Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Trojan-Spy.Win32.Batton.rk infection... Hellish trouble!


  • This topic is locked This topic is locked
26 replies to this topic

#1 Bajero

Bajero

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 13 December 2011 - 06:44 PM

Hi folks,

In desperate need of some help here!

I've already pretty much 'lost' one XP installation on another machine to what I'm convinced is the same infection, and now I'm VERY worried that I'm also affected on this PC from which I'm posting.

Through a bit of research, the symptoms involved are best described here, on a link I found on some site called bleepingcomputer.com :)

http://www.securelist.com/en/descriptions/24358424/Trojan-Spy.Win32.Batton.rk

Apparently there's also some skullduggery involved with corrupton of the file system and items such as the boot.ini.

I may be getting super-paranoid here but... I'm also a little worried about some sort of so-called 'stealthware; having been installed on some hardware device or other... I'm seeing a flashing orange light on the ethernet port, and was seeing that on the XP machine too.. Might not sound awful, but I have my reasons!

DDS Text:

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.7601.17514
Run by Baz at 21:58:25 on 2011-12-13
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.1014.375 [GMT 0:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskmgr.exe
C:\Users\Baz\Desktop\security\ches34gp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: H - No File
TB: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{4DE91811-7BDC-484A-A8DE-E2D866521819} : DhcpNameServer = 194.168.4.100 194.168.8.100
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\baz\appdata\roaming\mozilla\firefox\profiles\ba4rr37v.default\
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2011-3-10 23856]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2012\avp.exe [2011-4-24 202296]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-12-10 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-12-10 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-12-8 1343400]
.
=============== Created Last 30 ================
.
2011-12-13 20:22:52 -------- d-----w- c:\users\baz\appdata\local\ElevatedDiagnostics
2011-12-13 20:06:30 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{451e4292-0fda-4e9e-a557-f19735a548e2}\offreg.dll
2011-12-13 11:31:17 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2011-12-13 11:31:17 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2011-12-13 11:29:24 -------- d-----w- c:\program files\Kaspersky Lab
2011-12-13 11:29:23 -------- d-----w- c:\programdata\Kaspersky Lab
2011-12-13 05:28:21 -------- d-----w- c:\users\baz\Unknown folder
2011-12-12 07:36:42 -------- d-----w- c:\program files\SIW
2011-12-11 17:50:08 172032 ----a-w- c:\windows\system32\igfxres.dll
2011-12-10 23:54:09 389120 ----a-w- c:\windows\system32\igxpun.exe
2011-12-10 23:54:09 -------- d-----w- c:\windows\system32\Lang
2011-12-10 22:06:21 -------- d-----w- c:\users\baz\appdata\local\Apps
2011-12-10 20:48:41 -------- d-----w- c:\windows\system32\SPReview
2011-12-10 20:43:26 189952 ----a-w- c:\program files\windows portable devices\sqmapi.dll
2011-12-10 20:43:02 133632 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2011-12-10 20:43:01 1785344 ----a-w- c:\program files\windows journal\Journal.exe
2011-12-10 20:41:23 1853440 ----a-w- c:\program files\windows photo viewer\ImagingEngine.dll
2011-12-10 20:40:54 523264 ----a-w- c:\windows\system32\FXSSVC.exe
2011-12-10 20:40:54 430080 ----a-w- c:\windows\system32\FXSTIFF.dll
2011-12-10 20:40:54 39424 ----a-w- c:\windows\system32\FXSMON.dll
2011-12-10 20:40:37 52736 ----a-w- c:\windows\system32\BlbEvents.dll
2011-12-10 20:40:37 1203200 ----a-w- c:\windows\system32\wbengine.exe
2011-12-10 20:40:36 750080 ----a-w- c:\windows\system32\sdcpl.dll
2011-12-10 20:40:30 301568 ----a-w- c:\windows\system32\srchadmin.dll
2011-12-10 15:46:40 -------- d-----w- c:\windows\system32\EventProviders
2011-12-10 15:34:59 811520 ----a-w- c:\windows\system32\user32.dll
2011-12-10 15:33:59 856576 ----a-w- c:\windows\system32\FirewallControlPanel.dll
2011-12-10 15:32:59 70656 ----a-w- c:\windows\system32\amstream.dll
2011-12-10 15:31:53 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-12-10 15:29:53 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-12-10 15:29:52 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-12-10 15:29:06 189952 ----a-w- c:\windows\system32\sqmapi.dll
2011-12-10 14:33:15 -------- d-----w- c:\program files\VS Revo Group
2011-12-08 22:57:00 -------- d-----w- c:\windows\system32\Wat
2011-12-08 22:08:39 -------- d-----w- c:\program files\Eraser
2011-12-08 20:21:18 -------- d-----w- c:\users\baz\appdata\roaming\AVG2012
2011-12-08 20:16:54 -------- d-----w- c:\program files\AVG Secure Search
2011-12-08 20:15:30 -------- d-----w- c:\windows\system32\drivers\AVG
2011-12-08 02:50:44 175616 ----a-w- c:\windows\system32\unrar.dll
2011-12-08 02:45:37 -------- d-----w- c:\program files\Conduit
2011-12-08 02:45:34 -------- d-----w- c:\users\baz\appdata\local\Conduit
2011-12-08 02:18:45 850944 ----a-w- c:\windows\system32\sbe.dll
2011-12-08 02:18:45 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-12-08 02:18:45 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-08 02:18:45 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-12-08 01:35:51 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-12-08 01:29:58 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-08 01:28:59 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-12-08 01:28:58 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-12-08 01:28:58 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-08 01:22:54 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-12-08 01:22:54 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-12-08 01:03:15 -------- d-----w- C:\Symbols
2011-12-08 00:51:54 308797952 ----a-w- c:\users\baz\Windows_Win7SP1.7601.17514.101119-1850.X86CHK.Symbols.msi
2011-12-08 00:47:00 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{451e4292-0fda-4e9e-a557-f19735a548e2}\mpengine.dll
2011-12-08 00:46:58 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-12-07 21:13:42 708608 ----a-w- c:\program files\common files\system\wab32.dll
2011-12-07 20:58:23 -------- d-sh--w- c:\windows\Installer
2011-12-07 20:42:50 -------- d-----w- c:\users\baz\appdata\local\WindowsUpdate
2011-12-07 07:54:18 -------- d-----w- c:\users\baz\appdata\local\Diagnostics
2011-12-06 17:07:36 -------- d--h--w- c:\windows\PIF
2011-12-04 21:04:05 -------- d-----w- C:\Screen Recordings
2011-12-04 20:30:55 -------- d-----w- c:\program files\ZD Soft
2011-12-04 20:30:20 -------- d-----w- c:\users\baz\ZD Screen Recorder
2011-12-04 07:19:55 -------- d-----w- c:\program files\Ask.com
2011-12-04 07:19:09 -------- d-----w- c:\program files\GRETECH
2011-12-02 23:58:09 -------- d-----w- c:\program files\FlashGet
2011-12-02 23:28:59 -------- d-----w- c:\users\baz\appdata\local\Google
2011-12-02 21:05:47 -------- d-----w- c:\program files\VideoLAN
2011-12-02 20:57:31 -------- d-----w- C:\Intel
2011-12-02 19:49:31 -------- d--h--w- C:\$AVG
2011-12-02 19:35:40 -------- d-----w- c:\users\baz\appdata\local\Mozilla
2011-12-02 19:17:13 -------- d-----w- c:\program files\common files\AVG Secure Search
2011-12-02 19:15:59 -------- d-----w- c:\programdata\AVG2012
2011-12-02 19:15:02 -------- d-----w- c:\program files\AVG
2011-12-02 16:51:35 -------- d--h--w- c:\programdata\Common Files
2011-12-02 16:48:03 -------- d-----w- c:\programdata\MFAData
2011-12-02 16:45:35 -------- d-----w- c:\users\baz\appdata\roaming\CheckPoint
2011-12-02 16:45:21 -------- d-----w- c:\program files\ZoneAlarm_Security
2011-12-02 16:44:57 -------- d-----w- c:\programdata\CheckPoint
2011-12-02 16:42:42 -------- d-----w- c:\program files\CheckPoint
2011-12-02 16:36:25 -------- d-----w- c:\users\baz\Windows_Loader_v2.1
2011-12-02 08:42:36 -------- d-----w- c:\windows\Panther
2011-12-02 00:55:52 -------- d-----w- c:\windows\system32\wbem\Performance
.
==================== Find3M ====================
.
2011-12-10 20:54:52 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-10-07 06:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 06:21:28 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-10-01 02:42:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-29 16:03:04 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 03:37:56 2341888 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 21:59:57.13 ===============


Gmer Log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-13 23:36:37
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 ST3250310CS rev.3.ACD
Running: ches34gp.exe; Driver: C:\Users\Baz\AppData\Local\Temp\uwldqpow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 81A8B349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81AC4D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Windows\system32\drivers\helmet.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[752] ntdll.dll!LdrLoadDll 771022B8 5 Bytes JMP 6DDD3690 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[752] USER32.dll!GetWindowInfo 76564B5E 5 Bytes JMP 6DF556E0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000046 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Hoping someone can help... Thanks for reading! :)

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:55 PM

Posted 19 December 2011 - 06:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/432306 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:55 PM

Posted 21 December 2011 - 11:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs for my review.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:55 PM

Posted 27 December 2011 - 10:00 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:55 PM

Posted 29 December 2011 - 11:05 AM

Topic re opened at the request of the OP.

Please post in your next post what you have sent me via PM.
All correspondence should be kept in the same topic.

#6 Bajero

Bajero
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 29 December 2011 - 01:08 PM

I've included in this reply the requested logs for your inspection.

aswMBR.txt:

aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-28 17:47:06
-----------------------------
17:47:06.511 OS Version: Windows 6.1.7601 Service Pack 1
17:47:06.511 Number of processors: 1 586 0x401
17:47:06.526 ComputerName: BAZ-PC UserName: Baz
17:47:10.192 Initialize success
17:47:29.201 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
17:47:29.201 Disk 0 Vendor: ST3250310CS 3.ACD Size: 238475MB BusType: 3
17:47:31.229 Disk 0 MBR read successfully
17:47:31.229 Disk 0 MBR scan
17:47:31.244 Disk 0 Windows 7 default MBR code
17:47:31.260 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:47:31.275 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
17:47:31.307 Disk 0 scanning sectors +488394752
17:47:31.416 Disk 0 scanning C:\Windows\system32\drivers
17:47:46.064 Service scanning
17:47:46.642 Service 1394ohci C:\Windows\system32\drivers\1394ohci.sys **LOCKED** 32
17:47:46.657 Service ACPI C:\Windows\system32\drivers\ACPI.sys **LOCKED** 32
17:47:46.673 Service AcpiPmi C:\Windows\system32\drivers\acpipmi.sys **LOCKED** 32
17:47:46.688 Service adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys **LOCKED** 32
17:47:46.704 Service adpahci C:\Windows\system32\DRIVERS\adpahci.sys **LOCKED** 32
17:47:46.735 Service adpu320 C:\Windows\system32\DRIVERS\adpu320.sys **LOCKED** 32
17:47:46.751 Service AFD C:\Windows\system32\drivers\afd.sys **LOCKED** 32
17:47:46.782 Service agp440 C:\Windows\system32\drivers\agp440.sys **LOCKED** 32
17:47:46.798 Service aic78xx C:\Windows\system32\DRIVERS\djsvs.sys **LOCKED** 32
17:47:46.829 Service aliide C:\Windows\system32\drivers\aliide.sys **LOCKED** 32
17:47:46.844 Service amdagp C:\Windows\system32\drivers\amdagp.sys **LOCKED** 32
17:47:46.876 Service amdide C:\Windows\system32\drivers\amdide.sys **LOCKED** 32
17:47:46.907 Service AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys **LOCKED** 32
17:47:46.922 Service AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys **LOCKED** 32
17:47:46.954 Service amdsata C:\Windows\system32\drivers\amdsata.sys **LOCKED** 32
17:47:46.969 Service amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys **LOCKED** 32
17:47:47.016 Service amdxata C:\Windows\system32\drivers\amdxata.sys **LOCKED** 32
17:47:47.032 Service AppID C:\Windows\system32\drivers\appid.sys **LOCKED** 32
17:47:47.063 Service arc C:\Windows\system32\DRIVERS\arc.sys **LOCKED** 32
17:47:47.094 Service arcsas C:\Windows\system32\DRIVERS\arcsas.sys **LOCKED** 32
17:47:47.125 Service AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys **LOCKED** 32
17:47:47.156 Service atapi C:\Windows\system32\drivers\atapi.sys **LOCKED** 32
17:47:47.188 Service b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys **LOCKED** 32
17:47:47.203 Service b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys **LOCKED** 32
17:47:47.250 Service Beep C:\Windows\System32\Drivers\Beep.sys **LOCKED** 32
17:47:47.281 Service blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys **LOCKED** 32
17:47:47.297 Service BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys **LOCKED** 32
17:47:47.328 Service BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys **LOCKED** 32
17:47:47.359 Service Brserid C:\Windows\System32\Drivers\Brserid.sys **LOCKED** 32
17:47:47.390 Service BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys **LOCKED** 32
17:47:47.422 Service BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys **LOCKED** 32
17:47:47.453 Service BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys **LOCKED** 32
17:47:47.500 Service BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys **LOCKED** 32
17:47:47.531 Service cdrom C:\Windows\system32\drivers\cdrom.sys **LOCKED** 32
17:47:47.546 Service circlass C:\Windows\system32\DRIVERS\circlass.sys **LOCKED** 32
17:47:47.578 Service CLFS C:\Windows\System32\CLFS.sys **LOCKED** 32
17:47:47.609 Service CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys **LOCKED** 32
17:47:47.640 Service cmdide C:\Windows\system32\drivers\cmdide.sys **LOCKED** 32
17:47:47.671 Service CNG C:\Windows\System32\Drivers\cng.sys **LOCKED** 32
17:47:47.702 Service Compbatt C:\Windows\system32\DRIVERS\compbatt.sys **LOCKED** 32
17:47:47.718 Service CompositeBus C:\Windows\system32\drivers\CompositeBus.sys **LOCKED** 32
17:47:47.749 Service crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys **LOCKED** 32
17:47:47.780 Service CSC C:\Windows\system32\drivers\csc.sys **LOCKED** 32
17:47:47.827 Service discache C:\Windows\System32\drivers\discache.sys **LOCKED** 32
17:47:47.858 Service Disk C:\Windows\system32\DRIVERS\disk.sys **LOCKED** 32
17:47:47.890 Service drmkaud C:\Windows\system32\drivers\drmkaud.sys **LOCKED** 32
17:47:47.921 Service DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys **LOCKED** 32
17:47:47.952 Service ebdrv C:\Windows\system32\DRIVERS\evbdx.sys **LOCKED** 32
17:47:47.983 Service elxstor C:\Windows\system32\DRIVERS\elxstor.sys **LOCKED** 32
17:47:48.014 Service ErrDev C:\Windows\system32\drivers\errdev.sys **LOCKED** 32
17:47:48.061 Service fdc C:\Windows\system32\DRIVERS\fdc.sys **LOCKED** 32
17:47:48.092 Service flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys **LOCKED** 32
17:47:48.124 Service fvevol C:\Windows\System32\DRIVERS\fvevol.sys **LOCKED** 32
17:47:48.155 Service gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys **LOCKED** 32
17:47:48.186 Service hcw85cir C:\Windows\system32\drivers\hcw85cir.sys **LOCKED** 32
17:47:48.217 Service HDAudBus C:\Windows\system32\drivers\HDAudBus.sys **LOCKED** 32
17:47:48.248 Service HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys **LOCKED** 32
17:47:48.280 Service HidBth C:\Windows\system32\DRIVERS\hidbth.sys **LOCKED** 32
17:47:48.311 Service HidIr C:\Windows\system32\DRIVERS\hidir.sys **LOCKED** 32
17:47:48.342 Service HidUsb C:\Windows\system32\DRIVERS\hidusb.sys **LOCKED** 32
17:47:48.373 Service HpSAMD C:\Windows\system32\drivers\HpSAMD.sys **LOCKED** 32
17:47:48.404 Service HTTP C:\Windows\system32\drivers\HTTP.sys **LOCKED** 32
17:47:48.436 Service hwpolicy C:\Windows\System32\drivers\hwpolicy.sys **LOCKED** 32
17:47:48.451 Service i8042prt C:\Windows\system32\drivers\i8042prt.sys **LOCKED** 32
17:47:48.482 Service ialm C:\Windows\system32\DRIVERS\igxpmp32.sys **LOCKED** 32
17:47:48.514 Service iaStorV C:\Windows\system32\drivers\iaStorV.sys **LOCKED** 32
17:47:48.545 Service iirsp C:\Windows\system32\DRIVERS\iirsp.sys **LOCKED** 32
17:47:48.576 Service intelide C:\Windows\system32\drivers\intelide.sys **LOCKED** 32
17:47:48.607 Service intelppm C:\Windows\system32\DRIVERS\intelppm.sys **LOCKED** 32
17:47:48.638 Service IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys **LOCKED** 32
17:47:48.670 Service IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys **LOCKED** 32
17:47:48.701 Service IPNAT C:\Windows\System32\drivers\ipnat.sys **LOCKED** 32
17:47:48.732 Service IRENUM C:\Windows\system32\drivers\irenum.sys **LOCKED** 32
17:47:48.763 Service isapnp C:\Windows\system32\drivers\isapnp.sys **LOCKED** 32
17:47:48.794 Service iScsiPrt C:\Windows\system32\drivers\msiscsi.sys **LOCKED** 32
17:47:48.810 Service kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys **LOCKED** 32
17:47:48.857 Service kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys **LOCKED** 32
17:47:48.888 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 32
17:47:48.904 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 32
17:47:48.935 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 32
17:47:48.966 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 32
17:47:48.997 Service KSecDD C:\Windows\System32\Drivers\ksecdd.sys **LOCKED** 32
17:47:49.028 Service KSecPkg C:\Windows\System32\Drivers\ksecpkg.sys **LOCKED** 32
17:47:49.060 Service lltdio C:\Windows\system32\DRIVERS\lltdio.sys **LOCKED** 32
17:47:49.091 Service LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys **LOCKED** 32
17:47:49.122 Service LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys **LOCKED** 32
17:47:49.138 Service LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys **LOCKED** 32
17:47:49.184 Service LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys **LOCKED** 32
17:47:49.216 Service MDC8021X C:\Windows\system32\DRIVERS\mdc8021x.sys **LOCKED** 32
17:47:49.247 Service megasas C:\Windows\system32\DRIVERS\megasas.sys **LOCKED** 32
17:47:49.278 Service MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys **LOCKED** 32
17:47:49.309 Service Modem C:\Windows\system32\drivers\modem.sys **LOCKED** 32
17:47:49.340 Service monitor C:\Windows\system32\DRIVERS\monitor.sys **LOCKED** 32
17:47:49.372 Service mouclass C:\Windows\system32\DRIVERS\mouclass.sys **LOCKED** 32
17:47:49.403 Service mouhid C:\Windows\system32\DRIVERS\mouhid.sys **LOCKED** 32
17:47:49.418 Service mountmgr C:\Windows\System32\drivers\mountmgr.sys **LOCKED** 32
17:47:49.450 Service mpio C:\Windows\system32\drivers\mpio.sys **LOCKED** 32
17:47:49.481 Service mpsdrv C:\Windows\System32\drivers\mpsdrv.sys **LOCKED** 32
17:47:49.512 Service msahci C:\Windows\system32\drivers\msahci.sys **LOCKED** 32
17:47:49.543 Service msdsm C:\Windows\system32\drivers\msdsm.sys **LOCKED** 32
17:47:49.574 Service mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys **LOCKED** 32
17:47:49.606 Service msisadrv C:\Windows\system32\drivers\msisadrv.sys **LOCKED** 32
17:47:49.637 Service MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys **LOCKED** 32
17:47:49.668 Service MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys **LOCKED** 32
17:47:49.684 Service MSPQM C:\Windows\system32\drivers\MSPQM.sys **LOCKED** 32
17:47:49.715 Service MsRPC C:\Windows\System32\Drivers\MsRPC.sys **LOCKED** 32
17:47:49.746 Service mssmbios C:\Windows\system32\drivers\mssmbios.sys **LOCKED** 32
17:47:49.777 Service MSTEE C:\Windows\system32\drivers\MSTEE.sys **LOCKED** 32
17:47:49.808 Service MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys **LOCKED** 32
17:47:49.855 Service NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys **LOCKED** 32
17:47:49.886 Service NDIS C:\Windows\system32\drivers\ndis.sys **LOCKED** 32
17:47:49.902 Service NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys **LOCKED** 32
17:47:49.933 Service NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys **LOCKED** 32
17:47:49.964 Service Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys **LOCKED** 32
17:47:49.996 Service NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys **LOCKED** 32
17:47:50.027 Service NDProxy C:\Windows\System32\Drivers\NDProxy.sys **LOCKED** 32
17:47:50.058 Service NetBT C:\Windows\System32\DRIVERS\netbt.sys **LOCKED** 32
17:47:50.089 Service nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys **LOCKED** 32
17:47:50.120 Service nsiproxy C:\Windows\system32\drivers\nsiproxy.sys **LOCKED** 32
17:47:50.152 Service Null C:\Windows\System32\Drivers\Null.sys **LOCKED** 32
17:47:50.183 Service nvraid C:\Windows\system32\drivers\nvraid.sys **LOCKED** 32
17:47:50.214 Service nvstor C:\Windows\system32\drivers\nvstor.sys **LOCKED** 32
17:47:50.245 Service nv_agp C:\Windows\system32\drivers\nv_agp.sys **LOCKED** 32
17:47:50.276 Service ohci1394 C:\Windows\system32\drivers\ohci1394.sys **LOCKED** 32
17:47:50.323 Service Parport C:\Windows\system32\DRIVERS\parport.sys **LOCKED** 32
17:47:50.339 Service partmgr C:\Windows\System32\drivers\partmgr.sys **LOCKED** 32
17:47:50.370 Service Parvdm C:\Windows\system32\DRIVERS\parvdm.sys **LOCKED** 32
17:47:50.401 Service pci C:\Windows\system32\drivers\pci.sys **LOCKED** 32
17:47:50.432 Service pciide C:\Windows\system32\drivers\pciide.sys **LOCKED** 32
17:47:50.464 Service pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys **LOCKED** 32
17:47:50.495 Service pcw C:\Windows\System32\drivers\pcw.sys **LOCKED** 32
17:47:50.510 Service PEAUTH C:\Windows\system32\drivers\peauth.sys **LOCKED** 32
17:47:50.557 Service PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys **LOCKED** 32
17:47:50.573 Service Processor C:\Windows\system32\DRIVERS\processr.sys **LOCKED** 32
17:47:50.604 Service Psched C:\Windows\system32\DRIVERS\pacer.sys **LOCKED** 32
17:47:50.651 Service ql2300 C:\Windows\system32\DRIVERS\ql2300.sys **LOCKED** 32
17:47:50.666 Service ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys **LOCKED** 32
17:47:50.698 Service QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys **LOCKED** 32
17:47:50.729 Service RasAcd C:\Windows\System32\DRIVERS\rasacd.sys **LOCKED** 32
17:47:50.760 Service RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys **LOCKED** 32
17:47:50.791 Service Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys **LOCKED** 32
17:47:50.822 Service RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys **LOCKED** 32
17:47:50.854 Service RasSstp C:\Windows\system32\DRIVERS\rassstp.sys **LOCKED** 32
17:47:50.885 Service rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys **LOCKED** 32
17:47:50.916 Service RDPCDD C:\Windows\System32\DRIVERS\RDPCDD.sys **LOCKED** 32
17:47:50.932 Service RDPDR C:\Windows\System32\drivers\rdpdr.sys **LOCKED** 32
17:47:50.978 Service RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys **LOCKED** 32
17:47:51.010 Service RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys **LOCKED** 32
17:47:51.025 Service RdpVideoMiniport C:\Windows\System32\drivers\rdpvideominiport.sys **LOCKED** 32
17:47:51.056 Service RDPWD C:\Windows\System32\Drivers\RDPWD.sys **LOCKED** 32
17:47:51.088 Service rdyboost C:\Windows\System32\drivers\rdyboost.sys **LOCKED** 32
17:47:51.134 Service rspndr C:\Windows\system32\DRIVERS\rspndr.sys **LOCKED** 32
17:47:51.150 Service s3cap C:\Windows\system32\drivers\vms3cap.sys **LOCKED** 32
17:47:51.197 Service sbp2port C:\Windows\system32\drivers\sbp2port.sys **LOCKED** 32
17:47:51.228 Service scfilter C:\Windows\System32\DRIVERS\scfilter.sys **LOCKED** 32
17:47:51.259 Service secdrv C:\Windows\System32\Drivers\secdrv.sys **LOCKED** 32
17:47:51.275 Service Serenum C:\Windows\system32\DRIVERS\serenum.sys **LOCKED** 32
17:47:51.322 Service Serial C:\Windows\system32\DRIVERS\serial.sys **LOCKED** 32
17:47:51.353 Service sermouse C:\Windows\system32\DRIVERS\sermouse.sys **LOCKED** 32
17:47:51.384 Service sffdisk C:\Windows\system32\drivers\sffdisk.sys **LOCKED** 32
17:47:51.415 Service sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys **LOCKED** 32
17:47:51.446 Service sffp_sd C:\Windows\system32\drivers\sffp_sd.sys **LOCKED** 32
17:47:51.478 Service sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys **LOCKED** 32
17:47:51.509 Service sisagp C:\Windows\system32\drivers\sisagp.sys **LOCKED** 32
17:47:51.540 Service SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys **LOCKED** 32
17:47:51.571 Service SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys **LOCKED** 32
17:47:51.587 Service Smb C:\Windows\system32\DRIVERS\smb.sys **LOCKED** 32
17:47:51.618 Service smwdm C:\Windows\system32\drivers\smwdm.sys **LOCKED** 32
17:47:51.649 Service spldr C:\Windows\System32\Drivers\spldr.sys **LOCKED** 32
17:47:51.696 Service stexstor C:\Windows\system32\DRIVERS\stexstor.sys **LOCKED** 32
17:47:51.727 Service storflt C:\Windows\system32\drivers\vmstorfl.sys **LOCKED** 32
17:47:51.758 Service storvsc C:\Windows\system32\drivers\storvsc.sys **LOCKED** 32
17:47:51.790 Service swenum C:\Windows\system32\drivers\swenum.sys **LOCKED** 32
17:47:51.821 Service Tcpip C:\Windows\System32\drivers\tcpip.sys **LOCKED** 32
17:47:51.852 Service TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys **LOCKED** 32
17:47:51.899 Service tcpipreg C:\Windows\System32\drivers\tcpipreg.sys **LOCKED** 32
17:47:51.930 Service TDPIPE C:\Windows\system32\drivers\tdpipe.sys **LOCKED** 32
17:47:51.961 Service TDTCP C:\Windows\system32\drivers\tdtcp.sys **LOCKED** 32
17:47:51.977 Service tdx C:\Windows\system32\DRIVERS\tdx.sys **LOCKED** 32
17:47:52.008 Service TermDD C:\Windows\system32\drivers\termdd.sys **LOCKED** 32
17:47:52.055 Service tssecsrv C:\Windows\System32\DRIVERS\tssecsrv.sys **LOCKED** 32
17:47:52.070 Service TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys **LOCKED** 32
17:47:52.117 Service tunnel C:\Windows\system32\DRIVERS\tunnel.sys **LOCKED** 32
17:47:52.133 Service uagp35 C:\Windows\system32\DRIVERS\uagp35.sys **LOCKED** 32
17:47:52.164 Service uliagpkx C:\Windows\system32\drivers\uliagpkx.sys **LOCKED** 32
17:47:52.195 Service umbus C:\Windows\system32\drivers\umbus.sys **LOCKED** 32
17:47:52.226 Service UmPass C:\Windows\system32\DRIVERS\umpass.sys **LOCKED** 32
17:47:52.258 Service usbccgp C:\Windows\system32\drivers\usbccgp.sys **LOCKED** 32
17:47:52.289 Service usbcir C:\Windows\system32\drivers\usbcir.sys **LOCKED** 32
17:47:52.320 Service usbehci C:\Windows\system32\drivers\usbehci.sys **LOCKED** 32
17:47:52.367 Service usbhub C:\Windows\system32\drivers\usbhub.sys **LOCKED** 32
17:47:52.382 Service usbohci C:\Windows\system32\drivers\usbohci.sys **LOCKED** 32
17:47:52.414 Service usbprint C:\Windows\system32\DRIVERS\usbprint.sys **LOCKED** 32
17:47:52.445 Service USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS **LOCKED** 32
17:47:52.476 Service usbuhci C:\Windows\system32\drivers\usbuhci.sys **LOCKED** 32
17:47:52.507 Service vdrvroot C:\Windows\system32\drivers\vdrvroot.sys **LOCKED** 32
17:47:52.538 Service vga C:\Windows\system32\DRIVERS\vgapnp.sys **LOCKED** 32
17:47:52.570 Service VgaSave C:\Windows\System32\drivers\vga.sys **LOCKED** 32
17:47:52.585 Service vhdmp C:\Windows\system32\drivers\vhdmp.sys **LOCKED** 32
17:47:52.616 Service viaagp C:\Windows\system32\drivers\viaagp.sys **LOCKED** 32
17:47:52.648 Service ViaC7 C:\Windows\system32\DRIVERS\viac7.sys **LOCKED** 32
17:47:52.679 Service viaide C:\Windows\system32\drivers\viaide.sys **LOCKED** 32
17:47:52.710 Service vmbus C:\Windows\system32\drivers\vmbus.sys **LOCKED** 32
17:47:52.741 Service VMBusHID C:\Windows\system32\drivers\VMBusHID.sys **LOCKED** 32
17:47:52.804 Service volmgr C:\Windows\system32\drivers\volmgr.sys **LOCKED** 32
17:47:52.819 Service volmgrx C:\Windows\System32\drivers\volmgrx.sys **LOCKED** 32
17:47:52.850 Service volsnap C:\Windows\system32\drivers\volsnap.sys **LOCKED** 32
17:47:52.882 Service vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys **LOCKED** 32
17:47:52.913 Service vwifibus C:\Windows\System32\drivers\vwifibus.sys **LOCKED** 32
17:47:52.944 Service WacomPen C:\Windows\system32\DRIVERS\wacompen.sys **LOCKED** 32
17:47:52.975 Service WANARP C:\Windows\system32\DRIVERS\wanarp.sys **LOCKED** 32
17:47:53.006 Service Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys **LOCKED** 32
17:47:53.038 Service Wd C:\Windows\system32\DRIVERS\wd.sys **LOCKED** 32
17:47:53.069 Service Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys **LOCKED** 32
17:47:53.100 Service WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys **LOCKED** 32
17:47:53.147 Service WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys **LOCKED** 32
17:47:53.178 Service ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys **LOCKED** 32
17:47:53.209 Service WudfPf C:\Windows\system32\drivers\WudfPf.sys **LOCKED** 32
17:47:53.240 Service WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys **LOCKED** 32
17:47:53.802 Modules scanning
17:48:30.244 Disk 0 trace - called modules:
17:48:30.290 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys
17:48:30.306 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8550a030]
17:48:30.337 3 CLASSPNP.SYS[87d9159e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x8475c908]
17:48:30.368 Scan finished successfully
17:53:49.453 Disk 0 MBR has been saved successfully to "C:\Users\Baz\Desktop\sec2\MBR.dat"
17:53:49.469 The log file has been saved successfully to "C:\Users\Baz\Desktop\sec2\aswMBR.txt"


