Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Think still infected with Win 7 Home Security 2012


  • This topic is locked This topic is locked
8 replies to this topic

#1 joe256

joe256

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 14 January 2012 - 04:38 PM

Hello everyone, I have a Toshiba Satellite laptop running Windows 7 Home that got infected with Win 7 Home Security 2012. I followed the self help instructions posted and can now use Internet Explorer again, but I still think that I am infected because when I download Malwarebytes from my laptop an icon within an icon appears on the malwarebytes desktop icon. I also see the icon within an icon on the Windows firewall. I was using AVG along with the windows firewall but I suspect the windows firewall wasn't enough.

Thanks for your help

BC AdBot (Login to Remove)

 


#2 joe256

joe256
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 22 January 2012 - 05:28 PM

I am sure that I am still infected with Win 7 Home Security 2012 because I found that the windows firewall has been turned off and when I try to turn it on I get an error 0x80070424 which when I do google search says its win 7 home virus.

Thanks

#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:51 AM

Posted 22 January 2012 - 07:45 PM

Hi

Boot the PC into safemode with networking

Update malwarebytes and run a full scan,do the same in normal mode,post the clean log

Download

FSS

Checkmark

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update

Click on "Scan".
Please copy and paste the log to your reply.

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Good luck

#4 joe256

joe256
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 23 January 2012 - 01:00 PM

Hi, here are the logs

(safemode)Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.23.01

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7601.17514
Anita :: ANITA-PC [administrator]

1/22/2012 9:49:27 PM
mbam-log-2012-01-22 (21-49-27).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 271018
Time elapsed: 15 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.23.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Anita :: ANITA-PC [administrator]

1/22/2012 10:14:44 PM
mbam-log-2012-01-22 (22-14-44).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 271434
Time elapsed: 25 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Farbar Service Scanner Version: 18-01-2012 01
Ran by Anita (administrator) on 22-01-2012 at 22:45:17
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-22 22:46:44
-----------------------------
22:46:44.537 OS Version: Windows x64 6.1.7601 Service Pack 1
22:46:44.537 Number of processors: 2 586 0x2A07
22:46:44.537 ComputerName: ANITA-PC UserName: Anita
22:46:47.174 Initialize success
22:49:56.958 AVAST engine defs: 12012201
22:50:08.517 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:50:08.533 Disk 0 Vendor: TOSHIBA_ GT00 Size: 610480MB BusType: 3
22:50:08.549 Disk 0 MBR read successfully
22:50:08.549 Disk 0 MBR scan
22:50:08.564 Disk 0 Windows VISTA default MBR code
22:50:08.580 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
22:50:08.595 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 594921 MB offset 3074048
22:50:08.627 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14058 MB offset 1221472256
22:50:08.642 Service scanning
22:50:11.185 Modules scanning
22:50:11.185 Disk 0 trace - called modules:
22:50:11.232 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:50:11.247 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ad6060]
22:50:11.263 3 CLASSPNP.SYS[fffff8800168c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049d6050]
22:50:13.385 AVAST engine scan C:\windows
22:50:16.317 AVAST engine scan C:\windows\system32
22:51:23.148 AVAST engine scan C:\windows\system32\drivers
22:51:32.882 AVAST engine scan C:\Users\Anita
22:53:18.292 AVAST engine scan C:\ProgramData
22:53:58.337 Scan finished successfully
22:55:18.880 Disk 0 MBR has been saved successfully to "C:\Users\Anita\Desktop\MBR.dat"
22:55:18.880 The log file has been saved successfully to "C:\Users\Anita\Desktop\aswMBR.txt"






#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:51 AM

Posted 23 January 2012 - 01:21 PM

Download

TDSSkiller

Launch it Click on "Scan".Please post the LOG report


Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply




Good luck

Edited by narenxp, 23 January 2012 - 02:03 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:51 PM

Posted 23 January 2012 - 01:54 PM

Hello,There looks to be an infection ,the new TDL4 in the ASW log here....22:50:08.627 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14058 MB offset 1221472256

We need you to start a new topic ..
Please go here....
Preparation Guide .

