((((((((((((((((((((((((( Files Created from 2011-10-18 to 2011-11-18 )))))))))))))))))))))))))))))))
.
.
2011-11-18 21:53 . 2011-11-18 21:53 -------- d-----w- c:\users\Dan\AppData\Local\temp
2011-11-18 14:21 . 2011-11-15 22:28 77824 ----a-w- c:\windows\system32\jg00T6Y6K.com
2011-11-17 00:53 . 2011-11-17 01:01 -------- d-----w- c:\program files\PFConfig
2011-11-13 21:12 . 2011-11-17 00:55 -------- d-----w- c:\users\Dan\AppData\Local\ElevatedDiagnostics
2011-11-13 20:18 . 2011-11-13 20:18 -------- d-----w- C:\IObit
2011-11-12 15:48 . 2011-11-12 16:14 -------- d-----w- c:\programdata\SecTaskMan
2011-11-12 15:48 . 2011-11-12 15:48 -------- d-----w- c:\program files\Security Task Manager
2011-11-11 22:49 . 2011-11-16 23:10 6680 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-11-09 14:07 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 14:07 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 14:07 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 00:06 . 2011-11-08 00:06 -------- d-----w- c:\program files\PFPortChecker
2011-11-04 01:17 . 2011-11-18 02:43 -------- d-----w- c:\users\Dan\AppData\Local\Akamai
2011-10-31 23:47 . 2011-11-12 01:38 -------- d-----w- c:\users\Dan\AppData\Local\LogMeIn Hamachi
2011-10-31 23:45 . 2011-10-31 23:45 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-10-27 21:01 . 2011-10-29 02:15 -------- d-----w- c:\program files\PowerMenu
2011-10-26 13:00 . 2011-08-13 04:18 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-23 18:34 . 2011-11-11 22:09 -------- d-----w- c:\program files\SwiftKit
2011-10-23 00:14 . 2011-10-23 00:16 -------- d-----w- c:\program files\RAMDisk
2011-10-23 00:05 . 2011-10-23 00:05 -------- d-----w- c:\users\Dan\AppData\Roaming\IObit
2011-10-21 14:45 . 2011-10-21 14:45 -------- d-----w- c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-03 18:06 . 2011-08-12 12:29 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-23 03:57 . 2011-07-22 14:11 13824 ----a-w- c:\windows\system32\slwga.dll
2011-10-23 03:57 . 2011-07-22 14:12 811520 ----a-w- c:\windows\system32\user32.dll
2011-10-23 03:57 . 2011-07-22 14:11 409088 ----a-w- c:\windows\system32\systemcpl.dll
2011-10-01 02:42 . 2011-10-12 21:52 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-21 15:49 . 2011-09-21 15:49 57344 ----a-w- c:\users\Dan\AppData\Roaming\Microsoft\Windows\Templates\nAtEy.exe
2011-09-17 22:47 . 2011-09-17 22:47 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-08-31 22:00 . 2011-08-31 13:53 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 16:11 . 2011-08-30 16:11 165232 ---ha-w- c:\users\Dan\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2011-08-27 04:26 . 2011-10-12 21:54 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26 . 2011-10-12 21:54 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-11-05 06:53 . 2011-03-24 21:36 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-10-23 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3947F4E-8894-4C04-98E0-DF182C706DDF}]
2010-12-09 16:02 86696 ----a-w- c:\program files\wbtooltb\wbtoolDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C3947F4E-8894-4C04-98E0-DF182C706DDF}"= "c:\program files\wbtooltb\wbtoolDx.dll" [2010-12-09 86696]
.
[HKEY_CLASSES_ROOT\clsid\{c3947f4e-8894-4c04-98e0-df182c706ddf}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]
"Akamai NetSession Interface"="c:\users\Dan\AppData\Local\Akamai\netsession_win.exe" [2011-11-17 3303000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 104408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,c:\program files\Soluto\soluto.exe /userinit,"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MemTurbo.lnk]
backup=c:\windows\pss\MemTurbo.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerMenu.lnk]
path=c:\users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerMenu.lnk
backup=c:\windows\pss\PowerMenu.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverScanner
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyPC
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTBFirstRun]
2007-02-12 17:56 20480 ----a-w- c:\program files\Hewlett-Packard\SDP\HPRun.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 23:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-08-15 21:18 1955208 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SnapfishMediaDetector]
2007-03-02 21:55 1441792 ----a-w- c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-10 01:18 1242448 ----a-w- c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 17:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-02-21 73728]
R3 AsAudioDevice_349;AsAudioDevice_349;c:\windows\system32\drivers\AsAudioDevice_349.sys [2009-01-07 16640]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2011-09-17 23456]
R3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 1361288]
R3 RAMDiskVE;RAMDiskVE;c:\windows\system32\Drivers\RAMDiskVE.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 REJSQCZJNAYX;REJSQCZJNAYX;c:\users\Dan\AppData\Local\Temp\REJSQCZJNAYX.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-03-23 26112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-22 1343400]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-12-24 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-12-24 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-12-24 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-12-24 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-12-24 25704]
R3 XWNBIEIV;XWNBIEIV;c:\users\Dan\AppData\Local\Temp\XWNBIEIV.exe [x]
R4 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2011-06-30 3029208]
R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 583640]
R4 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-11-03 64512]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2011-07-21 51144]
S0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys [2011-03-23 20352]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2011-07-21 392224]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-11-03 15232]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-07-19 191008]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 18:06]
.
2011-11-18 c:\windows\Tasks\At1.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-18 c:\windows\Tasks\At10.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-18 c:\windows\Tasks\At11.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-18 c:\windows\Tasks\At12.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-18 c:\windows\Tasks\At13.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-18 c:\windows\Tasks\At14.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-18 c:\windows\Tasks\At15.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-18 c:\windows\Tasks\At16.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-18 c:\windows\Tasks\At17.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-18 c:\windows\Tasks\At18.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-18 c:\windows\Tasks\At19.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-18 c:\windows\Tasks\At2.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-18 c:\windows\Tasks\At20.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-18 c:\windows\Tasks\At21.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-18 c:\windows\Tasks\At22.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-18 c:\windows\Tasks\At23.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-18 c:\windows\Tasks\At24.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-18 c:\windows\Tasks\At25.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-18 c:\windows\Tasks\At26.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-18 c:\windows\Tasks\At27.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-18 c:\windows\Tasks\At28.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-18 c:\windows\Tasks\At29.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-18 c:\windows\Tasks\At3.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-18 c:\windows\Tasks\At30.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-18 c:\windows\Tasks\At31.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-18 c:\windows\Tasks\At32.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-17 c:\windows\Tasks\At33.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-17 c:\windows\Tasks\At34.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-17 c:\windows\Tasks\At35.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-17 c:\windows\Tasks\At36.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-18 c:\windows\Tasks\At37.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-18 c:\windows\Tasks\At38.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-18 c:\windows\Tasks\At39.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-18 c:\windows\Tasks\At4.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-18 c:\windows\Tasks\At40.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-18 c:\windows\Tasks\At41.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-18 c:\windows\Tasks\At42.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-18 c:\windows\Tasks\At43.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-18 c:\windows\Tasks\At44.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-18 c:\windows\Tasks\At45.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-18 c:\windows\Tasks\At46.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-18 c:\windows\Tasks\At47.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-18 c:\windows\Tasks\At48.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-18 c:\windows\Tasks\At5.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-18 c:\windows\Tasks\At6.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-18 c:\windows\Tasks\At7.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-18 c:\windows\Tasks\At8.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-18 c:\windows\Tasks\At9.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-750965259-663651651-550072149-1000Core.job
- c:\users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-14 18:49]
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-750965259-663651651-550072149-1000UA.job
- c:\users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-14 18:49]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 203.122.223.237:80
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{562D0E34-B694-4BC8-B31C-D82DE0C10C84}: NameServer = 205.171.2.65,205.171.3.25
FF - ProfilePath - c:\users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\jw9318cg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=68925
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: network.proxy.http - 60.241.215.253
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: extentions.y2layers.installId - de6ba98f-f3a5-4b94-a764-f60db8bd8f12
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\progra~2\TARMAI~1\{889DF~1\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_d768ebc.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-750965259-663651651-550072149-1000_Classes\CLSID\{0f1617a9-cb5f-4322-8f7a-2fed5c4b684c}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-750965259-663651651-550072149-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):34,fd,f1,fb,c7,dc,29,c7,1f,a5,40,9b,92,ec,2b,06,08,58,8f,d3,02,
61,fe,f9,b9,11,87,b9,13,d7,98,f4,71,48,72,e5,c5,e6,e0,df,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(664)
c:\windows\system32\mswsock.dll
mswsock.dll 74b00000 245760 \\.\globalroot\systemroot\system32\mswsock.dll
.
Completion time: 2011-11-18 15:58:59
ComboFix-quarantined-files.txt 2011-11-18 21:58
.
Pre-Run: 117,427,453,952 bytes free
Post-Run: 118,859,575,296 bytes free
.
- - End Of File - - 5DF9B880215A211B1F78A0B804CAC334
And now the updated DDS LOG

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Dan at 16:00:23 on 2011-11-18
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.895.163 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Soluto\soluto.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\jg00T6Y6K.com
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\JG00T6~1.COM
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 203.122.223.237:80
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Webblog: {c3947f4e-8894-4c04-98e0-df182c706ddf} - c:\program files\wbtooltb\wbtoolDx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Webblog: {c3947f4e-8894-4c04-98e0-df182c706ddf} - c:\program files\wbtooltb\wbtoolDx.dll
TB: {00000000-0000-0000-0000-000000000000} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe
uRun: [Akamai NetSession Interface] c:\users\dan\appdata\local\akamai\netsession_win.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{562D0E34-B694-4BC8-B31C-D82DE0C10C84} : NameServer = 205.171.2.65,205.171.3.25
TCP: Interfaces\{562D0E34-B694-4BC8-B31C-D82DE0C10C84} : DhcpNameServer = 192.168.0.1 205.171.3.25
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dan\appdata\roaming\mozilla\firefox\profiles\jw9318cg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=68925
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: network.proxy.http - 60.241.215.253
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: extentions.y2layers.installId - de6ba98f-f3a5-4b94-a764-f60db8bd8f12
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-8-12 64512]
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2011-7-30 51144]
R0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys [2011-3-24 20352]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-10-22 328536]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-8-26 2255464]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2011-7-21 392224]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-7-19 191008]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S2 AODService;AODService;c:\program files\amd\overdrive\aodassist.exe --> c:\program files\amd\overdrive\AODAssist.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2011-8-1 73728]
S3 AsAudioDevice_349;AsAudioDevice_349;c:\windows\system32\drivers\AsAudioDevice_349.sys [2011-3-24 16640]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2011-9-17 23456]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-6-15 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-8-15 1361288]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-22 15872]
S3 REJSQCZJNAYX;REJSQCZJNAYX;c:\users\dan\appdata\local\temp\rejsqczjnayx.exe --> c:\users\dan\appdata\local\temp\REJSQCZJNAYX.exe [?]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [2011-3-23 26112]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-22 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-7-22 1343400]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; [x]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-3-24 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-3-24 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-3-24 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-3-24 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-3-24 25704]
S3 XWNBIEIV;XWNBIEIV;c:\users\dan\appdata\local\temp\xwnbieiv.exe --> c:\users\dan\appdata\local\temp\XWNBIEIV.exe [?]
S4 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2011-8-1 3029208]
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-10-23 583640]
S4 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-8-20 2337144]
.
=============== Created Last 30 ================
.
2011-11-18 21:59:37 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-18 21:59:06 -------- d-----w- c:\users\dan\appdata\local\temp
2011-11-18 21:47:38 98816 ----a-w- c:\windows\sed.exe
2011-11-18 21:47:38 518144 ----a-w- c:\windows\SWREG.exe
2011-11-18 21:47:38 256000 ----a-w- c:\windows\PEV.exe
2011-11-18 21:47:38 208896 ----a-w- c:\windows\MBR.exe
2011-11-18 14:21:26 77824 ----a-w- c:\windows\system32\jg00T6Y6K.com
2011-11-17 00:53:27 -------- d-----w- c:\program files\PFConfig
2011-11-15 22:00:55 77824 ----a-w- c:\windows\system32\jg00T6Y6K.com_
2011-11-13 21:12:20 -------- d-----w- c:\users\dan\appdata\local\ElevatedDiagnostics
2011-11-13 20:18:28 -------- d-----w- C:\IObit
2011-11-12 15:48:59 -------- d-----w- c:\programdata\SecTaskMan
2011-11-12 15:48:55 -------- d-----w- c:\program files\Security Task Manager
2011-11-11 22:49:16 6680 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-11-09 14:07:38 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 14:07:36 708608 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-09 14:07:36 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 00:06:17 -------- d-----w- c:\program files\PFPortChecker
2011-11-04 01:17:54 -------- d-----w- c:\users\dan\appdata\local\Akamai
2011-11-02 23:47:44 -------- d-----w- c:\users\dan\appdata\local\{F13496A8-1663-4602-BE7C-68DB44F73291}
2011-11-02 23:47:01 -------- d-----w- c:\users\dan\appdata\local\{669FC4A6-8018-4662-961B-D5DADCE67007}
2011-11-02 23:46:10 -------- d-----w- c:\users\dan\appdata\local\{0F31DC26-AC13-4435-878B-AE63E21F925D}
2011-11-02 23:45:27 -------- d-----w- c:\users\dan\appdata\local\{495B2841-A485-4D13-B1F9-62594C48B21E}
2011-11-02 23:44:31 -------- d-----w- c:\users\dan\appdata\local\{ADEDC2C3-74EB-4664-B5F8-1538A631DAF6}
2011-11-02 23:43:36 -------- d-----w- c:\users\dan\appdata\local\{C215886F-1C92-4550-B01D-035B1E086A36}
2011-10-31 23:47:46 -------- d-----w- c:\users\dan\appdata\local\LogMeIn Hamachi
2011-10-31 23:45:21 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-10-27 21:01:51 -------- d-----w- c:\program files\PowerMenu
2011-10-26 13:00:54 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-10-23 18:34:48 -------- d-----w- c:\program files\SwiftKit
2011-10-23 00:14:14 -------- d-----w- c:\program files\RAMDisk
2011-10-23 00:05:41 -------- d-----w- c:\users\dan\appdata\roaming\IObit
2011-10-21 14:45:31 -------- d-----w- c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
.
==================== Find3M ====================
.
2011-11-03 18:06:56 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-23 03:57:41 13824 ----a-w- c:\windows\system32\slwga.dll
2011-10-23 03:57:40 811520 ----a-w- c:\windows\system32\user32.dll
2011-10-23 03:57:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2011-10-01 02:42:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-17 22:47:28 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-29 15:35:05 32 ----a-w- c:\windows\system32\rascom.dat.dll
2011-08-27 04:26:27 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- c:\windows\system32\oleacc.dll
.
============= FINISH: 16:01:11.83 ===============

#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:57 PM

Posted 19 November 2011 - 07:14 AM

Hi,

Please run ComboFix again and let it update itself. Version you ran was outdated.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 Ninja Chachi

Ninja Chachi
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 19 November 2011 - 09:37 AM

When I try to run ComboFix it first gives me the message: "Interference Detected. Please run Rootkit Scan" while it was extracting the files. Then that closes amd says "ComboFix is outdated would you like to perform a REDUCED FUNCTIONALITY scan?" What should I do?

