Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Check Virus Need help


  • Please log in to reply
9 replies to this topic

#1 Avatarvicous

Avatarvicous

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 23 January 2012 - 08:57 AM

I have recently come across the system check virus...Annoying little bat. I have followed your guide. However It remains in my system Malwarebytes either 1 fails to remove it or 2 Fails to recognize it is there. I will be online again in about 20 hours or so. Obviously no rush But can I get personalized help resolving this formidable issue?

Standard symptoms aka Random System error messages of critical failure Hidden icons so on so forth. Windows Vista.

Also I have ran the root removal tool and found but only 1 on 2 seperate occasions(2 total). It almost feels like It keeps duplicating somehow.

Not sure if it helps but here is an Rkill log. When I first ran it and removed only the top one was detected on a second attempt to remove the second showed up.


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 01/23/2012 at 8:01:28.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:

C:\ProgramData\ScFifFUnavADgjd.exe
C:\ProgramData\lGNHMZoAGVm3e4.exe


Rkill completed on 01/23/2012 at 8:01:34.

Edited by Avatarvicous, 23 January 2012 - 09:03 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:41 AM

Posted 23 January 2012 - 12:05 PM

Post your malwarebytes log

Download

TDSSkiller

Launch it Click on "Scan".Please post the LOG report



Please download GMER from here

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 Avatarvicous

Avatarvicous
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 23 January 2012 - 04:55 PM

Mbam log

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.23.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
John :: JOHN-PC [administrator]

Protection: Enabled

1/23/2012 1:10:54 AM
mbam-log-2012-01-23 (01-10-54).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 268674
Time elapsed: 1 hour(s), 12 minute(s), 32 second(s) [aborted]

Memory Processes Detected: 1
C:\ProgramData\pA5afXumYhsIR1.exe (Rogue.FakeAlert) -> 3548 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\ProgramData\pA5afXumYhsIR1.exe (Rogue.FakeAlert) -> Delete on reboot.

(end)