TDSS log:

aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-28 17:47:06
-----------------------------
17:47:06.511 OS Version: Windows 6.1.7601 Service Pack 1
17:47:06.511 Number of processors: 1 586 0x401
17:47:06.526 ComputerName: BAZ-PC UserName: Baz
17:47:10.192 Initialize success
17:47:29.201 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
17:47:29.201 Disk 0 Vendor: ST3250310CS 3.ACD Size: 238475MB BusType: 3
17:47:31.229 Disk 0 MBR read successfully
17:47:31.229 Disk 0 MBR scan
17:47:31.244 Disk 0 Windows 7 default MBR code
17:47:31.260 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:47:31.275 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
17:47:31.307 Disk 0 scanning sectors +488394752
17:47:31.416 Disk 0 scanning C:\Windows\system32\drivers
17:47:46.064 Service scanning
17:47:46.642 Service 1394ohci C:\Windows\system32\drivers\1394ohci.sys **LOCKED** 32
17:47:46.657 Service ACPI C:\Windows\system32\drivers\ACPI.sys **LOCKED** 32
17:47:46.673 Service AcpiPmi C:\Windows\system32\drivers\acpipmi.sys **LOCKED** 32
17:47:46.688 Service adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys **LOCKED** 32
17:47:46.704 Service adpahci C:\Windows\system32\DRIVERS\adpahci.sys **LOCKED** 32
17:47:46.735 Service adpu320 C:\Windows\system32\DRIVERS\adpu320.sys **LOCKED** 32
17:47:46.751 Service AFD C:\Windows\system32\drivers\afd.sys **LOCKED** 32
17:47:46.782 Service agp440 C:\Windows\system32\drivers\agp440.sys **LOCKED** 32
17:47:46.798 Service aic78xx C:\Windows\system32\DRIVERS\djsvs.sys **LOCKED** 32
17:47:46.829 Service aliide C:\Windows\system32\drivers\aliide.sys **LOCKED** 32
17:47:46.844 Service amdagp C:\Windows\system32\drivers\amdagp.sys **LOCKED** 32
17:47:46.876 Service amdide C:\Windows\system32\drivers\amdide.sys **LOCKED** 32
17:47:46.907 Service AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys **LOCKED** 32
17:47:46.922 Service AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys **LOCKED** 32
17:47:46.954 Service amdsata C:\Windows\system32\drivers\amdsata.sys **LOCKED** 32
17:47:46.969 Service amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys **LOCKED** 32
17:47:47.016 Service amdxata C:\Windows\system32\drivers\amdxata.sys **LOCKED** 32
17:47:47.032 Service AppID C:\Windows\system32\drivers\appid.sys **LOCKED** 32
17:47:47.063 Service arc C:\Windows\system32\DRIVERS\arc.sys **LOCKED** 32
17:47:47.094 Service arcsas C:\Windows\system32\DRIVERS\arcsas.sys **LOCKED** 32
17:47:47.125 Service AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys **LOCKED** 32
17:47:47.156 Service atapi C:\Windows\system32\drivers\atapi.sys **LOCKED** 32
17:47:47.188 Service b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys **LOCKED** 32
17:47:47.203 Service b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys **LOCKED** 32
17:47:47.250 Service Beep C:\Windows\System32\Drivers\Beep.sys **LOCKED** 32
17:47:47.281 Service blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys **LOCKED** 32
17:47:47.297 Service BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys **LOCKED** 32
17:47:47.328 Service BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys **LOCKED** 32
17:47:47.359 Service Brserid C:\Windows\System32\Drivers\Brserid.sys **LOCKED** 32
17:47:47.390 Service BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys **LOCKED** 32
17:47:47.422 Service BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys **LOCKED** 32
17:47:47.453 Service BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys **LOCKED** 32
17:47:47.500 Service BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys **LOCKED** 32
17:47:47.531 Service cdrom C:\Windows\system32\drivers\cdrom.sys **LOCKED** 32
17:47:47.546 Service circlass C:\Windows\system32\DRIVERS\circlass.sys **LOCKED** 32
17:47:47.578 Service CLFS C:\Windows\System32\CLFS.sys **LOCKED** 32
17:47:47.609 Service CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys **LOCKED** 32
17:47:47.640 Service cmdide C:\Windows\system32\drivers\cmdide.sys **LOCKED** 32
17:47:47.671 Service CNG C:\Windows\System32\Drivers\cng.sys **LOCKED** 32
17:47:47.702 Service Compbatt C:\Windows\system32\DRIVERS\compbatt.sys **LOCKED** 32
17:47:47.718 Service CompositeBus C:\Windows\system32\drivers\CompositeBus.sys **LOCKED** 32
17:47:47.749 Service crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys **LOCKED** 32
17:47:47.780 Service CSC C:\Windows\system32\drivers\csc.sys **LOCKED** 32
17:47:47.827 Service discache C:\Windows\System32\drivers\discache.sys **LOCKED** 32
17:47:47.858 Service Disk C:\Windows\system32\DRIVERS\disk.sys **LOCKED** 32
17:47:47.890 Service drmkaud C:\Windows\system32\drivers\drmkaud.sys **LOCKED** 32
17:47:47.921 Service DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys **LOCKED** 32
17:47:47.952 Service ebdrv C:\Windows\system32\DRIVERS\evbdx.sys **LOCKED** 32
17:47:47.983 Service elxstor C:\Windows\system32\DRIVERS\elxstor.sys **LOCKED** 32
17:47:48.014 Service ErrDev C:\Windows\system32\drivers\errdev.sys **LOCKED** 32
17:47:48.061 Service fdc C:\Windows\system32\DRIVERS\fdc.sys **LOCKED** 32
17:47:48.092 Service flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys **LOCKED** 32
17:47:48.124 Service fvevol C:\Windows\System32\DRIVERS\fvevol.sys **LOCKED** 32
17:47:48.155 Service gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys **LOCKED** 32
17:47:48.186 Service hcw85cir C:\Windows\system32\drivers\hcw85cir.sys **LOCKED** 32
17:47:48.217 Service HDAudBus C:\Windows\system32\drivers\HDAudBus.sys **LOCKED** 32
17:47:48.248 Service HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys **LOCKED** 32
17:47:48.280 Service HidBth C:\Windows\system32\DRIVERS\hidbth.sys **LOCKED** 32
17:47:48.311 Service HidIr C:\Windows\system32\DRIVERS\hidir.sys **LOCKED** 32
17:47:48.342 Service HidUsb C:\Windows\system32\DRIVERS\hidusb.sys **LOCKED** 32
17:47:48.373 Service HpSAMD C:\Windows\system32\drivers\HpSAMD.sys **LOCKED** 32
17:47:48.404 Service HTTP C:\Windows\system32\drivers\HTTP.sys **LOCKED** 32
17:47:48.436 Service hwpolicy C:\Windows\System32\drivers\hwpolicy.sys **LOCKED** 32
17:47:48.451 Service i8042prt C:\Windows\system32\drivers\i8042prt.sys **LOCKED** 32
17:47:48.482 Service ialm C:\Windows\system32\DRIVERS\igxpmp32.sys **LOCKED** 32
17:47:48.514 Service iaStorV C:\Windows\system32\drivers\iaStorV.sys **LOCKED** 32
17:47:48.545 Service iirsp C:\Windows\system32\DRIVERS\iirsp.sys **LOCKED** 32
17:47:48.576 Service intelide C:\Windows\system32\drivers\intelide.sys **LOCKED** 32
17:47:48.607 Service intelppm C:\Windows\system32\DRIVERS\intelppm.sys **LOCKED** 32
17:47:48.638 Service IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys **LOCKED** 32
17:47:48.670 Service IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys **LOCKED** 32
17:47:48.701 Service IPNAT C:\Windows\System32\drivers\ipnat.sys **LOCKED** 32
17:47:48.732 Service IRENUM C:\Windows\system32\drivers\irenum.sys **LOCKED** 32
17:47:48.763 Service isapnp C:\Windows\system32\drivers\isapnp.sys **LOCKED** 32
17:47:48.794 Service iScsiPrt C:\Windows\system32\drivers\msiscsi.sys **LOCKED** 32
17:47:48.810 Service kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys **LOCKED** 32
17:47:48.857 Service kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys **LOCKED** 32
17:47:48.888 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 32
17:47:48.904 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 32
17:47:48.935 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 32
17:47:48.966 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 32
17:47:48.997 Service KSecDD C:\Windows\System32\Drivers\ksecdd.sys **LOCKED** 32
17:47:49.028 Service KSecPkg C:\Windows\System32\Drivers\ksecpkg.sys **LOCKED** 32
17:47:49.060 Service lltdio C:\Windows\system32\DRIVERS\lltdio.sys **LOCKED** 32
17:47:49.091 Service LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys **LOCKED** 32
17:47:49.122 Service LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys **LOCKED** 32
17:47:49.138 Service LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys **LOCKED** 32
17:47:49.184 Service LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys **LOCKED** 32
17:47:49.216 Service MDC8021X C:\Windows\system32\DRIVERS\mdc8021x.sys **LOCKED** 32
17:47:49.247 Service megasas C:\Windows\system32\DRIVERS\megasas.sys **LOCKED** 32
17:47:49.278 Service MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys **LOCKED** 32
17:47:49.309 Service Modem C:\Windows\system32\drivers\modem.sys **LOCKED** 32
17:47:49.340 Service monitor C:\Windows\system32\DRIVERS\monitor.sys **LOCKED** 32
17:47:49.372 Service mouclass C:\Windows\system32\DRIVERS\mouclass.sys **LOCKED** 32
17:47:49.403 Service mouhid C:\Windows\system32\DRIVERS\mouhid.sys **LOCKED** 32
17:47:49.418 Service mountmgr C:\Windows\System32\drivers\mountmgr.sys **LOCKED** 32
17:47:49.450 Service mpio C:\Windows\system32\drivers\mpio.sys **LOCKED** 32
17:47:49.481 Service mpsdrv C:\Windows\System32\drivers\mpsdrv.sys **LOCKED** 32
17:47:49.512 Service msahci C:\Windows\system32\drivers\msahci.sys **LOCKED** 32
17:47:49.543 Service msdsm C:\Windows\system32\drivers\msdsm.sys **LOCKED** 32
17:47:49.574 Service mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys **LOCKED** 32
17:47:49.606 Service msisadrv C:\Windows\system32\drivers\msisadrv.sys **LOCKED** 32
17:47:49.637 Service MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys **LOCKED** 32
17:47:49.668 Service MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys **LOCKED** 32
17:47:49.684 Service MSPQM C:\Windows\system32\drivers\MSPQM.sys **LOCKED** 32
17:47:49.715 Service MsRPC C:\Windows\System32\Drivers\MsRPC.sys **LOCKED** 32
17:47:49.746 Service mssmbios C:\Windows\system32\drivers\mssmbios.sys **LOCKED** 32
17:47:49.777 Service MSTEE C:\Windows\system32\drivers\MSTEE.sys **LOCKED** 32
17:47:49.808 Service MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys **LOCKED** 32
17:47:49.855 Service NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys **LOCKED** 32
17:47:49.886 Service NDIS C:\Windows\system32\drivers\ndis.sys **LOCKED** 32
17:47:49.902 Service NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys **LOCKED** 32
17:47:49.933 Service NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys **LOCKED** 32
17:47:49.964 Service Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys **LOCKED** 32
17:47:49.996 Service NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys **LOCKED** 32
17:47:50.027 Service NDProxy C:\Windows\System32\Drivers\NDProxy.sys **LOCKED** 32
17:47:50.058 Service NetBT C:\Windows\System32\DRIVERS\netbt.sys **LOCKED** 32
17:47:50.089 Service nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys **LOCKED** 32
17:47:50.120 Service nsiproxy C:\Windows\system32\drivers\nsiproxy.sys **LOCKED** 32
17:47:50.152 Service Null C:\Windows\System32\Drivers\Null.sys **LOCKED** 32
17:47:50.183 Service nvraid C:\Windows\system32\drivers\nvraid.sys **LOCKED** 32
17:47:50.214 Service nvstor C:\Windows\system32\drivers\nvstor.sys **LOCKED** 32
17:47:50.245 Service nv_agp C:\Windows\system32\drivers\nv_agp.sys **LOCKED** 32
17:47:50.276 Service ohci1394 C:\Windows\system32\drivers\ohci1394.sys **LOCKED** 32
17:47:50.323 Service Parport C:\Windows\system32\DRIVERS\parport.sys **LOCKED** 32
17:47:50.339 Service partmgr C:\Windows\System32\drivers\partmgr.sys **LOCKED** 32
17:47:50.370 Service Parvdm C:\Windows\system32\DRIVERS\parvdm.sys **LOCKED** 32
17:47:50.401 Service pci C:\Windows\system32\drivers\pci.sys **LOCKED** 32
17:47:50.432 Service pciide C:\Windows\system32\drivers\pciide.sys **LOCKED** 32
17:47:50.464 Service pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys **LOCKED** 32
17:47:50.495 Service pcw C:\Windows\System32\drivers\pcw.sys **LOCKED** 32
17:47:50.510 Service PEAUTH C:\Windows\system32\drivers\peauth.sys **LOCKED** 32
17:47:50.557 Service PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys **LOCKED** 32
17:47:50.573 Service Processor C:\Windows\system32\DRIVERS\processr.sys **LOCKED** 32
17:47:50.604 Service Psched C:\Windows\system32\DRIVERS\pacer.sys **LOCKED** 32
17:47:50.651 Service ql2300 C:\Windows\system32\DRIVERS\ql2300.sys **LOCKED** 32
17:47:50.666 Service ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys **LOCKED** 32
17:47:50.698 Service QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys **LOCKED** 32
17:47:50.729 Service RasAcd C:\Windows\System32\DRIVERS\rasacd.sys **LOCKED** 32
17:47:50.760 Service RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys **LOCKED** 32
17:47:50.791 Service Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys **LOCKED** 32
17:47:50.822 Service RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys **LOCKED** 32
17:47:50.854 Service RasSstp C:\Windows\system32\DRIVERS\rassstp.sys **LOCKED** 32
17:47:50.885 Service rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys **LOCKED** 32
17:47:50.916 Service RDPCDD C:\Windows\System32\DRIVERS\RDPCDD.sys **LOCKED** 32
17:47:50.932 Service RDPDR C:\Windows\System32\drivers\rdpdr.sys **LOCKED** 32
17:47:50.978 Service RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys **LOCKED** 32
17:47:51.010 Service RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys **LOCKED** 32
17:47:51.025 Service RdpVideoMiniport C:\Windows\System32\drivers\rdpvideominiport.sys **LOCKED** 32
17:47:51.056 Service RDPWD C:\Windows\System32\Drivers\RDPWD.sys **LOCKED** 32
17:47:51.088 Service rdyboost C:\Windows\System32\drivers\rdyboost.sys **LOCKED** 32
17:47:51.134 Service rspndr C:\Windows\system32\DRIVERS\rspndr.sys **LOCKED** 32
17:47:51.150 Service s3cap C:\Windows\system32\drivers\vms3cap.sys **LOCKED** 32
17:47:51.197 Service sbp2port C:\Windows\system32\drivers\sbp2port.sys **LOCKED** 32
17:47:51.228 Service scfilter C:\Windows\System32\DRIVERS\scfilter.sys **LOCKED** 32
17:47:51.259 Service secdrv C:\Windows\System32\Drivers\secdrv.sys **LOCKED** 32
17:47:51.275 Service Serenum C:\Windows\system32\DRIVERS\serenum.sys **LOCKED** 32
17:47:51.322 Service Serial C:\Windows\system32\DRIVERS\serial.sys **LOCKED** 32
17:47:51.353 Service sermouse C:\Windows\system32\DRIVERS\sermouse.sys **LOCKED** 32
17:47:51.384 Service sffdisk C:\Windows\system32\drivers\sffdisk.sys **LOCKED** 32
17:47:51.415 Service sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys **LOCKED** 32
17:47:51.446 Service sffp_sd C:\Windows\system32\drivers\sffp_sd.sys **LOCKED** 32
17:47:51.478 Service sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys **LOCKED** 32
17:47:51.509 Service sisagp C:\Windows\system32\drivers\sisagp.sys **LOCKED** 32
17:47:51.540 Service SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys **LOCKED** 32
17:47:51.571 Service SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys **LOCKED** 32
17:47:51.587 Service Smb C:\Windows\system32\DRIVERS\smb.sys **LOCKED** 32
17:47:51.618 Service smwdm C:\Windows\system32\drivers\smwdm.sys **LOCKED** 32
17:47:51.649 Service spldr C:\Windows\System32\Drivers\spldr.sys **LOCKED** 32
17:47:51.696 Service stexstor C:\Windows\system32\DRIVERS\stexstor.sys **LOCKED** 32
17:47:51.727 Service storflt C:\Windows\system32\drivers\vmstorfl.sys **LOCKED** 32
17:47:51.758 Service storvsc C:\Windows\system32\drivers\storvsc.sys **LOCKED** 32
17:47:51.790 Service swenum C:\Windows\system32\drivers\swenum.sys **LOCKED** 32
17:47:51.821 Service Tcpip C:\Windows\System32\drivers\tcpip.sys **LOCKED** 32
17:47:51.852 Service TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys **LOCKED** 32
17:47:51.899 Service tcpipreg C:\Windows\System32\drivers\tcpipreg.sys **LOCKED** 32
17:47:51.930 Service TDPIPE C:\Windows\system32\drivers\tdpipe.sys **LOCKED** 32
17:47:51.961 Service TDTCP C:\Windows\system32\drivers\tdtcp.sys **LOCKED** 32
17:47:51.977 Service tdx C:\Windows\system32\DRIVERS\tdx.sys **LOCKED** 32
17:47:52.008 Service TermDD C:\Windows\system32\drivers\termdd.sys **LOCKED** 32
17:47:52.055 Service tssecsrv C:\Windows\System32\DRIVERS\tssecsrv.sys **LOCKED** 32
17:47:52.070 Service TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys **LOCKED** 32
17:47:52.117 Service tunnel C:\Windows\system32\DRIVERS\tunnel.sys **LOCKED** 32
17:47:52.133 Service uagp35 C:\Windows\system32\DRIVERS\uagp35.sys **LOCKED** 32
17:47:52.164 Service uliagpkx C:\Windows\system32\drivers\uliagpkx.sys **LOCKED** 32
17:47:52.195 Service umbus C:\Windows\system32\drivers\umbus.sys **LOCKED** 32
17:47:52.226 Service UmPass C:\Windows\system32\DRIVERS\umpass.sys **LOCKED** 32
17:47:52.258 Service usbccgp C:\Windows\system32\drivers\usbccgp.sys **LOCKED** 32
17:47:52.289 Service usbcir C:\Windows\system32\drivers\usbcir.sys **LOCKED** 32
17:47:52.320 Service usbehci C:\Windows\system32\drivers\usbehci.sys **LOCKED** 32
17:47:52.367 Service usbhub C:\Windows\system32\drivers\usbhub.sys **LOCKED** 32
17:47:52.382 Service usbohci C:\Windows\system32\drivers\usbohci.sys **LOCKED** 32
17:47:52.414 Service usbprint C:\Windows\system32\DRIVERS\usbprint.sys **LOCKED** 32
17:47:52.445 Service USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS **LOCKED** 32
17:47:52.476 Service usbuhci C:\Windows\system32\drivers\usbuhci.sys **LOCKED** 32
17:47:52.507 Service vdrvroot C:\Windows\system32\drivers\vdrvroot.sys **LOCKED** 32
17:47:52.538 Service vga C:\Windows\system32\DRIVERS\vgapnp.sys **LOCKED** 32
17:47:52.570 Service VgaSave C:\Windows\System32\drivers\vga.sys **LOCKED** 32
17:47:52.585 Service vhdmp C:\Windows\system32\drivers\vhdmp.sys **LOCKED** 32
17:47:52.616 Service viaagp C:\Windows\system32\drivers\viaagp.sys **LOCKED** 32
17:47:52.648 Service ViaC7 C:\Windows\system32\DRIVERS\viac7.sys **LOCKED** 32
17:47:52.679 Service viaide C:\Windows\system32\drivers\viaide.sys **LOCKED** 32
17:47:52.710 Service vmbus C:\Windows\system32\drivers\vmbus.sys **LOCKED** 32
17:47:52.741 Service VMBusHID C:\Windows\system32\drivers\VMBusHID.sys **LOCKED** 32
17:47:52.804 Service volmgr C:\Windows\system32\drivers\volmgr.sys **LOCKED** 32
17:47:52.819 Service volmgrx C:\Windows\System32\drivers\volmgrx.sys **LOCKED** 32
17:47:52.850 Service volsnap C:\Windows\system32\drivers\volsnap.sys **LOCKED** 32
17:47:52.882 Service vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys **LOCKED** 32
17:47:52.913 Service vwifibus C:\Windows\System32\drivers\vwifibus.sys **LOCKED** 32
17:47:52.944 Service WacomPen C:\Windows\system32\DRIVERS\wacompen.sys **LOCKED** 32
17:47:52.975 Service WANARP C:\Windows\system32\DRIVERS\wanarp.sys **LOCKED** 32
17:47:53.006 Service Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys **LOCKED** 32
17:47:53.038 Service Wd C:\Windows\system32\DRIVERS\wd.sys **LOCKED** 32
17:47:53.069 Service Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys **LOCKED** 32
17:47:53.100 Service WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys **LOCKED** 32
17:47:53.147 Service WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys **LOCKED** 32
17:47:53.178 Service ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys **LOCKED** 32
17:47:53.209 Service WudfPf C:\Windows\system32\drivers\WudfPf.sys **LOCKED** 32
17:47:53.240 Service WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys **LOCKED** 32
17:47:53.802 Modules scanning
17:48:30.244 Disk 0 trace - called modules:
17:48:30.290 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys
17:48:30.306 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8550a030]
17:48:30.337 3 CLASSPNP.SYS[87d9159e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x8475c908]
17:48:30.368 Scan finished successfully
17:53:49.453 Disk 0 MBR has been saved successfully to "C:\Users\Baz\Desktop\sec2\MBR.dat"
17:53:49.469 The log file has been saved successfully to "C:\Users\Baz\Desktop\sec2\aswMBR.txt