#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:57 PM

Posted 19 November 2011 - 09:39 AM

Hi,

Download a fresh copy from the link I gave you earlier.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 Ninja Chachi

Ninja Chachi
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 19 November 2011 - 10:40 AM

Ok Thanks I ran the updated scan and it gave me a couple error messages.
Here are the ones I noticed:
You are infected with somthing/TCP (didn't have tine to write it down)
I also think it said that I need to run a Rootkit Scan
And the final error message was that a bunch of Temp Internet Files are corrupt and I needed to run the ChkDsk Scan

Anyways, Here is the updated ComboFix Log:


ComboFix 11-11-19.03 - Dan 11/19/2011 9:01.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.895.221 [GMT -6:00]
Running from: c:\users\Dan\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\rcERPP6o.exe
c:\windows\$NtUninstallKB55177$\1729605790\@
c:\windows\$NtUninstallKB55177$\1729605790\bckfg.tmp
c:\windows\$NtUninstallKB55177$\1729605790\cfg.ini
c:\windows\$NtUninstallKB55177$\1729605790\Desktop.ini
c:\windows\$NtUninstallKB55177$\1729605790\keywords
c:\windows\$NtUninstallKB55177$\1729605790\kwrd.dll
c:\windows\$NtUninstallKB55177$\1729605790\L\ljjaazgb
c:\windows\$NtUninstallKB55177$\1729605790\lsflt7.ver
c:\windows\$NtUninstallKB55177$\1729605790\U\00000001.@
c:\windows\$NtUninstallKB55177$\1729605790\U\00000002.@
c:\windows\$NtUninstallKB55177$\1729605790\U\00000004.@
c:\windows\$NtUninstallKB55177$\1729605790\U\80000000.@
c:\windows\$NtUninstallKB55177$\1729605790\U\80000004.@
c:\windows\$NtUninstallKB55177$\1729605790\U\80000032.@
c:\windows\$NtUninstallKB55177$\849914261
c:\windows\system32\rascom.dat.dll
c:\windows\system32\spsys.log
c:\windows\$NtUninstallKB55177$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))
.
.
2011-11-19 15:20 . 2011-11-19 15:23 -------- d-----w- c:\users\Dan\AppData\Local\temp
2011-11-19 15:20 . 2011-11-19 15:20 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-11-19 15:20 . 2011-11-19 15:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-19 15:20 . 2011-11-19 15:20 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-11-18 14:21 . 2011-11-15 22:28 77824 ----a-w- c:\windows\system32\jg00T6Y6K.com
2011-11-17 00:53 . 2011-11-17 01:01 -------- d-----w- c:\program files\PFConfig
2011-11-13 20:18 . 2011-11-13 20:18 -------- d-----w- C:\IObit
2011-11-12 15:48 . 2011-11-12 16:14 -------- d-----w- c:\programdata\SecTaskMan
2011-11-12 15:48 . 2011-11-12 15:48 -------- d-----w- c:\program files\Security Task Manager
2011-11-11 22:49 . 2011-11-16 23:10 6680 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-11-09 14:07 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 14:07 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 14:07 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 00:06 . 2011-11-08 00:06 -------- d-----w- c:\program files\PFPortChecker
2011-11-04 01:17 . 2011-11-18 02:43 -------- d-----w- c:\users\Dan\AppData\Local\Akamai
2011-10-31 23:47 . 2011-11-12 01:38 -------- d-----w- c:\users\Dan\AppData\Local\LogMeIn Hamachi
2011-10-31 23:45 . 2011-10-31 23:45 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-10-27 21:01 . 2011-10-29 02:15 -------- d-----w- c:\program files\PowerMenu
2011-10-26 13:00 . 2011-08-13 04:18 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-23 18:34 . 2011-11-11 22:09 -------- d-----w- c:\program files\SwiftKit
2011-10-23 00:14 . 2011-10-23 00:16 -------- d-----w- c:\program files\RAMDisk
2011-10-23 00:05 . 2011-10-23 00:05 -------- d-----w- c:\users\Dan\AppData\Roaming\IObit
2011-10-21 14:45 . 2011-10-21 14:45 -------- d-----w- c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-03 18:06 . 2011-08-12 12:29 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-23 03:57 . 2011-07-22 14:11 13824 ----a-w- c:\windows\system32\slwga.dll
2011-10-23 03:57 . 2011-07-22 14:12 811520 ----a-w- c:\windows\system32\user32.dll
2011-10-23 03:57 . 2011-07-22 14:11 409088 ----a-w- c:\windows\system32\systemcpl.dll
2011-10-01 02:42 . 2011-10-12 21:52 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-21 15:49 . 2011-09-21 15:49 57344 ----a-w- c:\users\Dan\AppData\Roaming\Microsoft\Windows\Templates\nAtEy.exe
2011-09-17 22:47 . 2011-09-17 22:47 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-08-31 22:00 . 2011-08-31 13:53 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 16:11 . 2011-08-30 16:11 165232 ---ha-w- c:\users\Dan\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2011-08-27 04:26 . 2011-10-12 21:54 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26 . 2011-10-12 21:54 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-11-05 06:53 . 2011-03-24 21:36 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3947F4E-8894-4C04-98E0-DF182C706DDF}]
2010-12-09 16:02 86696 ----a-w- c:\program files\wbtooltb\wbtoolDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C3947F4E-8894-4C04-98E0-DF182C706DDF}"= "c:\program files\wbtooltb\wbtoolDx.dll" [2010-12-09 86696]
.
[HKEY_CLASSES_ROOT\clsid\{c3947f4e-8894-4c04-98e0-df182c706ddf}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]
"Akamai NetSession Interface"="c:\users\Dan\AppData\Local\Akamai\netsession_win.exe" [2011-11-17 3303000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 104408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MemTurbo.lnk]
backup=c:\windows\pss\MemTurbo.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerMenu.lnk]
path=c:\users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerMenu.lnk
backup=c:\windows\pss\PowerMenu.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTBFirstRun]
2007-02-12 17:56 20480 ----a-w- c:\program files\Hewlett-Packard\SDP\HPRun.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 23:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-08-15 21:18 1955208 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SnapfishMediaDetector]
2007-03-02 21:55 1441792 ----a-w- c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-10 01:18 1242448 ----a-w- c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 17:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-02-21 73728]
R3 AsAudioDevice_349;AsAudioDevice_349;c:\windows\system32\drivers\AsAudioDevice_349.sys [2009-01-07 16640]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2011-09-17 23456]
R3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 1361288]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-11-03 15232]
R3 RAMDiskVE;RAMDiskVE;c:\windows\system32\Drivers\RAMDiskVE.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 REJSQCZJNAYX;REJSQCZJNAYX;c:\users\Dan\AppData\Local\Temp\REJSQCZJNAYX.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-03-23 26112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-22 1343400]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-12-24 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-12-24 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-12-24 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-12-24 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-12-24 25704]
R3 XWNBIEIV;XWNBIEIV;c:\users\Dan\AppData\Local\Temp\XWNBIEIV.exe [x]
R4 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2011-06-30 3029208]
R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 583640]
R4 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-11-03 64512]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2011-07-21 51144]
S0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys [2011-03-23 20352]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2011-07-21 392224]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-07-19 191008]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 18:06]
.
2011-11-19 c:\windows\Tasks\At1.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-19 c:\windows\Tasks\At10.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-19 c:\windows\Tasks\At11.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-19 c:\windows\Tasks\At12.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-19 c:\windows\Tasks\At14.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-19 c:\windows\Tasks\At15.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-19 c:\windows\Tasks\At16.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-19 c:\windows\Tasks\At17.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-19 c:\windows\Tasks\At18.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-19 c:\windows\Tasks\At19.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-19 c:\windows\Tasks\At2.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-19 c:\windows\Tasks\At20.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-18 c:\windows\Tasks\At21.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-18 c:\windows\Tasks\At22.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-18 c:\windows\Tasks\At23.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-18 c:\windows\Tasks\At24.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-18 c:\windows\Tasks\At25.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-18 c:\windows\Tasks\At26.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-18 c:\windows\Tasks\At27.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-18 c:\windows\Tasks\At28.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-18 c:\windows\Tasks\At29.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-19 c:\windows\Tasks\At3.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-18 c:\windows\Tasks\At30.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-18 c:\windows\Tasks\At31.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-18 c:\windows\Tasks\At32.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-18 c:\windows\Tasks\At33.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-18 c:\windows\Tasks\At34.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-17 c:\windows\Tasks\At35.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-17 c:\windows\Tasks\At36.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-19 c:\windows\Tasks\At37.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-19 c:\windows\Tasks\At38.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-19 c:\windows\Tasks\At39.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-19 c:\windows\Tasks\At4.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-19 c:\windows\Tasks\At40.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-19 c:\windows\Tasks\At41.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-19 c:\windows\Tasks\At42.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-19 c:\windows\Tasks\At43.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-19 c:\windows\Tasks\At44.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-19 c:\windows\Tasks\At45.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-19 c:\windows\Tasks\At46.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-19 c:\windows\Tasks\At47.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-19 c:\windows\Tasks\At48.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-19 c:\windows\Tasks\At5.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-19 c:\windows\Tasks\At6.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-19 c:\windows\Tasks\At7.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-19 c:\windows\Tasks\At8.job
- c:\windows\system32\jg00T6Y6K.com_ [2011-11-15 22:28]
.
2011-11-19 c:\windows\Tasks\At9.job
- c:\windows\system32\jg00T6Y6K.com [2011-11-18 22:28]
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-750965259-663651651-550072149-1000Core.job
- c:\users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-14 18:49]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-750965259-663651651-550072149-1000UA.job
- c:\users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-14 18:49]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 203.122.223.237:80
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{562D0E34-B694-4BC8-B31C-D82DE0C10C84}: NameServer = 205.171.2.65,205.171.3.25
FF - ProfilePath - c:\users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\jw9318cg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=68925
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: network.proxy.http - 60.241.215.253
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: extentions.y2layers.installId - de6ba98f-f3a5-4b94-a764-f60db8bd8f12
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: ui.submenuDelay - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_d768ebc.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-750965259-663651651-550072149-1000_Classes\CLSID\{0f1617a9-cb5f-4322-8f7a-2fed5c4b684c}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-750965259-663651651-550072149-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):34,fd,f1,fb,c7,dc,29,c7,1f,a5,40,9b,92,ec,2b,06,08,58,8f,d3,02,
61,fe,f9,b9,11,87,b9,13,d7,98,f4,71,48,72,e5,c5,e6,e0,df,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1376)
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\taskhost.exe
c:\program files\IObit\Advanced SystemCare 4\AutoSweep.exe
c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\AUDIODG.EXE
.
**************************************************************************
.
Completion time: 2011-11-19 09:34:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-19 15:34
ComboFix2.txt 2011-11-18 21:59
.
Pre-Run: 119,110,008,832 bytes free
Post-Run: 119,047,344,128 bytes free
.
- - End Of File - - 3E1046BFC0A593EDD744424C359DA3DD

#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:57 PM

Posted 19 November 2011 - 02:45 PM

Hi,

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select skip and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 Ninja Chachi

Ninja Chachi
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 19 November 2011 - 03:44 PM

Here you go:

14:42:20.0976 1596 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
14:42:22.0053 1596 ============================================================
14:42:22.0053 1596 Current date / time: 2011/11/19 14:42:22.0053
14:42:22.0053 1596 SystemInfo:
14:42:22.0053 1596
14:42:22.0053 1596 OS Version: 6.1.7601 ServicePack: 1.0
14:42:22.0053 1596 Product type: Workstation
14:42:22.0053 1596 ComputerName: DAN-PC
14:42:22.0053 1596 UserName: Dan
14:42:22.0053 1596 Windows directory: C:\Windows
14:42:22.0053 1596 System windows directory: C:\Windows
14:42:22.0053 1596 Processor architecture: Intel x86
14:42:22.0053 1596 Number of processors: 2
14:42:22.0053 1596 Page size: 0x1000
14:42:22.0053 1596 Boot type: Normal boot
14:42:22.0053 1596 ============================================================
14:42:23.0176 1596 Initialize success
14:42:25.0157 4016 ============================================================
14:42:25.0157 4016 Scan started
14:42:25.0157 4016 Mode: Manual;
14:42:25.0157 4016 ============================================================
14:42:27.0560 4016 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
14:42:27.0560 4016 1394ohci - ok
14:42:27.0653 4016 a2acc (71574a98093d94bdbb3cb74e272d29a5) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
14:42:27.0653 4016 a2acc - ok
14:42:27.0731 4016 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
14:42:27.0731 4016 ACPI - ok
14:42:27.0794 4016 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
14:42:27.0794 4016 AcpiPmi - ok
14:42:27.0918 4016 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
14:42:27.0934 4016 adp94xx - ok
14:42:27.0981 4016 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
14:42:27.0981 4016 adpahci - ok
14:42:28.0028 4016 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
14:42:28.0043 4016 adpu320 - ok
14:42:28.0184 4016 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
14:42:28.0199 4016 AFD - ok
14:42:28.0230 4016 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
14:42:28.0230 4016 agp440 - ok
14:42:28.0293 4016 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
14:42:28.0293 4016 aic78xx - ok
14:42:28.0340 4016 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
14:42:28.0340 4016 aliide - ok
14:42:28.0371 4016 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
14:42:28.0371 4016 amdagp - ok
14:42:28.0449 4016 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
14:42:28.0449 4016 amdide - ok
14:42:28.0496 4016 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
14:42:28.0496 4016 AmdK8 - ok
14:42:28.0527 4016 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
14:42:28.0527 4016 AmdPPM - ok
14:42:28.0589 4016 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
14:42:28.0589 4016 amdsata - ok
14:42:28.0636 4016 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
14:42:28.0636 4016 amdsbs - ok
14:42:28.0667 4016 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
14:42:28.0667 4016 amdxata - ok
14:42:28.0745 4016 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
14:42:28.0745 4016 AppID - ok
14:42:28.0870 4016 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
14:42:28.0870 4016 arc - ok
14:42:28.0886 4016 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
14:42:28.0886 4016 arcsas - ok
14:42:28.0948 4016 AsAudioDevice_349 (b2f1c180adecce1b5653c020e7d8bb76) C:\Windows\system32\drivers\AsAudioDevice_349.sys
14:42:28.0964 4016 AsAudioDevice_349 - ok
14:42:29.0026 4016 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
14:42:29.0026 4016 AsyncMac - ok
14:42:29.0073 4016 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
14:42:29.0073 4016 atapi - ok
14:42:29.0151 4016 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
14:42:29.0166 4016 b06bdrv - ok
14:42:29.0276 4016 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
14:42:29.0291 4016 b57nd60x - ok
14:42:29.0322 4016 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
14:42:29.0322 4016 Beep - ok
14:42:29.0369 4016 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
14:42:29.0385 4016 blbdrive - ok
14:42:29.0416 4016 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
14:42:29.0416 4016 bowser - ok
14:42:29.0447 4016 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:42:29.0447 4016 BrFiltLo - ok
14:42:29.0494 4016 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:42:29.0494 4016 BrFiltUp - ok
14:42:29.0541 4016 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
14:42:29.0556 4016 Brserid - ok
14:42:29.0588 4016 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
14:42:29.0588 4016 BrSerWdm - ok
14:42:29.0619 4016 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:42:29.0619 4016 BrUsbMdm - ok
14:42:29.0650 4016 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
14:42:29.0650 4016 BrUsbSer - ok
14:42:29.0697 4016 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
14:42:29.0697 4016 BTHMODEM - ok
14:42:29.0822 4016 catchme - ok
14:42:29.0931 4016 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
14:42:29.0931 4016 cdfs - ok
14:42:29.0978 4016 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
14:42:29.0978 4016 cdrom - ok
14:42:30.0009 4016 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
14:42:30.0024 4016 circlass - ok
14:42:30.0056 4016 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
14:42:30.0056 4016 CLFS - ok
14:42:30.0134 4016 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
14:42:30.0149 4016 CmBatt - ok
14:42:30.0212 4016 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
14:42:30.0212 4016 cmdide - ok
14:42:30.0243 4016 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
14:42:30.0258 4016 CNG - ok
14:42:30.0290 4016 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
14:42:30.0290 4016 Compbatt - ok
14:42:30.0352 4016 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
14:42:30.0368 4016 CompositeBus - ok
14:42:30.0446 4016 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
14:42:30.0446 4016 crcdisk - ok
14:42:30.0508 4016 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
14:42:30.0539 4016 CSC - ok
14:42:30.0586 4016 DfsC (418915e28bffbaa2dea2d386abaa38e9) C:\Windows\system32\Drivers\dfsc.sys
14:42:30.0586 4016 DfsC ( Rootkit.Win32.ZAccess.k ) - infected
14:42:30.0586 4016 DfsC - detected Rootkit.Win32.ZAccess.k (0)
14:42:30.0602 4016 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
14:42:30.0617 4016 discache - ok
14:42:30.0664 4016 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
14:42:30.0664 4016 Disk - ok
14:42:30.0742 4016 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
14:42:30.0742 4016 drmkaud - ok
14:42:30.0804 4016 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\Windows\system32\Drivers\DrvAgent32.sys
14:42:30.0804 4016 DrvAgent32 - ok
14:42:30.0851 4016 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
14:42:30.0882 4016 DXGKrnl - ok
14:42:31.0070 4016 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
14:42:31.0163 4016 ebdrv - ok
14:42:31.0210 4016 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
14:42:31.0226 4016 elxstor - ok
14:42:31.0272 4016 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
14:42:31.0272 4016 ErrDev - ok
14:42:31.0350 4016 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
14:42:31.0350 4016 exfat - ok
14:42:31.0397 4016 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
14:42:31.0397 4016 fastfat - ok
14:42:31.0460 4016 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
14:42:31.0460 4016 fdc - ok
14:42:31.0506 4016 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
14:42:31.0506 4016 FileInfo - ok
14:42:31.0569 4016 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
14:42:31.0569 4016 Filetrace - ok
14:42:31.0616 4016 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
14:42:31.0616 4016 flpydisk - ok
14:42:31.0662 4016 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
14:42:31.0662 4016 FltMgr - ok
14:42:31.0709 4016 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
14:42:31.0725 4016 FsDepends - ok
14:42:31.0772 4016 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
14:42:31.0772 4016 fssfltr - ok
14:42:31.0803 4016 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
14:42:31.0803 4016 Fs_Rec - ok
14:42:31.0912 4016 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
14:42:31.0912 4016 fvevol - ok
14:42:31.0959 4016 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:42:31.0974 4016 gagp30kx - ok
14:42:32.0006 4016 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:42:32.0021 4016 GEARAspiWDM - ok
14:42:32.0084 4016 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
14:42:32.0084 4016 giveio - ok
14:42:32.0130 4016 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
14:42:32.0130 4016 hamachi - ok
14:42:32.0162 4016 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
14:42:32.0162 4016 hcw85cir - ok
14:42:32.0208 4016 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
14:42:32.0208 4016 HDAudBus - ok
14:42:32.0240 4016 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
14:42:32.0240 4016 HidBatt - ok
14:42:32.0271 4016 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
14:42:32.0271 4016 HidBth - ok
14:42:32.0302 4016 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
14:42:32.0302 4016 HidIr - ok
14:42:32.0349 4016 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
14:42:32.0349 4016 HidUsb - ok
14:42:32.0427 4016 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
14:42:32.0427 4016 HpSAMD - ok
14:42:32.0520 4016 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
14:42:32.0536 4016 HTTP - ok
14:42:32.0598 4016 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
14:42:32.0598 4016 hwpolicy - ok
14:42:32.0676 4016 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
14:42:32.0676 4016 i8042prt - ok
14:42:32.0723 4016 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
14:42:32.0739 4016 iaStorV - ok
14:42:32.0817 4016 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
14:42:32.0817 4016 iirsp - ok
14:42:32.0957 4016 IntcAzAudAddService (37b96b2ec34819cbc145ad5ab3afab19) C:\Windows\system32\drivers\RTKVHDA.sys
14:42:33.0066 4016 IntcAzAudAddService - ok
14:42:33.0113 4016 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
14:42:33.0113 4016 intelide - ok
14:42:33.0191 4016 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
14:42:33.0191 4016 intelppm - ok
14:42:33.0254 4016 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:42:33.0254 4016 IpFilterDriver - ok
14:42:33.0300 4016 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
14:42:33.0300 4016 IPMIDRV - ok
14:42:33.0316 4016 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
14:42:33.0316 4016 IPNAT - ok
14:42:33.0363 4016 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
14:42:33.0363 4016 IRENUM - ok
14:42:33.0378 4016 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
14:42:33.0394 4016 isapnp - ok
14:42:33.0425 4016 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
14:42:33.0441 4016 iScsiPrt - ok
14:42:33.0472 4016 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:42:33.0472 4016 kbdclass - ok
14:42:33.0519 4016 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
14:42:33.0519 4016 kbdhid - ok
14:42:33.0566 4016 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
14:42:33.0566 4016 KSecDD - ok
14:42:33.0597 4016 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
14:42:33.0597 4016 KSecPkg - ok
14:42:33.0722 4016 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
14:42:33.0722 4016 Lavasoft Kernexplorer - ok
14:42:33.0800 4016 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
14:42:33.0815 4016 Lbd - ok
14:42:33.0862 4016 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
14:42:33.0862 4016 lltdio - ok
14:42:33.0924 4016 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:42:33.0924 4016 LSI_FC - ok
14:42:33.0940 4016 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:42:33.0940 4016 LSI_SAS - ok
14:42:33.0971 4016 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:42:33.0971 4016 LSI_SAS2 - ok
14:42:34.0002 4016 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:42:34.0002 4016 LSI_SCSI - ok
14:42:34.0034 4016 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
14:42:34.0034 4016 luafv - ok
14:42:34.0065 4016 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
14:42:34.0065 4016 megasas - ok
14:42:34.0096 4016 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
14:42:34.0112 4016 MegaSR - ok
14:42:34.0143 4016 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
14:42:34.0158 4016 Modem - ok
14:42:34.0174 4016 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
14:42:34.0190 4016 monitor - ok
14:42:34.0236 4016 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
14:42:34.0236 4016 mouclass - ok
14:42:34.0268 4016 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
14:42:34.0268 4016 mouhid - ok
14:42:34.0299 4016 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
14:42:34.0314 4016 mountmgr - ok
14:42:34.0346 4016 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
14:42:34.0346 4016 mpio - ok
14:42:34.0424 4016 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
14:42:34.0439 4016 mpsdrv - ok
14:42:34.0517 4016 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
14:42:34.0517 4016 MRxDAV - ok
14:42:34.0580 4016 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:42:34.0580 4016 mrxsmb - ok
14:42:34.0611 4016 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:42:34.0626 4016 mrxsmb10 - ok
14:42:34.0658 4016 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:42:34.0658 4016 mrxsmb20 - ok
14:42:34.0673 4016 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
14:42:34.0673 4016 msahci - ok
14:42:34.0704 4016 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
14:42:34.0704 4016 msdsm - ok
14:42:34.0736 4016 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
14:42:34.0751 4016 Msfs - ok
14:42:34.0767 4016 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
14:42:34.0767 4016 mshidkmdf - ok
14:42:34.0798 4016 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
14:42:34.0798 4016 msisadrv - ok
14:42:34.0860 4016 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
14:42:34.0860 4016 MSKSSRV - ok
14:42:34.0876 4016 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
14:42:34.0876 4016 MSPCLOCK - ok
14:42:34.0876 4016 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
14:42:34.0876 4016 MSPQM - ok
14:42:34.0923 4016 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
14:42:34.0923 4016 MsRPC - ok
14:42:34.0954 4016 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
14:42:34.0954 4016 mssmbios - ok
14:42:34.0970 4016 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
14:42:34.0970 4016 MSTEE - ok
14:42:34.0985 4016 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
14:42:34.0985 4016 MTConfig - ok
14:42:35.0016 4016 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
14:42:35.0016 4016 Mup - ok
14:42:35.0110 4016 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
14:42:35.0126 4016 NativeWifiP - ok
14:42:35.0188 4016 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
14:42:35.0219 4016 NDIS - ok
14:42:35.0250 4016 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
14:42:35.0250 4016 NdisCap - ok
14:42:35.0282 4016 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
14:42:35.0282 4016 NdisTapi - ok
14:42:35.0313 4016 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
14:42:35.0313 4016 Ndisuio - ok
14:42:35.0344 4016 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
14:42:35.0344 4016 NdisWan - ok
14:42:35.0406 4016 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
14:42:35.0406 4016 NDProxy - ok
14:42:35.0453 4016 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
14:42:35.0453 4016 NetBIOS - ok
14:42:35.0484 4016 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
14:42:35.0484 4016 NetBT - ok
14:42:35.0562 4016 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
14:42:35.0578 4016 nfrd960 - ok
14:42:35.0640 4016 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
14:42:35.0640 4016 Npfs - ok
14:42:35.0656 4016 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
14:42:35.0672 4016 nsiproxy - ok
14:42:35.0734 4016 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
14:42:35.0765 4016 Ntfs - ok
14:42:35.0796 4016 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
14:42:35.0796 4016 Null - ok
14:42:35.0859 4016 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
14:42:35.0890 4016 NVENETFD - ok
14:42:36.0186 4016 nvlddmkm (4152708c0c24e30dae7fa87d5afe1d7b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:42:36.0420 4016 nvlddmkm - ok
14:42:36.0452 4016 NVNET (5bf9c11586f4764446407f509f1beca8) C:\Windows\system32\DRIVERS\nvmf6232.sys
14:42:36.0452 4016 NVNET - ok
14:42:36.0498 4016 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
14:42:36.0498 4016 nvraid - ok
14:42:36.0592 4016 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
14:42:36.0592 4016 nvstor - ok
14:42:36.0623 4016 nvstor32 (63b7838e9c272baaa7b33a0ca4ebb748) C:\Windows\system32\DRIVERS\nvstor32.sys
14:42:36.0623 4016 nvstor32 - ok
14:42:36.0701 4016 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
14:42:36.0701 4016 nv_agp - ok
14:42:36.0732 4016 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
14:42:36.0732 4016 ohci1394 - ok
14:42:36.0795 4016 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
14:42:36.0795 4016 Parport - ok
14:42:36.0826 4016 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
14:42:36.0826 4016 partmgr - ok
14:42:36.0857 4016 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
14:42:36.0857 4016 Parvdm - ok
14:42:36.0904 4016 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
14:42:36.0904 4016 pci - ok
14:42:36.0920 4016 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
14:42:36.0920 4016 pciide - ok
14:42:36.0935 4016 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
14:42:36.0951 4016 pcmcia - ok
14:42:36.0998 4016 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
14:42:36.0998 4016 pcw - ok
14:42:37.0029 4016 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
14:42:37.0044 4016 PEAUTH - ok
14:42:37.0138 4016 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
14:42:37.0138 4016 PptpMiniport - ok
14:42:37.0154 4016 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
14:42:37.0154 4016 Processor - ok
14:42:37.0263 4016 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
14:42:37.0263 4016 Ps2 - ok
14:42:37.0310 4016 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
14:42:37.0310 4016 Psched - ok
14:42:37.0372 4016 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
14:42:37.0372 4016 PxHelp20 - ok
14:42:37.0466 4016 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
14:42:37.0497 4016 ql2300 - ok
14:42:37.0544 4016 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
14:42:37.0544 4016 ql40xx - ok
14:42:37.0575 4016 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
14:42:37.0590 4016 QWAVEdrv - ok
14:42:37.0606 4016 RAMDiskVE - ok
14:42:37.0637 4016 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
14:42:37.0637 4016 RasAcd - ok
14:42:37.0684 4016 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:42:37.0684 4016 RasAgileVpn - ok
14:42:37.0715 4016 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:42:37.0715 4016 Rasl2tp - ok
14:42:37.0762 4016 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
14:42:37.0762 4016 RasPppoe - ok
14:42:37.0778 4016 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
14:42:37.0778 4016 RasSstp - ok
14:42:37.0856 4016 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
14:42:37.0856 4016 rdbss - ok
14:42:37.0918 4016 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
14:42:37.0918 4016 rdpbus - ok
14:42:37.0949 4016 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:42:37.0949 4016 RDPCDD - ok
14:42:37.0996 4016 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
14:42:37.0996 4016 RDPDR - ok
14:42:38.0027 4016 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
14:42:38.0027 4016 RDPENCDD - ok
14:42:38.0058 4016 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
14:42:38.0058 4016 RDPREFMP - ok
14:42:38.0105 4016 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
14:42:38.0105 4016 RdpVideoMiniport - ok
14:42:38.0136 4016 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
14:42:38.0152 4016 RDPWD - ok
14:42:38.0183 4016 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
14:42:38.0199 4016 rdyboost - ok
14:42:38.0277 4016 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
14:42:38.0277 4016 rspndr - ok
14:42:38.0308 4016 RSUSBSTOR (a633399432491bb173bb3cf3b41b9c55) C:\Windows\system32\Drivers\RtsUStor.sys
14:42:38.0308 4016 RSUSBSTOR - ok
14:42:38.0355 4016 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
14:42:38.0355 4016 s3cap - ok
14:42:38.0417 4016 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
14:42:38.0417 4016 sbp2port - ok
14:42:38.0464 4016 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys
14:42:38.0464 4016 SCDEmu - ok
14:42:38.0511 4016 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
14:42:38.0511 4016 scfilter - ok
14:42:38.0573 4016 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:42:38.0573 4016 secdrv - ok
14:42:38.0620 4016 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
14:42:38.0620 4016 Serenum - ok
14:42:38.0651 4016 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
14:42:38.0651 4016 Serial - ok
14:42:38.0698 4016 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
14:42:38.0698 4016 sermouse - ok
14:42:38.0745 4016 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
14:42:38.0745 4016 sffdisk - ok
14:42:38.0760 4016 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
14:42:38.0776 4016 sffp_mmc - ok
14:42:38.0792 4016 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
14:42:38.0792 4016 sffp_sd - ok
14:42:38.0807 4016 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
14:42:38.0807 4016 sfloppy - ok
14:42:38.0870 4016 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
14:42:38.0870 4016 sisagp - ok
14:42:38.0901 4016 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:42:38.0916 4016 SiSRaid2 - ok
14:42:38.0932 4016 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
14:42:38.0932 4016 SiSRaid4 - ok
14:42:38.0994 4016 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
14:42:38.0994 4016 Smb - ok
14:42:39.0088 4016 Soluto (ff35c2d01ac36b446a1b997f305f0fc2) C:\Windows\system32\DRIVERS\Soluto.sys
14:42:39.0088 4016 Soluto - ok
14:42:39.0135 4016 speedfan (9f70cd5edcc4efc48ae21e04fb03be9d) C:\Windows\system32\speedfan.sys
14:42:39.0135 4016 speedfan - ok
14:42:39.0166 4016 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
14:42:39.0182 4016 spldr - ok
14:42:39.0228 4016 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
14:42:39.0244 4016 srv - ok
14:42:39.0260 4016 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
14:42:39.0275 4016 srv2 - ok
14:42:39.0322 4016 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
14:42:39.0322 4016 srvnet - ok
14:42:39.0369 4016 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
14:42:39.0384 4016 stexstor - ok
14:42:39.0447 4016 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
14:42:39.0447 4016 storflt - ok
14:42:39.0478 4016 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
14:42:39.0478 4016 storvsc - ok
14:42:39.0509 4016 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
14:42:39.0509 4016 swenum - ok
14:42:39.0525 4016 Synth3dVsc - ok
14:42:39.0556 4016 tap0901 (1e89de7a4fb7a854ebb241d0aa8996dd) C:\Windows\system32\DRIVERS\tap0901.sys
14:42:39.0572 4016 tap0901 - ok
14:42:39.0603 4016 tapoas (827c8058c284ff0013e4462efe2591a3) C:\Windows\system32\DRIVERS\tapoas.sys
14:42:39.0603 4016 tapoas - ok
14:42:39.0681 4016 tclondrv (1cdfcf0542e7eefe22ba502bfe452b12) C:\Windows\system32\DRIVERS\tclondrv.sys
14:42:39.0681 4016 tclondrv - ok
14:42:39.0743 4016 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
14:42:39.0774 4016 Tcpip - ok
14:42:39.0852 4016 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
14:42:39.0868 4016 TCPIP6 - ok
14:42:39.0899 4016 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
14:42:39.0899 4016 tcpipreg - ok
14:42:39.0946 4016 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
14:42:39.0962 4016 TDPIPE - ok
14:42:39.0977 4016 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
14:42:39.0977 4016 TDTCP - ok
14:42:40.0008 4016 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
14:42:40.0024 4016 tdx - ok
14:42:40.0040 4016 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
14:42:40.0040 4016 TermDD - ok
14:42:40.0102 4016 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:42:40.0118 4016 tssecsrv - ok
14:42:40.0149 4016 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
14:42:40.0149 4016 TsUsbFlt - ok
14:42:40.0164 4016 tsusbhub - ok
14:42:40.0211 4016 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
14:42:40.0211 4016 tunnel - ok
14:42:40.0274 4016 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
14:42:40.0289 4016 uagp35 - ok
14:42:40.0320 4016 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
14:42:40.0320 4016 udfs - ok
14:42:40.0367 4016 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
14:42:40.0383 4016 uliagpkx - ok
14:42:40.0430 4016 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
14:42:40.0430 4016 umbus - ok
14:42:40.0461 4016 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
14:42:40.0461 4016 UmPass - ok
14:42:40.0523 4016 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
14:42:40.0523 4016 USBAAPL - ok
14:42:40.0554 4016 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
14:42:40.0554 4016 usbccgp - ok
14:42:40.0586 4016 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
14:42:40.0586 4016 usbcir - ok
14:42:40.0617 4016 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
14:42:40.0617 4016 usbehci - ok
14:42:40.0648 4016 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
14:42:40.0648 4016 usbhub - ok
14:42:40.0664 4016 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
14:42:40.0664 4016 usbohci - ok
14:42:40.0695 4016 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
14:42:40.0695 4016 usbprint - ok
14:42:40.0742 4016 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
14:42:40.0742 4016 usbscan - ok
14:42:40.0757 4016 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:42:40.0773 4016 USBSTOR - ok
14:42:40.0788 4016 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
14:42:40.0788 4016 usbuhci - ok
14:42:40.0866 4016 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
14:42:40.0866 4016 vdrvroot - ok
14:42:40.0913 4016 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
14:42:40.0913 4016 vga - ok
14:42:40.0960 4016 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
14:42:40.0960 4016 VgaSave - ok
14:42:40.0991 4016 VGPU - ok
14:42:41.0022 4016 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
14:42:41.0022 4016 vhdmp - ok
14:42:41.0085 4016 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
14:42:41.0085 4016 viaagp - ok
14:42:41.0116 4016 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
14:42:41.0116 4016 ViaC7 - ok
14:42:41.0147 4016 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
14:42:41.0147 4016 viaide - ok
14:42:41.0178 4016 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
14:42:41.0194 4016 vmbus - ok
14:42:41.0225 4016 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
14:42:41.0225 4016 VMBusHID - ok
14:42:41.0256 4016 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
14:42:41.0256 4016 volmgr - ok
14:42:41.0272 4016 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
14:42:41.0288 4016 volmgrx - ok
14:42:41.0319 4016 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
14:42:41.0319 4016 volsnap - ok
14:42:41.0366 4016 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
14:42:41.0366 4016 vsmraid - ok
14:42:41.0412 4016 VSTHWBS2 (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS
14:42:41.0444 4016 VSTHWBS2 - ok
14:42:41.0490 4016 VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
14:42:41.0522 4016 VST_DPV - ok
14:42:41.0584 4016 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
14:42:41.0584 4016 vwifibus - ok
14:42:41.0631 4016 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
14:42:41.0631 4016 WacomPen - ok
14:42:41.0693 4016 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
14:42:41.0693 4016 WANARP - ok
14:42:41.0693 4016 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
14:42:41.0693 4016 Wanarpv6 - ok
14:42:41.0771 4016 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
14:42:41.0771 4016 Wd - ok
14:42:41.0818 4016 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
14:42:41.0834 4016 Wdf01000 - ok
14:42:41.0896 4016 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
14:42:41.0896 4016 WfpLwf - ok
14:42:41.0927 4016 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
14:42:41.0927 4016 WIMMount - ok
14:42:41.0974 4016 winachsf (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
14:42:42.0005 4016 winachsf - ok
14:42:42.0083 4016 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
14:42:42.0083 4016 WinUsb - ok
14:42:42.0114 4016 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
14:42:42.0114 4016 WmiAcpi - ok
14:42:42.0161 4016 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
14:42:42.0161 4016 ws2ifsl - ok
14:42:42.0192 4016 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
14:42:42.0192 4016 WsAudio_DeviceS(1) - ok
14:42:42.0255 4016 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
14:42:42.0255 4016 WsAudio_DeviceS(2) - ok
14:42:42.0286 4016 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
14:42:42.0286 4016 WsAudio_DeviceS(3) - ok
14:42:42.0317 4016 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
14:42:42.0317 4016 WsAudio_DeviceS(4) - ok
14:42:42.0333 4016 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
14:42:42.0333 4016 WsAudio_DeviceS(5) - ok
14:42:42.0395 4016 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
14:42:42.0395 4016 WudfPf - ok
14:42:42.0442 4016 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:42:42.0442 4016 WUDFRd - ok
14:42:42.0536 4016 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:42:42.0536 4016 \Device\Harddisk0\DR0 - ok
14:42:42.0536 4016 Boot (0x1200) (9ef1af7a3abf444e6ce1a4ecf4031a67) \Device\Harddisk0\DR0\Partition0
14:42:42.0551 4016 \Device\Harddisk0\DR0\Partition0 - ok
14:42:42.0582 4016 Boot (0x1200) (d5108bf643741ae46a72ba5a74a19ef2) \Device\Harddisk0\DR0\Partition1
14:42:42.0582 4016 \Device\Harddisk0\DR0\Partition1 - ok
