Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 7 Antispyware 2012 virus


  • Please log in to reply
24 replies to this topic

#1 ahv86

ahv86

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 16 December 2011 - 08:28 AM

(Note: This issue was posted elsewhere but I was informed that I should post it here to receive help!)

I am utterly lost and require guidance and assistance from anyone who is willing to help me. I am very inexperienced with computers in terms of (successfully) dealing with problems like malware and viruses.

I did my best to follow the guide Here but I had issues getting past "Step 5"

Whenever I attempted this an alert from Avast! popped up warning me that the file was potentially harmful and asking me how would I like to proceed. I was given three options: 1. Sandbox (recommended), 2. Open anyway, 3. Close.

When I asked it to open in sandbox or to open anyway the window would close only to pop back up again in a second or two.

I then signed in under safe mode and followed the instructions from the "Remove Win 7 Antispyware 2012..." guide. Right now my computer shows no real signs of the Win 7 Antispyware virus but I am suspicious that I didn't completely get rid of it and all of its components. Is there an effective check that I can do in addition to a full MBAM scan? My MBAM scans are currently coming up without any infected files. I am currently running an Avast! scan to see if it will pick up anything that MBAM missed out on.


The quarantined files in MBAM: Hijack.Exefile, PUM.Hijack.Exefiles, Heuristics.Reserved.Word.Exploit


Any guidance, suggestions, or instructions about how to check my system or ensure that I have removed Win 7 Antispyware virus would be greatly appreciated! Happy Holidays!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:59 AM

Posted 16 December 2011 - 10:57 PM

Hello and welcome.
Did you run this? Please run it again anyway.
Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.




Reboot into Safe Mode with Networking
How to start Windows 7 in Safe Mode
Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now reboot to Normal and run MBAM (MalwareBytes):
Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Please ask any needed questions,post the SAS,TDSS and MBAM logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 ahv86

ahv86
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 17 December 2011 - 01:02 AM

Boopme,

Thank you so much for the advice and guidance. Before reading your post I tinkered with the problem by going in through safe mode and running "RKill" and an MBAM scan. After that I ran an Avast! system scan which turned up a few infected files. Avast! then told me that it wanted to run a pre-boot scan which I went along with. It turned up five more infected files, three of which I was able to move to my virus chest, the other two I was not able to move.

After the pre-scan boot I ran another MBAM scan and it grabbed the two files that the Avast! pre-boot scan wasn't able to grab.

Right now my computer is running seemingly without issue. I see no signs of the Win 7 Antispyware 2012 virus but I am hesitant to declare my problem fixed because I went about the process of removing it in a rather jumbled, blind fashion. Is there a good, safe system scan that I can get from somewhere? Is Microsoft's system scan efficient for a problem like this?

Is there a way for me to attach images (screenshots) to a post? I do not see an option available. I was hoping to show you screenshots of the Avast! virus chest and the MBAM quarantined files.

Thank you again for all of your help (and for getting back to me so quickly!) Happy Holidays.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:59 AM

Posted 17 December 2011 - 09:23 PM

Inserting An Image Within A Post
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 islandgal

islandgal

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 17 December 2011 - 09:40 PM

When you figure out what really works, I'll be interested to see. I ran the fixNCR, then saemode rkill, then sas (paid pro version was running when I GOT INFECTED!), nothing found, then reboot to normal. Could NOT run the install on MBAM because all exe still disabled. ran rkill again and it shut down c:\windows\system32\grpconv.exe AFTER THAT, I was able to install and run MBAM, which saw nothing wrong with grpconv.exe, but did locate a rundll32.exe newly-appeared on my desktop and deleted that. It told me to reboot, so I did.

Upon reboot, network and processor slammed. I watch task manager every day and know what runs by heart. I'm on here now because I'm unloading ping.exe every two minutes to keep it from taking all the processor and bandwidth. Other files it has loaded (and I've unloaded) include msiexe and CeEkey.exe. I went to c:\windows\system32 and renamed two files, ping.exe and ping6.exe, and it's still running. Using ccleaner to sweep out recent, cache and temp files continuously.

Before getting back on the internet, I tried to go back to safe mode with networking. Here's the bottom line: the infection won't let me on the internet (assign an ip) unless HE can get on with me. NO INTERNET IN SAFE MODE.