TDSS log:

I've included in this reply the requested logs for your inspection.

aswMBR.txt:

aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-28 17:47:06
-----------------------------
17:47:06.511 OS Version: Windows 6.1.7601 Service Pack 1
17:47:06.511 Number of processors: 1 586 0x401
17:47:06.526 ComputerName: BAZ-PC UserName: Baz
17:47:10.192 Initialize success
17:47:29.201 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
17:47:29.201 Disk 0 Vendor: ST3250310CS 3.ACD Size: 238475MB BusType: 3
17:47:31.229 Disk 0 MBR read successfully
17:47:31.229 Disk 0 MBR scan
17:47:31.244 Disk 0 Windows 7 default MBR code
17:47:31.260 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:47:31.275 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
17:47:31.307 Disk 0 scanning sectors +488394752
17:47:31.416 Disk 0 scanning C:\Windows\system32\drivers
17:47:46.064 Service scanning
17:47:46.642 Service 1394ohci C:\Windows\system32\drivers\1394ohci.sys **LOCKED** 32
17:47:46.657 Service ACPI C:\Windows\system32\drivers\ACPI.sys **LOCKED** 32
17:47:46.673 Service AcpiPmi C:\Windows\system32\drivers\acpipmi.sys **LOCKED** 32
17:47:46.688 Service adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys **LOCKED** 32
17:47:46.704 Service adpahci C:\Windows\system32\DRIVERS\adpahci.sys **LOCKED** 32
17:47:46.735 Service adpu320 C:\Windows\system32\DRIVERS\adpu320.sys **LOCKED** 32
17:47:46.751 Service AFD C:\Windows\system32\drivers\afd.sys **LOCKED** 32
17:47:46.782 Service agp440 C:\Windows\system32\drivers\agp440.sys **LOCKED** 32
17:47:46.798 Service aic78xx C:\Windows\system32\DRIVERS\djsvs.sys **LOCKED** 32
17:47:46.829 Service aliide C:\Windows\system32\drivers\aliide.sys **LOCKED** 32
17:47:46.844 Service amdagp C:\Windows\system32\drivers\amdagp.sys **LOCKED** 32
17:47:46.876 Service amdide C:\Windows\system32\drivers\amdide.sys **LOCKED** 32
17:47:46.907 Service AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys **LOCKED** 32
17:47:46.922 Service AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys **LOCKED** 32
17:47:46.954 Service amdsata C:\Windows\system32\drivers\amdsata.sys **LOCKED** 32
17:47:46.969 Service amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys **LOCKED** 32
17:47:47.016 Service amdxata C:\Windows\system32\drivers\amdxata.sys **LOCKED** 32
17:47:47.032 Service AppID C:\Windows\system32\drivers\appid.sys **LOCKED** 32
17:47:47.063 Service arc C:\Windows\system32\DRIVERS\arc.sys **LOCKED** 32
17:47:47.094 Service arcsas C:\Windows\system32\DRIVERS\arcsas.sys **LOCKED** 32
17:47:47.125 Service AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys **LOCKED** 32
17:47:47.156 Service atapi C:\Windows\system32\drivers\atapi.sys **LOCKED** 32
17:47:47.188 Service b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys **LOCKED** 32
17:47:47.203 Service b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys **LOCKED** 32
17:47:47.250 Service Beep C:\Windows\System32\Drivers\Beep.sys **LOCKED** 32
17:47:47.281 Service blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys **LOCKED** 32
17:47:47.297 Service BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys **LOCKED** 32
17:47:47.328 Service BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys **LOCKED** 32
17:47:47.359 Service Brserid C:\Windows\System32\Drivers\Brserid.sys **LOCKED** 32
17:47:47.390 Service BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys **LOCKED** 32
17:47:47.422 Service BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys **LOCKED** 32
17:47:47.453 Service BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys **LOCKED** 32
17:47:47.500 Service BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys **LOCKED** 32
17:47:47.531 Service cdrom C:\Windows\system32\drivers\cdrom.sys **LOCKED** 32
17:47:47.546 Service circlass C:\Windows\system32\DRIVERS\circlass.sys **LOCKED** 32
17:47:47.578 Service CLFS C:\Windows\System32\CLFS.sys **LOCKED** 32
17:47:47.609 Service CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys **LOCKED** 32
17:47:47.640 Service cmdide C:\Windows\system32\drivers\cmdide.sys **LOCKED** 32
17:47:47.671 Service CNG C:\Windows\System32\Drivers\cng.sys **LOCKED** 32
17:47:47.702 Service Compbatt C:\Windows\system32\DRIVERS\compbatt.sys **LOCKED** 32
17:47:47.718 Service CompositeBus C:\Windows\system32\drivers\CompositeBus.sys **LOCKED** 32
17:47:47.749 Service crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys **LOCKED** 32
17:47:47.780 Service CSC C:\Windows\system32\drivers\csc.sys **LOCKED** 32
17:47:47.827 Service discache C:\Windows\System32\drivers\discache.sys **LOCKED** 32
17:47:47.858 Service Disk C:\Windows\system32\DRIVERS\disk.sys **LOCKED** 32
17:47:47.890 Service drmkaud C:\Windows\system32\drivers\drmkaud.sys **LOCKED** 32
17:47:47.921 Service DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys **LOCKED** 32
17:47:47.952 Service ebdrv C:\Windows\system32\DRIVERS\evbdx.sys **LOCKED** 32
17:47:47.983 Service elxstor C:\Windows\system32\DRIVERS\elxstor.sys **LOCKED** 32
17:47:48.014 Service ErrDev C:\Windows\system32\drivers\errdev.sys **LOCKED** 32
17:47:48.061 Service fdc C:\Windows\system32\DRIVERS\fdc.sys **LOCKED** 32
17:47:48.092 Service flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys **LOCKED** 32
17:47:48.124 Service fvevol C:\Windows\System32\DRIVERS\fvevol.sys **LOCKED** 32
17:47:48.155 Service gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys **LOCKED** 32
17:47:48.186 Service hcw85cir C:\Windows\system32\drivers\hcw85cir.sys **LOCKED** 32
17:47:48.217 Service HDAudBus C:\Windows\system32\drivers\HDAudBus.sys **LOCKED** 32
17:47:48.248 Service HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys **LOCKED** 32
17:47:48.280 Service HidBth C:\Windows\system32\DRIVERS\hidbth.sys **LOCKED** 32
17:47:48.311 Service HidIr C:\Windows\system32\DRIVERS\hidir.sys **LOCKED** 32
17:47:48.342 Service HidUsb C:\Windows\system32\DRIVERS\hidusb.sys **LOCKED** 32
17:47:48.373 Service HpSAMD C:\Windows\system32\drivers\HpSAMD.sys **LOCKED** 32
17:47:48.404 Service HTTP C:\Windows\system32\drivers\HTTP.sys **LOCKED** 32
17:47:48.436 Service hwpolicy C:\Windows\System32\drivers\hwpolicy.sys **LOCKED** 32
17:47:48.451 Service i8042prt C:\Windows\system32\drivers\i8042prt.sys **LOCKED** 32
17:47:48.482 Service ialm C:\Windows\system32\DRIVERS\igxpmp32.sys **LOCKED** 32
17:47:48.514 Service iaStorV C:\Windows\system32\drivers\iaStorV.sys **LOCKED** 32
17:47:48.545 Service iirsp C:\Windows\system32\DRIVERS\iirsp.sys **LOCKED** 32
17:47:48.576 Service intelide C:\Windows\system32\drivers\intelide.sys **LOCKED** 32
17:47:48.607 Service intelppm C:\Windows\system32\DRIVERS\intelppm.sys **LOCKED** 32
17:47:48.638 Service IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys **LOCKED** 32
17:47:48.670 Service IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys **LOCKED** 32
17:47:48.701 Service IPNAT C:\Windows\System32\drivers\ipnat.sys **LOCKED** 32
17:47:48.732 Service IRENUM C:\Windows\system32\drivers\irenum.sys **LOCKED** 32
17:47:48.763 Service isapnp C:\Windows\system32\drivers\isapnp.sys **LOCKED** 32
17:47:48.794 Service iScsiPrt C:\Windows\system32\drivers\msiscsi.sys **LOCKED** 32
17:47:48.810 Service kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys **LOCKED** 32
17:47:48.857 Service kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys **LOCKED** 32
17:47:48.888 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 32
17:47:48.904 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 32
17:47:48.935 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 32
17:47:48.966 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 32
17:47:48.997 Service KSecDD C:\Windows\System32\Drivers\ksecdd.sys **LOCKED** 32
17:47:49.028 Service KSecPkg C:\Windows\System32\Drivers\ksecpkg.sys **LOCKED** 32
17:47:49.060 Service lltdio C:\Windows\system32\DRIVERS\lltdio.sys **LOCKED** 32
17:47:49.091 Service LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys **LOCKED** 32
17:47:49.122 Service LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys **LOCKED** 32
17:47:49.138 Service LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys **LOCKED** 32
17:47:49.184 Service LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys **LOCKED** 32
17:47:49.216 Service MDC8021X C:\Windows\system32\DRIVERS\mdc8021x.sys **LOCKED** 32
17:47:49.247 Service megasas C:\Windows\system32\DRIVERS\megasas.sys **LOCKED** 32
17:47:49.278 Service MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys **LOCKED** 32
17:47:49.309 Service Modem C:\Windows\system32\drivers\modem.sys **LOCKED** 32
17:47:49.340 Service monitor C:\Windows\system32\DRIVERS\monitor.sys **LOCKED** 32
17:47:49.372 Service mouclass C:\Windows\system32\DRIVERS\mouclass.sys **LOCKED** 32
17:47:49.403 Service mouhid C:\Windows\system32\DRIVERS\mouhid.sys **LOCKED** 32
17:47:49.418 Service mountmgr C:\Windows\System32\drivers\mountmgr.sys **LOCKED** 32
17:47:49.450 Service mpio C:\Windows\system32\drivers\mpio.sys **LOCKED** 32
17:47:49.481 Service mpsdrv C:\Windows\System32\drivers\mpsdrv.sys **LOCKED** 32
17:47:49.512 Service msahci C:\Windows\system32\drivers\msahci.sys **LOCKED** 32
17:47:49.543 Service msdsm C:\Windows\system32\drivers\msdsm.sys **LOCKED** 32
17:47:49.574 Service mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys **LOCKED** 32
17:47:49.606 Service msisadrv C:\Windows\system32\drivers\msisadrv.sys **LOCKED** 32
17:47:49.637 Service MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys **LOCKED** 32
17:47:49.668 Service MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys **LOCKED** 32
17:47:49.684 Service MSPQM C:\Windows\system32\drivers\MSPQM.sys **LOCKED** 32
17:47:49.715 Service MsRPC C:\Windows\System32\Drivers\MsRPC.sys **LOCKED** 32
17:47:49.746 Service mssmbios C:\Windows\system32\drivers\mssmbios.sys **LOCKED** 32
17:47:49.777 Service MSTEE C:\Windows\system32\drivers\MSTEE.sys **LOCKED** 32