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Skip the GMER step and post the aswMBR log you posted earlier.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 joe256

joe256
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 23 January 2012 - 06:01 PM

TDSS LOG
16:09:14.0926 2540 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
16:09:15.0176 2540 ============================================================
16:09:15.0176 2540 Current date / time: 2012/01/23 16:09:15.0176
16:09:15.0176 2540 SystemInfo:
16:09:15.0176 2540
16:09:15.0176 2540 OS Version: 6.1.7601 ServicePack: 1.0
16:09:15.0176 2540 Product type: Workstation
16:09:15.0176 2540 ComputerName: ANITA-PC
16:09:15.0176 2540 UserName: Anita
16:09:15.0176 2540 Windows directory: C:\windows
16:09:15.0176 2540 System windows directory: C:\windows
16:09:15.0176 2540 Running under WOW64
16:09:15.0176 2540 Processor architecture: Intel x64
16:09:15.0176 2540 Number of processors: 2
16:09:15.0176 2540 Page size: 0x1000
16:09:15.0176 2540 Boot type: Normal boot
16:09:15.0176 2540 ============================================================
16:09:15.0566 2540 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:09:15.0582 2540 Drive \Device\Harddisk1\DR1 - Size: 0x1DF3FFE00 (7.49 Gb), SectorSize: 0x200, Cylinders: 0x3D1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:09:15.0628 2540 Initialize success
16:09:29.0372 1312 ============================================================
16:09:29.0372 1312 Scan started
16:09:29.0372 1312 Mode: Manual;
16:09:29.0372 1312 ============================================================
16:09:29.0840 1312 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
16:09:29.0856 1312 1394ohci - ok
16:09:30.0183 1312 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
16:09:30.0199 1312 ACPI - ok
16:09:30.0526 1312 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
16:09:30.0526 1312 AcpiPmi - ok
16:09:30.0870 1312 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
16:09:30.0870 1312 adp94xx - ok
16:09:31.0213 1312 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
16:09:31.0213 1312 adpahci - ok
16:09:31.0556 1312 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
16:09:31.0556 1312 adpu320 - ok
16:09:31.0868 1312 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
16:09:31.0884 1312 AFD - ok
16:09:32.0196 1312 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
16:09:32.0196 1312 agp440 - ok
16:09:32.0523 1312 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
16:09:32.0539 1312 aliide - ok
16:09:32.0898 1312 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
16:09:32.0898 1312 amdide - ok
16:09:33.0225 1312 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
16:09:33.0225 1312 AmdK8 - ok
16:09:33.0568 1312 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
16:09:33.0568 1312 AmdPPM - ok
16:09:33.0865 1312 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
16:09:33.0865 1312 amdsata - ok
16:09:34.0192 1312 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
16:09:34.0192 1312 amdsbs - ok
16:09:34.0520 1312 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
16:09:34.0520 1312 amdxata - ok
16:09:34.0863 1312 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
16:09:34.0863 1312 AppID - ok
16:09:35.0191 1312 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
16:09:35.0191 1312 arc - ok
16:09:35.0503 1312 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
16:09:35.0503 1312 arcsas - ok
16:09:35.0830 1312 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
16:09:35.0830 1312 AsyncMac - ok
16:09:36.0158 1312 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
16:09:36.0158 1312 atapi - ok
16:09:36.0548 1312 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys
16:09:36.0548 1312 AVGIDSDriver - ok
16:09:36.0860 1312 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\windows\system32\DRIVERS\AVGIDSEH.Sys
16:09:36.0860 1312 AVGIDSEH - ok
16:09:37.0188 1312 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys
16:09:37.0188 1312 AVGIDSFilter - ok
16:09:37.0515 1312 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\windows\system32\DRIVERS\avgldx64.sys
16:09:37.0515 1312 Avgldx64 - ok
16:09:37.0858 1312 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\windows\system32\DRIVERS\avgmfx64.sys
16:09:37.0858 1312 Avgmfx64 - ok
16:09:38.0186 1312 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\windows\system32\DRIVERS\avgrkx64.sys