14:42:42.0582 4016 ============================================================
14:42:42.0582 4016 Scan finished
14:42:42.0582 4016 ============================================================
14:42:42.0598 3904 Detected object count: 1
14:42:42.0598 3904 Actual detected object count: 1
14:42:55.0796 3904 DfsC ( Rootkit.Win32.ZAccess.k ) - skipped by user
14:42:55.0796 3904 DfsC ( Rootkit.Win32.ZAccess.k ) - User select action: Skip
14:43:07.0355 1092 ============================================================
14:43:07.0355 1092 Scan started
14:43:07.0355 1092 Mode: Manual;
14:43:07.0355 1092 ============================================================
14:43:07.0433 1092 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
14:43:07.0433 1092 1394ohci - ok
14:43:07.0527 1092 a2acc (71574a98093d94bdbb3cb74e272d29a5) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
14:43:07.0527 1092 a2acc - ok
14:43:07.0605 1092 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
14:43:07.0605 1092 ACPI - ok
14:43:07.0636 1092 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
14:43:07.0636 1092 AcpiPmi - ok
14:43:07.0683 1092 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
14:43:07.0683 1092 adp94xx - ok
14:43:07.0714 1092 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
14:43:07.0714 1092 adpahci - ok
14:43:07.0745 1092 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
14:43:07.0745 1092 adpu320 - ok
14:43:07.0808 1092 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
14:43:07.0823 1092 AFD - ok
14:43:07.0854 1092 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
14:43:07.0854 1092 agp440 - ok
14:43:07.0870 1092 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
14:43:07.0870 1092 aic78xx - ok
14:43:07.0917 1092 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
14:43:07.0917 1092 aliide - ok
14:43:07.0948 1092 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
14:43:07.0948 1092 amdagp - ok
14:43:07.0964 1092 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
14:43:07.0964 1092 amdide - ok
14:43:07.0995 1092 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
14:43:07.0995 1092 AmdK8 - ok
14:43:08.0010 1092 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
14:43:08.0026 1092 AmdPPM - ok
14:43:08.0057 1092 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
14:43:08.0057 1092 amdsata - ok
14:43:08.0088 1092 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
14:43:08.0088 1092 amdsbs - ok
14:43:08.0120 1092 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
14:43:08.0120 1092 amdxata - ok
14:43:08.0166 1092 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
14:43:08.0166 1092 AppID - ok
14:43:08.0260 1092 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
14:43:08.0260 1092 arc - ok
14:43:08.0276 1092 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
14:43:08.0276 1092 arcsas - ok
14:43:08.0307 1092 AsAudioDevice_349 (b2f1c180adecce1b5653c020e7d8bb76) C:\Windows\system32\drivers\AsAudioDevice_349.sys
14:43:08.0307 1092 AsAudioDevice_349 - ok
14:43:08.0354 1092 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
14:43:08.0354 1092 AsyncMac - ok
14:43:08.0400 1092 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
14:43:08.0400 1092 atapi - ok
14:43:08.0447 1092 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
14:43:08.0447 1092 b06bdrv - ok
14:43:08.0478 1092 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
14:43:08.0478 1092 b57nd60x - ok
14:43:08.0510 1092 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
14:43:08.0510 1092 Beep - ok
14:43:08.0541 1092 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
14:43:08.0541 1092 blbdrive - ok
14:43:08.0588 1092 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
14:43:08.0588 1092 bowser - ok
14:43:08.0619 1092 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:43:08.0619 1092 BrFiltLo - ok
14:43:08.0634 1092 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:43:08.0634 1092 BrFiltUp - ok
14:43:08.0666 1092 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
14:43:08.0666 1092 Brserid - ok
14:43:08.0697 1092 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
14:43:08.0697 1092 BrSerWdm - ok
14:43:08.0712 1092 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:43:08.0712 1092 BrUsbMdm - ok
14:43:08.0728 1092 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
14:43:08.0728 1092 BrUsbSer - ok
14:43:08.0744 1092 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
14:43:08.0744 1092 BTHMODEM - ok
14:43:08.0837 1092 catchme - ok
14:43:08.0900 1092 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
14:43:08.0900 1092 cdfs - ok
14:43:08.0931 1092 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
14:43:08.0931 1092 cdrom - ok
14:43:08.0993 1092 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
14:43:08.0993 1092 circlass - ok
14:43:09.0040 1092 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
14:43:09.0040 1092 CLFS - ok
14:43:09.0087 1092 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
14:43:09.0087 1092 CmBatt - ok
14:43:09.0118 1092 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
14:43:09.0118 1092 cmdide - ok
14:43:09.0149 1092 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
14:43:09.0149 1092 CNG - ok
14:43:09.0180 1092 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
14:43:09.0180 1092 Compbatt - ok
14:43:09.0212 1092 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
14:43:09.0212 1092 CompositeBus - ok
14:43:09.0243 1092 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
14:43:09.0243 1092 crcdisk - ok
14:43:09.0290 1092 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
14:43:09.0290 1092 CSC - ok
14:43:09.0352 1092 DfsC (418915e28bffbaa2dea2d386abaa38e9) C:\Windows\system32\Drivers\dfsc.sys
14:43:09.0352 1092 DfsC ( Rootkit.Win32.ZAccess.k ) - infected
14:43:09.0352 1092 DfsC - detected Rootkit.Win32.ZAccess.k (0)
14:43:09.0383 1092 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
14:43:09.0383 1092 discache - ok
14:43:09.0399 1092 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
14:43:09.0399 1092 Disk - ok
14:43:09.0446 1092 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
14:43:09.0446 1092 drmkaud - ok
14:43:09.0492 1092 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\Windows\system32\Drivers\DrvAgent32.sys
14:43:09.0492 1092 DrvAgent32 - ok
14:43:09.0524 1092 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
14:43:09.0539 1092 DXGKrnl - ok
14:43:09.0680 1092 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
14:43:09.0695 1092 ebdrv - ok
14:43:09.0758 1092 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
14:43:09.0758 1092 elxstor - ok
14:43:09.0804 1092 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
14:43:09.0804 1092 ErrDev - ok
14:43:09.0836 1092 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
14:43:09.0836 1092 exfat - ok
14:43:09.0867 1092 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
14:43:09.0867 1092 fastfat - ok
14:43:09.0898 1092 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
14:43:09.0898 1092 fdc - ok
14:43:09.0945 1092 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
14:43:09.0945 1092 FileInfo - ok
14:43:09.0960 1092 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
14:43:09.0960 1092 Filetrace - ok
14:43:09.0976 1092 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
14:43:09.0976 1092 flpydisk - ok
14:43:10.0007 1092 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
14:43:10.0023 1092 FltMgr - ok
14:43:10.0054 1092 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
14:43:10.0054 1092 FsDepends - ok
14:43:10.0070 1092 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
14:43:10.0085 1092 fssfltr - ok
14:43:10.0101 1092 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
14:43:10.0101 1092 Fs_Rec - ok
14:43:10.0132 1092 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
14:43:10.0132 1092 fvevol - ok
14:43:10.0163 1092 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:43:10.0163 1092 gagp30kx - ok
14:43:10.0210 1092 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:43:10.0210 1092 GEARAspiWDM - ok
14:43:10.0272 1092 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
14:43:10.0272 1092 giveio - ok
14:43:10.0304 1092 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
14:43:10.0304 1092 hamachi - ok
14:43:10.0350 1092 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
14:43:10.0350 1092 hcw85cir - ok
14:43:10.0397 1092 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
14:43:10.0397 1092 HDAudBus - ok
14:43:10.0428 1092 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
14:43:10.0428 1092 HidBatt - ok
14:43:10.0444 1092 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
14:43:10.0460 1092 HidBth - ok
14:43:10.0475 1092 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
14:43:10.0475 1092 HidIr - ok
14:43:10.0506 1092 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
14:43:10.0506 1092 HidUsb - ok
14:43:10.0538 1092 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
14:43:10.0538 1092 HpSAMD - ok
14:43:10.0584 1092 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
14:43:10.0584 1092 HTTP - ok
14:43:10.0616 1092 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
14:43:10.0616 1092 hwpolicy - ok
14:43:10.0647 1092 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
14:43:10.0647 1092 i8042prt - ok
14:43:10.0678 1092 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
14:43:10.0678 1092 iaStorV - ok
14:43:10.0725 1092 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
14:43:10.0725 1092 iirsp - ok
14:43:10.0834 1092 IntcAzAudAddService (37b96b2ec34819cbc145ad5ab3afab19) C:\Windows\system32\drivers\RTKVHDA.sys
14:43:10.0850 1092 IntcAzAudAddService - ok
14:43:10.0881 1092 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
14:43:10.0881 1092 intelide - ok
14:43:10.0959 1092 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
14:43:10.0974 1092 intelppm - ok
14:43:10.0990 1092 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:43:10.0990 1092 IpFilterDriver - ok
14:43:11.0021 1092 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
14:43:11.0021 1092 IPMIDRV - ok
14:43:11.0052 1092 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
14:43:11.0052 1092 IPNAT - ok
14:43:11.0099 1092 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
14:43:11.0099 1092 IRENUM - ok
14:43:11.0115 1092 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
14:43:11.0115 1092 isapnp - ok
14:43:11.0177 1092 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
14:43:11.0177 1092 iScsiPrt - ok
14:43:11.0208 1092 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:43:11.0208 1092 kbdclass - ok
14:43:11.0240 1092 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
14:43:11.0240 1092 kbdhid - ok
14:43:11.0271 1092 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
14:43:11.0271 1092 KSecDD - ok
14:43:11.0302 1092 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
14:43:11.0302 1092 KSecPkg - ok
14:43:11.0380 1092 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
14:43:11.0380 1092 Lavasoft Kernexplorer - ok
14:43:11.0427 1092 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
14:43:11.0427 1092 Lbd - ok
14:43:11.0489 1092 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
14:43:11.0505 1092 lltdio - ok
14:43:11.0536 1092 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:43:11.0536 1092 LSI_FC - ok
14:43:11.0552 1092 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:43:11.0552 1092 LSI_SAS - ok
14:43:11.0583 1092 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:43:11.0583 1092 LSI_SAS2 - ok
14:43:11.0614 1092 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:43:11.0614 1092 LSI_SCSI - ok
14:43:11.0645 1092 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
14:43:11.0645 1092 luafv - ok
14:43:11.0676 1092 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
14:43:11.0676 1092 megasas - ok
14:43:11.0708 1092 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
14:43:11.0723 1092 MegaSR - ok
14:43:11.0754 1092 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
14:43:11.0754 1092 Modem - ok
14:43:11.0770 1092 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
14:43:11.0786 1092 monitor - ok
14:43:11.0801 1092 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
14:43:11.0801 1092 mouclass - ok
14:43:11.0832 1092 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
14:43:11.0832 1092 mouhid - ok
14:43:11.0895 1092 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
14:43:11.0895 1092 mountmgr - ok
14:43:11.0926 1092 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
14:43:11.0926 1092 mpio - ok
14:43:11.0957 1092 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
14:43:11.0957 1092 mpsdrv - ok
14:43:12.0004 1092 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
14:43:12.0004 1092 MRxDAV - ok
14:43:12.0066 1092 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:43:12.0066 1092 mrxsmb - ok
14:43:12.0098 1092 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:43:12.0113 1092 mrxsmb10 - ok
14:43:12.0129 1092 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:43:12.0129 1092 mrxsmb20 - ok
14:43:12.0144 1092 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
14:43:12.0144 1092 msahci - ok
14:43:12.0176 1092 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
14:43:12.0176 1092 msdsm - ok
14:43:12.0222 1092 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
14:43:12.0222 1092 Msfs - ok
14:43:12.0238 1092 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
14:43:12.0238 1092 mshidkmdf - ok
14:43:12.0254 1092 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
14:43:12.0254 1092 msisadrv - ok
14:43:12.0285 1092 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
14:43:12.0285 1092 MSKSSRV - ok
14:43:12.0300 1092 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
14:43:12.0300 1092 MSPCLOCK - ok
14:43:12.0316 1092 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
14:43:12.0316 1092 MSPQM - ok
14:43:12.0347 1092 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
14:43:12.0347 1092 MsRPC - ok
14:43:12.0378 1092 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
14:43:12.0378 1092 mssmbios - ok
14:43:12.0394 1092 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
14:43:12.0394 1092 MSTEE - ok
14:43:12.0410 1092 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
14:43:12.0410 1092 MTConfig - ok
14:43:12.0425 1092 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
14:43:12.0441 1092 Mup - ok
14:43:12.0472 1092 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
14:43:12.0472 1092 NativeWifiP - ok
14:43:12.0503 1092 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
14:43:12.0519 1092 NDIS - ok
14:43:12.0550 1092 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
14:43:12.0550 1092 NdisCap - ok
14:43:12.0612 1092 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
14:43:12.0612 1092 NdisTapi - ok
14:43:12.0644 1092 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
14:43:12.0644 1092 Ndisuio - ok
14:43:12.0675 1092 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
14:43:12.0675 1092 NdisWan - ok
14:43:12.0722 1092 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
14:43:12.0722 1092 NDProxy - ok
14:43:12.0737 1092 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
14:43:12.0753 1092 NetBIOS - ok
14:43:12.0784 1092 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
14:43:12.0784 1092 NetBT - ok
14:43:12.0846 1092 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
14:43:12.0846 1092 nfrd960 - ok
14:43:12.0862 1092 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
14:43:12.0862 1092 Npfs - ok
14:43:12.0878 1092 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
14:43:12.0878 1092 nsiproxy - ok
14:43:12.0956 1092 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
14:43:12.0956 1092 Ntfs - ok
14:43:12.0987 1092 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
14:43:13.0002 1092 Null - ok
14:43:13.0049 1092 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
14:43:13.0065 1092 NVENETFD - ok
14:43:13.0346 1092 nvlddmkm (4152708c0c24e30dae7fa87d5afe1d7b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:43:13.0408 1092 nvlddmkm - ok
14:43:13.0486 1092 NVNET (5bf9c11586f4764446407f509f1beca8) C:\Windows\system32\DRIVERS\nvmf6232.sys
14:43:13.0486 1092 NVNET - ok
14:43:13.0517 1092 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
14:43:13.0517 1092 nvraid - ok
14:43:13.0548 1092 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
14:43:13.0548 1092 nvstor - ok
14:43:13.0595 1092 nvstor32 (63b7838e9c272baaa7b33a0ca4ebb748) C:\Windows\system32\DRIVERS\nvstor32.sys
14:43:13.0595 1092 nvstor32 - ok
14:43:13.0642 1092 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
14:43:13.0642 1092 nv_agp - ok
14:43:13.0673 1092 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
14:43:13.0673 1092 ohci1394 - ok
14:43:13.0736 1092 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
14:43:13.0736 1092 Parport - ok
14:43:13.0767 1092 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
14:43:13.0767 1092 partmgr - ok
14:43:13.0782 1092 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
14:43:13.0782 1092 Parvdm - ok
14:43:13.0829 1092 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
14:43:13.0829 1092 pci - ok
14:43:13.0845 1092 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
14:43:13.0845 1092 pciide - ok
14:43:13.0876 1092 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
14:43:13.0876 1092 pcmcia - ok
14:43:13.0907 1092 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
14:43:13.0907 1092 pcw - ok
14:43:13.0938 1092 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
14:43:13.0938 1092 PEAUTH - ok
14:43:14.0001 1092 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
14:43:14.0016 1092 PptpMiniport - ok
14:43:14.0063 1092 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
14:43:14.0063 1092 Processor - ok
14:43:14.0094 1092 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
14:43:14.0110 1092 Ps2 - ok
14:43:14.0141 1092 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
14:43:14.0141 1092 Psched - ok
14:43:14.0172 1092 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
14:43:14.0172 1092 PxHelp20 - ok
14:43:14.0235 1092 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
14:43:14.0250 1092 ql2300 - ok
14:43:14.0266 1092 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
14:43:14.0266 1092 ql40xx - ok
14:43:14.0313 1092 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
14:43:14.0313 1092 QWAVEdrv - ok
14:43:14.0328 1092 RAMDiskVE - ok
14:43:14.0360 1092 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
14:43:14.0360 1092 RasAcd - ok
14:43:14.0391 1092 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:43:14.0391 1092 RasAgileVpn - ok
14:43:14.0422 1092 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:43:14.0422 1092 Rasl2tp - ok
14:43:14.0438 1092 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
14:43:14.0438 1092 RasPppoe - ok
14:43:14.0453 1092 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
14:43:14.0469 1092 RasSstp - ok
14:43:14.0500 1092 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
14:43:14.0500 1092 rdbss - ok
14:43:14.0516 1092 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
14:43:14.0516 1092 rdpbus - ok
14:43:14.0547 1092 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:43:14.0547 1092 RDPCDD - ok
14:43:14.0625 1092 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
14:43:14.0625 1092 RDPDR - ok
14:43:14.0656 1092 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
14:43:14.0656 1092 RDPENCDD - ok
14:43:14.0672 1092 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
14:43:14.0672 1092 RDPREFMP - ok
14:43:14.0703 1092 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
14:43:14.0703 1092 RdpVideoMiniport - ok
14:43:14.0734 1092 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
14:43:14.0734 1092 RDPWD - ok
14:43:14.0781 1092 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
14:43:14.0781 1092 rdyboost - ok
14:43:14.0828 1092 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
14:43:14.0828 1092 rspndr - ok
14:43:14.0874 1092 RSUSBSTOR (a633399432491bb173bb3cf3b41b9c55) C:\Windows\system32\Drivers\RtsUStor.sys
14:43:14.0874 1092 RSUSBSTOR - ok
14:43:14.0906 1092 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
14:43:14.0906 1092 s3cap - ok
14:43:14.0937 1092 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
14:43:14.0937 1092 sbp2port - ok
14:43:14.0984 1092 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys
14:43:14.0984 1092 SCDEmu - ok
14:43:15.0015 1092 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
14:43:15.0015 1092 scfilter - ok
14:43:15.0062 1092 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:43:15.0062 1092 secdrv - ok
14:43:15.0108 1092 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
14:43:15.0108 1092 Serenum - ok
14:43:15.0140 1092 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
14:43:15.0140 1092 Serial - ok
14:43:15.0171 1092 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
14:43:15.0171 1092 sermouse - ok
14:43:15.0249 1092 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
14:43:15.0249 1092 sffdisk - ok
14:43:15.0264 1092 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
14:43:15.0280 1092 sffp_mmc - ok
14:43:15.0296 1092 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
14:43:15.0296 1092 sffp_sd - ok
14:43:15.0311 1092 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
14:43:15.0311 1092 sfloppy - ok
14:43:15.0374 1092 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
14:43:15.0374 1092 sisagp - ok
14:43:15.0389 1092 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:43:15.0389 1092 SiSRaid2 - ok
14:43:15.0405 1092 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
14:43:15.0405 1092 SiSRaid4 - ok
14:43:15.0436 1092 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
14:43:15.0436 1092 Smb - ok
14:43:15.0483 1092 Soluto (ff35c2d01ac36b446a1b997f305f0fc2) C:\Windows\system32\DRIVERS\Soluto.sys
14:43:15.0483 1092 Soluto - ok
14:43:15.0514 1092 speedfan (9f70cd5edcc4efc48ae21e04fb03be9d) C:\Windows\system32\speedfan.sys
14:43:15.0514 1092 speedfan - ok
14:43:15.0545 1092 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
14:43:15.0545 1092 spldr - ok
14:43:15.0592 1092 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
14:43:15.0592 1092 srv - ok
14:43:15.0623 1092 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
14:43:15.0623 1092 srv2 - ok
14:43:15.0639 1092 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
14:43:15.0639 1092 srvnet - ok
14:43:15.0701 1092 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
14:43:15.0701 1092 stexstor - ok
14:43:15.0748 1092 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
14:43:15.0748 1092 storflt - ok
14:43:15.0764 1092 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
14:43:15.0764 1092 storvsc - ok
14:43:15.0795 1092 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
14:43:15.0795 1092 swenum - ok
14:43:15.0810 1092 Synth3dVsc - ok
14:43:15.0857 1092 tap0901 (1e89de7a4fb7a854ebb241d0aa8996dd) C:\Windows\system32\DRIVERS\tap0901.sys
14:43:15.0857 1092 tap0901 - ok
14:43:15.0920 1092 tapoas (827c8058c284ff0013e4462efe2591a3) C:\Windows\system32\DRIVERS\tapoas.sys
14:43:15.0920 1092 tapoas - ok
14:43:15.0951 1092 tclondrv (1cdfcf0542e7eefe22ba502bfe452b12) C:\Windows\system32\DRIVERS\tclondrv.sys
14:43:15.0951 1092 tclondrv - ok
14:43:16.0013 1092 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
14:43:16.0029 1092 Tcpip - ok
14:43:16.0076 1092 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
14:43:16.0076 1092 TCPIP6 - ok
14:43:16.0122 1092 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
14:43:16.0122 1092 tcpipreg - ok
14:43:16.0169 1092 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
14:43:16.0169 1092 TDPIPE - ok
14:43:16.0185 1092 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
14:43:16.0185 1092 TDTCP - ok
14:43:16.0232 1092 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
14:43:16.0232 1092 tdx - ok
14:43:16.0247 1092 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
14:43:16.0263 1092 TermDD - ok
14:43:16.0310 1092 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:43:16.0310 1092 tssecsrv - ok
14:43:16.0341 1092 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
14:43:16.0341 1092 TsUsbFlt - ok
14:43:16.0356 1092 tsusbhub - ok
14:43:16.0388 1092 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
14:43:16.0403 1092 tunnel - ok
14:43:16.0419 1092 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
14:43:16.0419 1092 uagp35 - ok
14:43:16.0497 1092 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
14:43:16.0497 1092 udfs - ok
14:43:16.0544 1092 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
14:43:16.0544 1092 uliagpkx - ok
14:43:16.0575 1092 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
14:43:16.0575 1092 umbus - ok
14:43:16.0606 1092 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
14:43:16.0606 1092 UmPass - ok
14:43:16.0653 1092 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
14:43:16.0653 1092 USBAAPL - ok
14:43:16.0684 1092 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
14:43:16.0684 1092 usbccgp - ok
14:43:16.0731 1092 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
14:43:16.0731 1092 usbcir - ok
14:43:16.0762 1092 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
14:43:16.0762 1092 usbehci - ok
14:43:16.0793 1092 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
14:43:16.0793 1092 usbhub - ok
14:43:16.0809 1092 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
14:43:16.0809 1092 usbohci - ok
14:43:16.0824 1092 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
14:43:16.0824 1092 usbprint - ok
14:43:16.0856 1092 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
14:43:16.0856 1092 usbscan - ok
14:43:16.0887 1092 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:43:16.0887 1092 USBSTOR - ok
14:43:16.0902 1092 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
14:43:16.0918 1092 usbuhci - ok
14:43:16.0965 1092 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
14:43:16.0965 1092 vdrvroot - ok
14:43:16.0996 1092 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
14:43:16.0996 1092 vga - ok
14:43:17.0027 1092 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
14:43:17.0027 1092 VgaSave - ok
14:43:17.0074 1092 VGPU - ok
14:43:17.0105 1092 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
14:43:17.0105 1092 vhdmp - ok
14:43:17.0121 1092 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
14:43:17.0121 1092 viaagp - ok
14:43:17.0152 1092 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
14:43:17.0152 1092 ViaC7 - ok
14:43:17.0183 1092 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
14:43:17.0183 1092 viaide - ok
14:43:17.0214 1092 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
14:43:17.0214 1092 vmbus - ok
14:43:17.0246 1092 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
14:43:17.0246 1092 VMBusHID - ok
14:43:17.0277 1092 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
14:43:17.0277 1092 volmgr - ok
14:43:17.0292 1092 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
14:43:17.0308 1092 volmgrx - ok
14:43:17.0339 1092 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
14:43:17.0339 1092 volsnap - ok
14:43:17.0386 1092 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
14:43:17.0386 1092 vsmraid - ok
14:43:17.0433 1092 VSTHWBS2 (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS
14:43:17.0433 1092 VSTHWBS2 - ok
14:43:17.0480 1092 VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
14:43:17.0480 1092 VST_DPV - ok
14:43:17.0511 1092 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
14:43:17.0511 1092 vwifibus - ok
14:43:17.0542 1092 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
14:43:17.0542 1092 WacomPen - ok
14:43:17.0589 1092 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
14:43:17.0589 1092 WANARP - ok
14:43:17.0589 1092 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
14:43:17.0589 1092 Wanarpv6 - ok
14:43:17.0651 1092 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
14:43:17.0651 1092 Wd - ok
14:43:17.0698 1092 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
14:43:17.0698 1092 Wdf01000 - ok
14:43:17.0776 1092 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
14:43:17.0776 1092 WfpLwf - ok
14:43:17.0807 1092 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
14:43:17.0807 1092 WIMMount - ok
14:43:17.0854 1092 winachsf (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
14:43:17.0870 1092 winachsf - ok
14:43:17.0916 1092 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
14:43:17.0932 1092 WinUsb - ok
14:43:17.0963 1092 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
14:43:17.0963 1092 WmiAcpi - ok
14:43:18.0010 1092 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
14:43:18.0010 1092 ws2ifsl - ok
14:43:18.0041 1092 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
14:43:18.0041 1092 WsAudio_DeviceS(1) - ok
14:43:18.0041 1092 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
14:43:18.0041 1092 WsAudio_DeviceS(2) - ok
14:43:18.0088 1092 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
14:43:18.0088 1092 WsAudio_DeviceS(3) - ok
14:43:18.0135 1092 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
14:43:18.0135 1092 WsAudio_DeviceS(4) - ok
14:43:18.0150 1092 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
14:43:18.0150 1092 WsAudio_DeviceS(5) - ok
14:43:18.0197 1092 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
14:43:18.0197 1092 WudfPf - ok
14:43:18.0228 1092 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:43:18.0228 1092 WUDFRd - ok
14:43:18.0260 1092 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:43:18.0260 1092 \Device\Harddisk0\DR0 - ok
14:43:18.0275 1092 Boot (0x1200) (9ef1af7a3abf444e6ce1a4ecf4031a67) \Device\Harddisk0\DR0\Partition0
14:43:18.0275 1092 \Device\Harddisk0\DR0\Partition0 - ok
14:43:18.0306 1092 Boot (0x1200) (d5108bf643741ae46a72ba5a74a19ef2) \Device\Harddisk0\DR0\Partition1
14:43:18.0306 1092 \Device\Harddisk0\DR0\Partition1 - ok
14:43:18.0306 1092 ============================================================
14:43:18.0306 1092 Scan finished
14:43:18.0306 1092 ============================================================
14:43:18.0322 0488 Detected object count: 1
14:43:18.0322 0488 Actual detected object count: 1
14:43:21.0333 0488 DfsC ( Rootkit.Win32.ZAccess.k ) - skipped by user
14:43:21.0333 0488 DfsC ( Rootkit.Win32.ZAccess.k ) - User select action: Skip