17:47:49.808 Service MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys **LOCKED** 32
17:47:49.855 Service NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys **LOCKED** 32
17:47:49.886 Service NDIS C:\Windows\system32\drivers\ndis.sys **LOCKED** 32
17:47:49.902 Service NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys **LOCKED** 32
17:47:49.933 Service NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys **LOCKED** 32
17:47:49.964 Service Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys **LOCKED** 32
17:47:49.996 Service NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys **LOCKED** 32
17:47:50.027 Service NDProxy C:\Windows\System32\Drivers\NDProxy.sys **LOCKED** 32
17:47:50.058 Service NetBT C:\Windows\System32\DRIVERS\netbt.sys **LOCKED** 32
17:47:50.089 Service nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys **LOCKED** 32
17:47:50.120 Service nsiproxy C:\Windows\system32\drivers\nsiproxy.sys **LOCKED** 32
17:47:50.152 Service Null C:\Windows\System32\Drivers\Null.sys **LOCKED** 32
17:47:50.183 Service nvraid C:\Windows\system32\drivers\nvraid.sys **LOCKED** 32
17:47:50.214 Service nvstor C:\Windows\system32\drivers\nvstor.sys **LOCKED** 32
17:47:50.245 Service nv_agp C:\Windows\system32\drivers\nv_agp.sys **LOCKED** 32
17:47:50.276 Service ohci1394 C:\Windows\system32\drivers\ohci1394.sys **LOCKED** 32
17:47:50.323 Service Parport C:\Windows\system32\DRIVERS\parport.sys **LOCKED** 32
17:47:50.339 Service partmgr C:\Windows\System32\drivers\partmgr.sys **LOCKED** 32
17:47:50.370 Service Parvdm C:\Windows\system32\DRIVERS\parvdm.sys **LOCKED** 32
17:47:50.401 Service pci C:\Windows\system32\drivers\pci.sys **LOCKED** 32
17:47:50.432 Service pciide C:\Windows\system32\drivers\pciide.sys **LOCKED** 32
17:47:50.464 Service pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys **LOCKED** 32
17:47:50.495 Service pcw C:\Windows\System32\drivers\pcw.sys **LOCKED** 32
17:47:50.510 Service PEAUTH C:\Windows\system32\drivers\peauth.sys **LOCKED** 32
17:47:50.557 Service PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys **LOCKED** 32
17:47:50.573 Service Processor C:\Windows\system32\DRIVERS\processr.sys **LOCKED** 32
17:47:50.604 Service Psched C:\Windows\system32\DRIVERS\pacer.sys **LOCKED** 32
17:47:50.651 Service ql2300 C:\Windows\system32\DRIVERS\ql2300.sys **LOCKED** 32
17:47:50.666 Service ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys **LOCKED** 32
17:47:50.698 Service QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys **LOCKED** 32
17:47:50.729 Service RasAcd C:\Windows\System32\DRIVERS\rasacd.sys **LOCKED** 32
17:47:50.760 Service RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys **LOCKED** 32
17:47:50.791 Service Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys **LOCKED** 32
17:47:50.822 Service RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys **LOCKED** 32
17:47:50.854 Service RasSstp C:\Windows\system32\DRIVERS\rassstp.sys **LOCKED** 32
17:47:50.885 Service rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys **LOCKED** 32
17:47:50.916 Service RDPCDD C:\Windows\System32\DRIVERS\RDPCDD.sys **LOCKED** 32
17:47:50.932 Service RDPDR C:\Windows\System32\drivers\rdpdr.sys **LOCKED** 32
17:47:50.978 Service RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys **LOCKED** 32
17:47:51.010 Service RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys **LOCKED** 32
17:47:51.025 Service RdpVideoMiniport C:\Windows\System32\drivers\rdpvideominiport.sys **LOCKED** 32
17:47:51.056 Service RDPWD C:\Windows\System32\Drivers\RDPWD.sys **LOCKED** 32
17:47:51.088 Service rdyboost C:\Windows\System32\drivers\rdyboost.sys **LOCKED** 32
17:47:51.134 Service rspndr C:\Windows\system32\DRIVERS\rspndr.sys **LOCKED** 32
17:47:51.150 Service s3cap C:\Windows\system32\drivers\vms3cap.sys **LOCKED** 32
17:47:51.197 Service sbp2port C:\Windows\system32\drivers\sbp2port.sys **LOCKED** 32
17:47:51.228 Service scfilter C:\Windows\System32\DRIVERS\scfilter.sys **LOCKED** 32
17:47:51.259 Service secdrv C:\Windows\System32\Drivers\secdrv.sys **LOCKED** 32
17:47:51.275 Service Serenum C:\Windows\system32\DRIVERS\serenum.sys **LOCKED** 32
17:47:51.322 Service Serial C:\Windows\system32\DRIVERS\serial.sys **LOCKED** 32
17:47:51.353 Service sermouse C:\Windows\system32\DRIVERS\sermouse.sys **LOCKED** 32
17:47:51.384 Service sffdisk C:\Windows\system32\drivers\sffdisk.sys **LOCKED** 32
17:47:51.415 Service sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys **LOCKED** 32
17:47:51.446 Service sffp_sd C:\Windows\system32\drivers\sffp_sd.sys **LOCKED** 32
17:47:51.478 Service sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys **LOCKED** 32
17:47:51.509 Service sisagp C:\Windows\system32\drivers\sisagp.sys **LOCKED** 32
17:47:51.540 Service SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys **LOCKED** 32
17:47:51.571 Service SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys **LOCKED** 32
17:47:51.587 Service Smb C:\Windows\system32\DRIVERS\smb.sys **LOCKED** 32
17:47:51.618 Service smwdm C:\Windows\system32\drivers\smwdm.sys **LOCKED** 32
17:47:51.649 Service spldr C:\Windows\System32\Drivers\spldr.sys **LOCKED** 32
17:47:51.696 Service stexstor C:\Windows\system32\DRIVERS\stexstor.sys **LOCKED** 32
17:47:51.727 Service storflt C:\Windows\system32\drivers\vmstorfl.sys **LOCKED** 32
17:47:51.758 Service storvsc C:\Windows\system32\drivers\storvsc.sys **LOCKED** 32
17:47:51.790 Service swenum C:\Windows\system32\drivers\swenum.sys **LOCKED** 32
17:47:51.821 Service Tcpip C:\Windows\System32\drivers\tcpip.sys **LOCKED** 32
17:47:51.852 Service TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys **LOCKED** 32
17:47:51.899 Service tcpipreg C:\Windows\System32\drivers\tcpipreg.sys **LOCKED** 32
17:47:51.930 Service TDPIPE C:\Windows\system32\drivers\tdpipe.sys **LOCKED** 32
17:47:51.961 Service TDTCP C:\Windows\system32\drivers\tdtcp.sys **LOCKED** 32
17:47:51.977 Service tdx C:\Windows\system32\DRIVERS\tdx.sys **LOCKED** 32
17:47:52.008 Service TermDD C:\Windows\system32\drivers\termdd.sys **LOCKED** 32
17:47:52.055 Service tssecsrv C:\Windows\System32\DRIVERS\tssecsrv.sys **LOCKED** 32
17:47:52.070 Service TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys **LOCKED** 32
17:47:52.117 Service tunnel C:\Windows\system32\DRIVERS\tunnel.sys **LOCKED** 32
17:47:52.133 Service uagp35 C:\Windows\system32\DRIVERS\uagp35.sys **LOCKED** 32
17:47:52.164 Service uliagpkx C:\Windows\system32\drivers\uliagpkx.sys **LOCKED** 32
17:47:52.195 Service umbus C:\Windows\system32\drivers\umbus.sys **LOCKED** 32
17:47:52.226 Service UmPass C:\Windows\system32\DRIVERS\umpass.sys **LOCKED** 32
17:47:52.258 Service usbccgp C:\Windows\system32\drivers\usbccgp.sys **LOCKED** 32
17:47:52.289 Service usbcir C:\Windows\system32\drivers\usbcir.sys **LOCKED** 32
17:47:52.320 Service usbehci C:\Windows\system32\drivers\usbehci.sys **LOCKED** 32
17:47:52.367 Service usbhub C:\Windows\system32\drivers\usbhub.sys **LOCKED** 32
17:47:52.382 Service usbohci C:\Windows\system32\drivers\usbohci.sys **LOCKED** 32
17:47:52.414 Service usbprint C:\Windows\system32\DRIVERS\usbprint.sys **LOCKED** 32
17:47:52.445 Service USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS **LOCKED** 32
17:47:52.476 Service usbuhci C:\Windows\system32\drivers\usbuhci.sys **LOCKED** 32
17:47:52.507 Service vdrvroot C:\Windows\system32\drivers\vdrvroot.sys **LOCKED** 32
17:47:52.538 Service vga C:\Windows\system32\DRIVERS\vgapnp.sys **LOCKED** 32
17:47:52.570 Service VgaSave C:\Windows\System32\drivers\vga.sys **LOCKED** 32
17:47:52.585 Service vhdmp C:\Windows\system32\drivers\vhdmp.sys **LOCKED** 32
17:47:52.616 Service viaagp C:\Windows\system32\drivers\viaagp.sys **LOCKED** 32
17:47:52.648 Service ViaC7 C:\Windows\system32\DRIVERS\viac7.sys **LOCKED** 32
17:47:52.679 Service viaide C:\Windows\system32\drivers\viaide.sys **LOCKED** 32
17:47:52.710 Service vmbus C:\Windows\system32\drivers\vmbus.sys **LOCKED** 32
17:47:52.741 Service VMBusHID C:\Windows\system32\drivers\VMBusHID.sys **LOCKED** 32
17:47:52.804 Service volmgr C:\Windows\system32\drivers\volmgr.sys **LOCKED** 32
17:47:52.819 Service volmgrx C:\Windows\System32\drivers\volmgrx.sys **LOCKED** 32
17:47:52.850 Service volsnap C:\Windows\system32\drivers\volsnap.sys **LOCKED** 32
17:47:52.882 Service vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys **LOCKED** 32
17:47:52.913 Service vwifibus C:\Windows\System32\drivers\vwifibus.sys **LOCKED** 32
17:47:52.944 Service WacomPen C:\Windows\system32\DRIVERS\wacompen.sys **LOCKED** 32
17:47:52.975 Service WANARP C:\Windows\system32\DRIVERS\wanarp.sys **LOCKED** 32
17:47:53.006 Service Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys **LOCKED** 32
17:47:53.038 Service Wd C:\Windows\system32\DRIVERS\wd.sys **LOCKED** 32
17:47:53.069 Service Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys **LOCKED** 32
17:47:53.100 Service WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys **LOCKED** 32
17:47:53.147 Service WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys **LOCKED** 32
17:47:53.178 Service ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys **LOCKED** 32
17:47:53.209 Service WudfPf C:\Windows\system32\drivers\WudfPf.sys **LOCKED** 32
17:47:53.240 Service WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys **LOCKED** 32
17:47:53.802 Modules scanning
17:48:30.244 Disk 0 trace - called modules:
17:48:30.290 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys
17:48:30.306 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8550a030]
17:48:30.337 3 CLASSPNP.SYS[87d9159e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x8475c908]
17:48:30.368 Scan finished successfully
17:53:49.453 Disk 0 MBR has been saved successfully to "C:\Users\Baz\Desktop\sec2\MBR.dat"
17:53:49.469 The log file has been saved successfully to "C:\Users\Baz\Desktop\sec2\aswMBR.txt"


