Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google searches redirected in IE and firefox


  • This topic is locked This topic is locked
8 replies to this topic

#1 sircasini

sircasini

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 30 November 2011 - 02:30 PM

Referred from here: http://www.bleepingcomputer.com/forums/topic429807.html ~ OB

My search results from google are constantly redirected in IE and firefox. Ive tried malewarebytes, spybot, and superspyware with no luck. running 64bit windows so no gmer attached.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Michael at 13:45:28 on 2011-11-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3764.2104 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\WebUpdateSvc4.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5740&r=273610115116l0338z125t5821d517
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office10\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{079E895E-A34A-44CA-AB30-B5385D4D0B79} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{210C5B99-28F1-4C81-84F3-73146411905F} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{210C5B99-28F1-4C81-84F3-73146411905F}\2427F637 : DhcpNameServer = 10.0.0.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\xarkdvzm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\xarkdvzm.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}\plugins\npSlingPlayer.dll
FF - plugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\xarkdvzm.default\extensions\slinghealth@slingmedia.com\plugins\npSlingHealth.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-10-2 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-11 305448]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-9-24 62720]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-10-2 1153368]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-4 2320920]
R2 WebUpdate4;Web Update Wizard Service V4;C:\Windows\SysWOW64\WebUpdateSvc4.exe [2008-9-15 262360]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-3 366152]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-11-4 240160]
.
=============== Created Last 30 ================
.
2011-11-30 18:27:01 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A7C9C347-687F-473C-9252-35BC3AB85AB3}\offreg.dll
2011-11-30 18:26:58 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A7C9C347-687F-473C-9252-35BC3AB85AB3}\mpengine.dll
2011-11-30 00:23:35 -------- d-----w- C:\Program Files (x86)\Just Learn Morse Code
2011-11-29 04:59:58 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-29 04:58:02 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-11-29 04:45:26 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2011-11-27 23:49:51 -------- d-----w- C:\Program Files (x86)\Microsoft ActiveSync
2011-11-25 06:14:18 158056 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-09 14:23:26 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 14:23:26 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 14:23:22 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 14:23:21 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-01 05:05:45 -------- d-----w- C:\Users\Michael\AppData\Local\Adobe
.
==================== Find3M ====================
.
2011-10-07 05:27:56 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-10-07 05:27:55 175616 ----a-w- C:\Windows\System32\msclmd.dll
.
============= FINISH: 13:53:09.99 ===============

Attached Files


Edited by Orange Blossom, 30 November 2011 - 05:19 PM.


BC AdBot (Login to Remove)

 


#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:04 AM

Posted 03 December 2011 - 04:28 PM

Hello sircasini and welcome to Bleeping Computer!

I apologize for the delay.

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:
  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):
  • TDSSKiller_log.txt
how the PC is running now?


-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:
  • TDSSKiller report
  • C:\ComboFix.txt
  • checkup.txt

How is your computer running now?
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#3 sircasini

sircasini
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 12 December 2011 - 09:12 PM