TDSS Log

15:49:56.0903 3216 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
15:49:57.0358 3216 ============================================================
15:49:57.0358 3216 Current date / time: 2012/01/23 15:49:57.0358
15:49:57.0358 3216 SystemInfo:
15:49:57.0358 3216
15:49:57.0358 3216 OS Version: 6.0.6002 ServicePack: 2.0
15:49:57.0358 3216 Product type: Workstation
15:49:57.0358 3216 ComputerName: JOHN-PC
15:49:57.0359 3216 UserName: John
15:49:57.0359 3216 Windows directory: C:\Windows
15:49:57.0359 3216 System windows directory: C:\Windows
15:49:57.0359 3216 Processor architecture: Intel x86
15:49:57.0359 3216 Number of processors: 3
15:49:57.0359 3216 Page size: 0x1000
15:49:57.0359 3216 Boot type: Normal boot
15:49:57.0359 3216 ============================================================
15:49:58.0455 3216 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:49:58.0600 3216 Initialize success
15:49:59.0644 2988 ============================================================
15:49:59.0644 2988 Scan started
15:49:59.0644 2988 Mode: Manual;
15:49:59.0644 2988 ============================================================
15:50:01.0324 2988 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:50:01.0327 2988 ACPI - ok
15:50:01.0376 2988 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
15:50:01.0382 2988 adp94xx - ok
15:50:01.0396 2988 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
15:50:01.0400 2988 adpahci - ok
15:50:01.0420 2988 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
15:50:01.0421 2988 adpu160m - ok
15:50:01.0433 2988 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
15:50:01.0435 2988 adpu320 - ok
15:50:01.0526 2988 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:50:01.0638 2988 AFD - ok
15:50:01.0661 2988 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
15:50:01.0662 2988 agp440 - ok
15:50:01.0692 2988 ahcix86s (844a6734e8bb3530fb1444ed698087bd) C:\Windows\system32\DRIVERS\ahcix86s.sys
15:50:01.0694 2988 ahcix86s - ok
15:50:01.0705 2988 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:50:01.0707 2988 aic78xx - ok
15:50:01.0731 2988 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
15:50:01.0732 2988 aliide - ok
15:50:01.0782 2988 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
15:50:01.0783 2988 amdagp - ok
15:50:01.0814 2988 amdide (f12456ad77b1c32d8c5ca51927872850) C:\Windows\system32\DRIVERS\amdide.sys
15:50:01.0815 2988 amdide - ok
15:50:01.0829 2988 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
15:50:01.0831 2988 AmdK7 - ok
15:50:01.0842 2988 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
15:50:01.0843 2988 AmdK8 - ok
15:50:01.0996 2988 amdkmdag (c22bdfcbed2596692096f85a9bf54358) C:\Windows\system32\DRIVERS\atikmdag.sys
15:50:02.0097 2988 amdkmdag - ok
15:50:02.0136 2988 amdkmdap (cc6a16ce23dbc94a59f8e821558d5754) C:\Windows\system32\DRIVERS\atikmpag.sys
15:50:02.0139 2988 amdkmdap - ok
15:50:02.0187 2988 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
15:50:02.0189 2988 arc - ok
15:50:02.0207 2988 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
15:50:02.0208 2988 arcsas - ok
15:50:02.0258 2988 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:50:02.0259 2988 AsyncMac - ok
15:50:02.0279 2988 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:50:02.0281 2988 atapi - ok
15:50:02.0349 2988 AtiHdmiService (d7672d90ef03d0e2efdb02df5045a359) C:\Windows\system32\drivers\AtiHdmi.sys
15:50:02.0351 2988 AtiHdmiService - ok
15:50:02.0469 2988 atikmdag (c22bdfcbed2596692096f85a9bf54358) C:\Windows\system32\DRIVERS\atikmdag.sys
15:50:02.0535 2988 atikmdag - ok
15:50:02.0570 2988 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
15:50:02.0571 2988 AtiPcie - ok
15:50:02.0595 2988 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:50:02.0596 2988 Beep - ok
15:50:02.0636 2988 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
15:50:02.0637 2988 blbdrive - ok
15:50:02.0671 2988 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:50:02.0672 2988 bowser - ok
15:50:02.0695 2988 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:50:02.0696 2988 BrFiltLo - ok
15:50:02.0711 2988 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:50:02.0712 2988 BrFiltUp - ok
15:50:02.0735 2988 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:50:02.0737 2988 Brserid - ok
15:50:02.0755 2988 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:50:02.0756 2988 BrSerWdm - ok
15:50:02.0768 2988 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:50:02.0769 2988 BrUsbMdm - ok
15:50:02.0776 2988 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:50:02.0777 2988 BrUsbSer - ok
15:50:02.0793 2988 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:50:02.0794 2988 BTHMODEM - ok
15:50:02.0820 2988 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:50:02.0822 2988 cdfs - ok
15:50:02.0861 2988 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:50:02.0861 2988 cdrom - ok
15:50:02.0877 2988 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
15:50:02.0879 2988 circlass - ok
15:50:02.0914 2988 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:50:02.0918 2988 CLFS - ok
15:50:02.0945 2988 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