16:09:38.0202 1312 Avgrkx64 - ok
16:09:38.0529 1312 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\windows\system32\DRIVERS\avgtdia.sys
16:09:38.0529 1312 Avgtdia - ok
16:09:38.0872 1312 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
16:09:38.0888 1312 b06bdrv - ok
16:09:39.0216 1312 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
16:09:39.0216 1312 b57nd60a - ok
16:09:39.0559 1312 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
16:09:39.0574 1312 Beep - ok
16:09:39.0886 1312 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
16:09:39.0886 1312 blbdrive - ok
16:09:40.0183 1312 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
16:09:40.0183 1312 bowser - ok
16:09:40.0510 1312 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
16:09:40.0510 1312 BrFiltLo - ok
16:09:40.0822 1312 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
16:09:40.0822 1312 BrFiltUp - ok
16:09:41.0150 1312 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
16:09:41.0150 1312 Brserid - ok
16:09:41.0478 1312 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
16:09:41.0478 1312 BrSerWdm - ok
16:09:41.0790 1312 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
16:09:41.0790 1312 BrUsbMdm - ok
16:09:42.0117 1312 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
16:09:42.0117 1312 BrUsbSer - ok
16:09:42.0445 1312 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
16:09:42.0460 1312 BTHMODEM - ok
16:09:42.0835 1312 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
16:09:42.0835 1312 cdfs - ok
16:09:43.0178 1312 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
16:09:43.0178 1312 cdrom - ok
16:09:43.0521 1312 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
16:09:43.0537 1312 circlass - ok
16:09:43.0786 1312 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
16:09:43.0786 1312 CLFS - ok
16:09:44.0145 1312 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
16:09:44.0145 1312 CmBatt - ok
16:09:44.0457 1312 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
16:09:44.0457 1312 cmdide - ok
16:09:44.0800 1312 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys
16:09:44.0816 1312 CNG - ok
16:09:45.0175 1312 CnxtHdAudService (66847c979893a11cfcc2280e772d7ea1) C:\windows\system32\drivers\CHDRT64.sys
16:09:45.0190 1312 CnxtHdAudService - ok
16:09:45.0502 1312 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
16:09:45.0502 1312 Compbatt - ok
16:09:45.0799 1312 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
16:09:45.0799 1312 CompositeBus - ok
16:09:46.0126 1312 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
16:09:46.0126 1312 crcdisk - ok
16:09:46.0485 1312 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
16:09:46.0485 1312 DfsC - ok
16:09:46.0813 1312 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
16:09:46.0813 1312 discache - ok
16:09:47.0172 1312 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
16:09:47.0172 1312 Disk - ok
16:09:47.0484 1312 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
16:09:47.0484 1312 drmkaud - ok
16:09:47.0811 1312 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
16:09:47.0827 1312 DXGKrnl - ok
16:09:48.0279 1312 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
16:09:48.0295 1312 ebdrv - ok
16:09:48.0607 1312 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
16:09:48.0622 1312 elxstor - ok
16:09:48.0919 1312 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
16:09:48.0919 1312 ErrDev - ok
16:09:49.0262 1312 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
16:09:49.0262 1312 exfat - ok
16:09:49.0558 1312 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
16:09:49.0558 1312 fastfat - ok
16:09:49.0870 1312 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
16:09:49.0870 1312 fdc - ok
16:09:50.0214 1312 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
16:09:50.0229 1312 FileInfo - ok
16:09:50.0541 1312 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
16:09:50.0541 1312 Filetrace - ok
16:09:50.0884 1312 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
16:09:50.0884 1312 flpydisk - ok
16:09:51.0181 1312 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
16:09:51.0196 1312 FltMgr - ok
16:09:51.0524 1312 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
16:09:51.0540 1312 FsDepends - ok
16:09:51.0836 1312 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
16:09:51.0836 1312 Fs_Rec - ok
16:09:52.0132 1312 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