21:10:27.0203 1460 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
21:10:28.0485 1460 ============================================================
21:10:28.0486 1460 Current date / time: 2011/12/12 21:10:28.0485
21:10:28.0486 1460 SystemInfo:
21:10:28.0486 1460
21:10:28.0486 1460 OS Version: 6.1.7601 ServicePack: 1.0
21:10:28.0486 1460 Product type: Workstation
21:10:28.0486 1460 ComputerName: MICHAEL-PC
21:10:28.0487 1460 UserName: Michael
21:10:28.0487 1460 Windows directory: C:\Windows
21:10:28.0487 1460 System windows directory: C:\Windows
21:10:28.0487 1460 Running under WOW64
21:10:28.0487 1460 Processor architecture: Intel x64
21:10:28.0487 1460 Number of processors: 4
21:10:28.0487 1460 Page size: 0x1000
21:10:28.0487 1460 Boot type: Normal boot
21:10:28.0487 1460 ============================================================
21:10:28.0941 1460 Initialize success
21:11:11.0054 5696 ============================================================
21:11:11.0054 5696 Scan started
21:11:11.0054 5696 Mode: Manual;
21:11:11.0054 5696 ============================================================
21:11:11.0326 5696 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:11:11.0329 5696 1394ohci - ok
21:11:11.0365 5696 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:11:11.0369 5696 ACPI - ok
21:11:11.0434 5696 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:11:11.0434 5696 AcpiPmi - ok
21:11:11.0533 5696 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:11:11.0539 5696 adp94xx - ok
21:11:11.0657 5696 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:11:11.0662 5696 adpahci - ok
21:11:11.0687 5696 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:11:11.0689 5696 adpu320 - ok
21:11:11.0744 5696 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:11:11.0748 5696 AFD - ok
21:11:11.0858 5696 AgereSoftModem (a6ab6f0ace87da76b4c401813d18be95) C:\Windows\system32\DRIVERS\agrsm64.sys
21:11:11.0867 5696 AgereSoftModem - ok
21:11:11.0962 5696 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:11:11.0963 5696 agp440 - ok
21:11:12.0050 5696 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:11:12.0050 5696 aliide - ok
21:11:12.0103 5696 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:11:12.0104 5696 amdide - ok
21:11:12.0167 5696 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:11:12.0168 5696 AmdK8 - ok
21:11:12.0218 5696 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:11:12.0219 5696 AmdPPM - ok
21:11:12.0291 5696 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:11:12.0292 5696 amdsata - ok
21:11:12.0350 5696 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:11:12.0352 5696 amdsbs - ok
21:11:12.0430 5696 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:11:12.0430 5696 amdxata - ok
21:11:12.0489 5696 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
21:11:12.0490 5696 AmUStor - ok
21:11:12.0559 5696 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:11:12.0560 5696 AppID - ok
21:11:12.0650 5696 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:11:12.0651 5696 arc - ok
21:11:12.0699 5696 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:11:12.0701 5696 arcsas - ok
21:11:12.0727 5696 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:11:12.0728 5696 AsyncMac - ok
21:11:12.0783 5696 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:11:12.0784 5696 atapi - ok
21:11:12.0882 5696 athr (88a02b6046356e6be4e387faa7451439) C:\Windows\system32\DRIVERS\athrx.sys
21:11:12.0895 5696 athr - ok
21:11:13.0038 5696 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:11:13.0045 5696 b06bdrv - ok
21:11:13.0133 5696 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:11:13.0137 5696 b57nd60a - ok
21:11:13.0197 5696 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
21:11:13.0210 5696 BCM43XX - ok
21:11:13.0299 5696 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:11:13.0300 5696 Beep - ok
21:11:13.0388 5696 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:11:13.0389 5696 blbdrive - ok
21:11:13.0467 5696 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:11:13.0468 5696 bowser - ok
21:11:13.0521 5696 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:11:13.0522 5696 BrFiltLo - ok
21:11:13.0534 5696 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:11:13.0535 5696 BrFiltUp - ok
21:11:13.0607 5696 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:11:13.0611 5696 Brserid - ok
21:11:13.0648 5696 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:11:13.0649 5696 BrSerWdm - ok
21:11:13.0662 5696 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:11:13.0663 5696 BrUsbMdm - ok
21:11:13.0726 5696 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:11:13.0727 5696 BrUsbSer - ok
21:11:13.0794 5696 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
21:11:13.0795 5696 BthEnum - ok
21:11:13.0868 5696 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:11:13.0869 5696 BTHMODEM - ok
21:11:13.0943 5696 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:11:13.0945 5696 BthPan - ok
21:11:14.0013 5696 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
21:11:14.0021 5696 BTHPORT - ok
21:11:14.0131 5696 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
21:11:14.0132 5696 BTHUSB - ok
21:11:14.0165 5696 btusbflt (6e04458e98daf28826482e41a7a62df5) C:\Windows\system32\drivers\btusbflt.sys
21:11:14.0165 5696 btusbflt - ok
21:11:14.0233 5696 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
21:11:14.0235 5696 btwaudio - ok
21:11:14.0282 5696 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys
21:11:14.0284 5696 btwavdt - ok
21:11:14.0357 5696 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
21:11:14.0358 5696 btwl2cap - ok
21:11:14.0404 5696 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