#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:57 PM

Posted 19 November 2011 - 03:48 PM

Good. Let's run TDSSKiller again and this time use cure option. Post back the log + run ComboFix again posting its log too.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#13 Ninja Chachi

Ninja Chachi
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 19 November 2011 - 04:08 PM

Well when I tried to cure I don't think it did.

Here is the TDSSKiller Scan Results:


15:05:01.0984 3172 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
15:05:02.0733 3172 ============================================================
15:05:02.0733 3172 Current date / time: 2011/11/19 15:05:02.0733
15:05:02.0733 3172 SystemInfo:
15:05:02.0733 3172
15:05:02.0733 3172 OS Version: 6.1.7601 ServicePack: 1.0
15:05:02.0733 3172 Product type: Workstation
15:05:02.0733 3172 ComputerName: DAN-PC
15:05:02.0733 3172 UserName: Dan
15:05:02.0733 3172 Windows directory: C:\Windows
15:05:02.0733 3172 System windows directory: C:\Windows
15:05:02.0733 3172 Processor architecture: Intel x86
15:05:02.0733 3172 Number of processors: 2
15:05:02.0733 3172 Page size: 0x1000
15:05:02.0733 3172 Boot type: Normal boot
15:05:02.0733 3172 ============================================================
15:05:03.0217 3172 Initialize success
15:05:14.0756 1948 ============================================================
15:05:14.0756 1948 Scan started
15:05:14.0756 1948 Mode: Manual;
15:05:14.0756 1948 ============================================================
15:05:15.0006 1948 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
15:05:15.0006 1948 1394ohci - ok
15:05:15.0099 1948 a2acc (71574a98093d94bdbb3cb74e272d29a5) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
15:05:15.0099 1948 a2acc - ok
15:05:15.0177 1948 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
15:05:15.0177 1948 ACPI - ok
15:05:15.0318 1948 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
15:05:15.0318 1948 AcpiPmi - ok
15:05:15.0364 1948 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
15:05:15.0380 1948 adp94xx - ok
15:05:15.0458 1948 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
15:05:15.0474 1948 adpahci - ok
15:05:15.0552 1948 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
15:05:15.0552 1948 adpu320 - ok
15:05:15.0661 1948 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
15:05:15.0676 1948 AFD - ok
15:05:15.0770 1948 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
15:05:15.0770 1948 agp440 - ok
15:05:15.0832 1948 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
15:05:15.0832 1948 aic78xx - ok
15:05:15.0926 1948 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
15:05:15.0926 1948 aliide - ok
15:05:15.0988 1948 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
15:05:15.0988 1948 amdagp - ok
15:05:16.0004 1948 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
15:05:16.0004 1948 amdide - ok
15:05:16.0051 1948 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
15:05:16.0051 1948 AmdK8 - ok
15:05:16.0082 1948 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
15:05:16.0082 1948 AmdPPM - ok
15:05:16.0129 1948 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
15:05:16.0129 1948 amdsata - ok
15:05:16.0160 1948 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
15:05:16.0176 1948 amdsbs - ok
15:05:16.0222 1948 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
15:05:16.0238 1948 amdxata - ok
15:05:16.0332 1948 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
15:05:16.0332 1948 AppID - ok
15:05:16.0441 1948 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
15:05:16.0441 1948 arc - ok
15:05:16.0456 1948 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
15:05:16.0456 1948 arcsas - ok
15:05:16.0503 1948 AsAudioDevice_349 (b2f1c180adecce1b5653c020e7d8bb76) C:\Windows\system32\drivers\AsAudioDevice_349.sys
15:05:16.0503 1948 AsAudioDevice_349 - ok
15:05:16.0566 1948 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
15:05:16.0566 1948 AsyncMac - ok
15:05:16.0628 1948 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
15:05:16.0628 1948 atapi - ok
15:05:16.0690 1948 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
15:05:16.0706 1948 b06bdrv - ok
15:05:16.0784 1948 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:05:16.0784 1948 b57nd60x - ok
15:05:16.0815 1948 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
15:05:16.0815 1948 Beep - ok
15:05:16.0878 1948 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
15:05:16.0878 1948 blbdrive - ok
15:05:16.0909 1948 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
15:05:16.0909 1948 bowser - ok
15:05:16.0956 1948 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:05:16.0956 1948 BrFiltLo - ok
15:05:17.0002 1948 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:05:17.0002 1948 BrFiltUp - ok
15:05:17.0080 1948 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
15:05:17.0096 1948 Brserid - ok
15:05:17.0174 1948 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
15:05:17.0174 1948 BrSerWdm - ok
15:05:17.0221 1948 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:05:17.0221 1948 BrUsbMdm - ok
15:05:17.0268 1948 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
15:05:17.0268 1948 BrUsbSer - ok
15:05:17.0299 1948 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
15:05:17.0299 1948 BTHMODEM - ok
15:05:17.0424 1948 catchme - ok
15:05:17.0486 1948 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
15:05:17.0486 1948 cdfs - ok
15:05:17.0564 1948 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
15:05:17.0580 1948 cdrom - ok
15:05:17.0611 1948 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
15:05:17.0626 1948 circlass - ok
15:05:17.0658 1948 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
15:05:17.0658 1948 CLFS - ok
15:05:17.0720 1948 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
15:05:17.0720 1948 CmBatt - ok
15:05:17.0767 1948 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
15:05:17.0767 1948 cmdide - ok
15:05:17.0814 1948 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
15:05:17.0829 1948 CNG - ok
15:05:17.0907 1948 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
15:05:17.0907 1948 Compbatt - ok
15:05:17.0954 1948 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
15:05:17.0954 1948 CompositeBus - ok
15:05:18.0016 1948 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
15:05:18.0016 1948 crcdisk - ok
15:05:18.0079 1948 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
15:05:18.0094 1948 CSC - ok
15:05:18.0172 1948 DfsC (418915e28bffbaa2dea2d386abaa38e9) C:\Windows\system32\Drivers\dfsc.sys
15:05:18.0172 1948 DfsC ( Rootkit.Win32.ZAccess.k ) - infected
15:05:18.0172 1948 DfsC - detected Rootkit.Win32.ZAccess.k (0)
15:05:18.0204 1948 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
15:05:18.0204 1948 discache - ok
15:05:18.0250 1948 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
15:05:18.0250 1948 Disk - ok
15:05:18.0360 1948 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
15:05:18.0360 1948 drmkaud - ok
15:05:18.0438 1948 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\Windows\system32\Drivers\DrvAgent32.sys
15:05:18.0438 1948 DrvAgent32 - ok
15:05:18.0484 1948 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
15:05:18.0500 1948 DXGKrnl - ok
15:05:18.0640 1948 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
15:05:18.0734 1948 ebdrv - ok
15:05:18.0796 1948 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
15:05:18.0812 1948 elxstor - ok
15:05:18.0874 1948 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
15:05:18.0874 1948 ErrDev - ok
15:05:18.0968 1948 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
15:05:18.0968 1948 exfat - ok
15:05:18.0999 1948 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
15:05:18.0999 1948 fastfat - ok
15:05:19.0046 1948 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
15:05:19.0046 1948 fdc - ok
15:05:19.0077 1948 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
15:05:19.0077 1948 FileInfo - ok
15:05:19.0093 1948 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
15:05:19.0093 1948 Filetrace - ok
15:05:19.0124 1948 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
15:05:19.0140 1948 flpydisk - ok
15:05:19.0171 1948 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
15:05:19.0171 1948 FltMgr - ok
15:05:19.0233 1948 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
15:05:19.0233 1948 FsDepends - ok
15:05:19.0264 1948 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
15:05:19.0264 1948 fssfltr - ok
15:05:19.0311 1948 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
15:05:19.0311 1948 Fs_Rec - ok
15:05:19.0389 1948 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
15:05:19.0389 1948 fvevol - ok
15:05:19.0483 1948 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:05:19.0483 1948 gagp30kx - ok
15:05:19.0530 1948 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:05:19.0530 1948 GEARAspiWDM - ok
15:05:19.0576 1948 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
15:05:19.0576 1948 giveio - ok
15:05:19.0670 1948 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
15:05:19.0670 1948 hamachi - ok
15:05:19.0717 1948 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
15:05:19.0717 1948 hcw85cir - ok
15:05:19.0779 1948 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
15:05:19.0779 1948 HDAudBus - ok
15:05:19.0842 1948 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
15:05:19.0842 1948 HidBatt - ok
15:05:19.0873 1948 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
15:05:19.0873 1948 HidBth - ok
15:05:19.0920 1948 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
15:05:19.0920 1948 HidIr - ok
15:05:19.0966 1948 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
15:05:19.0966 1948 HidUsb - ok
15:05:20.0044 1948 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
15:05:20.0044 1948 HpSAMD - ok
15:05:20.0107 1948 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
15:05:20.0122 1948 HTTP - ok
15:05:20.0216 1948 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
15:05:20.0216 1948 hwpolicy - ok
15:05:20.0294 1948 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
15:05:20.0310 1948 i8042prt - ok
15:05:20.0372 1948 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
15:05:20.0388 1948 iaStorV - ok
15:05:20.0434 1948 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
15:05:20.0434 1948 iirsp - ok
15:05:20.0559 1948 IntcAzAudAddService (37b96b2ec34819cbc145ad5ab3afab19) C:\Windows\system32\drivers\RTKVHDA.sys
15:05:20.0637 1948 IntcAzAudAddService - ok
15:05:20.0668 1948 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
15:05:20.0684 1948 intelide - ok
15:05:20.0746 1948 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
15:05:20.0746 1948 intelppm - ok
15:05:20.0793 1948 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:05:20.0793 1948 IpFilterDriver - ok
15:05:20.0887 1948 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
15:05:20.0887 1948 IPMIDRV - ok
15:05:20.0902 1948 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
15:05:20.0902 1948 IPNAT - ok
15:05:20.0949 1948 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
15:05:20.0949 1948 IRENUM - ok
15:05:20.0980 1948 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
15:05:20.0980 1948 isapnp - ok
15:05:21.0012 1948 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
15:05:21.0012 1948 iScsiPrt - ok
15:05:21.0043 1948 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:05:21.0043 1948 kbdclass - ok
15:05:21.0090 1948 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
15:05:21.0090 1948 kbdhid - ok
15:05:21.0136 1948 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
15:05:21.0152 1948 KSecDD - ok
15:05:21.0183 1948 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
15:05:21.0183 1948 KSecPkg - ok
15:05:21.0308 1948 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
15:05:21.0308 1948 Lavasoft Kernexplorer - ok
15:05:21.0355 1948 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
15:05:21.0355 1948 Lbd - ok
15:05:21.0448 1948 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
15:05:21.0448 1948 lltdio - ok
15:05:21.0511 1948 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:05:21.0511 1948 LSI_FC - ok
15:05:21.0511 1948 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:05:21.0526 1948 LSI_SAS - ok
15:05:21.0558 1948 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:05:21.0558 1948 LSI_SAS2 - ok
15:05:21.0589 1948 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:05:21.0589 1948 LSI_SCSI - ok
15:05:21.0636 1948 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
15:05:21.0636 1948 luafv - ok
15:05:21.0667 1948 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
15:05:21.0667 1948 megasas - ok
15:05:21.0698 1948 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
15:05:21.0698 1948 MegaSR - ok
15:05:21.0729 1948 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
15:05:21.0729 1948 Modem - ok
15:05:21.0760 1948 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
15:05:21.0760 1948 monitor - ok
15:05:21.0792 1948 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
15:05:21.0792 1948 mouclass - ok
15:05:21.0823 1948 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
15:05:21.0823 1948 mouhid - ok
15:05:21.0854 1948 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
15:05:21.0854 1948 mountmgr - ok
15:05:21.0901 1948 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
15:05:21.0916 1948 mpio - ok
15:05:21.0979 1948 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
15:05:21.0994 1948 mpsdrv - ok
15:05:22.0119 1948 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
15:05:22.0135 1948 MRxDAV - ok
15:05:22.0182 1948 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:05:22.0197 1948 mrxsmb - ok
15:05:22.0306 1948 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:05:22.0322 1948 mrxsmb10 - ok
15:05:22.0353 1948 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:05:22.0353 1948 mrxsmb20 - ok
15:05:22.0384 1948 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
15:05:22.0384 1948 msahci - ok
15:05:22.0416 1948 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
15:05:22.0416 1948 msdsm - ok
15:05:22.0478 1948 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
15:05:22.0478 1948 Msfs - ok
15:05:22.0494 1948 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
15:05:22.0494 1948 mshidkmdf - ok
15:05:22.0509 1948 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
15:05:22.0509 1948 msisadrv - ok
15:05:22.0556 1948 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
15:05:22.0556 1948 MSKSSRV - ok
15:05:22.0618 1948 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
15:05:22.0618 1948 MSPCLOCK - ok
15:05:22.0696 1948 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
15:05:22.0696 1948 MSPQM - ok
15:05:22.0728 1948 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
15:05:22.0728 1948 MsRPC - ok
15:05:22.0774 1948 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
15:05:22.0774 1948 mssmbios - ok
15:05:22.0837 1948 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
15:05:22.0837 1948 MSTEE - ok
15:05:22.0852 1948 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
15:05:22.0852 1948 MTConfig - ok
15:05:22.0884 1948 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
15:05:22.0899 1948 Mup - ok
15:05:22.0946 1948 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
15:05:22.0946 1948 NativeWifiP - ok
15:05:23.0008 1948 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
15:05:23.0040 1948 NDIS - ok
15:05:23.0071 1948 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
15:05:23.0071 1948 NdisCap - ok
15:05:23.0102 1948 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
15:05:23.0102 1948 NdisTapi - ok
15:05:23.0133 1948 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
15:05:23.0133 1948 Ndisuio - ok
15:05:23.0180 1948 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
15:05:23.0180 1948 NdisWan - ok
15:05:23.0242 1948 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
15:05:23.0242 1948 NDProxy - ok
15:05:23.0289 1948 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
15:05:23.0289 1948 NetBIOS - ok
15:05:23.0320 1948 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
15:05:23.0336 1948 NetBT - ok
15:05:23.0445 1948 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
15:05:23.0445 1948 nfrd960 - ok
15:05:23.0476 1948 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
15:05:23.0476 1948 Npfs - ok
15:05:23.0492 1948 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
15:05:23.0508 1948 nsiproxy - ok
15:05:23.0570 1948 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
15:05:23.0601 1948 Ntfs - ok
15:05:23.0617 1948 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
15:05:23.0617 1948 Null - ok
15:05:23.0695 1948 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
15:05:23.0710 1948 NVENETFD - ok
15:05:24.0007 1948 nvlddmkm (4152708c0c24e30dae7fa87d5afe1d7b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:05:24.0256 1948 nvlddmkm - ok
15:05:24.0303 1948 NVNET (5bf9c11586f4764446407f509f1beca8) C:\Windows\system32\DRIVERS\nvmf6232.sys
15:05:24.0303 1948 NVNET - ok
15:05:24.0397 1948 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
15:05:24.0397 1948 nvraid - ok
15:05:24.0428 1948 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
15:05:24.0428 1948 nvstor - ok
15:05:24.0475 1948 nvstor32 (63b7838e9c272baaa7b33a0ca4ebb748) C:\Windows\system32\DRIVERS\nvstor32.sys
15:05:24.0475 1948 nvstor32 - ok
15:05:24.0537 1948 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
15:05:24.0537 1948 nv_agp - ok
15:05:24.0568 1948 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
15:05:24.0568 1948 ohci1394 - ok
15:05:24.0631 1948 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
15:05:24.0631 1948 Parport - ok
15:05:24.0662 1948 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
15:05:24.0662 1948 partmgr - ok
15:05:24.0693 1948 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
15:05:24.0693 1948 Parvdm - ok
15:05:24.0740 1948 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
15:05:24.0740 1948 pci - ok
15:05:24.0756 1948 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
15:05:24.0756 1948 pciide - ok
15:05:24.0787 1948 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
15:05:24.0787 1948 pcmcia - ok
15:05:24.0834 1948 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
15:05:24.0834 1948 pcw - ok
15:05:24.0880 1948 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
15:05:24.0896 1948 PEAUTH - ok
15:05:25.0021 1948 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
15:05:25.0021 1948 PptpMiniport - ok
15:05:25.0052 1948 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
15:05:25.0052 1948 Processor - ok
15:05:25.0114 1948 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
15:05:25.0114 1948 Ps2 - ok
15:05:25.0161 1948 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
15:05:25.0161 1948 Psched - ok
15:05:25.0208 1948 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
15:05:25.0208 1948 PxHelp20 - ok
15:05:25.0286 1948 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
15:05:25.0333 1948 ql2300 - ok
15:05:25.0348 1948 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
15:05:25.0364 1948 ql40xx - ok
15:05:25.0395 1948 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
15:05:25.0395 1948 QWAVEdrv - ok
15:05:25.0426 1948 RAMDiskVE - ok
15:05:25.0458 1948 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
15:05:25.0458 1948 RasAcd - ok
15:05:25.0504 1948 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:05:25.0504 1948 RasAgileVpn - ok
15:05:25.0536 1948 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:05:25.0536 1948 Rasl2tp - ok
15:05:25.0614 1948 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
15:05:25.0629 1948 RasPppoe - ok
15:05:25.0645 1948 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
15:05:25.0645 1948 RasSstp - ok
15:05:25.0692 1948 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
15:05:25.0692 1948 rdbss - ok
15:05:25.0707 1948 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
15:05:25.0707 1948 rdpbus - ok
15:05:25.0754 1948 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:05:25.0754 1948 RDPCDD - ok
15:05:25.0801 1948 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
15:05:25.0801 1948 RDPDR - ok
15:05:25.0832 1948 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
15:05:25.0832 1948 RDPENCDD - ok
15:05:25.0863 1948 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
15:05:25.0863 1948 RDPREFMP - ok
15:05:25.0941 1948 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
15:05:25.0957 1948 RdpVideoMiniport - ok