16:09:52.0148 1312 fvevol - ok
16:09:52.0491 1312 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
16:09:52.0491 1312 gagp30kx - ok
16:09:52.0881 1312 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
16:09:52.0881 1312 hcw85cir - ok
16:09:53.0193 1312 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
16:09:53.0193 1312 HdAudAddService - ok
16:09:53.0521 1312 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
16:09:53.0521 1312 HDAudBus - ok
16:09:53.0833 1312 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
16:09:53.0833 1312 HidBatt - ok
16:09:54.0129 1312 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
16:09:54.0145 1312 HidBth - ok
16:09:54.0457 1312 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
16:09:54.0457 1312 HidIr - ok
16:09:54.0800 1312 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
16:09:54.0800 1312 HidUsb - ok
16:09:55.0112 1312 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
16:09:55.0112 1312 HpSAMD - ok
16:09:55.0440 1312 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
16:09:55.0455 1312 HTTP - ok
16:09:55.0752 1312 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
16:09:55.0752 1312 hwpolicy - ok
16:09:56.0064 1312 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
16:09:56.0079 1312 i8042prt - ok
16:09:56.0391 1312 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
16:09:56.0407 1312 iaStor - ok
16:09:56.0750 1312 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
16:09:56.0766 1312 iaStorV - ok
16:09:57.0358 1312 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys
16:09:57.0436 1312 igfx - ok
16:09:57.0764 1312 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
16:09:57.0764 1312 iirsp - ok
16:09:58.0123 1312 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
16:09:58.0138 1312 IntcDAud - ok
16:09:58.0482 1312 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
16:09:58.0482 1312 intelide - ok
16:09:58.0856 1312 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
16:09:58.0856 1312 intelppm - ok
16:09:59.0215 1312 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
16:09:59.0215 1312 IpFilterDriver - ok
16:09:59.0542 1312 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
16:09:59.0542 1312 IPMIDRV - ok
16:09:59.0886 1312 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
16:09:59.0886 1312 IPNAT - ok
16:10:00.0229 1312 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
16:10:00.0229 1312 IRENUM - ok
16:10:00.0588 1312 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
16:10:00.0588 1312 isapnp - ok
16:10:00.0946 1312 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
16:10:00.0946 1312 iScsiPrt - ok
16:10:01.0290 1312 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
16:10:01.0290 1312 kbdclass - ok
16:10:01.0633 1312 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
16:10:01.0633 1312 kbdhid - ok
16:10:01.0976 1312 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys
16:10:01.0976 1312 KSecDD - ok
16:10:02.0319 1312 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys
16:10:02.0319 1312 KSecPkg - ok
16:10:02.0662 1312 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
16:10:02.0662 1312 ksthunk - ok
16:10:03.0006 1312 L1C (ebed8b3ff4a823c1a6eebeed7b29353f) C:\windows\system32\DRIVERS\L1C62x64.sys
16:10:03.0006 1312 L1C - ok
16:10:03.0396 1312 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
16:10:03.0396 1312 lltdio - ok
16:10:03.0817 1312 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
16:10:03.0832 1312 LSI_FC - ok
16:10:04.0176 1312 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
16:10:04.0191 1312 LSI_SAS - ok
16:10:04.0550 1312 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
16:10:04.0550 1312 LSI_SAS2 - ok
16:10:04.0909 1312 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
16:10:04.0909 1312 LSI_SCSI - ok
16:10:05.0268 1312 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
16:10:05.0268 1312 luafv - ok
16:10:05.0611 1312 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
16:10:05.0611 1312 megasas - ok
16:10:05.0970 1312 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
16:10:05.0970 1312 MegaSR - ok
16:10:06.0328 1312 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
16:10:06.0328 1312 MEIx64 - ok
16:10:06.0703 1312 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
16:10:06.0703 1312 Modem - ok
16:10:07.0062 1312 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