15:50:02.0946 2988 cmdide - ok
15:50:02.0954 2988 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
15:50:02.0955 2988 Compbatt - ok
15:50:02.0966 2988 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
15:50:02.0967 2988 crcdisk - ok
15:50:02.0989 2988 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
15:50:02.0990 2988 Crusoe - ok
15:50:03.0015 2988 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:50:03.0016 2988 DfsC - ok
15:50:03.0059 2988 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:50:03.0060 2988 disk - ok
15:50:03.0112 2988 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
15:50:03.0114 2988 Dot4 - ok
15:50:03.0144 2988 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:50:03.0145 2988 Dot4Print - ok
15:50:03.0179 2988 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
15:50:03.0180 2988 dot4usb - ok
15:50:03.0235 2988 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:50:03.0236 2988 drmkaud - ok
15:50:03.0283 2988 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
15:50:03.0306 2988 DXGKrnl - ok
15:50:03.0352 2988 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:50:03.0355 2988 E1G60 - ok
15:50:03.0453 2988 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:50:03.0469 2988 Ecache - ok
15:50:03.0495 2988 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
15:50:03.0500 2988 elxstor - ok
15:50:03.0513 2988 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
15:50:03.0514 2988 ErrDev - ok
15:50:03.0566 2988 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:50:03.0568 2988 exfat - ok
15:50:03.0608 2988 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:50:03.0610 2988 fastfat - ok
15:50:03.0626 2988 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
15:50:03.0627 2988 fdc - ok
15:50:03.0647 2988 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:50:03.0648 2988 FileInfo - ok
15:50:03.0664 2988 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:50:03.0665 2988 Filetrace - ok
15:50:03.0691 2988 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:50:03.0692 2988 flpydisk - ok
15:50:03.0714 2988 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:50:03.0716 2988 FltMgr - ok
15:50:03.0750 2988 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:50:03.0751 2988 Fs_Rec - ok
15:50:03.0763 2988 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
15:50:03.0765 2988 gagp30kx - ok
15:50:03.0787 2988 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:50:03.0788 2988 GEARAspiWDM - ok
15:50:03.0840 2988 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
15:50:03.0843 2988 HdAudAddService - ok
15:50:03.0887 2988 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:50:03.0897 2988 HDAudBus - ok
15:50:03.0917 2988 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:50:03.0918 2988 HidBth - ok
15:50:03.0925 2988 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:50:03.0927 2988 HidIr - ok
15:50:03.0958 2988 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
15:50:03.0959 2988 HidUsb - ok
15:50:03.0991 2988 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
15:50:03.0992 2988 HpCISSs - ok
15:50:04.0106 2988 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
15:50:04.0112 2988 HTTP - ok
15:50:04.0127 2988 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
15:50:04.0128 2988 i2omp - ok
15:50:04.0167 2988 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:50:04.0169 2988 i8042prt - ok
15:50:04.0189 2988 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
15:50:04.0192 2988 iaStorV - ok
15:50:04.0223 2988 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:50:04.0224 2988 iirsp - ok
15:50:04.0298 2988 IntcAzAudAddService (98fb74ec7f46e25ec082f1925eef39cd) C:\Windows\system32\drivers\RTKVHDA.sys
15:50:04.0343 2988 IntcAzAudAddService - ok
15:50:04.0378 2988 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:50:04.0379 2988 intelide - ok
15:50:04.0399 2988 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:50:04.0400 2988 intelppm - ok
15:50:04.0452 2988 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:50:04.0453 2988 IpFilterDriver - ok
15:50:04.0464 2988 IpInIp - ok
15:50:04.0521 2988 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
15:50:04.0536 2988 IPMIDRV - ok
15:50:04.0556 2988 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:50:04.0558 2988 IPNAT - ok
15:50:04.0573 2988 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:50:04.0574 2988 IRENUM - ok
15:50:04.0586 2988 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
15:50:04.0588 2988 isapnp - ok
15:50:04.0628 2988 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:50:04.0631 2988 iScsiPrt - ok
15:50:04.0647 2988 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:50:04.0648 2988 iteatapi - ok
15:50:04.0660 2988 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:50:04.0662 2988 iteraid - ok
15:50:04.0699 2988 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:50:04.0700 2988 kbdclass - ok
15:50:04.0718 2988 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
15:50:04.0719 2988 kbdhid - ok
15:50:04.0780 2988 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
15:50:04.0785 2988 KSecDD - ok
15:50:04.0825 2988 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:50:04.0827 2988 lltdio - ok