15:05:26.0004 1948 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
15:05:26.0004 1948 RDPWD - ok
15:05:26.0097 1948 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
15:05:26.0097 1948 rdyboost - ok
15:05:26.0222 1948 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
15:05:26.0222 1948 rspndr - ok
15:05:26.0269 1948 RSUSBSTOR (a633399432491bb173bb3cf3b41b9c55) C:\Windows\system32\Drivers\RtsUStor.sys
15:05:26.0269 1948 RSUSBSTOR - ok
15:05:26.0300 1948 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
15:05:26.0300 1948 s3cap - ok
15:05:26.0347 1948 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
15:05:26.0347 1948 sbp2port - ok
15:05:26.0394 1948 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys
15:05:26.0394 1948 SCDEmu - ok
15:05:26.0425 1948 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
15:05:26.0425 1948 scfilter - ok
15:05:26.0487 1948 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:05:26.0487 1948 secdrv - ok
15:05:26.0550 1948 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
15:05:26.0550 1948 Serenum - ok
15:05:26.0581 1948 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
15:05:26.0581 1948 Serial - ok
15:05:26.0643 1948 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
15:05:26.0659 1948 sermouse - ok
15:05:26.0721 1948 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
15:05:26.0721 1948 sffdisk - ok
15:05:26.0737 1948 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
15:05:26.0737 1948 sffp_mmc - ok
15:05:26.0752 1948 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
15:05:26.0752 1948 sffp_sd - ok
15:05:26.0784 1948 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
15:05:26.0784 1948 sfloppy - ok
15:05:26.0877 1948 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
15:05:26.0893 1948 sisagp - ok
15:05:26.0924 1948 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:05:26.0924 1948 SiSRaid2 - ok
15:05:26.0940 1948 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
15:05:26.0940 1948 SiSRaid4 - ok
15:05:26.0971 1948 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
15:05:26.0971 1948 Smb - ok
15:05:27.0064 1948 Soluto (ff35c2d01ac36b446a1b997f305f0fc2) C:\Windows\system32\DRIVERS\Soluto.sys
15:05:27.0064 1948 Soluto - ok
15:05:27.0096 1948 speedfan (9f70cd5edcc4efc48ae21e04fb03be9d) C:\Windows\system32\speedfan.sys
15:05:27.0096 1948 speedfan - ok
15:05:27.0142 1948 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
15:05:27.0142 1948 spldr - ok
15:05:27.0205 1948 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
15:05:27.0205 1948 srv - ok
15:05:27.0236 1948 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
15:05:27.0236 1948 srv2 - ok
15:05:27.0283 1948 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
15:05:27.0283 1948 srvnet - ok
15:05:27.0361 1948 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
15:05:27.0361 1948 stexstor - ok
15:05:27.0470 1948 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
15:05:27.0470 1948 storflt - ok
15:05:27.0501 1948 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
15:05:27.0501 1948 storvsc - ok
15:05:27.0517 1948 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
15:05:27.0517 1948 swenum - ok
15:05:27.0548 1948 Synth3dVsc - ok
15:05:27.0579 1948 tap0901 (1e89de7a4fb7a854ebb241d0aa8996dd) C:\Windows\system32\DRIVERS\tap0901.sys
15:05:27.0579 1948 tap0901 - ok
15:05:27.0657 1948 tapoas (827c8058c284ff0013e4462efe2591a3) C:\Windows\system32\DRIVERS\tapoas.sys
15:05:27.0657 1948 tapoas - ok
15:05:27.0688 1948 tclondrv (1cdfcf0542e7eefe22ba502bfe452b12) C:\Windows\system32\DRIVERS\tclondrv.sys
15:05:27.0688 1948 tclondrv - ok
15:05:27.0766 1948 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
15:05:27.0798 1948 Tcpip - ok
15:05:27.0876 1948 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
15:05:27.0876 1948 TCPIP6 - ok
15:05:27.0938 1948 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
15:05:27.0954 1948 tcpipreg - ok
15:05:28.0000 1948 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
15:05:28.0000 1948 TDPIPE - ok
15:05:28.0047 1948 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
15:05:28.0047 1948 TDTCP - ok
15:05:28.0094 1948 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
15:05:28.0094 1948 tdx - ok
15:05:28.0172 1948 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
15:05:28.0172 1948 TermDD - ok
15:05:28.0266 1948 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:05:28.0266 1948 tssecsrv - ok
15:05:28.0297 1948 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
15:05:28.0297 1948 TsUsbFlt - ok
15:05:28.0312 1948 tsusbhub - ok
15:05:28.0375 1948 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
15:05:28.0375 1948 tunnel - ok
15:05:28.0406 1948 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
15:05:28.0406 1948 uagp35 - ok
15:05:28.0437 1948 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
15:05:28.0453 1948 udfs - ok
15:05:28.0500 1948 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
15:05:28.0500 1948 uliagpkx - ok
15:05:28.0562 1948 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
15:05:28.0562 1948 umbus - ok
15:05:28.0578 1948 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
15:05:28.0578 1948 UmPass - ok
15:05:28.0656 1948 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
15:05:28.0656 1948 USBAAPL - ok
15:05:28.0687 1948 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
15:05:28.0687 1948 usbccgp - ok
15:05:28.0734 1948 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
15:05:28.0749 1948 usbcir - ok
15:05:28.0812 1948 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
15:05:28.0812 1948 usbehci - ok
15:05:28.0843 1948 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
15:05:28.0858 1948 usbhub - ok
15:05:28.0874 1948 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
15:05:28.0874 1948 usbohci - ok
15:05:28.0905 1948 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
15:05:28.0905 1948 usbprint - ok
15:05:28.0952 1948 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
15:05:28.0952 1948 usbscan - ok
15:05:28.0999 1948 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:05:28.0999 1948 USBSTOR - ok
15:05:29.0014 1948 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
15:05:29.0014 1948 usbuhci - ok
15:05:29.0061 1948 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
15:05:29.0061 1948 vdrvroot - ok
15:05:29.0108 1948 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
15:05:29.0108 1948 vga - ok
15:05:29.0155 1948 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
15:05:29.0155 1948 VgaSave - ok
15:05:29.0233 1948 VGPU - ok
15:05:29.0264 1948 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
15:05:29.0280 1948 vhdmp - ok
15:05:29.0420 1948 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
15:05:29.0436 1948 viaagp - ok
15:05:29.0467 1948 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
15:05:29.0467 1948 ViaC7 - ok
15:05:29.0498 1948 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
15:05:29.0498 1948 viaide - ok
15:05:29.0545 1948 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
15:05:29.0560 1948 vmbus - ok
15:05:29.0592 1948 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
15:05:29.0592 1948 VMBusHID - ok
15:05:29.0623 1948 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
15:05:29.0623 1948 volmgr - ok
15:05:29.0654 1948 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
15:05:29.0654 1948 volmgrx - ok
15:05:29.0685 1948 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
15:05:29.0685 1948 volsnap - ok
15:05:29.0763 1948 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
15:05:29.0794 1948 vsmraid - ok
15:05:29.0935 1948 VSTHWBS2 (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS
15:05:29.0966 1948 VSTHWBS2 - ok
15:05:30.0138 1948 VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
15:05:30.0153 1948 VST_DPV - ok
15:05:30.0231 1948 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
15:05:30.0231 1948 vwifibus - ok
15:05:30.0309 1948 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
15:05:30.0325 1948 WacomPen - ok
15:05:30.0387 1948 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:05:30.0387 1948 WANARP - ok
15:05:30.0387 1948 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:05:30.0387 1948 Wanarpv6 - ok
15:05:30.0450 1948 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
15:05:30.0450 1948 Wd - ok
15:05:30.0481 1948 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:05:30.0512 1948 Wdf01000 - ok
15:05:30.0606 1948 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
15:05:30.0606 1948 WfpLwf - ok
15:05:30.0637 1948 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
15:05:30.0637 1948 WIMMount - ok
15:05:30.0684 1948 winachsf (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
15:05:30.0715 1948 winachsf - ok
15:05:30.0793 1948 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
15:05:30.0793 1948 WinUsb - ok
15:05:30.0824 1948 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
15:05:30.0824 1948 WmiAcpi - ok
15:05:30.0886 1948 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
15:05:30.0886 1948 ws2ifsl - ok
15:05:30.0918 1948 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
15:05:30.0918 1948 WsAudio_DeviceS(1) - ok
15:05:30.0964 1948 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
15:05:30.0964 1948 WsAudio_DeviceS(2) - ok
15:05:30.0996 1948 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
15:05:30.0996 1948 WsAudio_DeviceS(3) - ok
15:05:31.0027 1948 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
15:05:31.0027 1948 WsAudio_DeviceS(4) - ok
15:05:31.0042 1948 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
15:05:31.0058 1948 WsAudio_DeviceS(5) - ok
15:05:31.0136 1948 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
15:05:31.0136 1948 WudfPf - ok
15:05:31.0183 1948 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:05:31.0183 1948 WUDFRd - ok
15:05:31.0245 1948 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:05:31.0276 1948 \Device\Harddisk0\DR0 - ok
15:05:31.0308 1948 Boot (0x1200) (9ef1af7a3abf444e6ce1a4ecf4031a67) \Device\Harddisk0\DR0\Partition0
15:05:31.0339 1948 \Device\Harddisk0\DR0\Partition0 - ok
15:05:31.0386 1948 Boot (0x1200) (d5108bf643741ae46a72ba5a74a19ef2) \Device\Harddisk0\DR0\Partition1
15:05:31.0417 1948 \Device\Harddisk0\DR0\Partition1 - ok
15:05:31.0417 1948 ============================================================
15:05:31.0417 1948 Scan finished
15:05:31.0417 1948 ============================================================
15:05:31.0432 0760 Detected object count: 1
15:05:31.0432 0760 Actual detected object count: 1
15:05:37.0345 0760 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\dfsc.sys) error 1813
15:05:41.0323 0760 Backup copy not found, trying to cure infected file..
15:05:41.0323 0760 C:\Windows\system32\Drivers\dfsc.sys - Cure failed (FFFFFFFF)
15:05:41.0323 0760 C:\Windows\system32\Drivers\dfsc.sys - processing error
15:05:43.0975 0760 DfsC ( Rootkit.Win32.ZAccess.k ) - User select action: Cure
15:06:19.0543 3964 ============================================================
15:06:19.0543 3964 Scan started
15:06:19.0543 3964 Mode: Manual;
15:06:19.0543 3964 ============================================================
15:06:19.0730 3964 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
15:06:19.0730 3964 1394ohci - ok
15:06:19.0808 3964 a2acc (71574a98093d94bdbb3cb74e272d29a5) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
15:06:19.0808 3964 a2acc - ok
15:06:19.0902 3964 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
15:06:19.0902 3964 ACPI - ok
15:06:19.0948 3964 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
15:06:19.0948 3964 AcpiPmi - ok
15:06:19.0995 3964 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
15:06:19.0995 3964 adp94xx - ok
15:06:20.0026 3964 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
15:06:20.0026 3964 adpahci - ok
15:06:20.0042 3964 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
15:06:20.0058 3964 adpu320 - ok
15:06:20.0104 3964 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
15:06:20.0120 3964 AFD - ok
15:06:20.0136 3964 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
15:06:20.0136 3964 agp440 - ok
15:06:20.0167 3964 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
15:06:20.0167 3964 aic78xx - ok
15:06:20.0198 3964 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
15:06:20.0198 3964 aliide - ok
15:06:20.0229 3964 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
15:06:20.0229 3964 amdagp - ok
15:06:20.0292 3964 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
15:06:20.0292 3964 amdide - ok
15:06:20.0307 3964 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
15:06:20.0307 3964 AmdK8 - ok
15:06:20.0338 3964 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
15:06:20.0338 3964 AmdPPM - ok
15:06:20.0370 3964 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
15:06:20.0370 3964 amdsata - ok
15:06:20.0401 3964 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
15:06:20.0401 3964 amdsbs - ok
15:06:20.0432 3964 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
15:06:20.0432 3964 amdxata - ok
15:06:20.0494 3964 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
15:06:20.0494 3964 AppID - ok
15:06:20.0526 3964 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
15:06:20.0526 3964 arc - ok
15:06:20.0541 3964 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
15:06:20.0541 3964 arcsas - ok
15:06:20.0588 3964 AsAudioDevice_349 (b2f1c180adecce1b5653c020e7d8bb76) C:\Windows\system32\drivers\AsAudioDevice_349.sys
15:06:20.0588 3964 AsAudioDevice_349 - ok
15:06:20.0635 3964 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
15:06:20.0635 3964 AsyncMac - ok
15:06:20.0682 3964 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
15:06:20.0682 3964 atapi - ok
15:06:20.0728 3964 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
15:06:20.0728 3964 b06bdrv - ok
15:06:20.0760 3964 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:06:20.0760 3964 b57nd60x - ok
15:06:20.0791 3964 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
15:06:20.0791 3964 Beep - ok
15:06:20.0822 3964 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
15:06:20.0822 3964 blbdrive - ok
15:06:20.0853 3964 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
15:06:20.0869 3964 bowser - ok
15:06:20.0900 3964 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:06:20.0900 3964 BrFiltLo - ok
15:06:20.0900 3964 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:06:20.0900 3964 BrFiltUp - ok
15:06:20.0994 3964 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
15:06:20.0994 3964 Brserid - ok
15:06:21.0025 3964 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
15:06:21.0025 3964 BrSerWdm - ok
15:06:21.0040 3964 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:06:21.0040 3964 BrUsbMdm - ok
15:06:21.0056 3964 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
15:06:21.0056 3964 BrUsbSer - ok
15:06:21.0072 3964 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
15:06:21.0072 3964 BTHMODEM - ok
15:06:21.0181 3964 catchme - ok
15:06:21.0243 3964 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
15:06:21.0243 3964 cdfs - ok
15:06:21.0274 3964 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
15:06:21.0274 3964 cdrom - ok
15:06:21.0306 3964 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
15:06:21.0306 3964 circlass - ok
15:06:21.0337 3964 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
15:06:21.0337 3964 CLFS - ok
15:06:21.0384 3964 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
15:06:21.0384 3964 CmBatt - ok
15:06:21.0399 3964 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
15:06:21.0399 3964 cmdide - ok
15:06:21.0462 3964 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
15:06:21.0477 3964 CNG - ok
15:06:21.0493 3964 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
15:06:21.0508 3964 Compbatt - ok
15:06:21.0540 3964 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
15:06:21.0540 3964 CompositeBus - ok
15:06:21.0571 3964 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
15:06:21.0571 3964 crcdisk - ok
15:06:21.0618 3964 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
15:06:21.0633 3964 CSC - ok
15:06:21.0680 3964 DfsC (418915e28bffbaa2dea2d386abaa38e9) C:\Windows\system32\Drivers\dfsc.sys
15:06:21.0680 3964 DfsC ( Rootkit.Win32.ZAccess.k ) - infected
15:06:21.0680 3964 DfsC - detected Rootkit.Win32.ZAccess.k (0)
15:06:21.0696 3964 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
15:06:21.0696 3964 discache - ok
15:06:21.0727 3964 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
15:06:21.0727 3964 Disk - ok
15:06:21.0774 3964 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
15:06:21.0774 3964 drmkaud - ok
15:06:21.0836 3964 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\Windows\system32\Drivers\DrvAgent32.sys
15:06:21.0836 3964 DrvAgent32 - ok
15:06:21.0898 3964 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
15:06:21.0898 3964 DXGKrnl - ok
15:06:22.0023 3964 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
15:06:22.0039 3964 ebdrv - ok
15:06:22.0086 3964 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
15:06:22.0086 3964 elxstor - ok
15:06:22.0132 3964 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
15:06:22.0132 3964 ErrDev - ok
15:06:22.0226 3964 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
15:06:22.0226 3964 exfat - ok
15:06:22.0242 3964 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
15:06:22.0257 3964 fastfat - ok
15:06:22.0273 3964 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
15:06:22.0288 3964 fdc - ok
15:06:22.0320 3964 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
15:06:22.0320 3964 FileInfo - ok
15:06:22.0335 3964 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
15:06:22.0335 3964 Filetrace - ok
15:06:22.0366 3964 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
15:06:22.0366 3964 flpydisk - ok
15:06:22.0398 3964 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
15:06:22.0398 3964 FltMgr - ok
15:06:22.0429 3964 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
15:06:22.0429 3964 FsDepends - ok
15:06:22.0460 3964 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
15:06:22.0460 3964 fssfltr - ok
15:06:22.0507 3964 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
15:06:22.0507 3964 Fs_Rec - ok
15:06:22.0569 3964 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
15:06:22.0569 3964 fvevol - ok
15:06:22.0600 3964 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:06:22.0600 3964 gagp30kx - ok
15:06:22.0647 3964 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:06:22.0647 3964 GEARAspiWDM - ok
15:06:22.0678 3964 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
15:06:22.0678 3964 giveio - ok
15:06:22.0756 3964 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
15:06:22.0772 3964 hamachi - ok
15:06:22.0788 3964 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
15:06:22.0788 3964 hcw85cir - ok
15:06:22.0834 3964 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
15:06:22.0834 3964 HDAudBus - ok
15:06:22.0866 3964 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
15:06:22.0866 3964 HidBatt - ok
15:06:22.0897 3964 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
15:06:22.0897 3964 HidBth - ok
15:06:22.0912 3964 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
15:06:22.0912 3964 HidIr - ok
15:06:22.0959 3964 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
15:06:22.0959 3964 HidUsb - ok
15:06:23.0006 3964 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
15:06:23.0006 3964 HpSAMD - ok
15:06:23.0037 3964 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
15:06:23.0053 3964 HTTP - ok
15:06:23.0100 3964 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
15:06:23.0100 3964 hwpolicy - ok
15:06:23.0146 3964 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
15:06:23.0146 3964 i8042prt - ok
15:06:23.0178 3964 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
15:06:23.0178 3964 iaStorV - ok
15:06:23.0224 3964 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
15:06:23.0224 3964 iirsp - ok
15:06:23.0334 3964 IntcAzAudAddService (37b96b2ec34819cbc145ad5ab3afab19) C:\Windows\system32\drivers\RTKVHDA.sys
15:06:23.0365 3964 IntcAzAudAddService - ok
15:06:23.0396 3964 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
15:06:23.0396 3964 intelide - ok
15:06:23.0443 3964 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
15:06:23.0443 3964 intelppm - ok
15:06:23.0474 3964 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:06:23.0474 3964 IpFilterDriver - ok
15:06:23.0505 3964 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
15:06:23.0505 3964 IPMIDRV - ok