21:11:14.0405 5696 btwrchid - ok
21:11:14.0440 5696 catchme - ok
21:11:14.0494 5696 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:11:14.0496 5696 cdfs - ok
21:11:14.0580 5696 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:11:14.0582 5696 cdrom - ok
21:11:14.0658 5696 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:11:14.0659 5696 circlass - ok
21:11:14.0709 5696 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:11:14.0713 5696 CLFS - ok
21:11:14.0811 5696 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:11:14.0811 5696 CmBatt - ok
21:11:14.0857 5696 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:11:14.0858 5696 cmdide - ok
21:11:14.0935 5696 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
21:11:14.0940 5696 CNG - ok
21:11:15.0034 5696 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:11:15.0035 5696 Compbatt - ok
21:11:15.0070 5696 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:11:15.0071 5696 CompositeBus - ok
21:11:15.0162 5696 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:11:15.0163 5696 crcdisk - ok
21:11:15.0226 5696 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:11:15.0228 5696 DfsC - ok
21:11:15.0335 5696 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:11:15.0335 5696 discache - ok
21:11:15.0388 5696 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:11:15.0390 5696 Disk - ok
21:11:15.0400 5696 DKbFltr - ok
21:11:15.0457 5696 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:11:15.0457 5696 drmkaud - ok
21:11:15.0546 5696 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:11:15.0557 5696 DXGKrnl - ok
21:11:15.0684 5696 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:11:15.0710 5696 ebdrv - ok
21:11:15.0831 5696 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:11:15.0838 5696 elxstor - ok
21:11:15.0937 5696 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:11:15.0937 5696 ErrDev - ok
21:11:15.0978 5696 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:11:15.0980 5696 exfat - ok
21:11:16.0059 5696 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:11:16.0061 5696 fastfat - ok
21:11:16.0110 5696 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:11:16.0111 5696 fdc - ok
21:11:16.0227 5696 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:11:16.0228 5696 FileInfo - ok
21:11:16.0239 5696 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:11:16.0241 5696 Filetrace - ok
21:11:16.0271 5696 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:11:16.0272 5696 flpydisk - ok
21:11:16.0330 5696 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:11:16.0334 5696 FltMgr - ok
21:11:16.0395 5696 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:11:16.0396 5696 FsDepends - ok
21:11:16.0406 5696 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:11:16.0406 5696 Fs_Rec - ok
21:11:16.0475 5696 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:11:16.0478 5696 fvevol - ok
21:11:16.0536 5696 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:11:16.0537 5696 gagp30kx - ok
21:11:16.0624 5696 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:11:16.0625 5696 hcw85cir - ok
21:11:16.0701 5696 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:11:16.0705 5696 HdAudAddService - ok
21:11:16.0796 5696 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:11:16.0797 5696 HDAudBus - ok
21:11:16.0874 5696 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
21:11:16.0875 5696 HECIx64 - ok
21:11:16.0928 5696 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:11:16.0929 5696 HidBatt - ok
21:11:16.0958 5696 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:11:16.0959 5696 HidBth - ok
21:11:17.0028 5696 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:11:17.0029 5696 HidIr - ok
21:11:17.0114 5696 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:11:17.0115 5696 HidUsb - ok
21:11:17.0198 5696 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:11:17.0199 5696 HpSAMD - ok
21:11:17.0295 5696 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:11:17.0302 5696 HTTP - ok
21:11:17.0350 5696 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:11:17.0351 5696 hwpolicy - ok
21:11:17.0424 5696 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:11:17.0426 5696 i8042prt - ok
21:11:17.0510 5696 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
21:11:17.0515 5696 iaStor - ok
21:11:17.0594 5696 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:11:17.0599 5696 iaStorV - ok
21:11:17.0846 5696 igfx (b36e6868cf289040795c1fa0d0feb399) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:11:17.0894 5696 igfx - ok
21:11:17.0996 5696 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:11:17.0998 5696 iirsp - ok
21:11:18.0040 5696 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
21:11:18.0042 5696 Impcd - ok
21:11:18.0197 5696 IntcAzAudAddService (42943bb3ab7a405b30eff7c8283cc129) C:\Windows\system32\drivers\RTKVHD64.sys
21:11:18.0213 5696 IntcAzAudAddService - ok
21:11:18.0311 5696 IntcDAud (408b401cd7cdb075c7470b0ff7ba8d0b) C:\Windows\system32\DRIVERS\IntcDAud.sys
21:11:18.0314 5696 IntcDAud - ok
21:11:18.0346 5696 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:11:18.0347 5696 intelide - ok
21:11:18.0449 5696 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:11:18.0450 5696 intelppm - ok
21:11:18.0582 5696 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:11:18.0583 5696 IpFilterDriver - ok
21:11:18.0621 5696 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:11:18.0622 5696 IPMIDRV - ok
21:11:18.0728 5696 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:11:18.0729 5696 IPNAT - ok
21:11:18.0771 5696 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:11:18.0772 5696 IRENUM - ok