I've read about 100 different sets of instructions and if I tried them all, I'd still be sitting here at Christmas, trying to get some work done. Meanwhile, this thing is delving into every piece of my system. Clearly this is a new and very virile threat, and nobody has completely figured it out yet.

#6 ahv86

ahv86
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 17 December 2011 - 11:33 PM

MBAM Quarantine:

Posted Image


Avast! Virus Chest [Note: 12/16 is the date of infection and issue]:

Posted Image

#7 ahv86

ahv86
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 17 December 2011 - 11:36 PM

When you figure out what really works, I'll be interested to see. I ran the fixNCR, then saemode rkill, then sas (paid pro version was running when I GOT INFECTED!), nothing found, then reboot to normal. Could NOT run the install on MBAM because all exe still disabled. ran rkill again and it shut down c:\windows\system32\grpconv.exe AFTER THAT, I was able to install and run MBAM, which saw nothing wrong with grpconv.exe, but did locate a rundll32.exe newly-appeared on my desktop and deleted that. It told me to reboot, so I did.

Upon reboot, network and processor slammed. I watch task manager every day and know what runs by heart. I'm on here now because I'm unloading ping.exe every two minutes to keep it from taking all the processor and bandwidth. Other files it has loaded (and I've unloaded) include msiexe and CeEkey.exe. I went to c:\windows\system32 and renamed two files, ping.exe and ping6.exe, and it's still running. Using ccleaner to sweep out recent, cache and temp files continuously.

Before getting back on the internet, I tried to go back to safe mode with networking. Here's the bottom line: the infection won't let me on the internet (assign an ip) unless HE can get on with me. NO INTERNET IN SAFE MODE.

I've read about 100 different sets of instructions and if I tried them all, I'd still be sitting here at Christmas, trying to get some work done. Meanwhile, this thing is delving into every piece of my system. Clearly this is a new and very virile threat, and nobody has completely figured it out yet.


I think one of the keys for me was making sure my MBAM was up to date. I was able to get online through safe mode and by ignoring some of the viruses prompts about me not being able to go online, it wasn't easy and I can't remember how I did it but I just kept moving all of the windows out of the way so I could get the RKill and other resources to help get rid of it. Any success I had getting rid of it was through persistence and blind luck.

Like I said I am not sure my problem is completely solved but I have had no issue so far all day (rather small sample size) and feel relatively confident that my computer is clean.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:59 AM

Posted 17 December 2011 - 11:44 PM

Hello you can copy/paste the logs too here.

Ok we should still run 2 more tools and then I'll feel comfortable.

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:59 AM

Posted 17 December 2011 - 11:45 PM

@ islandgal
Please start another topic of your own as your situation is somewhat diffent than this one. You have a different rootkit..
Also state your Operating syatem,thanks.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 ahv86

ahv86
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 18 December 2011 - 02:12 AM

Boopme,

Just ran the first scan you told me to: no threats detected.