16:10:07.0077 1312 monitor - ok
16:10:07.0436 1312 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
16:10:07.0436 1312 mouclass - ok
16:10:07.0795 1312 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
16:10:07.0795 1312 mouhid - ok
16:10:08.0154 1312 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
16:10:08.0154 1312 mountmgr - ok
16:10:08.0497 1312 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
16:10:08.0497 1312 mpio - ok
16:10:08.0856 1312 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
16:10:08.0856 1312 mpsdrv - ok
16:10:09.0199 1312 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
16:10:09.0199 1312 MRxDAV - ok
16:10:09.0526 1312 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
16:10:09.0542 1312 mrxsmb - ok
16:10:09.0885 1312 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
16:10:09.0885 1312 mrxsmb10 - ok
16:10:10.0197 1312 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
16:10:10.0197 1312 mrxsmb20 - ok
16:10:10.0572 1312 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
16:10:10.0572 1312 msahci - ok
16:10:10.0899 1312 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
16:10:10.0899 1312 msdsm - ok
16:10:11.0242 1312 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
16:10:11.0242 1312 Msfs - ok
16:10:11.0570 1312 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
16:10:11.0570 1312 mshidkmdf - ok
16:10:11.0913 1312 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
16:10:11.0929 1312 msisadrv - ok
16:10:12.0288 1312 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
16:10:12.0303 1312 MSKSSRV - ok
16:10:12.0662 1312 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
16:10:12.0662 1312 MSPCLOCK - ok
16:10:13.0021 1312 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
16:10:13.0021 1312 MSPQM - ok
16:10:13.0364 1312 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
16:10:13.0364 1312 MsRPC - ok
16:10:13.0723 1312 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
16:10:13.0723 1312 mssmbios - ok
16:10:14.0066 1312 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
16:10:14.0066 1312 MSTEE - ok
16:10:14.0409 1312 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
16:10:14.0409 1312 MTConfig - ok
16:10:14.0784 1312 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
16:10:14.0784 1312 Mup - ok
16:10:15.0142 1312 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
16:10:15.0142 1312 NativeWifiP - ok
16:10:15.0517 1312 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
16:10:15.0532 1312 NDIS - ok
16:10:15.0876 1312 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
16:10:15.0876 1312 NdisCap - ok
16:10:16.0219 1312 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
16:10:16.0234 1312 NdisTapi - ok
16:10:16.0640 1312 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
16:10:16.0640 1312 Ndisuio - ok
16:10:16.0983 1312 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
16:10:16.0983 1312 NdisWan - ok
16:10:17.0342 1312 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
16:10:17.0342 1312 NDProxy - ok
16:10:17.0670 1312 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
16:10:17.0670 1312 NetBIOS - ok
16:10:17.0997 1312 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
16:10:17.0997 1312 NetBT - ok
16:10:18.0387 1312 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
16:10:18.0387 1312 nfrd960 - ok
16:10:18.0777 1312 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
16:10:18.0777 1312 Npfs - ok
16:10:19.0136 1312 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
16:10:19.0136 1312 nsiproxy - ok
16:10:19.0542 1312 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
16:10:19.0573 1312 Ntfs - ok
16:10:19.0885 1312 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
16:10:19.0885 1312 Null - ok
16:10:20.0244 1312 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
16:10:20.0244 1312 nvraid - ok
16:10:20.0602 1312 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
16:10:20.0602 1312 nvstor - ok
16:10:20.0930 1312 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
16:10:20.0930 1312 nv_agp - ok
16:10:21.0273 1312 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
16:10:21.0273 1312 ohci1394 - ok
16:10:21.0616 1312 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
16:10:21.0616 1312 Parport - ok
16:10:21.0928 1312 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
16:10:21.0928 1312 partmgr - ok
16:10:22.0318 1312 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