21:11:18.0834 5696 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:11:18.0834 5696 isapnp - ok
21:11:18.0900 5696 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:11:18.0902 5696 iScsiPrt - ok
21:11:18.0971 5696 k57nd60a (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys
21:11:18.0973 5696 k57nd60a - ok
21:11:19.0031 5696 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:11:19.0032 5696 kbdclass - ok
21:11:19.0095 5696 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:11:19.0096 5696 kbdhid - ok
21:11:19.0151 5696 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
21:11:19.0152 5696 KSecDD - ok
21:11:19.0198 5696 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
21:11:19.0200 5696 KSecPkg - ok
21:11:19.0239 5696 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:11:19.0240 5696 ksthunk - ok
21:11:19.0309 5696 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
21:11:19.0310 5696 L1E - ok
21:11:19.0396 5696 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:11:19.0397 5696 lltdio - ok
21:11:19.0486 5696 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:11:19.0488 5696 LSI_FC - ok
21:11:19.0530 5696 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:11:19.0531 5696 LSI_SAS - ok
21:11:19.0544 5696 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:11:19.0545 5696 LSI_SAS2 - ok
21:11:19.0556 5696 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:11:19.0558 5696 LSI_SCSI - ok
21:11:19.0591 5696 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:11:19.0592 5696 luafv - ok
21:11:19.0649 5696 MBAMProtector - ok
21:11:19.0756 5696 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:11:19.0757 5696 megasas - ok
21:11:19.0798 5696 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:11:19.0801 5696 MegaSR - ok
21:11:19.0850 5696 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:11:19.0851 5696 Modem - ok
21:11:19.0893 5696 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:11:19.0894 5696 monitor - ok
21:11:19.0970 5696 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:11:19.0971 5696 mouclass - ok
21:11:20.0053 5696 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:11:20.0053 5696 mouhid - ok
21:11:20.0117 5696 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:11:20.0118 5696 mountmgr - ok
21:11:20.0188 5696 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
21:11:20.0190 5696 MpFilter - ok
21:11:20.0255 5696 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:11:20.0257 5696 mpio - ok
21:11:20.0320 5696 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
21:11:20.0321 5696 MpNWMon - ok
21:11:20.0354 5696 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:11:20.0355 5696 mpsdrv - ok
21:11:20.0413 5696 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:11:20.0415 5696 MRxDAV - ok
21:11:20.0491 5696 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:11:20.0493 5696 mrxsmb - ok
21:11:20.0538 5696 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:11:20.0541 5696 mrxsmb10 - ok
21:11:20.0597 5696 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:11:20.0599 5696 mrxsmb20 - ok
21:11:20.0619 5696 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:11:20.0620 5696 msahci - ok
21:11:20.0672 5696 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:11:20.0674 5696 msdsm - ok
21:11:20.0732 5696 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:11:20.0732 5696 Msfs - ok
21:11:20.0786 5696 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:11:20.0786 5696 mshidkmdf - ok
21:11:20.0824 5696 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:11:20.0825 5696 msisadrv - ok
21:11:20.0897 5696 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:11:20.0898 5696 MSKSSRV - ok
21:11:21.0008 5696 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:11:21.0009 5696 MSPCLOCK - ok
21:11:21.0030 5696 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:11:21.0031 5696 MSPQM - ok
21:11:21.0065 5696 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:11:21.0069 5696 MsRPC - ok
21:11:21.0165 5696 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:11:21.0166 5696 mssmbios - ok
21:11:21.0187 5696 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:11:21.0188 5696 MSTEE - ok
21:11:21.0202 5696 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:11:21.0203 5696 MTConfig - ok
21:11:21.0266 5696 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:11:21.0267 5696 Mup - ok
21:11:21.0325 5696 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
21:11:21.0326 5696 mwlPSDFilter - ok
21:11:21.0340 5696 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
21:11:21.0340 5696 mwlPSDNServ - ok
21:11:21.0359 5696 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
21:11:21.0361 5696 mwlPSDVDisk - ok
21:11:21.0490 5696 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:11:21.0494 5696 NativeWifiP - ok
21:11:21.0552 5696 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:11:21.0561 5696 NDIS - ok
21:11:21.0665 5696 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:11:21.0665 5696 NdisCap - ok
21:11:21.0709 5696 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:11:21.0710 5696 NdisTapi - ok
21:11:21.0807 5696 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:11:21.0808 5696 Ndisuio - ok
21:11:21.0846 5696 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:11:21.0848 5696 NdisWan - ok
21:11:21.0948 5696 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:11:21.0949 5696 NDProxy - ok
21:11:21.0989 5696 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:11:21.0990 5696 NetBIOS - ok
21:11:22.0034 5696 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:11:22.0037 5696 NetBT - ok
21:11:22.0156 5696 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:11:22.0157 5696 nfrd960 - ok