02:11:50.0366 4448 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
02:11:50.0612 4448 ============================================================
02:11:50.0612 4448 Current date / time: 2011/12/18 02:11:50.0612
02:11:50.0612 4448 SystemInfo:
02:11:50.0612 4448
02:11:50.0612 4448 OS Version: 6.1.7601 ServicePack: 1.0
02:11:50.0612 4448 Product type: Workstation
02:11:50.0612 4448 ComputerName: MICHAEL-PC
02:11:50.0612 4448 UserName: Michael
02:11:50.0612 4448 Windows directory: C:\windows
02:11:50.0612 4448 System windows directory: C:\windows
02:11:50.0612 4448 Running under WOW64
02:11:50.0612 4448 Processor architecture: Intel x64
02:11:50.0612 4448 Number of processors: 4
02:11:50.0612 4448 Page size: 0x1000
02:11:50.0612 4448 Boot type: Normal boot
02:11:50.0612 4448 ============================================================
02:11:51.0583 4448 Initialize success
02:11:58.0116 4376 ============================================================
02:11:58.0117 4376 Scan started
02:11:58.0117 4376 Mode: Manual;
02:11:58.0117 4376 ============================================================
02:11:58.0945 4376 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
02:11:58.0950 4376 1394ohci - ok
02:11:58.0971 4376 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
02:11:58.0977 4376 ACPI - ok
02:11:59.0016 4376 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
02:11:59.0017 4376 AcpiPmi - ok
02:11:59.0050 4376 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
02:11:59.0055 4376 adp94xx - ok
02:11:59.0075 4376 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
02:11:59.0079 4376 adpahci - ok
02:11:59.0096 4376 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
02:11:59.0099 4376 adpu320 - ok
02:11:59.0164 4376 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
02:11:59.0173 4376 AFD - ok
02:11:59.0195 4376 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
02:11:59.0197 4376 agp440 - ok
02:11:59.0229 4376 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
02:11:59.0230 4376 aliide - ok
02:11:59.0250 4376 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
02:11:59.0251 4376 amdide - ok
02:11:59.0286 4376 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
02:11:59.0288 4376 AmdK8 - ok
02:11:59.0321 4376 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
02:11:59.0323 4376 AmdPPM - ok
02:11:59.0350 4376 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
02:11:59.0353 4376 amdsata - ok
02:11:59.0380 4376 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
02:11:59.0385 4376 amdsbs - ok
02:11:59.0409 4376 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
02:11:59.0411 4376 amdxata - ok
02:11:59.0453 4376 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
02:11:59.0455 4376 AppID - ok
02:11:59.0508 4376 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
02:11:59.0510 4376 arc - ok
02:11:59.0519 4376 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
02:11:59.0521 4376 arcsas - ok
02:11:59.0558 4376 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\windows\system32\drivers\aswFsBlk.sys
02:11:59.0560 4376 aswFsBlk - ok
02:11:59.0589 4376 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\windows\system32\drivers\aswMonFlt.sys
02:11:59.0590 4376 aswMonFlt - ok
02:11:59.0607 4376 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\windows\system32\drivers\aswRdr.sys
02:11:59.0608 4376 aswRdr - ok
02:11:59.0669 4376 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\windows\system32\drivers\aswSnx.sys
02:11:59.0679 4376 aswSnx - ok
02:11:59.0705 4376 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\windows\system32\drivers\aswSP.sys
02:11:59.0709 4376 aswSP - ok
02:11:59.0721 4376 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\windows\system32\drivers\aswTdi.sys
02:11:59.0723 4376 aswTdi - ok
02:11:59.0739 4376 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
02:11:59.0740 4376 AsyncMac - ok
02:11:59.0768 4376 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
02:11:59.0769 4376 atapi - ok
02:11:59.0815 4376 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\windows\system32\drivers\AtiHdmi.sys
02:11:59.0817 4376 AtiHdmiService - ok
02:11:59.0997 4376 atikmdag (c5758bf1dfd762a5b17041ff061b7750) C:\windows\system32\DRIVERS\atikmdag.sys
02:12:00.0029 4376 atikmdag - ok
02:12:00.0053 4376 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\windows\system32\DRIVERS\AtiPcie.sys
02:12:00.0054 4376 AtiPcie - ok
02:12:00.0105 4376 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
02:12:00.0108 4376 b06bdrv - ok
02:12:00.0160 4376 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
02:12:00.0165 4376 b57nd60a - ok
02:12:00.0191 4376 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
02:12:00.0193 4376 Beep - ok
02:12:00.0239 4376 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
02:12:00.0241 4376 blbdrive - ok
02:12:00.0304 4376 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
02:12:00.0305 4376 bowser - ok
02:12:00.0319 4376 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
02:12:00.0320 4376 BrFiltLo - ok
02:12:00.0327 4376 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
02:12:00.0328 4376 BrFiltUp - ok
02:12:00.0351 4376 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
02:12:00.0353 4376 Brserid - ok
02:12:00.0361 4376 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
02:12:00.0362 4376 BrSerWdm - ok
02:12:00.0371 4376 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
02:12:00.0372 4376 BrUsbMdm - ok
02:12:00.0380 4376 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
02:12:00.0381 4376 BrUsbSer - ok
02:12:00.0393 4376 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
02:12:00.0394 4376 BTHMODEM - ok
02:12:00.0415 4376 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