16:10:22.0318 1312 pci - ok
16:10:22.0662 1312 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
16:10:22.0662 1312 pciide - ok
16:10:22.0989 1312 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
16:10:23.0005 1312 pcmcia - ok
16:10:23.0348 1312 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
16:10:23.0348 1312 pcw - ok
16:10:23.0707 1312 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
16:10:23.0707 1312 PEAUTH - ok
16:10:24.0066 1312 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
16:10:24.0066 1312 PGEffect - ok
16:10:24.0471 1312 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
16:10:24.0471 1312 PptpMiniport - ok
16:10:24.0814 1312 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
16:10:24.0814 1312 Processor - ok
16:10:25.0173 1312 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
16:10:25.0173 1312 Psched - ok
16:10:25.0516 1312 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
16:10:25.0516 1312 QIOMem - ok
16:10:25.0906 1312 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
16:10:25.0922 1312 ql2300 - ok
16:10:26.0296 1312 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
16:10:26.0312 1312 ql40xx - ok
16:10:26.0640 1312 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
16:10:26.0640 1312 QWAVEdrv - ok
16:10:26.0983 1312 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
16:10:26.0983 1312 RasAcd - ok
16:10:27.0342 1312 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
16:10:27.0342 1312 RasAgileVpn - ok
16:10:27.0669 1312 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
16:10:27.0685 1312 Rasl2tp - ok
16:10:28.0028 1312 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
16:10:28.0044 1312 RasPppoe - ok
16:10:28.0434 1312 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
16:10:28.0434 1312 RasSstp - ok
16:10:28.0777 1312 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
16:10:28.0792 1312 rdbss - ok
16:10:29.0120 1312 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
16:10:29.0120 1312 rdpbus - ok
16:10:29.0510 1312 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
16:10:29.0510 1312 RDPCDD - ok
16:10:29.0853 1312 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
16:10:29.0853 1312 RDPENCDD - ok
16:10:30.0197 1312 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
16:10:30.0197 1312 RDPREFMP - ok
16:10:30.0555 1312 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
16:10:30.0555 1312 RDPWD - ok
16:10:30.0899 1312 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
16:10:30.0899 1312 rdyboost - ok
16:10:31.0289 1312 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
16:10:31.0289 1312 rspndr - ok
16:10:31.0632 1312 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\windows\system32\Drivers\RtsUStor.sys
16:10:31.0647 1312 RSUSBSTOR - ok
16:10:31.0975 1312 RSUSBVSTOR (e54a5586a28d0630a79a68bbab84bfcf) C:\windows\system32\Drivers\RTSUVSTOR.sys
16:10:31.0991 1312 RSUSBVSTOR - ok
16:10:32.0381 1312 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
16:10:32.0396 1312 RTL8192Ce - ok
16:10:32.0755 1312 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
16:10:32.0755 1312 sbp2port - ok
16:10:33.0114 1312 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
16:10:33.0114 1312 scfilter - ok
16:10:33.0473 1312 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
16:10:33.0473 1312 secdrv - ok
16:10:33.0831 1312 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
16:10:33.0831 1312 Serenum - ok
16:10:34.0159 1312 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
16:10:34.0159 1312 Serial - ok
16:10:34.0549 1312 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
16:10:34.0549 1312 sermouse - ok
16:10:34.0923 1312 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
16:10:34.0923 1312 sffdisk - ok
16:10:35.0267 1312 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
16:10:35.0267 1312 sffp_mmc - ok
16:10:35.0579 1312 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
16:10:35.0594 1312 sffp_sd - ok
16:10:35.0906 1312 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
16:10:35.0906 1312 sfloppy - ok
16:10:36.0234 1312 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
16:10:36.0234 1312 SiSRaid2 - ok
16:10:36.0561 1312 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
16:10:36.0561 1312 SiSRaid4 - ok
16:10:36.0951 1312 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
16:10:36.0967 1312 Smb - ok