TDSS log:

18:10:20.0332 0816 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
18:10:20.0473 0816 ============================================================
18:10:20.0473 0816 Current date / time: 2011/12/28 18:10:20.0473
18:10:20.0473 0816 SystemInfo:
18:10:20.0473 0816
18:10:20.0473 0816 OS Version: 6.1.7601 ServicePack: 1.0
18:10:20.0473 0816 Product type: Workstation
18:10:20.0473 0816 ComputerName: BAZ-PC
18:10:20.0473 0816 UserName: Baz
18:10:20.0473 0816 Windows directory: C:\Windows
18:10:20.0473 0816 System windows directory: C:\Windows
18:10:20.0473 0816 Processor architecture: Intel x86
18:10:20.0473 0816 Number of processors: 1
18:10:20.0473 0816 Page size: 0x1000
18:10:20.0473 0816 Boot type: Safe boot with network
18:10:20.0473 0816 ============================================================
18:10:21.0378 0816 Initialize success
18:11:13.0497 1100 ============================================================
18:11:13.0497 1100 Scan started
18:11:13.0497 1100 Mode: Manual; SigCheck; TDLFS;
18:11:13.0497 1100 ============================================================
18:11:13.0809 1100 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:11:13.0965 1100 1394ohci - ok
18:11:14.0137 1100 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:11:14.0168 1100 ACPI - ok
18:11:14.0324 1100 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:11:14.0449 1100 AcpiPmi - ok
18:11:14.0574 1100 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:11:14.0605 1100 adp94xx - ok
18:11:14.0745 1100 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:11:14.0761 1100 adpahci - ok
18:11:14.0886 1100 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:11:14.0917 1100 adpu320 - ok
18:11:15.0088 1100 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:11:15.0166 1100 AFD - ok
18:11:15.0307 1100 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:11:15.0354 1100 agp440 - ok
18:11:15.0478 1100 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:11:15.0494 1100 aic78xx - ok
18:11:15.0666 1100 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:11:15.0744 1100 aliide - ok
18:11:15.0868 1100 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:11:15.0946 1100 amdagp - ok
18:11:16.0087 1100 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:11:16.0149 1100 amdide - ok
18:11:16.0274 1100 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:11:16.0368 1100 AmdK8 - ok
18:11:16.0492 1100 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:11:16.0555 1100 AmdPPM - ok
18:11:16.0695 1100 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
18:11:16.0742 1100 amdsata - ok
18:11:16.0851 1100 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:11:16.0882 1100 amdsbs - ok
18:11:17.0007 1100 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
18:11:17.0023 1100 amdxata - ok
18:11:17.0163 1100 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:11:17.0319 1100 AppID - ok
18:11:17.0444 1100 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:11:17.0475 1100 arc - ok
18:11:17.0569 1100 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:11:17.0600 1100 arcsas - ok
18:11:17.0725 1100 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:11:17.0834 1100 AsyncMac - ok
18:11:17.0959 1100 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:11:17.0974 1100 atapi - ok
18:11:18.0162 1100 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:11:18.0240 1100 b06bdrv - ok
18:11:18.0380 1100 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:11:18.0427 1100 b57nd60x - ok
18:11:18.0552 1100 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:11:18.0598 1100 Beep - ok
18:11:18.0723 1100 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:11:18.0754 1100 blbdrive - ok
18:11:18.0910 1100 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:11:18.0926 1100 bowser - ok
18:11:19.0035 1100 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:11:19.0113 1100 BrFiltLo - ok
18:11:19.0207 1100 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:11:19.0254 1100 BrFiltUp - ok
18:11:19.0363 1100 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:11:19.0441 1100 Brserid - ok
18:11:19.0534 1100 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:11:19.0597 1100 BrSerWdm - ok
18:11:19.0706 1100 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:11:19.0737 1100 BrUsbMdm - ok
18:11:19.0846 1100 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:11:19.0909 1100 BrUsbSer - ok
18:11:20.0034 1100 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:11:20.0065 1100 BTHMODEM - ok
18:11:20.0221 1100 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:11:20.0252 1100 cdfs - ok
18:11:20.0424 1100 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
18:11:20.0470 1100 cdrom - ok
18:11:20.0595 1100 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:11:20.0658 1100 circlass - ok
18:11:20.0751 1100 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:11:20.0798 1100 CLFS - ok
18:11:20.0907 1100 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:11:20.0954 1100 CmBatt - ok
18:11:21.0110 1100 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:11:21.0157 1100 cmdide - ok
18:11:21.0282 1100 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
18:11:21.0328 1100 CNG - ok
18:11:21.0453 1100 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:11:21.0484 1100 Compbatt - ok
18:11:21.0640 1100 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:11:21.0672 1100 CompositeBus - ok
18:11:21.0828 1100 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:11:21.0843 1100 crcdisk - ok
18:11:22.0030 1100 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
18:11:22.0108 1100 CSC - ok
18:11:22.0342 1100 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:11:22.0374 1100 DfsC - ok
18:11:22.0498 1100 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:11:22.0545 1100 discache - ok
18:11:22.0670 1100 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:11:22.0686 1100 Disk - ok
18:11:22.0826 1100 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:11:22.0904 1100 drmkaud - ok
18:11:23.0029 1100 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:11:23.0091 1100 DXGKrnl - ok
18:11:23.0294 1100 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:11:23.0434 1100 ebdrv - ok
18:11:23.0606 1100 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:11:23.0653 1100 elxstor - ok
18:11:23.0809 1100 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:11:23.0902 1100 ErrDev - ok
18:11:24.0074 1100 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:11:24.0105 1100 exfat - ok
18:11:24.0214 1100 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:11:24.0261 1100 fastfat - ok
18:11:24.0402 1100 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:11:24.0433 1100 fdc - ok
18:11:24.0573 1100 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:11:24.0589 1100 FileInfo - ok
18:11:24.0682 1100 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:11:24.0729 1100 Filetrace - ok
18:11:24.0823 1100 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:11:24.0854 1100 flpydisk - ok
18:11:24.0979 1100 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:11:25.0010 1100 FltMgr - ok
18:11:25.0119 1100 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:11:25.0150 1100 FsDepends - ok
18:11:25.0228 1100 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
18:11:25.0260 1100 Fs_Rec - ok
18:11:25.0384 1100 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:11:25.0416 1100 fvevol - ok
18:11:25.0852 1100 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:11:25.0884 1100 gagp30kx - ok
18:11:26.0008 1100 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:11:26.0071 1100 hcw85cir - ok
18:11:26.0211 1100 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
18:11:26.0242 1100 HDAudBus - ok
18:11:26.0336 1100 helmet - ok
18:11:26.0430 1100 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:11:26.0476 1100 HidBatt - ok
18:11:26.0586 1100 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:11:26.0617 1100 HidBth - ok
18:11:26.0757 1100 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:11:26.0773 1100 HidIr - ok
18:11:26.0929 1100 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
18:11:26.0944 1100 HidUsb - ok
18:11:27.0100 1100 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:11:27.0132 1100 HpSAMD - ok
18:11:27.0241 1100 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:11:27.0303 1100 HTTP - ok
18:11:27.0412 1100 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:11:27.0428 1100 hwpolicy - ok
18:11:27.0553 1100 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:11:27.0631 1100 i8042prt - ok
18:11:27.0943 1100 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\Windows\system32\DRIVERS\igxpmp32.sys
18:11:28.0177 1100 ialm - ok
18:11:28.0333 1100 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
18:11:28.0411 1100 iaStorV - ok
18:11:28.0520 1100 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:11:28.0551 1100 iirsp - ok
18:11:28.0676 1100 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:11:28.0738 1100 intelide - ok
18:11:28.0848 1100 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:11:28.0879 1100 intelppm - ok
18:11:28.0988 1100 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:11:29.0019 1100 IpFilterDriver - ok
18:11:29.0175 1100 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:11:29.0269 1100 IPMIDRV - ok
18:11:29.0362 1100 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:11:29.0456 1100 IPNAT - ok
18:11:29.0550 1100 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:11:29.0581 1100 IRENUM - ok
18:11:29.0706 1100 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:11:29.0721 1100 isapnp - ok
18:11:29.0862 1100 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:11:29.0877 1100 iScsiPrt - ok
18:11:30.0018 1100 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:11:30.0033 1100 kbdclass - ok
18:11:30.0174 1100 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
18:11:30.0205 1100 kbdhid - ok
18:11:30.0376 1100 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
18:11:31.0016 1100 KL1 - ok
18:11:31.0172 1100 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
18:11:31.0172 1100 kl2 - ok
18:11:31.0344 1100 KLIF (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys
18:11:31.0375 1100 KLIF - ok
18:11:31.0515 1100 KLIM6 (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys
18:11:31.0531 1100 KLIM6 - ok
18:11:31.0656 1100 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
18:11:31.0671 1100 klmouflt - ok
18:11:31.0780 1100 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
18:11:31.0796 1100 KSecDD - ok
18:11:31.0874 1100 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
18:11:31.0905 1100 KSecPkg - ok
18:11:32.0030 1100 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:11:32.0077 1100 lltdio - ok
18:11:32.0202 1100 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:11:32.0233 1100 LSI_FC - ok
18:11:32.0326 1100 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:11:32.0342 1100 LSI_SAS - ok
18:11:32.0467 1100 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:11:32.0482 1100 LSI_SAS2 - ok
18:11:32.0592 1100 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:11:32.0607 1100 LSI_SCSI - ok
18:11:32.0716 1100 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:11:32.0763 1100 luafv - ok
18:11:32.0857 1100 MDC8021X (f12d725eec3f7ed8e8c554c48bb2ba2e) C:\Windows\system32\DRIVERS\mdc8021x.sys
18:11:32.0888 1100 MDC8021X ( UnsignedFile.Multi.Generic ) - warning
18:11:32.0888 1100 MDC8021X - detected UnsignedFile.Multi.Generic (1)
18:11:32.0997 1100 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:11:33.0028 1100 megasas - ok
18:11:33.0138 1100 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:11:33.0169 1100 MegaSR - ok
18:11:33.0262 1100 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:11:33.0294 1100 Modem - ok
18:11:33.0450 1100 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:11:33.0512 1100 monitor - ok
18:11:33.0668 1100 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
18:11:33.0668 1100 mouclass - ok
18:11:33.0793 1100 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:11:33.0824 1100 mouhid - ok
18:11:33.0933 1100 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:11:33.0964 1100 mountmgr - ok
18:11:34.0105 1100 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:11:34.0183 1100 mpio - ok
18:11:34.0276 1100 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:11:34.0323 1100 mpsdrv - ok
18:11:34.0432 1100 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:11:34.0542 1100 MRxDAV - ok
18:11:34.0682 1100 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:11:34.0729 1100 mrxsmb - ok
18:11:34.0854 1100 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:11:34.0885 1100 mrxsmb10 - ok
18:11:35.0010 1100 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:11:35.0041 1100 mrxsmb20 - ok
18:11:35.0181 1100 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:11:35.0228 1100 msahci - ok
18:11:35.0368 1100 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:11:35.0415 1100 msdsm - ok
18:11:35.0524 1100 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:11:35.0571 1100 Msfs - ok
18:11:35.0649 1100 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:11:35.0680 1100 mshidkmdf - ok
18:11:35.0805 1100 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:11:35.0821 1100 msisadrv - ok
18:11:35.0961 1100 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:11:36.0024 1100 MSKSSRV - ok
18:11:36.0148 1100 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:11:36.0195 1100 MSPCLOCK - ok
18:11:36.0304 1100 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:11:36.0351 1100 MSPQM - ok