02:12:00.0417 4376 cdfs - ok
02:12:00.0447 4376 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
02:12:00.0449 4376 cdrom - ok
02:12:00.0474 4376 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
02:12:00.0475 4376 circlass - ok
02:12:00.0514 4376 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
02:12:00.0521 4376 CLFS - ok
02:12:00.0568 4376 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
02:12:00.0571 4376 CmBatt - ok
02:12:00.0605 4376 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
02:12:00.0607 4376 cmdide - ok
02:12:00.0656 4376 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys
02:12:00.0664 4376 CNG - ok
02:12:00.0675 4376 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
02:12:00.0678 4376 Compbatt - ok
02:12:00.0719 4376 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
02:12:00.0722 4376 CompositeBus - ok
02:12:00.0747 4376 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
02:12:00.0749 4376 crcdisk - ok
02:12:00.0825 4376 cxpl_mhd (e3763f2e140f4841b3971fd1a3c82928) C:\windows\system32\drivers\y_cx88x.sys
02:12:00.0837 4376 cxpl_mhd - ok
02:12:00.0884 4376 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
02:12:00.0886 4376 DfsC - ok
02:12:00.0917 4376 DgiVecp (cfbb4907c7542180b5e0282301240006) C:\windows\system32\Drivers\DgiVecp.sys
02:12:00.0918 4376 DgiVecp - ok
02:12:00.0934 4376 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
02:12:00.0936 4376 discache - ok
02:12:00.0964 4376 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
02:12:00.0966 4376 Disk - ok
02:12:01.0007 4376 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
02:12:01.0008 4376 drmkaud - ok
02:12:01.0060 4376 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
02:12:01.0076 4376 DXGKrnl - ok
02:12:01.0172 4376 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
02:12:01.0195 4376 ebdrv - ok
02:12:01.0232 4376 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
02:12:01.0235 4376 elxstor - ok
02:12:01.0275 4376 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
02:12:01.0276 4376 ErrDev - ok
02:12:01.0312 4376 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
02:12:01.0313 4376 exfat - ok
02:12:01.0335 4376 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
02:12:01.0337 4376 fastfat - ok
02:12:01.0357 4376 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
02:12:01.0358 4376 fdc - ok
02:12:01.0401 4376 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
02:12:01.0402 4376 FileInfo - ok
02:12:01.0419 4376 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
02:12:01.0420 4376 Filetrace - ok
02:12:01.0436 4376 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
02:12:01.0437 4376 flpydisk - ok
02:12:01.0492 4376 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
02:12:01.0498 4376 FltMgr - ok
02:12:01.0527 4376 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
02:12:01.0529 4376 FsDepends - ok
02:12:01.0545 4376 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
02:12:01.0546 4376 Fs_Rec - ok
02:12:01.0581 4376 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
02:12:01.0583 4376 fvevol - ok
02:12:01.0597 4376 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
02:12:01.0598 4376 gagp30kx - ok
02:12:01.0644 4376 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
02:12:01.0646 4376 GEARAspiWDM - ok
02:12:01.0696 4376 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
02:12:01.0697 4376 hcw85cir - ok
02:12:01.0741 4376 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
02:12:01.0748 4376 HdAudAddService - ok
02:12:01.0771 4376 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
02:12:01.0774 4376 HDAudBus - ok
02:12:01.0795 4376 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
02:12:01.0796 4376 HidBatt - ok
02:12:01.0806 4376 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
02:12:01.0808 4376 HidBth - ok
02:12:01.0827 4376 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
02:12:01.0828 4376 HidIr - ok
02:12:01.0849 4376 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
02:12:01.0850 4376 HidUsb - ok
02:12:01.0885 4376 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
02:12:01.0887 4376 HpSAMD - ok
02:12:01.0938 4376 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
02:12:01.0946 4376 HTTP - ok
02:12:01.0983 4376 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
02:12:01.0985 4376 hwpolicy - ok
02:12:02.0032 4376 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
02:12:02.0034 4376 i8042prt - ok
02:12:02.0067 4376 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
02:12:02.0071 4376 iaStorV - ok
02:12:02.0143 4376 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
02:12:02.0144 4376 iirsp - ok
02:12:02.0216 4376 IntcAzAudAddService (135856ac71116ccff05ed8481745241b) C:\windows\system32\drivers\RTKVHD64.sys
02:12:02.0234 4376 IntcAzAudAddService - ok
02:12:02.0250 4376 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
02:12:02.0251 4376 intelide - ok
02:12:02.0271 4376 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
02:12:02.0272 4376 intelppm - ok
02:12:02.0314 4376 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
02:12:02.0318 4376 IpFilterDriver - ok
02:12:02.0348 4376 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
02:12:02.0351 4376 IPMIDRV - ok
02:12:02.0366 4376 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
02:12:02.0369 4376 IPNAT - ok
02:12:02.0433 4376 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
02:12:02.0434 4376 IRENUM - ok
02:12:02.0471 4376 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
02:12:02.0472 4376 isapnp - ok
02:12:02.0489 4376 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
02:12:02.0492 4376 iScsiPrt - ok
02:12:02.0521 4376 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
02:12:02.0522 4376 kbdclass - ok