21:11:22.0184 5696 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:11:22.0186 5696 NisDrv - ok
21:11:22.0290 5696 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:11:22.0291 5696 Npfs - ok
21:11:22.0306 5696 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:11:22.0307 5696 nsiproxy - ok
21:11:22.0379 5696 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:11:22.0400 5696 Ntfs - ok
21:11:22.0519 5696 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
21:11:22.0520 5696 NTIDrvr - ok
21:11:22.0562 5696 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:11:22.0563 5696 Null - ok
21:11:22.0666 5696 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:11:22.0669 5696 nvraid - ok
21:11:22.0691 5696 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:11:22.0694 5696 nvstor - ok
21:11:22.0731 5696 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:11:22.0733 5696 nv_agp - ok
21:11:22.0819 5696 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:11:22.0820 5696 ohci1394 - ok
21:11:22.0862 5696 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:11:22.0863 5696 Parport - ok
21:11:22.0902 5696 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:11:22.0903 5696 partmgr - ok
21:11:22.0996 5696 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:11:22.0998 5696 pci - ok
21:11:23.0012 5696 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:11:23.0013 5696 pciide - ok
21:11:23.0045 5696 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:11:23.0047 5696 pcmcia - ok
21:11:23.0147 5696 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:11:23.0148 5696 pcw - ok
21:11:23.0177 5696 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:11:23.0183 5696 PEAUTH - ok
21:11:23.0308 5696 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:11:23.0310 5696 PptpMiniport - ok
21:11:23.0340 5696 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:11:23.0341 5696 Processor - ok
21:11:23.0437 5696 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:11:23.0439 5696 Psched - ok
21:11:23.0520 5696 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:11:23.0539 5696 ql2300 - ok
21:11:23.0641 5696 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:11:23.0643 5696 ql40xx - ok
21:11:23.0659 5696 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:11:23.0660 5696 QWAVEdrv - ok
21:11:23.0692 5696 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:11:23.0693 5696 RasAcd - ok
21:11:23.0751 5696 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:11:23.0752 5696 RasAgileVpn - ok
21:11:23.0812 5696 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:11:23.0814 5696 Rasl2tp - ok
21:11:23.0889 5696 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:11:23.0890 5696 RasPppoe - ok
21:11:23.0929 5696 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:11:23.0931 5696 RasSstp - ok
21:11:23.0973 5696 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:11:23.0977 5696 rdbss - ok
21:11:24.0017 5696 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:11:24.0018 5696 rdpbus - ok
21:11:24.0071 5696 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:11:24.0071 5696 RDPCDD - ok
21:11:24.0127 5696 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:11:24.0128 5696 RDPENCDD - ok
21:11:24.0160 5696 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:11:24.0160 5696 RDPREFMP - ok
21:11:24.0188 5696 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:11:24.0190 5696 RDPWD - ok
21:11:24.0258 5696 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:11:24.0261 5696 rdyboost - ok
21:11:24.0361 5696 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:11:24.0363 5696 RFCOMM - ok
21:11:24.0435 5696 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:11:24.0436 5696 rspndr - ok
21:11:24.0504 5696 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
21:11:24.0505 5696 SASDIFSV - ok
21:11:24.0516 5696 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
21:11:24.0516 5696 SASKUTIL - ok
21:11:24.0605 5696 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:11:24.0606 5696 sbp2port - ok
21:11:24.0650 5696 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:11:24.0651 5696 scfilter - ok
21:11:24.0759 5696 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:11:24.0759 5696 secdrv - ok
21:11:24.0810 5696 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:11:24.0811 5696 Serenum - ok
21:11:24.0916 5696 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:11:24.0917 5696 Serial - ok
21:11:24.0953 5696 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:11:24.0954 5696 sermouse - ok
21:11:25.0063 5696 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:11:25.0064 5696 sffdisk - ok
21:11:25.0086 5696 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:11:25.0087 5696 sffp_mmc - ok
21:11:25.0105 5696 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:11:25.0106 5696 sffp_sd - ok
21:11:25.0205 5696 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:11:25.0206 5696 sfloppy - ok
21:11:25.0242 5696 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:11:25.0243 5696 SiSRaid2 - ok
21:11:25.0261 5696 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:11:25.0263 5696 SiSRaid4 - ok
21:11:25.0368 5696 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:11:25.0369 5696 Smb - ok
21:11:25.0409 5696 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:11:25.0409 5696 spldr - ok
21:11:25.0452 5696 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:11:25.0456 5696 srv - ok
21:11:25.0542 5696 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:11:25.0547 5696 srv2 - ok
21:11:25.0579 5696 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:11:25.0581 5696 srvnet - ok
21:11:25.0689 5696 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:11:25.0690 5696 stexstor - ok