15:06:23.0536 3964 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
15:06:23.0536 3964 IPNAT - ok
15:06:23.0568 3964 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
15:06:23.0568 3964 IRENUM - ok
15:06:23.0599 3964 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
15:06:23.0599 3964 isapnp - ok
15:06:23.0630 3964 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
15:06:23.0646 3964 iScsiPrt - ok
15:06:23.0661 3964 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:06:23.0661 3964 kbdclass - ok
15:06:23.0692 3964 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
15:06:23.0692 3964 kbdhid - ok
15:06:23.0770 3964 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
15:06:23.0770 3964 KSecDD - ok
15:06:23.0802 3964 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
15:06:23.0802 3964 KSecPkg - ok
15:06:23.0895 3964 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
15:06:23.0895 3964 Lavasoft Kernexplorer - ok
15:06:23.0958 3964 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
15:06:23.0973 3964 Lbd - ok
15:06:24.0004 3964 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
15:06:24.0004 3964 lltdio - ok
15:06:24.0051 3964 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:06:24.0051 3964 LSI_FC - ok
15:06:24.0067 3964 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:06:24.0067 3964 LSI_SAS - ok
15:06:24.0098 3964 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:06:24.0098 3964 LSI_SAS2 - ok
15:06:24.0129 3964 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:06:24.0129 3964 LSI_SCSI - ok
15:06:24.0160 3964 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
15:06:24.0160 3964 luafv - ok
15:06:24.0176 3964 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
15:06:24.0176 3964 megasas - ok
15:06:24.0207 3964 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
15:06:24.0207 3964 MegaSR - ok
15:06:24.0254 3964 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
15:06:24.0254 3964 Modem - ok
15:06:24.0301 3964 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
15:06:24.0301 3964 monitor - ok
15:06:24.0348 3964 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
15:06:24.0363 3964 mouclass - ok
15:06:24.0379 3964 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
15:06:24.0379 3964 mouhid - ok
15:06:24.0410 3964 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
15:06:24.0410 3964 mountmgr - ok
15:06:24.0441 3964 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
15:06:24.0441 3964 mpio - ok
15:06:24.0472 3964 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
15:06:24.0472 3964 mpsdrv - ok
15:06:24.0535 3964 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
15:06:24.0535 3964 MRxDAV - ok
15:06:24.0582 3964 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:06:24.0582 3964 mrxsmb - ok
15:06:24.0613 3964 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:06:24.0613 3964 mrxsmb10 - ok
15:06:24.0660 3964 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:06:24.0660 3964 mrxsmb20 - ok
15:06:24.0675 3964 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
15:06:24.0675 3964 msahci - ok
15:06:24.0706 3964 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
15:06:24.0706 3964 msdsm - ok
15:06:24.0769 3964 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
15:06:24.0769 3964 Msfs - ok
15:06:24.0800 3964 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
15:06:24.0800 3964 mshidkmdf - ok
15:06:24.0831 3964 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
15:06:24.0831 3964 msisadrv - ok
15:06:24.0862 3964 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
15:06:24.0862 3964 MSKSSRV - ok
15:06:24.0878 3964 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
15:06:24.0878 3964 MSPCLOCK - ok
15:06:24.0894 3964 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
15:06:24.0894 3964 MSPQM - ok
15:06:24.0925 3964 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
15:06:24.0925 3964 MsRPC - ok
15:06:24.0972 3964 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
15:06:24.0972 3964 mssmbios - ok
15:06:24.0987 3964 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
15:06:24.0987 3964 MSTEE - ok
15:06:25.0003 3964 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
15:06:25.0003 3964 MTConfig - ok
15:06:25.0018 3964 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
15:06:25.0018 3964 Mup - ok
15:06:25.0065 3964 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
15:06:25.0065 3964 NativeWifiP - ok
15:06:25.0143 3964 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
15:06:25.0159 3964 NDIS - ok
15:06:25.0174 3964 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
15:06:25.0174 3964 NdisCap - ok
15:06:25.0206 3964 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
15:06:25.0206 3964 NdisTapi - ok
15:06:25.0237 3964 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
15:06:25.0237 3964 Ndisuio - ok
15:06:25.0284 3964 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
15:06:25.0284 3964 NdisWan - ok
15:06:25.0346 3964 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
15:06:25.0346 3964 NDProxy - ok
15:06:25.0393 3964 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
15:06:25.0393 3964 NetBIOS - ok
15:06:25.0424 3964 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
15:06:25.0424 3964 NetBT - ok
15:06:25.0471 3964 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
15:06:25.0471 3964 nfrd960 - ok
15:06:25.0502 3964 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
15:06:25.0502 3964 Npfs - ok
15:06:25.0518 3964 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
15:06:25.0518 3964 nsiproxy - ok
15:06:25.0596 3964 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
15:06:25.0611 3964 Ntfs - ok
15:06:25.0642 3964 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
15:06:25.0642 3964 Null - ok
15:06:25.0705 3964 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
15:06:25.0720 3964 NVENETFD - ok
15:06:26.0001 3964 nvlddmkm (4152708c0c24e30dae7fa87d5afe1d7b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:06:26.0064 3964 nvlddmkm - ok
15:06:26.0110 3964 NVNET (5bf9c11586f4764446407f509f1beca8) C:\Windows\system32\DRIVERS\nvmf6232.sys
15:06:26.0110 3964 NVNET - ok
15:06:26.0173 3964 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
15:06:26.0173 3964 nvraid - ok
15:06:26.0220 3964 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
15:06:26.0220 3964 nvstor - ok
15:06:26.0251 3964 nvstor32 (63b7838e9c272baaa7b33a0ca4ebb748) C:\Windows\system32\DRIVERS\nvstor32.sys
15:06:26.0251 3964 nvstor32 - ok
15:06:26.0282 3964 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
15:06:26.0282 3964 nv_agp - ok
15:06:26.0329 3964 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
15:06:26.0329 3964 ohci1394 - ok
15:06:26.0376 3964 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
15:06:26.0376 3964 Parport - ok
15:06:26.0422 3964 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
15:06:26.0422 3964 partmgr - ok
15:06:26.0485 3964 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
15:06:26.0485 3964 Parvdm - ok
15:06:26.0516 3964 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
15:06:26.0516 3964 pci - ok
15:06:26.0532 3964 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
15:06:26.0547 3964 pciide - ok
15:06:26.0563 3964 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
15:06:26.0563 3964 pcmcia - ok
15:06:26.0610 3964 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
15:06:26.0610 3964 pcw - ok
15:06:26.0625 3964 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
15:06:26.0641 3964 PEAUTH - ok
15:06:26.0703 3964 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
15:06:26.0703 3964 PptpMiniport - ok
15:06:26.0766 3964 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
15:06:26.0766 3964 Processor - ok
15:06:26.0797 3964 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
15:06:26.0797 3964 Ps2 - ok
15:06:26.0844 3964 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
15:06:26.0844 3964 Psched - ok
15:06:26.0875 3964 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
15:06:26.0875 3964 PxHelp20 - ok
15:06:26.0937 3964 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
15:06:26.0937 3964 ql2300 - ok
15:06:27.0000 3964 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
15:06:27.0000 3964 ql40xx - ok
15:06:27.0046 3964 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
15:06:27.0046 3964 QWAVEdrv - ok
15:06:27.0046 3964 RAMDiskVE - ok
15:06:27.0078 3964 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
15:06:27.0078 3964 RasAcd - ok
15:06:27.0124 3964 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:06:27.0124 3964 RasAgileVpn - ok
15:06:27.0171 3964 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:06:27.0171 3964 Rasl2tp - ok
15:06:27.0187 3964 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
15:06:27.0202 3964 RasPppoe - ok
15:06:27.0218 3964 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
15:06:27.0218 3964 RasSstp - ok
15:06:27.0249 3964 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
15:06:27.0249 3964 rdbss - ok
15:06:27.0280 3964 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
15:06:27.0280 3964 rdpbus - ok
15:06:27.0312 3964 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:06:27.0312 3964 RDPCDD - ok
15:06:27.0358 3964 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
15:06:27.0358 3964 RDPDR - ok
15:06:27.0405 3964 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
15:06:27.0405 3964 RDPENCDD - ok
15:06:27.0421 3964 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
15:06:27.0421 3964 RDPREFMP - ok
15:06:27.0452 3964 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
15:06:27.0452 3964 RdpVideoMiniport - ok
15:06:27.0499 3964 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
15:06:27.0499 3964 RDPWD - ok
15:06:27.0530 3964 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
15:06:27.0530 3964 rdyboost - ok
15:06:27.0592 3964 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
15:06:27.0592 3964 rspndr - ok
15:06:27.0639 3964 RSUSBSTOR (a633399432491bb173bb3cf3b41b9c55) C:\Windows\system32\Drivers\RtsUStor.sys
15:06:27.0639 3964 RSUSBSTOR - ok
15:06:27.0686 3964 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
15:06:27.0686 3964 s3cap - ok
15:06:27.0717 3964 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
15:06:27.0717 3964 sbp2port - ok
15:06:27.0764 3964 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys
15:06:27.0764 3964 SCDEmu - ok
15:06:27.0780 3964 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
15:06:27.0780 3964 scfilter - ok
15:06:27.0811 3964 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:06:27.0811 3964 secdrv - ok
15:06:27.0858 3964 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
15:06:27.0858 3964 Serenum - ok
15:06:27.0873 3964 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
15:06:27.0873 3964 Serial - ok
15:06:27.0936 3964 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
15:06:27.0936 3964 sermouse - ok
15:06:27.0998 3964 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
15:06:27.0998 3964 sffdisk - ok
15:06:28.0029 3964 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
15:06:28.0029 3964 sffp_mmc - ok
15:06:28.0045 3964 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
15:06:28.0045 3964 sffp_sd - ok
15:06:28.0076 3964 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
15:06:28.0076 3964 sfloppy - ok
15:06:28.0123 3964 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
15:06:28.0123 3964 sisagp - ok
15:06:28.0138 3964 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:06:28.0138 3964 SiSRaid2 - ok
15:06:28.0154 3964 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
15:06:28.0154 3964 SiSRaid4 - ok
15:06:28.0185 3964 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
15:06:28.0185 3964 Smb - ok
15:06:28.0248 3964 Soluto (ff35c2d01ac36b446a1b997f305f0fc2) C:\Windows\system32\DRIVERS\Soluto.sys
15:06:28.0248 3964 Soluto - ok
15:06:28.0294 3964 speedfan (9f70cd5edcc4efc48ae21e04fb03be9d) C:\Windows\system32\speedfan.sys
15:06:28.0294 3964 speedfan - ok
15:06:28.0326 3964 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
15:06:28.0326 3964 spldr - ok
15:06:28.0404 3964 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
15:06:28.0419 3964 srv - ok
15:06:28.0435 3964 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
15:06:28.0435 3964 srv2 - ok
15:06:28.0450 3964 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
15:06:28.0466 3964 srvnet - ok
15:06:28.0497 3964 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
15:06:28.0497 3964 stexstor - ok
15:06:28.0575 3964 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
15:06:28.0575 3964 storflt - ok
15:06:28.0606 3964 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
15:06:28.0606 3964 storvsc - ok
15:06:28.0622 3964 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
15:06:28.0622 3964 swenum - ok
15:06:28.0638 3964 Synth3dVsc - ok
15:06:28.0684 3964 tap0901 (1e89de7a4fb7a854ebb241d0aa8996dd) C:\Windows\system32\DRIVERS\tap0901.sys
15:06:28.0684 3964 tap0901 - ok
15:06:28.0716 3964 tapoas (827c8058c284ff0013e4462efe2591a3) C:\Windows\system32\DRIVERS\tapoas.sys
15:06:28.0731 3964 tapoas - ok
15:06:28.0762 3964 tclondrv (1cdfcf0542e7eefe22ba502bfe452b12) C:\Windows\system32\DRIVERS\tclondrv.sys
15:06:28.0762 3964 tclondrv - ok
15:06:28.0840 3964 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
15:06:28.0840 3964 Tcpip - ok
15:06:28.0887 3964 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
15:06:28.0903 3964 TCPIP6 - ok
15:06:28.0934 3964 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
15:06:28.0934 3964 tcpipreg - ok
15:06:29.0028 3964 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
15:06:29.0028 3964 TDPIPE - ok
15:06:29.0043 3964 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
15:06:29.0043 3964 TDTCP - ok
15:06:29.0090 3964 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
15:06:29.0090 3964 tdx - ok
15:06:29.0106 3964 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
15:06:29.0106 3964 TermDD - ok
15:06:29.0199 3964 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:06:29.0199 3964 tssecsrv - ok
15:06:29.0246 3964 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
15:06:29.0246 3964 TsUsbFlt - ok
15:06:29.0262 3964 tsusbhub - ok
15:06:29.0293 3964 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
15:06:29.0308 3964 tunnel - ok
15:06:29.0324 3964 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
15:06:29.0324 3964 uagp35 - ok
15:06:29.0371 3964 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
15:06:29.0371 3964 udfs - ok
15:06:29.0433 3964 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
15:06:29.0433 3964 uliagpkx - ok
15:06:29.0464 3964 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
15:06:29.0464 3964 umbus - ok
15:06:29.0496 3964 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
15:06:29.0511 3964 UmPass - ok
15:06:29.0542 3964 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
15:06:29.0542 3964 USBAAPL - ok
15:06:29.0589 3964 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
15:06:29.0605 3964 usbccgp - ok
15:06:29.0636 3964 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
15:06:29.0636 3964 usbcir - ok
15:06:29.0652 3964 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
15:06:29.0652 3964 usbehci - ok
15:06:29.0683 3964 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
15:06:29.0683 3964 usbhub - ok
15:06:29.0730 3964 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
15:06:29.0730 3964 usbohci - ok
15:06:29.0745 3964 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
15:06:29.0745 3964 usbprint - ok
15:06:29.0776 3964 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
15:06:29.0776 3964 usbscan - ok
15:06:29.0808 3964 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:06:29.0808 3964 USBSTOR - ok
15:06:29.0839 3964 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
15:06:29.0839 3964 usbuhci - ok
15:06:29.0870 3964 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
15:06:29.0870 3964 vdrvroot - ok
15:06:29.0901 3964 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
15:06:29.0901 3964 vga - ok
15:06:29.0932 3964 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
15:06:29.0932 3964 VgaSave - ok
15:06:29.0964 3964 VGPU - ok
15:06:29.0995 3964 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
15:06:29.0995 3964 vhdmp - ok
15:06:30.0042 3964 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
15:06:30.0042 3964 viaagp - ok
15:06:30.0057 3964 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
15:06:30.0057 3964 ViaC7 - ok
15:06:30.0088 3964 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
15:06:30.0088 3964 viaide - ok
15:06:30.0104 3964 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
15:06:30.0104 3964 vmbus - ok
15:06:30.0182 3964 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
15:06:30.0182 3964 VMBusHID - ok
15:06:30.0213 3964 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
15:06:30.0213 3964 volmgr - ok
15:06:30.0229 3964 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
15:06:30.0229 3964 volmgrx - ok
15:06:30.0260 3964 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
15:06:30.0260 3964 volsnap - ok
15:06:30.0322 3964 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
15:06:30.0322 3964 vsmraid - ok
15:06:30.0369 3964 VSTHWBS2 (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS
15:06:30.0369 3964 VSTHWBS2 - ok
15:06:30.0416 3964 VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
15:06:30.0432 3964 VST_DPV - ok
15:06:30.0447 3964 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
15:06:30.0447 3964 vwifibus - ok
15:06:30.0510 3964 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
15:06:30.0510 3964 WacomPen - ok
15:06:30.0556 3964 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:06:30.0556 3964 WANARP - ok
15:06:30.0572 3964 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:06:30.0572 3964 Wanarpv6 - ok
15:06:30.0619 3964 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
15:06:30.0619 3964 Wd - ok
15:06:30.0666 3964 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:06:30.0666 3964 Wdf01000 - ok
15:06:30.0712 3964 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
15:06:30.0712 3964 WfpLwf - ok
15:06:30.0744 3964 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
15:06:30.0744 3964 WIMMount - ok
15:06:30.0790 3964 winachsf (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
15:06:30.0806 3964 winachsf - ok
15:06:30.0868 3964 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
15:06:30.0868 3964 WinUsb - ok
15:06:30.0931 3964 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
15:06:30.0931 3964 WmiAcpi - ok
15:06:30.0978 3964 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
15:06:30.0978 3964 ws2ifsl - ok
15:06:31.0009 3964 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
15:06:31.0009 3964 WsAudio_DeviceS(1) - ok
15:06:31.0040 3964 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
15:06:31.0040 3964 WsAudio_DeviceS(2) - ok
15:06:31.0071 3964 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
15:06:31.0071 3964 WsAudio_DeviceS(3) - ok
15:06:31.0118 3964 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
15:06:31.0118 3964 WsAudio_DeviceS(4) - ok
15:06:31.0149 3964 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
15:06:31.0149 3964 WsAudio_DeviceS(5) - ok
15:06:31.0196 3964 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
15:06:31.0196 3964 WudfPf - ok
15:06:31.0227 3964 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:06:31.0227 3964 WUDFRd - ok
15:06:31.0258 3964 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:06:31.0274 3964 \Device\Harddisk0\DR0 - ok
15:06:31.0274 3964 Boot (0x1200) (9ef1af7a3abf444e6ce1a4ecf4031a67) \Device\Harddisk0\DR0\Partition0
15:06:31.0274 3964 \Device\Harddisk0\DR0\Partition0 - ok
15:06:31.0321 3964 Boot (0x1200) (d5108bf643741ae46a72ba5a74a19ef2) \Device\Harddisk0\DR0\Partition1
15:06:31.0321 3964 \Device\Harddisk0\DR0\Partition1 - ok
15:06:31.0321 3964 ============================================================
15:06:31.0321 3964 Scan finished
15:06:31.0321 3964 ============================================================
15:06:31.0336 2696 Detected object count: 1
15:06:31.0336 2696 Actual detected object count: 1
15:06:35.0143 2696 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\dfsc.sys) error 1813
15:06:35.0392 2696 Backup copy not found, trying to cure infected file..
15:06:35.0392 2696 C:\Windows\system32\Drivers\dfsc.sys - Cure failed (FFFFFFFF)
15:06:35.0392 2696 C:\Windows\system32\Drivers\dfsc.sys - processing error
15:06:37.0374 2696 DfsC ( Rootkit.Win32.ZAccess.k ) - User select action: Cure
15:06:47.0607 3680 Deinitialize success