16:10:37.0310 1312 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
16:10:37.0310 1312 spldr - ok
16:10:37.0669 1312 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
16:10:37.0669 1312 srv - ok
16:10:38.0028 1312 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
16:10:38.0028 1312 srv2 - ok
16:10:38.0449 1312 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS
16:10:38.0449 1312 SrvHsfHDA - ok
16:10:38.0839 1312 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS
16:10:38.0855 1312 SrvHsfV92 - ok
16:10:39.0213 1312 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS
16:10:39.0213 1312 SrvHsfWinac - ok
16:10:39.0541 1312 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
16:10:39.0541 1312 srvnet - ok
16:10:39.0915 1312 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
16:10:39.0915 1312 stexstor - ok
16:10:40.0259 1312 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
16:10:40.0259 1312 swenum - ok
16:10:40.0649 1312 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
16:10:40.0649 1312 SynTP - ok
16:10:41.0054 1312 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
16:10:41.0070 1312 Tcpip - ok
16:10:41.0475 1312 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
16:10:41.0491 1312 TCPIP6 - ok
16:10:41.0834 1312 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
16:10:41.0834 1312 tcpipreg - ok
16:10:42.0162 1312 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
16:10:42.0162 1312 tdcmdpst - ok
16:10:42.0521 1312 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
16:10:42.0521 1312 TDPIPE - ok
16:10:42.0864 1312 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
16:10:42.0864 1312 TDTCP - ok
16:10:43.0238 1312 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
16:10:43.0238 1312 tdx - ok
16:10:43.0597 1312 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
16:10:43.0597 1312 TermDD - ok
16:10:44.0049 1312 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
16:10:44.0065 1312 tos_sps64 - ok
16:10:44.0408 1312 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
16:10:44.0424 1312 tssecsrv - ok
16:10:44.0783 1312 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
16:10:44.0783 1312 TsUsbFlt - ok
16:10:45.0095 1312 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
16:10:45.0095 1312 TsUsbGD - ok
16:10:45.0453 1312 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
16:10:45.0453 1312 tunnel - ok
16:10:45.0797 1312 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
16:10:45.0797 1312 TVALZ - ok
16:10:46.0109 1312 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
16:10:46.0109 1312 TVALZFL - ok
16:10:46.0452 1312 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
16:10:46.0467 1312 uagp35 - ok
16:10:46.0826 1312 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
16:10:46.0842 1312 udfs - ok
16:10:47.0201 1312 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
16:10:47.0201 1312 uliagpkx - ok
16:10:47.0544 1312 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
16:10:47.0544 1312 umbus - ok
16:10:47.0887 1312 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
16:10:47.0903 1312 UmPass - ok
16:10:48.0261 1312 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
16:10:48.0261 1312 usbccgp - ok
16:10:48.0620 1312 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
16:10:48.0620 1312 usbcir - ok
16:10:48.0979 1312 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
16:10:48.0979 1312 usbehci - ok
16:10:49.0338 1312 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
16:10:49.0338 1312 usbhub - ok
16:10:49.0681 1312 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
16:10:49.0681 1312 usbohci - ok
16:10:50.0009 1312 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
16:10:50.0009 1312 usbprint - ok
16:10:50.0336 1312 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
16:10:50.0336 1312 usbscan - ok
16:10:50.0664 1312 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
16:10:50.0679 1312 USBSTOR - ok
16:10:51.0054 1312 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
16:10:51.0054 1312 usbuhci - ok
16:10:51.0381 1312 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
16:10:51.0381 1312 usbvideo - ok
16:10:51.0740 1312 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
16:10:51.0740 1312 vdrvroot - ok
16:10:52.0083 1312 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
16:10:52.0083 1312 vga - ok
16:10:52.0442 1312 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
16:10:52.0442 1312 VgaSave - ok