21:11:25.0730 5696 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:11:25.0731 5696 swenum - ok
21:11:25.0844 5696 SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys
21:11:25.0848 5696 SynTP - ok
21:11:25.0932 5696 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:11:25.0946 5696 Tcpip - ok
21:11:26.0085 5696 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:11:26.0100 5696 TCPIP6 - ok
21:11:26.0211 5696 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:11:26.0212 5696 tcpipreg - ok
21:11:26.0248 5696 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:11:26.0249 5696 TDPIPE - ok
21:11:26.0299 5696 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:11:26.0299 5696 TDTCP - ok
21:11:26.0350 5696 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:11:26.0352 5696 tdx - ok
21:11:26.0395 5696 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:11:26.0396 5696 TermDD - ok
21:11:26.0507 5696 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:11:26.0508 5696 tssecsrv - ok
21:11:26.0545 5696 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:11:26.0546 5696 TsUsbFlt - ok
21:11:26.0672 5696 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:11:26.0673 5696 tunnel - ok
21:11:26.0711 5696 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:11:26.0712 5696 uagp35 - ok
21:11:26.0815 5696 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
21:11:26.0816 5696 UBHelper - ok
21:11:26.0856 5696 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:11:26.0859 5696 udfs - ok
21:11:26.0970 5696 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:11:26.0971 5696 uliagpkx - ok
21:11:27.0011 5696 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:11:27.0012 5696 umbus - ok
21:11:27.0102 5696 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:11:27.0103 5696 UmPass - ok
21:11:27.0159 5696 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:11:27.0160 5696 usbccgp - ok
21:11:27.0199 5696 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:11:27.0200 5696 usbcir - ok
21:11:27.0286 5696 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:11:27.0287 5696 usbehci - ok
21:11:27.0330 5696 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:11:27.0334 5696 usbhub - ok
21:11:27.0423 5696 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:11:27.0424 5696 usbohci - ok
21:11:27.0458 5696 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:11:27.0459 5696 usbprint - ok
21:11:27.0514 5696 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:11:27.0515 5696 usbscan - ok
21:11:27.0571 5696 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
21:11:27.0573 5696 USBSTOR - ok
21:11:27.0599 5696 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:11:27.0600 5696 usbuhci - ok
21:11:27.0664 5696 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:11:27.0667 5696 usbvideo - ok
21:11:27.0749 5696 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:11:27.0750 5696 vdrvroot - ok
21:11:27.0818 5696 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:11:27.0819 5696 vga - ok
21:11:27.0831 5696 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:11:27.0832 5696 VgaSave - ok
21:11:27.0871 5696 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:11:27.0873 5696 vhdmp - ok
21:11:27.0921 5696 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:11:27.0922 5696 viaide - ok
21:11:27.0981 5696 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:11:27.0983 5696 volmgr - ok
21:11:28.0018 5696 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:11:28.0022 5696 volmgrx - ok
21:11:28.0094 5696 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:11:28.0098 5696 volsnap - ok
21:11:28.0178 5696 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:11:28.0180 5696 vsmraid - ok
21:11:28.0217 5696 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:11:28.0218 5696 vwifibus - ok
21:11:28.0252 5696 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:11:28.0253 5696 vwififlt - ok
21:11:28.0279 5696 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:11:28.0280 5696 WacomPen - ok
21:11:28.0323 5696 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:11:28.0324 5696 WANARP - ok
21:11:28.0333 5696 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:11:28.0334 5696 Wanarpv6 - ok
21:11:28.0401 5696 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:11:28.0401 5696 Wd - ok
21:11:28.0458 5696 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:11:28.0463 5696 Wdf01000 - ok
21:11:28.0600 5696 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:11:28.0600 5696 WfpLwf - ok
21:11:28.0625 5696 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:11:28.0626 5696 WIMMount - ok
21:11:28.0754 5696 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:11:28.0755 5696 WmiAcpi - ok
21:11:28.0834 5696 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:11:28.0834 5696 ws2ifsl - ok
21:11:28.0931 5696 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:11:28.0933 5696 WudfPf - ok
21:11:29.0013 5696 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:11:29.0016 5696 WUDFRd - ok
21:11:29.0078 5696 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:11:29.0098 5696 \Device\Harddisk0\DR0 - ok
21:11:29.0102 5696 Boot (0x1200) (cce91eb0d1fa7b387662dbd4fe13beed) \Device\Harddisk0\DR0\Partition0
21:11:29.0103 5696 \Device\Harddisk0\DR0\Partition0 - ok
21:11:29.0115 5696 Boot (0x1200) (fb7f1ebcdfdbb60ca57822192cd51737) \Device\Harddisk0\DR0\Partition1
21:11:29.0116 5696 \Device\Harddisk0\DR0\Partition1 - ok
21:11:29.0116 5696 ============================================================
21:11:29.0116 5696 Scan finished
21:11:29.0117 5696 ============================================================
21:11:29.0132 2376 Detected object count: 0
21:11:29.0132 2376 Actual detected object count: 0