15:50:04.0868 2988 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
15:50:04.0870 2988 LSI_FC - ok
15:50:04.0891 2988 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
15:50:04.0893 2988 LSI_SAS - ok
15:50:04.0923 2988 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
15:50:04.0925 2988 LSI_SCSI - ok
15:50:04.0942 2988 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:50:04.0943 2988 luafv - ok
15:50:04.0988 2988 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
15:50:04.0989 2988 MBAMProtector - ok
15:50:05.0015 2988 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
15:50:05.0016 2988 MBAMSwissArmy - ok
15:50:05.0051 2988 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
15:50:05.0053 2988 megasas - ok
15:50:05.0076 2988 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
15:50:05.0082 2988 MegaSR - ok
15:50:05.0110 2988 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:50:05.0111 2988 Modem - ok
15:50:05.0126 2988 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:50:05.0127 2988 monitor - ok
15:50:05.0157 2988 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:50:05.0158 2988 mouclass - ok
15:50:05.0174 2988 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:50:05.0175 2988 mouhid - ok
15:50:05.0193 2988 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:50:05.0195 2988 MountMgr - ok
15:50:05.0220 2988 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
15:50:05.0222 2988 mpio - ok
15:50:05.0254 2988 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:50:05.0255 2988 mpsdrv - ok
15:50:05.0272 2988 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:50:05.0273 2988 Mraid35x - ok
15:50:05.0311 2988 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:50:05.0313 2988 MRxDAV - ok
15:50:05.0348 2988 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:50:05.0350 2988 mrxsmb - ok
15:50:05.0383 2988 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:50:05.0386 2988 mrxsmb10 - ok
15:50:05.0405 2988 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:50:05.0407 2988 mrxsmb20 - ok
15:50:05.0426 2988 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
15:50:05.0427 2988 msahci - ok
15:50:05.0460 2988 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
15:50:05.0462 2988 msdsm - ok
15:50:05.0510 2988 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:50:05.0511 2988 Msfs - ok
15:50:05.0538 2988 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:50:05.0539 2988 msisadrv - ok
15:50:05.0560 2988 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:50:05.0561 2988 MSKSSRV - ok
15:50:05.0587 2988 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:50:05.0588 2988 MSPCLOCK - ok
15:50:05.0597 2988 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:50:05.0598 2988 MSPQM - ok
15:50:05.0738 2988 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:50:05.0758 2988 MsRPC - ok
15:50:05.0792 2988 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:50:05.0792 2988 mssmbios - ok
15:50:05.0806 2988 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:50:05.0807 2988 MSTEE - ok
15:50:05.0826 2988 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:50:05.0828 2988 Mup - ok
15:50:05.0879 2988 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:50:05.0898 2988 NativeWifiP - ok
15:50:05.0933 2988 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:50:05.0940 2988 NDIS - ok
15:50:05.0962 2988 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:50:05.0963 2988 NdisTapi - ok
15:50:05.0992 2988 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:50:05.0993 2988 Ndisuio - ok
15:50:06.0012 2988 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:50:06.0014 2988 NdisWan - ok
15:50:06.0022 2988 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:50:06.0023 2988 NDProxy - ok
15:50:06.0045 2988 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:50:06.0046 2988 NetBIOS - ok
15:50:06.0067 2988 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:50:06.0069 2988 netbt - ok
15:50:06.0106 2988 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:50:06.0107 2988 nfrd960 - ok
15:50:06.0118 2988 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:50:06.0119 2988 Npfs - ok
15:50:06.0132 2988 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:50:06.0133 2988 nsiproxy - ok
15:50:06.0281 2988 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:50:06.0304 2988 Ntfs - ok
15:50:06.0369 2988 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:50:06.0370 2988 ntrigdigi - ok
15:50:06.0384 2988 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:50:06.0385 2988 Null - ok
15:50:06.0399 2988 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
15:50:06.0401 2988 nvraid - ok
15:50:06.0416 2988 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
15:50:06.0418 2988 nvstor - ok
15:50:06.0438 2988 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
15:50:06.0440 2988 nv_agp - ok
15:50:06.0447 2988 NwlnkFlt - ok
15:50:06.0457 2988 NwlnkFwd - ok
15:50:06.0496 2988 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
15:50:06.0497 2988 ohci1394 - ok
15:50:06.0515 2988 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:50:06.0517 2988 Parport - ok
15:50:06.0552 2988 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