02:12:02.0533 4376 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
02:12:02.0535 4376 kbdhid - ok
02:12:02.0555 4376 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys
02:12:02.0557 4376 KSecDD - ok
02:12:02.0590 4376 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys
02:12:02.0592 4376 KSecPkg - ok
02:12:02.0618 4376 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
02:12:02.0619 4376 ksthunk - ok
02:12:02.0683 4376 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
02:12:02.0684 4376 lltdio - ok
02:12:02.0719 4376 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
02:12:02.0721 4376 LSI_FC - ok
02:12:02.0732 4376 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
02:12:02.0734 4376 LSI_SAS - ok
02:12:02.0744 4376 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
02:12:02.0746 4376 LSI_SAS2 - ok
02:12:02.0757 4376 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
02:12:02.0759 4376 LSI_SCSI - ok
02:12:02.0786 4376 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
02:12:02.0788 4376 luafv - ok
02:12:02.0797 4376 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
02:12:02.0798 4376 megasas - ok
02:12:02.0816 4376 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
02:12:02.0819 4376 MegaSR - ok
02:12:02.0828 4376 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
02:12:02.0829 4376 Modem - ok
02:12:02.0843 4376 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
02:12:02.0845 4376 monitor - ok
02:12:02.0886 4376 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
02:12:02.0887 4376 mouclass - ok
02:12:02.0905 4376 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
02:12:02.0906 4376 mouhid - ok
02:12:02.0941 4376 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
02:12:02.0945 4376 mountmgr - ok
02:12:02.0980 4376 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
02:12:02.0985 4376 mpio - ok
02:12:03.0014 4376 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
02:12:03.0017 4376 mpsdrv - ok
02:12:03.0067 4376 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
02:12:03.0071 4376 MRxDAV - ok
02:12:03.0118 4376 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
02:12:03.0122 4376 mrxsmb - ok
02:12:03.0162 4376 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
02:12:03.0168 4376 mrxsmb10 - ok
02:12:03.0188 4376 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
02:12:03.0192 4376 mrxsmb20 - ok
02:12:03.0217 4376 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
02:12:03.0220 4376 msahci - ok
02:12:03.0248 4376 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
02:12:03.0252 4376 msdsm - ok
02:12:03.0297 4376 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
02:12:03.0300 4376 Msfs - ok
02:12:03.0330 4376 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
02:12:03.0332 4376 mshidkmdf - ok
02:12:03.0354 4376 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
02:12:03.0357 4376 msisadrv - ok
02:12:03.0396 4376 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
02:12:03.0397 4376 MSKSSRV - ok
02:12:03.0415 4376 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
02:12:03.0416 4376 MSPCLOCK - ok
02:12:03.0426 4376 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
02:12:03.0428 4376 MSPQM - ok
02:12:03.0466 4376 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
02:12:03.0469 4376 MsRPC - ok
02:12:03.0483 4376 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
02:12:03.0485 4376 mssmbios - ok
02:12:03.0492 4376 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
02:12:03.0494 4376 MSTEE - ok
02:12:03.0513 4376 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
02:12:03.0514 4376 MTConfig - ok
02:12:03.0538 4376 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
02:12:03.0539 4376 Mup - ok
02:12:03.0577 4376 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
02:12:03.0580 4376 NativeWifiP - ok
02:12:03.0637 4376 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
02:12:03.0645 4376 NDIS - ok
02:12:03.0666 4376 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
02:12:03.0668 4376 NdisCap - ok
02:12:03.0685 4376 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
02:12:03.0686 4376 NdisTapi - ok
02:12:03.0729 4376 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
02:12:03.0732 4376 Ndisuio - ok
02:12:03.0774 4376 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
02:12:03.0779 4376 NdisWan - ok
02:12:03.0816 4376 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
02:12:03.0819 4376 NDProxy - ok
02:12:03.0840 4376 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
02:12:03.0843 4376 NetBIOS - ok
02:12:03.0886 4376 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
02:12:03.0890 4376 NetBT - ok
02:12:03.0943 4376 netr7364 (118e9136b5b48dd5b2cc81f78431a69e) C:\windows\system32\DRIVERS\netr7364.sys
02:12:03.0949 4376 netr7364 - ok
02:12:03.0986 4376 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
02:12:03.0988 4376 nfrd960 - ok
02:12:04.0011 4376 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
02:12:04.0013 4376 Npfs - ok
02:12:04.0033 4376 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
02:12:04.0035 4376 nsiproxy - ok
02:12:04.0115 4376 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
02:12:04.0140 4376 Ntfs - ok
02:12:04.0167 4376 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
02:12:04.0168 4376 NTIDrvr - ok
02:12:04.0178 4376 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
02:12:04.0179 4376 Null - ok
02:12:04.0214 4376 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
02:12:04.0216 4376 nvraid - ok
02:12:04.0266 4376 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
02:12:04.0268 4376 nvstor - ok
02:12:04.0291 4376 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
02:12:04.0293 4376 nv_agp - ok