#4 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:04 AM

Posted 12 December 2011 - 10:07 PM

Please post the remaining logs as well :wink:
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#5 sircasini

sircasini
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 12 December 2011 - 10:33 PM

combo attached...

Attached Files



#6 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:04 AM

Posted 12 December 2011 - 10:36 PM

Please also post the Security Check log when you get the time :).


Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Driver::
38751333
54342519

File::
c:\windows\system32\drivers\38751333.sys
c:\windows\system32\drivers\54342519.sys


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#7 sircasini

sircasini
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 12 December 2011 - 10:44 PM

Results of screen317's Security Check version 0.99.28
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Malwarebytes' Anti-Malware
Java™ 6 Update 29
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.1)
Mozilla Firefox (8.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Spybot Teatimer.exe is disabled!
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

#8 sircasini

sircasini
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 12 December 2011 - 10:54 PM

I did what you instructed with combo fix and it caused a blue screen of death. physical memory dump. Computer restarted and then black. I then had to restart.

#9 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:04 AM

Posted 12 December 2011 - 10:55 PM

Try the following:

Download the latest version of Kaspersky Virus Removal Tool
  • Close all other applications and double-click and run the installer.
  • When the Kaspersky Virus Removal Tool starts, to the right of Security Level click Recommended, and select Settings.
  • In the window that opens (Autoscan), in the Scope tab place a checkmark to the left of Parse email formats.
  • Click the Additional tab and click to place a checkmark to the left of Deep scan, and click OK.
  • Select all the scanable items except for CD-ROM drives and click the Start scan button.
    Posted Image
  • If malware is detected, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • After the scan finishes, if any threat remains in the Scan window (Red exclamation point), click the Neutralize all button
  • In the window that opens, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • If advised that a special disinfection procedure is required which demands system reboot: click the Ok button to close the window.
  • In the Scan window click the Reports button and select Save to file.
  • Name the report AVPT.txt, and save it to the Desktop.
  • Close AVPTool.
  • You will be prompted if you want to uninstall the program; click Yes.
  • You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
  • Copy and paste the first part of the report (Detected) that you saved in your next reply.

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users