15:50:06.0572 2988 partmgr - ok
15:50:06.0598 2988 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:50:06.0609 2988 Parvdm - ok
15:50:06.0694 2988 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:50:06.0720 2988 pci - ok
15:50:06.0743 2988 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
15:50:06.0744 2988 pciide - ok
15:50:06.0764 2988 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
15:50:06.0767 2988 pcmcia - ok
15:50:06.0814 2988 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:50:06.0837 2988 PEAUTH - ok
15:50:06.0907 2988 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:50:06.0909 2988 PptpMiniport - ok
15:50:06.0922 2988 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
15:50:06.0924 2988 Processor - ok
15:50:06.0942 2988 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:50:06.0944 2988 PSched - ok
15:50:06.0978 2988 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
15:50:07.0001 2988 ql2300 - ok
15:50:07.0018 2988 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:50:07.0020 2988 ql40xx - ok
15:50:07.0041 2988 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:50:07.0042 2988 QWAVEdrv - ok
15:50:07.0052 2988 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:50:07.0053 2988 RasAcd - ok
15:50:07.0082 2988 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:50:07.0084 2988 Rasl2tp - ok
15:50:07.0208 2988 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:50:07.0209 2988 RasPppoe - ok
15:50:07.0223 2988 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:50:07.0225 2988 RasSstp - ok
15:50:07.0270 2988 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:50:07.0273 2988 rdbss - ok
15:50:07.0284 2988 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:50:07.0285 2988 RDPCDD - ok
15:50:07.0303 2988 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
15:50:07.0306 2988 rdpdr - ok
15:50:07.0314 2988 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:50:07.0315 2988 RDPENCDD - ok
15:50:07.0346 2988 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
15:50:07.0349 2988 RDPWD - ok
15:50:07.0374 2988 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:50:07.0376 2988 rspndr - ok
15:50:07.0417 2988 RTL8169 (abbe0f54ba3a378262c9cb86cf7d91f8) C:\Windows\system32\DRIVERS\Rtlh86.sys
15:50:07.0419 2988 RTL8169 - ok
15:50:07.0477 2988 RzSynapse (2e2f0d988f6d46e5e5e84d9fcad39081) C:\Windows\system32\DRIVERS\RzSynapse.sys
15:50:07.0479 2988 RzSynapse - ok
15:50:07.0511 2988 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:50:07.0513 2988 sbp2port - ok
15:50:07.0531 2988 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:50:07.0532 2988 secdrv - ok
15:50:07.0560 2988 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
15:50:07.0561 2988 Serenum - ok
15:50:07.0577 2988 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
15:50:07.0578 2988 Serial - ok
15:50:07.0596 2988 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:50:07.0597 2988 sermouse - ok
15:50:07.0620 2988 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
15:50:07.0621 2988 sffdisk - ok
15:50:07.0638 2988 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
15:50:07.0639 2988 sffp_mmc - ok
15:50:07.0648 2988 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
15:50:07.0649 2988 sffp_sd - ok
15:50:07.0668 2988 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:50:07.0669 2988 sfloppy - ok
15:50:07.0695 2988 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
15:50:07.0696 2988 sisagp - ok
15:50:07.0710 2988 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
15:50:07.0712 2988 SiSRaid2 - ok
15:50:07.0726 2988 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
15:50:07.0728 2988 SiSRaid4 - ok
15:50:07.0769 2988 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
15:50:07.0770 2988 Smb - ok
15:50:07.0810 2988 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:50:07.0812 2988 spldr - ok
15:50:07.0946 2988 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:50:07.0958 2988 srv - ok
15:50:07.0993 2988 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:50:07.0995 2988 srv2 - ok
15:50:08.0017 2988 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:50:08.0019 2988 srvnet - ok
15:50:08.0064 2988 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
15:50:08.0072 2988 sscdbus - ok
15:50:08.0171 2988 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:50:08.0172 2988 swenum - ok
15:50:08.0191 2988 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:50:08.0192 2988 Symc8xx - ok
15:50:08.0211 2988 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:50:08.0212 2988 Sym_hi - ok
15:50:08.0227 2988 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:50:08.0228 2988 Sym_u3 - ok
15:50:08.0283 2988 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
15:50:08.0306 2988 Tcpip - ok
15:50:08.0358 2988 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
15:50:08.0365 2988 Tcpip6 - ok
15:50:08.0397 2988 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
15:50:08.0399 2988 tcpipreg - ok
15:50:08.0428 2988 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:50:08.0429 2988 TDPIPE - ok
15:50:08.0448 2988 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:50:08.0449 2988 TDTCP - ok