02:12:04.0328 4376 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
02:12:04.0330 4376 ohci1394 - ok
02:12:04.0360 4376 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
02:12:04.0362 4376 Parport - ok
02:12:04.0400 4376 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
02:12:04.0401 4376 partmgr - ok
02:12:04.0516 4376 pbfilter (7c0582921913d00180ec2b8518ba135c) C:\Program Files\PeerBlock\pbfilter.sys
02:12:04.0518 4376 pbfilter - ok
02:12:04.0545 4376 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
02:12:04.0550 4376 pci - ok
02:12:04.0565 4376 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
02:12:04.0567 4376 pciide - ok
02:12:04.0593 4376 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
02:12:04.0596 4376 pcmcia - ok
02:12:04.0611 4376 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
02:12:04.0613 4376 pcw - ok
02:12:04.0640 4376 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
02:12:04.0648 4376 PEAUTH - ok
02:12:04.0760 4376 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
02:12:04.0764 4376 PptpMiniport - ok
02:12:04.0787 4376 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
02:12:04.0790 4376 Processor - ok
02:12:04.0858 4376 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
02:12:04.0862 4376 Psched - ok
02:12:04.0912 4376 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
02:12:04.0927 4376 ql2300 - ok
02:12:04.0938 4376 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
02:12:04.0940 4376 ql40xx - ok
02:12:04.0969 4376 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
02:12:04.0970 4376 QWAVEdrv - ok
02:12:04.0977 4376 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
02:12:04.0978 4376 RasAcd - ok
02:12:05.0016 4376 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
02:12:05.0017 4376 RasAgileVpn - ok
02:12:05.0054 4376 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
02:12:05.0055 4376 Rasl2tp - ok
02:12:05.0071 4376 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
02:12:05.0072 4376 RasPppoe - ok
02:12:05.0101 4376 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
02:12:05.0104 4376 RasSstp - ok
02:12:05.0154 4376 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
02:12:05.0160 4376 rdbss - ok
02:12:05.0173 4376 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
02:12:05.0176 4376 rdpbus - ok
02:12:05.0195 4376 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
02:12:05.0196 4376 RDPCDD - ok
02:12:05.0209 4376 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
02:12:05.0210 4376 RDPENCDD - ok
02:12:05.0222 4376 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
02:12:05.0223 4376 RDPREFMP - ok
02:12:05.0241 4376 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
02:12:05.0243 4376 RDPWD - ok
02:12:05.0271 4376 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
02:12:05.0273 4376 rdyboost - ok
02:12:05.0294 4376 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
02:12:05.0295 4376 rspndr - ok
02:12:05.0323 4376 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
02:12:05.0324 4376 sbp2port - ok
02:12:05.0368 4376 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
02:12:05.0371 4376 scfilter - ok
02:12:05.0408 4376 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
02:12:05.0409 4376 secdrv - ok
02:12:05.0433 4376 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
02:12:05.0434 4376 Serenum - ok
02:12:05.0457 4376 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
02:12:05.0458 4376 Serial - ok
02:12:05.0481 4376 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
02:12:05.0483 4376 sermouse - ok
02:12:05.0524 4376 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
02:12:05.0526 4376 sffdisk - ok
02:12:05.0547 4376 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
02:12:05.0548 4376 sffp_mmc - ok
02:12:05.0572 4376 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
02:12:05.0573 4376 sffp_sd - ok
02:12:05.0593 4376 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
02:12:05.0594 4376 sfloppy - ok
02:12:05.0618 4376 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
02:12:05.0619 4376 SiSRaid2 - ok
02:12:05.0628 4376 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
02:12:05.0630 4376 SiSRaid4 - ok
02:12:05.0641 4376 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
02:12:05.0642 4376 Smb - ok
02:12:05.0668 4376 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
02:12:05.0669 4376 spldr - ok
02:12:05.0712 4376 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
02:12:05.0715 4376 srv - ok
02:12:05.0737 4376 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
02:12:05.0739 4376 srv2 - ok
02:12:05.0764 4376 SrvHsfPCI (93132c69394a99d992095d8cfe464801) C:\windows\system32\DRIVERS\VSTBS26.SYS
02:12:05.0767 4376 SrvHsfPCI - ok
02:12:05.0799 4376 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS
02:12:05.0808 4376 SrvHsfV92 - ok
02:12:05.0823 4376 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS
02:12:05.0827 4376 SrvHsfWinac - ok
02:12:05.0850 4376 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
02:12:05.0852 4376 srvnet - ok
02:12:05.0891 4376 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\windows\system32\Drivers\SSPORT.sys
02:12:05.0892 4376 SSPORT - ok
02:12:05.0916 4376 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
02:12:05.0917 4376 stexstor - ok
02:12:05.0952 4376 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
02:12:05.0953 4376 swenum - ok
02:12:06.0036 4376 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
02:12:06.0061 4376 Tcpip - ok
02:12:06.0109 4376 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
02:12:06.0120 4376 TCPIP6 - ok
02:12:06.0158 4376 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
02:12:06.0159 4376 tcpipreg - ok
02:12:06.0179 4376 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