18:11:36.0460 1100 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:11:36.0476 1100 MsRPC - ok
18:11:36.0616 1100 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:11:36.0616 1100 mssmbios - ok
18:11:36.0726 1100 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:11:36.0772 1100 MSTEE - ok
18:11:36.0897 1100 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:11:36.0928 1100 MTConfig - ok
18:11:37.0022 1100 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:11:37.0038 1100 Mup - ok
18:11:37.0162 1100 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:11:37.0209 1100 NativeWifiP - ok
18:11:37.0318 1100 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:11:37.0365 1100 NDIS - ok
18:11:37.0474 1100 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:11:37.0537 1100 NdisCap - ok
18:11:37.0630 1100 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:11:37.0677 1100 NdisTapi - ok
18:11:37.0786 1100 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:11:37.0849 1100 Ndisuio - ok
18:11:37.0958 1100 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:11:37.0989 1100 NdisWan - ok
18:11:38.0098 1100 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:11:38.0130 1100 NDProxy - ok
18:11:38.0239 1100 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:11:38.0286 1100 NetBIOS - ok
18:11:38.0410 1100 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:11:38.0442 1100 NetBT - ok
18:11:38.0582 1100 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:11:38.0598 1100 nfrd960 - ok
18:11:38.0707 1100 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:11:38.0754 1100 Npfs - ok
18:11:38.0863 1100 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:11:38.0910 1100 nsiproxy - ok
18:11:39.0081 1100 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
18:11:39.0144 1100 Ntfs - ok
18:11:39.0237 1100 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:11:39.0284 1100 Null - ok
18:11:39.0424 1100 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
18:11:39.0440 1100 nvraid - ok
18:11:39.0580 1100 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
18:11:39.0658 1100 nvstor - ok
18:11:39.0814 1100 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:11:39.0877 1100 nv_agp - ok
18:11:40.0017 1100 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:11:40.0048 1100 ohci1394 - ok
18:11:40.0173 1100 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:11:40.0189 1100 Parport - ok
18:11:40.0282 1100 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
18:11:40.0298 1100 partmgr - ok
18:11:40.0392 1100 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:11:40.0438 1100 Parvdm - ok
18:11:40.0579 1100 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:11:40.0594 1100 pci - ok
18:11:40.0719 1100 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
18:11:40.0766 1100 pciide - ok
18:11:40.0891 1100 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:11:40.0906 1100 pcmcia - ok
18:11:41.0016 1100 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:11:41.0047 1100 pcw - ok
18:11:41.0156 1100 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:11:41.0203 1100 PEAUTH - ok
18:11:41.0359 1100 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:11:41.0406 1100 PptpMiniport - ok
18:11:41.0515 1100 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:11:41.0546 1100 Processor - ok
18:11:41.0640 1100 PROCEXP150 - ok
18:11:41.0749 1100 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:11:41.0796 1100 Psched - ok
18:11:41.0952 1100 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:11:42.0014 1100 ql2300 - ok
18:11:42.0108 1100 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:11:42.0123 1100 ql40xx - ok
18:11:42.0232 1100 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:11:42.0248 1100 QWAVEdrv - ok
18:11:42.0357 1100 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:11:42.0388 1100 RasAcd - ok
18:11:42.0513 1100 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:11:42.0544 1100 RasAgileVpn - ok
18:11:42.0654 1100 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:11:42.0700 1100 Rasl2tp - ok
18:11:42.0810 1100 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:11:42.0856 1100 RasPppoe - ok
18:11:42.0950 1100 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:11:43.0012 1100 RasSstp - ok
18:11:43.0122 1100 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:11:43.0168 1100 rdbss - ok
18:11:43.0293 1100 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:11:43.0324 1100 rdpbus - ok
18:11:43.0449 1100 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:11:43.0496 1100 RDPCDD - ok
18:11:43.0636 1100 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
18:11:43.0730 1100 RDPDR - ok
18:11:43.0824 1100 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:11:43.0870 1100 RDPENCDD - ok
18:11:43.0980 1100 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:11:43.0995 1100 RDPREFMP - ok
18:11:44.0120 1100 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
18:11:44.0167 1100 RdpVideoMiniport - ok
18:11:44.0276 1100 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
18:11:44.0338 1100 RDPWD - ok
18:11:44.0463 1100 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:11:44.0510 1100 rdyboost - ok
18:11:44.0604 1100 rootrepeal - ok
18:11:44.0728 1100 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:11:44.0775 1100 rspndr - ok
18:11:44.0900 1100 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
18:11:44.0947 1100 s3cap - ok
18:11:45.0103 1100 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
18:11:45.0118 1100 sbp2port - ok
18:11:45.0228 1100 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:11:45.0259 1100 scfilter - ok
18:11:45.0415 1100 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:11:45.0571 1100 secdrv - ok
18:11:45.0711 1100 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:11:45.0727 1100 Serenum - ok
18:11:45.0836 1100 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:11:45.0867 1100 Serial - ok
18:11:45.0992 1100 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:11:46.0023 1100 sermouse - ok
18:11:46.0179 1100 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
18:11:46.0257 1100 sffdisk - ok
18:11:46.0382 1100 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:11:46.0429 1100 sffp_mmc - ok
18:11:46.0585 1100 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
18:11:46.0647 1100 sffp_sd - ok
18:11:46.0741 1100 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:11:46.0788 1100 sfloppy - ok
18:11:46.0912 1100 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:11:46.0928 1100 sisagp - ok
18:11:47.0053 1100 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:11:47.0068 1100 SiSRaid2 - ok
18:11:47.0178 1100 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:11:47.0209 1100 SiSRaid4 - ok
18:11:47.0302 1100 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:11:47.0334 1100 Smb - ok
18:11:47.0458 1100 smwdm (c80b84e4843b33da56a806e1a1275ba0) C:\Windows\system32\drivers\smwdm.sys
18:11:47.0490 1100 smwdm - ok
18:11:47.0599 1100 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:11:47.0630 1100 spldr - ok
18:11:47.0786 1100 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:11:47.0895 1100 srv - ok
18:11:48.0051 1100 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:11:48.0129 1100 srv2 - ok
18:11:48.0238 1100 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:11:48.0301 1100 srvnet - ok
18:11:48.0426 1100 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:11:48.0441 1100 stexstor - ok
18:11:48.0597 1100 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
18:11:48.0613 1100 storflt - ok
18:11:48.0738 1100 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
18:11:48.0784 1100 storvsc - ok
18:11:48.0925 1100 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
18:11:48.0940 1100 swenum - ok
18:11:49.0143 1100 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
18:11:49.0268 1100 Tcpip - ok
18:11:49.0720 1100 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
18:11:49.0752 1100 TCPIP6 - ok
18:11:49.0876 1100 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:11:49.0954 1100 tcpipreg - ok
18:11:50.0095 1100 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:11:50.0173 1100 TDPIPE - ok
18:11:50.0298 1100 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
18:11:50.0376 1100 TDTCP - ok
18:11:50.0547 1100 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
18:11:50.0594 1100 tdx - ok
18:11:50.0859 1100 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
18:11:50.0875 1100 TermDD - ok
18:11:51.0062 1100 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:11:51.0109 1100 tssecsrv - ok
18:11:51.0234 1100 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:11:51.0296 1100 TsUsbFlt - ok
18:11:51.0421 1100 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:11:51.0468 1100 tunnel - ok
18:11:51.0592 1100 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:11:51.0624 1100 uagp35 - ok
18:11:51.0780 1100 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:11:51.0826 1100 udfs - ok
18:11:51.0982 1100 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:11:52.0029 1100 uliagpkx - ok
18:11:52.0170 1100 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
18:11:52.0216 1100 umbus - ok
18:11:52.0326 1100 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:11:52.0357 1100 UmPass - ok
18:11:52.0528 1100 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys
18:11:52.0638 1100 usbccgp - ok
18:11:52.0794 1100 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:11:52.0887 1100 usbcir - ok
18:11:53.0043 1100 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys
18:11:53.0074 1100 usbehci - ok
18:11:53.0246 1100 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
18:11:53.0277 1100 usbhub - ok
18:11:53.0433 1100 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
18:11:53.0464 1100 usbohci - ok
18:11:53.0574 1100 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:11:53.0605 1100 usbprint - ok
18:11:53.0776 1100 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:11:53.0854 1100 USBSTOR - ok
18:11:54.0010 1100 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
18:11:54.0042 1100 usbuhci - ok
18:11:54.0213 1100 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:11:54.0229 1100 vdrvroot - ok
18:11:54.0369 1100 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:11:54.0416 1100 vga - ok
18:11:54.0541 1100 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:11:54.0588 1100 VgaSave - ok
18:11:54.0744 1100 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:11:54.0759 1100 vhdmp - ok
18:11:54.0915 1100 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:11:54.0946 1100 viaagp - ok
18:11:55.0040 1100 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:11:55.0071 1100 ViaC7 - ok
18:11:55.0227 1100 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:11:55.0258 1100 viaide - ok
18:11:55.0399 1100 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
18:11:55.0446 1100 vmbus - ok
18:11:55.0617 1100 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
18:11:55.0633 1100 VMBusHID - ok
18:11:55.0789 1100 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:11:55.0804 1100 volmgr - ok
18:11:55.0914 1100 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:11:55.0945 1100 volmgrx - ok
18:11:56.0101 1100 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:11:56.0132 1100 volsnap - ok
18:11:56.0257 1100 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:11:56.0272 1100 vsmraid - ok
18:11:56.0366 1100 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
18:11:56.0397 1100 vwifibus - ok
18:11:56.0522 1100 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:11:56.0553 1100 WacomPen - ok
18:11:56.0678 1100 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:11:56.0772 1100 WANARP - ok
18:11:56.0803 1100 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:11:56.0834 1100 Wanarpv6 - ok
18:11:56.0990 1100 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:11:57.0021 1100 Wd - ok
18:11:57.0130 1100 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:11:57.0177 1100 Wdf01000 - ok
18:11:57.0333 1100 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:11:57.0380 1100 WfpLwf - ok
18:11:57.0489 1100 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:11:57.0520 1100 WIMMount - ok
18:11:57.0723 1100 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
18:11:57.0801 1100 WmiAcpi - ok
18:11:57.0942 1100 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:11:57.0988 1100 ws2ifsl - ok
18:11:58.0144 1100 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:11:58.0191 1100 WudfPf - ok
18:11:58.0300 1100 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:11:58.0363 1100 WUDFRd - ok
18:11:58.0425 1100 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:11:58.0644 1100 \Device\Harddisk0\DR0 - ok
18:11:58.0675 1100 Boot (0x1200) (5205c11cde4266ea25e6524f3896dfe8) \Device\Harddisk0\DR0\Partition0
18:11:58.0675 1100 \Device\Harddisk0\DR0\Partition0 - ok
18:11:58.0690 1100 Boot (0x1200) (9170357714f6ca581192334b52e01a57) \Device\Harddisk0\DR0\Partition1
18:11:58.0706 1100 \Device\Harddisk0\DR0\Partition1 - ok
18:11:58.0706 1100 ============================================================
18:11:58.0706 1100 Scan finished
18:11:58.0706 1100 ============================================================
18:11:58.0722 0604 Detected object count: 1
18:11:58.0722 0604 Actual detected object count: 1
18:16:13.0377 0604 C:\Windows\system32\DRIVERS\mdc8021x.sys - copied to quarantine
18:16:13.0377 0604 MDC8021X ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
18:54:52.0947 0752 Deinitialize success