15:50:08.0475 2988 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:50:08.0477 2988 tdx - ok
15:50:08.0503 2988 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:50:08.0504 2988 TermDD - ok
15:50:08.0542 2988 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:50:08.0543 2988 tssecsrv - ok
15:50:08.0575 2988 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:50:08.0576 2988 tunmp - ok
15:50:08.0602 2988 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
15:50:08.0604 2988 tunnel - ok
15:50:08.0628 2988 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
15:50:08.0629 2988 uagp35 - ok
15:50:08.0654 2988 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:50:08.0658 2988 udfs - ok
15:50:08.0689 2988 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
15:50:08.0691 2988 uliagpkx - ok
15:50:08.0717 2988 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
15:50:08.0721 2988 uliahci - ok
15:50:08.0745 2988 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:50:08.0747 2988 UlSata - ok
15:50:08.0771 2988 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:50:08.0773 2988 ulsata2 - ok
15:50:08.0793 2988 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:50:08.0794 2988 umbus - ok
15:50:08.0854 2988 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
15:50:08.0877 2988 usbaudio - ok
15:50:08.0914 2988 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:50:08.0916 2988 usbccgp - ok
15:50:08.0954 2988 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:50:08.0966 2988 usbcir - ok
15:50:09.0027 2988 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:50:09.0052 2988 usbehci - ok
15:50:09.0093 2988 usbfilter (edca5124b54bcf04e5c0538aa397a9c1) C:\Windows\system32\DRIVERS\usbfilter.sys
15:50:09.0095 2988 usbfilter - ok
15:50:09.0113 2988 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:50:09.0116 2988 usbhub - ok
15:50:09.0136 2988 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
15:50:09.0137 2988 usbohci - ok
15:50:09.0168 2988 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
15:50:09.0169 2988 usbprint - ok
15:50:09.0207 2988 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
15:50:09.0208 2988 usbscan - ok
15:50:09.0227 2988 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:50:09.0229 2988 USBSTOR - ok
15:50:09.0258 2988 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:50:09.0259 2988 usbuhci - ok
15:50:09.0280 2988 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
15:50:09.0281 2988 vga - ok
15:50:09.0302 2988 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:50:09.0303 2988 VgaSave - ok
15:50:09.0326 2988 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
15:50:09.0327 2988 viaagp - ok
15:50:09.0350 2988 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
15:50:09.0351 2988 ViaC7 - ok
15:50:09.0363 2988 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
15:50:09.0364 2988 viaide - ok
15:50:09.0385 2988 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:50:09.0387 2988 volmgr - ok
15:50:09.0421 2988 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:50:09.0425 2988 volmgrx - ok
15:50:09.0527 2988 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:50:09.0531 2988 volsnap - ok
15:50:09.0560 2988 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
15:50:09.0562 2988 vsmraid - ok
15:50:09.0619 2988 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:50:09.0631 2988 WacomPen - ok
15:50:09.0652 2988 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:50:09.0654 2988 Wanarp - ok
15:50:09.0658 2988 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:50:09.0659 2988 Wanarpv6 - ok
15:50:09.0698 2988 wbgiawh (e6d35f3aa51a65eb35c1f2340154a25e) C:\Windows\system32\drivers\dciou.sys
15:50:09.0698 2988 wbgiawh - ok
15:50:09.0750 2988 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
15:50:09.0758 2988 Wd - ok
15:50:09.0792 2988 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:50:09.0802 2988 Wdf01000 - ok
15:50:09.0858 2988 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
15:50:09.0859 2988 WmiAcpi - ok
15:50:09.0914 2988 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
15:50:09.0915 2988 WpdUsb - ok
15:50:09.0952 2988 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:50:09.0954 2988 ws2ifsl - ok
15:50:09.0997 2988 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:50:09.0999 2988 WUDFRd - ok
15:50:10.0039 2988 xusb21 (a640c90b007762939507c28a021be3b3) C:\Windows\system32\DRIVERS\xusb21.sys
15:50:10.0040 2988 xusb21 - ok
15:50:10.0066 2988 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:50:10.0109 2988 \Device\Harddisk0\DR0 - ok
15:50:10.0113 2988 Boot (0x1200) (39eeac8938ea464b0e5ee201f755f230) \Device\Harddisk0\DR0\Partition0
15:50:10.0114 2988 \Device\Harddisk0\DR0\Partition0 - ok
15:50:10.0143 2988 Boot (0x1200) (bad0fe2a817b79d6d3ed02090999ff94) \Device\Harddisk0\DR0\Partition1
15:50:10.0144 2988 \Device\Harddisk0\DR0\Partition1 - ok
15:50:10.0144 2988 ============================================================
15:50:10.0144 2988 Scan finished
15:50:10.0144 2988 ============================================================
15:50:10.0157 3100 Detected object count: 0
15:50:10.0157 3100 Actual detected object count: 0