16:10:52.0785 1312 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
16:10:52.0785 1312 vhdmp - ok
16:10:53.0129 1312 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
16:10:53.0129 1312 viaide - ok
16:10:53.0487 1312 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
16:10:53.0487 1312 volmgr - ok
16:10:53.0815 1312 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
16:10:53.0831 1312 volmgrx - ok
16:10:54.0174 1312 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
16:10:54.0174 1312 volsnap - ok
16:10:54.0548 1312 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
16:10:54.0564 1312 vsmraid - ok
16:10:54.0891 1312 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
16:10:54.0891 1312 vwifibus - ok
16:10:55.0235 1312 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
16:10:55.0235 1312 vwififlt - ok
16:10:55.0578 1312 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
16:10:55.0578 1312 WacomPen - ok
16:10:55.0905 1312 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
16:10:55.0905 1312 WANARP - ok
16:10:55.0921 1312 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
16:10:55.0937 1312 Wanarpv6 - ok
16:10:56.0295 1312 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
16:10:56.0295 1312 Wd - ok
16:10:56.0685 1312 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
16:10:56.0685 1312 Wdf01000 - ok
16:10:57.0044 1312 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
16:10:57.0060 1312 WfpLwf - ok
16:10:57.0387 1312 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
16:10:57.0387 1312 WIMMount - ok
16:10:57.0762 1312 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
16:10:57.0762 1312 WmiAcpi - ok
16:10:58.0136 1312 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
16:10:58.0152 1312 ws2ifsl - ok
16:10:58.0495 1312 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
16:10:58.0511 1312 WudfPf - ok
16:10:58.0854 1312 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
16:10:58.0854 1312 WUDFRd - ok
16:10:58.0901 1312 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
16:10:58.0963 1312 \Device\Harddisk0\DR0 - ok
16:10:58.0963 1312 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
16:10:58.0979 1312 \Device\Harddisk1\DR1 - ok
16:10:58.0994 1312 Boot (0x1200) (4eb1e2b90bed742042faa8a67b61b3ec) \Device\Harddisk0\DR0\Partition0
16:10:58.0994 1312 \Device\Harddisk0\DR0\Partition0 - ok
16:10:58.0994 1312 Boot (0x1200) (2db204d1fcb1fc7a5e297421f3cee72c) \Device\Harddisk1\DR1\Partition0
16:10:58.0994 1312 \Device\Harddisk1\DR1\Partition0 - ok
16:10:58.0994 1312 ============================================================
16:10:58.0994 1312 Scan finished
16:10:58.0994 1312 ============================================================
16:10:59.0010 3340 Detected object count: 0
16:10:59.0010 3340 Actual detected object count: 0

ESET LOG
C:\Users\Anita\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\7b2707d0-265e71ea a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\Anita\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\d189d59-52b940d1 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\Anita\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\8f389dd-669f81f8 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\Anita\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1ae524e4-4490a646 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\Anita\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\154d9fe9-592fcd78 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\Anita\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\3efb53a-29154496 a variant of Java/TrojanDownloader.Agent.NDJ trojan


Should I check mark to allow ESET to remove these threats ?

Thanks














#8 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:51 PM

Posted 23 January 2012 - 08:16 PM

Hello,There looks to be an infection ,the new TDL4 in the ASW log here....22:50:08.627 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14058 MB offset 1221472256

We need you to start a new topic ..
Please go here....
Preparation Guide .

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Skip the GMER step and post the aswMBR log you posted earlier.

Let me know if that went well.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:51 PM

Posted 23 January 2012 - 09:50 PM

Thank you!

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 5 days and ALL logs are amswered.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users