#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:57 PM

Posted 19 November 2011 - 05:17 PM

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    dfsc.sys
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#15 Ninja Chachi

Ninja Chachi
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 19 November 2011 - 06:10 PM

Here you go:

SystemLook 30.07.11 by jpshortstuff
Log created at 17:05 on 19/11/2011 by Dan
Administrator - Elevation successful

========== filefind ==========

Searching for "dfsc.sys"
C:\Windows\System32\drivers\dfsc.sys --a---- 78336 bytes [14:11 22/07/2011] [08:42 20/11/2010] 418915E28BFFBAA2DEA2D386ABAA38E9
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16385_none_87708401476f7a4f\dfsc.sys --a---- 78336 bytes [23:14 13/07/2009] [23:14 13/07/2009] 8E09E52EE2E3CEB199EF3DD99CF9E3FB
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16804_none_87c60c95472f7333\dfsc.sys --a---- 78336 bytes [03:57 22/07/2011] [02:33 27/04/2011] 83D1ECEA8FAAE75604C0FA49AC7AD996
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.20953_none_8818997a6076855b\dfsc.sys --a---- 78336 bytes [03:57 22/07/2011] [02:24 27/04/2011] 886E8C1608146CC355DDD455F5C8DD87
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7601.17514_none_89a197c9445dfde9\dfsc.sys --a---- 78336 bytes [14:11 22/07/2011] [08:42 20/11/2010] 418915E28BFFBAA2DEA2D386ABAA38E9

-= EOF =-




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users