Edited by Bajero, 29 December 2011 - 01:12 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:55 PM

Posted 30 December 2011 - 09:25 AM

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

#8 Bajero

Bajero
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 31 December 2011 - 05:26 AM

Hi nasdaq, here's the Combofix log:

ComboFix 11-12-31.01 - Baz 31/12/2011 10:11:51.1.1 - x86 NETWORK
Running from: c:\users\Baz\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Baz\flashget173.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-31 )))))))))))))))))))))))))))))))
.
.
2011-12-31 10:17 . 2011-12-31 10:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-31 09:56 . 2011-12-31 09:56 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{89CE4D1E-3766-4667-AC8F-6C5B97C843CF}\offreg.dll
2011-12-28 18:16 . 2011-12-28 18:16 -------- d-----w- C:\TDSSKiller_Quarantine
2011-12-18 05:50 . 2011-12-08 00:46 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{89CE4D1E-3766-4667-AC8F-6C5B97C843CF}\mpengine.dll
2011-12-18 05:07 . 2003-11-20 15:28 651264 ----a-w- c:\windows\system32\libeay32.dll
2011-12-18 05:07 . 2003-11-20 15:28 507904 ----a-w- c:\windows\system32\AegisE5.dll
2011-12-18 05:07 . 2003-11-20 15:28 15781 ----a-w- c:\windows\system32\drivers\mdc8021x.sys
2011-12-18 05:07 . 2003-11-20 15:28 147456 ----a-w- c:\windows\system32\ssleay32.dll
2011-12-18 05:07 . 2003-10-13 15:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2011-12-18 05:07 . 2003-09-25 23:28 31930 ----a-w- c:\windows\system32\GTNDIS3.VXD
2011-12-18 05:07 . 2003-09-25 22:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2011-12-14 21:37 . 2011-12-18 05:11 -------- d-----w- c:\program files\BELKIN USB Wireless Monitor
2011-12-14 21:37 . 2011-12-14 21:37 -------- d-----w- c:\program files\Common Files\InstallShield
2011-12-14 14:20 . 2011-12-14 14:20 -------- d-----w- c:\program files\FlashGet
2011-12-14 12:07 . 2011-12-14 21:26 -------- d---a-w- C:\New folder
2011-12-14 05:32 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 05:32 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 05:32 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 05:29 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 05:28 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 05:28 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 05:18 . 2011-12-14 05:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-14 05:18 . 2011-12-14 05:18 -------- d-----w- c:\windows\system32\Macromed
2011-12-14 01:01 . 2011-12-14 07:06 -------- d-----r- C:\Sandbox
2011-12-13 11:31 . 2011-12-13 11:31 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2011-12-13 11:31 . 2011-12-13 11:31 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2011-12-13 11:29 . 2011-12-31 10:08 -------- d-----w- c:\program files\Kaspersky Lab
2011-12-13 11:29 . 2011-12-31 10:08 -------- d-----w- c:\programdata\Kaspersky Lab
2011-12-12 07:36 . 2011-12-12 07:36 -------- d-----w- c:\program files\SIW
2011-12-11 17:50 . 2011-12-08 02:04 172032 ----a-w- c:\windows\system32\igfxres.dll
2011-12-10 23:54 . 2011-12-10 23:54 -------- d-----w- c:\windows\system32\Lang
2011-12-10 23:54 . 2007-01-19 10:14 389120 ----a-w- c:\windows\system32\igxpun.exe
2011-12-10 20:48 . 2011-12-10 20:48 -------- d-----w- c:\windows\system32\SPReview
2011-12-10 20:43 . 2010-11-20 12:21 189952 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2011-12-10 20:43 . 2010-11-20 10:24 133632 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2011-12-10 20:43 . 2010-11-20 12:17 1785344 ----a-w- c:\program files\Windows Journal\Journal.exe
2011-12-10 20:41 . 2010-11-20 12:19 1853440 ----a-w- c:\program files\Windows Photo Viewer\ImagingEngine.dll
2011-12-10 20:40 . 2010-11-20 12:19 430080 ----a-w- c:\windows\system32\FXSTIFF.dll
2011-12-10 20:40 . 2010-11-20 12:19 39424 ----a-w- c:\windows\system32\FXSMON.dll
2011-12-10 20:40 . 2010-11-20 12:17 523264 ----a-w- c:\windows\system32\FXSSVC.exe
2011-12-10 20:40 . 2010-11-20 12:17 1203200 ----a-w- c:\windows\system32\wbengine.exe
2011-12-10 20:40 . 2010-11-20 11:56 52736 ----a-w- c:\windows\system32\BlbEvents.dll
2011-12-10 20:40 . 2010-11-20 12:21 750080 ----a-w- c:\windows\system32\sdcpl.dll
2011-12-10 20:40 . 2010-11-20 12:21 301568 ----a-w- c:\windows\system32\srchadmin.dll
2011-12-10 15:46 . 2011-12-10 15:46 -------- d-----w- c:\windows\system32\EventProviders
2011-12-10 15:34 . 2010-11-20 12:21 811520 ----a-w- c:\windows\system32\user32.dll
2011-12-10 15:33 . 2010-11-20 12:30 28032 ----a-w- c:\windows\system32\drivers\storvsc.sys
2011-12-10 15:32 . 2010-11-20 12:20 136192 ----a-w- c:\windows\system32\mydocs.dll
2011-12-10 15:31 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-12-10 15:29 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-12-10 15:29 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-12-10 15:29 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\sqmapi.dll
2011-12-10 14:33 . 2011-12-10 16:24 -------- d-----w- c:\program files\VS Revo Group
2011-12-08 22:57 . 2011-12-08 22:57 -------- d-----w- c:\windows\system32\Wat
2011-12-08 22:08 . 2011-12-10 16:33 -------- d-----w- c:\program files\Eraser
2011-12-08 20:16 . 2011-12-08 20:17 -------- d-----w- c:\program files\AVG Secure Search
2011-12-08 20:15 . 2011-12-10 14:30 -------- d-----w- c:\windows\system32\drivers\AVG
2011-12-08 02:50 . 2011-03-02 11:43 175616 ----a-w- c:\windows\system32\unrar.dll
2011-12-08 02:45 . 2011-12-08 02:45 -------- d-----w- c:\program files\Conduit
2011-12-08 02:18 . 2010-12-23 05:54 850944 ----a-w- c:\windows\system32\sbe.dll
2011-12-08 02:18 . 2010-12-23 05:54 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-12-08 02:18 . 2010-12-23 05:50 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-12-08 01:35 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-12-08 01:29 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-12-08 01:28 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-12-08 01:28 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-12-08 01:28 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-08 01:23 . 2011-02-19 06:30 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-12-08 01:23 . 2011-02-19 04:34 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-12-08 01:23 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll
2011-12-08 01:23 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-12-08 01:23 . 2010-11-20 12:18 145920 ----a-w- c:\windows\system32\cfgmgr32.dll
2011-12-08 01:23 . 2010-12-17 07:07 542208 ----a-w- c:\windows\system32\kerberos.dll
2011-12-08 01:23 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-12-08 01:23 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-12-08 01:23 . 2010-11-20 12:16 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-12-08 01:23 . 2010-11-20 12:16 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-12-08 01:23 . 2010-11-20 12:16 204288 ----a-w- c:\windows\system32\MSNP.ax
2011-12-08 01:22 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-12-08 01:22 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-12-08 01:03 . 2011-12-08 01:10 -------- d-----w- C:\Symbols
2011-12-08 00:46 . 2011-11-15 14:29 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-12-07 21:13 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-12-07 20:58 . 2011-12-18 05:43 -------- d-sh--w- c:\windows\Installer
2011-12-06 17:07 . 2011-12-06 17:07 -------- d--h--w- c:\windows\PIF
2011-12-04 21:04 . 2011-12-06 14:16 -------- d-----w- C:\Screen Recordings
2011-12-04 20:30 . 2011-12-04 21:15 -------- d-----w- c:\program files\ZD Soft
2011-12-04 07:19 . 2011-12-08 03:21 -------- d-----w- c:\program files\Ask.com
2011-12-04 07:19 . 2011-12-19 10:10 -------- d-----w- c:\program files\GRETECH
2011-12-03 22:38 . 2011-12-13 16:46 -------- d-----w- c:\program files\7-Zip
2011-12-02 21:05 . 2011-12-14 11:26 -------- d-----w- c:\program files\VideoLAN
2011-12-02 20:57 . 2011-12-08 02:10 -------- d-----w- C:\Intel
2011-12-02 19:49 . 2011-12-02 19:49 -------- d-----w- C:\$AVG
2011-12-02 19:17 . 2011-12-08 20:16 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-12-02 19:15 . 2011-12-10 17:04 -------- d-----w- c:\programdata\AVG2012
2011-12-02 19:15 . 2011-12-02 19:15 -------- d-----w- c:\program files\AVG
2011-12-02 16:51 . 2011-12-02 16:51 -------- d--h--w- c:\programdata\Common Files
2011-12-02 16:48 . 2011-12-10 16:53 -------- d-----w- c:\programdata\MFAData
2011-12-02 16:45 . 2011-12-08 02:45 -------- d-----w- c:\program files\ZoneAlarm_Security
2011-12-02 16:44 . 2011-12-10 17:05 -------- d-----w- c:\programdata\CheckPoint
2011-12-02 16:42 . 2011-12-10 17:05 -------- d-----w- c:\program files\CheckPoint
2011-12-02 08:42 . 2011-12-02 00:50 -------- d-----w- c:\windows\Panther
2011-12-02 00:55 . 2011-12-31 09:59 -------- d-----w- c:\windows\system32\wbem\Performance
2011-12-02 00:50 . 2011-12-31 10:17 -------- d-----w- c:\users\Baz
2011-12-02 00:50 . 2011-12-02 00:50 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:54 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-12-08 02:04 . 2007-01-13 10:46 204800 ----a-w- c:\windows\system32\igfxCoIn_v4764.dll
2011-12-08 02:04 . 2007-01-13 10:33 2482688 ----a-w- c:\windows\system32\igxpdx32.dll
2011-12-08 02:04 . 2007-01-13 10:33 5672032 ----a-w- c:\windows\system32\drivers\igxpmp32.sys
2011-12-08 02:04 . 2007-01-13 10:33 57344 ----a-w- c:\windows\system32\igxprd32.dll
2011-12-08 02:04 . 2007-01-13 10:32 149504 ----a-w- c:\windows\system32\igxpgd32.dll
2011-12-08 02:04 . 2007-01-13 10:32 1563776 ----a-w- c:\windows\system32\igxpdv32.dll
2011-12-08 02:04 . 2007-01-13 10:09 450560 ----a-w- c:\windows\system32\igldev32.dll
2011-12-08 02:04 . 2007-01-13 10:07 2334720 ----a-w- c:\windows\system32\iglicd32.dll
2011-12-08 02:04 . 2007-01-13 09:49 172032 ----a-w- c:\windows\system32\igfxrtrk.lrc
2011-12-08 02:04 . 2007-01-13 09:46 46080 ----a-w- c:\windows\system32\igfxsrvc.dll
2011-12-08 02:04 . 2007-01-13 09:46 163840 ----a-w- c:\windows\system32\igfxzoom.exe
2011-12-08 02:04 . 2007-01-13 09:49 180224 ----a-w- c:\windows\system32\igfxrrus.lrc
2011-12-08 02:04 . 2007-01-13 09:49 180224 ----a-w- c:\windows\system32\igfxrptg.lrc
2011-12-08 02:04 . 2007-01-13 09:49 180224 ----a-w- c:\windows\system32\igfxrptb.lrc
2011-12-08 02:04 . 2007-01-13 09:49 176128 ----a-w- c:\windows\system32\igfxrsky.lrc
2011-12-08 02:04 . 2007-01-13 09:49 172032 ----a-w- c:\windows\system32\igfxrsve.lrc
2011-12-08 02:04 . 2007-01-13 09:49 172032 ----a-w- c:\windows\system32\igfxrslv.lrc
2011-12-08 02:04 . 2007-01-13 09:49 163840 ----a-w- c:\windows\system32\igfxrtha.lrc
2011-12-08 02:04 . 2007-01-13 09:49 188416 ----a-w- c:\windows\system32\igfxrnld.lrc
2011-12-08 02:04 . 2007-01-13 09:49 188416 ----a-w- c:\windows\system32\igfxrita.lrc
2011-12-08 02:04 . 2007-01-13 09:49 176128 ----a-w- c:\windows\system32\igfxrplk.lrc
2011-12-08 02:04 . 2007-01-13 09:49 172032 ----a-w- c:\windows\system32\igfxrnor.lrc
2011-12-08 02:04 . 2007-01-13 09:49 131072 ----a-w- c:\windows\system32\igfxrjpn.lrc
2011-12-08 02:04 . 2007-01-13 09:49 126976 ----a-w- c:\windows\system32\igfxrkor.lrc
2011-12-08 02:04 . 2007-01-13 09:49 192512 ----a-w- c:\windows\system32\igfxrell.lrc
2011-12-08 02:04 . 2007-01-13 09:49 192512 ----a-w- c:\windows\system32\igfxrdeu.lrc
2011-12-08 02:04 . 2007-01-13 09:49 188416 ----a-w- c:\windows\system32\igfxresp.lrc
2011-12-08 02:04 . 2007-01-13 09:49 184320 ----a-w- c:\windows\system32\igfxrfra.lrc
2011-12-08 02:04 . 2007-01-13 09:49 180224 ----a-w- c:\windows\system32\igfxrhun.lrc
2011-12-08 02:04 . 2007-01-13 09:49 176128 ----a-w- c:\windows\system32\igfxrfin.lrc
2011-12-08 02:04 . 2007-01-13 09:49 155648 ----a-w- c:\windows\system32\igfxrheb.lrc
2011-12-08 02:04 . 2007-01-13 09:49 176128 ----a-w- c:\windows\system32\igfxrcsy.lrc
2011-12-08 02:04 . 2007-01-13 09:49 172032 ----a-w- c:\windows\system32\igfxrdan.lrc
2011-12-08 02:04 . 2007-01-13 09:49 110592 ----a-w- c:\windows\system32\igfxrcht.lrc
2011-12-08 02:04 . 2007-01-13 09:45 3293184 ----a-w- c:\windows\system32\igfxress.dll
2011-12-08 02:04 . 2007-01-13 09:45 172032 ----a-w- c:\windows\system32\igfxrenu.lrc
2011-12-08 02:04 . 2007-01-13 09:49 110592 ----a-w- c:\windows\system32\igfxrchs.lrc
2011-12-08 02:04 . 2007-01-13 09:49 159744 ----a-w- c:\windows\system32\igfxrara.lrc
2011-12-08 02:04 . 2007-01-13 09:48 528384 ----a-w- c:\windows\system32\igfxcfg.exe
2011-12-08 02:04 . 2007-01-13 09:47 163840 ----a-w- c:\windows\system32\hkcmd.exe
2011-12-08 02:04 . 2007-01-13 09:46 200704 ----a-w- c:\windows\system32\igfxpph.dll
2011-12-08 02:04 . 2007-01-13 09:46 122880 ----a-w- c:\windows\system32\igfxcpl.cpl
2011-12-08 02:04 . 2007-01-13 09:46 24576 ----a-w- c:\windows\system32\igfxexps.dll
2011-12-08 02:04 . 2007-01-13 09:46 135168 ----a-w- c:\windows\system32\igfxpers.exe
2011-12-08 02:04 . 2007-01-13 09:46 163840 ----a-w- c:\windows\system32\igfxext.exe
2011-12-08 02:04 . 2007-01-13 09:46 135168 ----a-w- c:\windows\system32\igfxdo.dll
2011-12-08 02:04 . 2007-01-13 09:46 102400 ----a-w- c:\windows\system32\hccutils.dll
2011-12-08 02:04 . 2007-01-13 09:46 204800 ----a-w- c:\windows\system32\igfxdev.dll
2011-10-07 06:23 . 2011-10-07 06:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 06:21 . 2011-10-04 06:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-11-21 04:21 . 2011-12-10 20:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Getca"="c:\program files\BELKIN USB Wireless Monitor\InfoMyCa.exe" [2004-03-10 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
.
------- Supplementary Scan -------
.
IE: Download All by FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\progra~1\FlashGet\jc_link.htm
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Baz\AppData\Roaming\Mozilla\Firefox\Profiles\ba4rr37v.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-655551329-3400133670-2508072002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*NŲ@**€š*āVYlstib]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-655551329-3400133670-2508072002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*NŲ@**€š*āVYlstib\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-655551329-3400133670-2508072002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*NŲ@**€š*āVYlstib]
"0"=hex:45,3a,5c,53,47,5c,76,69,64,73,5c,73,69,6e,6d,6f,72,61,30,31,2d,77,69,
6e,2d,68,69,67,68,2e,77,6d,76,00,6c,00,73,00,2e,00,01,4e,d9,7f,40,00,00,80,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-31 10:21:19
ComboFix-quarantined-files.txt 2011-12-31 10:21
.
Pre-Run: 208,342,761,472 bytes free
Post-Run: 208,333,553,664 bytes free
.
- - End Of File - - 32F04346B61DE5156383642B5E1C7316

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:55 PM

Posted 31 December 2011 - 10:50 AM

The ComboFix log is clean.

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Please let me know of any remaining issues with this computer.

#10 Bajero

Bajero
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 01 January 2012 - 06:19 PM

Hi again nasdaq,

Here's the latest requested log:

Results of screen317's Security Check version 0.99.30
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Adobe Flash Player 11.1.102.55
Mozilla Firefox 8.0.1 Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:55 PM

Posted 02 January 2012 - 08:35 AM

Time for some housekeeping

Looking good.

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#12 Bajero

Bajero
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 03 January 2012 - 01:03 PM

Hi again nasdaq, I hate to be a pain in the butt here but I'm just far from convinced that my system is clean. I'm seeing evidence of my files having been tampered with and modified, when I know for sure that it hasn't been me that's modified them (or even accessed them, for that matter).

Also, I'm now finding it practically impossible to successfully run anything like rootkit revealer or gmer.... call me paranoid, but I have to believe there's a possibility that something lurking in the dark corners is stopping them from running properly!

Do you have any suggestions?

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:55 PM

Posted 03 January 2012 - 07:00 PM

Question is your Operating system a 32 or 64 bit?

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


#14 Bajero

Bajero
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 06 January 2012 - 01:47 PM

Sorry for the delay in replying nasdaq.

The Eset scan actually came up clean... is there anything else that's worth a try for me?

Oh, and my operating system is 32 bit (the actual machine has a 64-bit processor though).

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:55 PM

Posted 07 January 2012 - 10:00 AM

Lets give this one a try also.

Please download DrWeb-CureIt and save it to your Desktop. Do NOT perform a scan yet

  • Double-click on drweb-cureit.exe to start the program.
    An Express Scan of your PC notice will appear.
  • Under Start the Express Scan Now, Click OK to start the scan.
    This is a short scan that will scan the files currently running in memory.
    If something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the Scan tab and UNcheck Heuristic analysis
  • Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  • Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  • When finished, a message will be displayed at the bottom advising if any viruses were found.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found.
    If so, click it, then click the next icon right below and select Move incurable.
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your Desktop.
  • Exit Dr.Web Cureit when you have finished.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users