02:12:06.0180 4376 TDPIPE - ok
02:12:06.0187 4376 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
02:12:06.0188 4376 TDTCP - ok
02:12:06.0226 4376 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
02:12:06.0228 4376 tdx - ok
02:12:06.0243 4376 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
02:12:06.0244 4376 TermDD - ok
02:12:06.0280 4376 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
02:12:06.0281 4376 tssecsrv - ok
02:12:06.0330 4376 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
02:12:06.0333 4376 TsUsbFlt - ok
02:12:06.0385 4376 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
02:12:06.0389 4376 tunnel - ok
02:12:06.0405 4376 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
02:12:06.0408 4376 uagp35 - ok
02:12:06.0449 4376 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
02:12:06.0451 4376 UBHelper - ok
02:12:06.0490 4376 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
02:12:06.0497 4376 udfs - ok
02:12:06.0531 4376 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
02:12:06.0534 4376 uliagpkx - ok
02:12:06.0576 4376 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
02:12:06.0578 4376 umbus - ok
02:12:06.0595 4376 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
02:12:06.0596 4376 UmPass - ok
02:12:06.0651 4376 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
02:12:06.0653 4376 USBAAPL64 - ok
02:12:06.0707 4376 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys
02:12:06.0711 4376 usbaudio - ok
02:12:06.0735 4376 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
02:12:06.0739 4376 usbccgp - ok
02:12:06.0786 4376 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
02:12:06.0790 4376 usbcir - ok
02:12:06.0803 4376 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
02:12:06.0806 4376 usbehci - ok
02:12:06.0839 4376 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
02:12:06.0846 4376 usbhub - ok
02:12:06.0867 4376 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
02:12:06.0870 4376 usbohci - ok
02:12:06.0884 4376 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
02:12:06.0887 4376 usbprint - ok
02:12:06.0914 4376 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
02:12:06.0916 4376 USBSTOR - ok
02:12:06.0935 4376 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
02:12:06.0937 4376 usbuhci - ok
02:12:06.0999 4376 V0230Vfx (8b97dcd5d0c379696bc9dc74c7a23cc1) C:\windows\system32\DRIVERS\V0230Vfx.sys
02:12:07.0002 4376 V0230Vfx - ok
02:12:07.0063 4376 V0230VID (2da4d2ed94a4f12afbbd0e8fb513a07f) C:\windows\system32\DRIVERS\V0230VID.sys
02:12:07.0068 4376 V0230VID - ok
02:12:07.0107 4376 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
02:12:07.0110 4376 vdrvroot - ok
02:12:07.0141 4376 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
02:12:07.0144 4376 vga - ok
02:12:07.0166 4376 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
02:12:07.0168 4376 VgaSave - ok
02:12:07.0204 4376 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
02:12:07.0207 4376 vhdmp - ok
02:12:07.0228 4376 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
02:12:07.0230 4376 viaide - ok
02:12:07.0259 4376 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
02:12:07.0261 4376 volmgr - ok
02:12:07.0302 4376 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
02:12:07.0306 4376 volmgrx - ok
02:12:07.0331 4376 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
02:12:07.0335 4376 volsnap - ok
02:12:07.0367 4376 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
02:12:07.0369 4376 vsmraid - ok
02:12:07.0393 4376 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\System32\drivers\vwifibus.sys
02:12:07.0394 4376 vwifibus - ok
02:12:07.0521 4376 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
02:12:07.0524 4376 WacomPen - ok
02:12:07.0552 4376 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
02:12:07.0556 4376 WANARP - ok
02:12:07.0564 4376 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
02:12:07.0568 4376 Wanarpv6 - ok
02:12:07.0627 4376 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
02:12:07.0628 4376 Wd - ok
02:12:07.0659 4376 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
02:12:07.0667 4376 Wdf01000 - ok
02:12:07.0704 4376 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
02:12:07.0705 4376 WfpLwf - ok
02:12:07.0713 4376 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
02:12:07.0714 4376 WIMMount - ok
02:12:07.0772 4376 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
02:12:07.0775 4376 WinUsb - ok
02:12:07.0811 4376 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
02:12:07.0814 4376 WmiAcpi - ok
02:12:07.0854 4376 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
02:12:07.0856 4376 ws2ifsl - ok
02:12:07.0914 4376 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
02:12:07.0916 4376 WudfPf - ok
02:12:07.0957 4376 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
02:12:07.0962 4376 WUDFRd - ok
02:12:08.0029 4376 yukonw7 (6affd75c6807b3dd3ab018e27b88ef95) C:\windows\system32\DRIVERS\yk62x64.sys
02:12:08.0034 4376 yukonw7 - ok
02:12:08.0064 4376 MBR (0x1B8) (8c9f9e03865c35f0f3829a23cda42f5d) \Device\Harddisk0\DR0
02:12:08.0581 4376 \Device\Harddisk0\DR0 - ok
02:12:08.0594 4376 Boot (0x1200) (f9c3c8382ae4e99f0cddcd1d8edffeda) \Device\Harddisk0\DR0\Partition0
02:12:08.0594 4376 \Device\Harddisk0\DR0\Partition0 - ok
02:12:08.0603 4376 Boot (0x1200) (6cb8a9b6508017d9a7e87760042cb509) \Device\Harddisk0\DR0\Partition1
02:12:08.0604 4376 \Device\Harddisk0\DR0\Partition1 - ok
02:12:08.0604 4376 ============================================================
02:12:08.0604 4376 Scan finished
02:12:08.0604 4376 ============================================================
02:12:08.0613 4848 Detected object count: 0
02:12:08.0613 4848 Actual detected object count: 0

#11 ahv86

ahv86
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 18 December 2011 - 03:31 AM

Boopme,

Here are the results of the ESET scan: It found 3 threats.

C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\4a14144e-113cfe84 Java/Agent.AC trojan deleted - quarantined
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\242fc677-4529bebf Java/Agent.AC trojan deleted - quarantined
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\50ebbd3e-159014c5 a variant of Java/Agent.AB trojan deleted - quarantined

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:59 AM

Posted 18 December 2011 - 02:21 PM

This looks a lot better. Did you run SAS? How is it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 ahv86

ahv86
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 18 December 2011 - 09:30 PM

Boopme,

Sorry I don't know what an "SAS" is. Can you enlighten me?

Also is it okay to delete those programs that I have downloaded to my desktop now that they have served their purpose scanning my system.

Thanks.

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:59 AM

Posted 18 December 2011 - 10:27 PM

Superantisypware (SAS):

Yes, you can remove them.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 islandgal

islandgal

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 18 December 2011 - 11:23 PM

@ islandgal
Please start another topic of your own as your situation is somewhat diffent than this one. You have a different rootkit..
Also state your Operating syatem,thanks.

Boopme, I did start another topic: fixed: Security 2012, no exe, ping, hoax links, popups
http://www.bleepingcomputer.com/forums/topic433286.html

I solved my problem. But you might be interested to know I run SASPro, and it did not protect me, nor did it detect, in regular or safe mode, any of my problems.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users