Starting with gmer gotta go to work

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:41 AM

Posted 23 January 2012 - 08:28 PM

:thumbup2:

#5 Avatarvicous

Avatarvicous
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 24 January 2012 - 03:52 AM

Gmer Log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-24 02:44:05
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000050 WDC_WD64 rev.1.10
Running: dzt89op1.exe; Driver: C:\Users\John\AppData\Local\Temp\pwldypog.sys


---- Kernel code sections - GMER 1.0.15 ----

? system32\drivers\62156236.sys The system cannot find the path specified. !
? System32\drivers\gaxphvod.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90606000, 0x2F786C, 0xE8000020]
? system32\drivers\28390496.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3228] ntdll.dll!LdrLoadDll 770E9378 5 Bytes JMP 0015131F C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3860] USER32.dll!TrackPopupMenu 759414F3 5 Bytes JMP 665669A2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\explorer.exe[2644] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [733B7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2644] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [7340A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2644] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [733BBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2644] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [733AF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2644] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [733B75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2644] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [733AE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2644] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [733E8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2644] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [733BDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2644] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [733AFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2644] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [733AFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2644] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [733A71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2644] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [7343CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2644] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [733DC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2644] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [733AD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2644] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [733A6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2644] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [733A687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2644] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [733B2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\58512540 \Device\KLMD16012012_207010 28390496.sys

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:41 AM

Posted 24 January 2012 - 10:50 AM

aswmbr log?

#7 Avatarvicous

Avatarvicous
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 24 January 2012 - 12:02 PM

aswMBR version 0.9.9.1509 Copyright© 2011 AVAST Software
Run date: 2012-01-24 02:46:18
-----------------------------
02:46:18.715 OS Version: Windows 6.0.6002 Service Pack 2
02:46:18.715 Number of processors: 3 586 0x203
02:46:18.717 ComputerName: JOHN-PC UserName: John
02:46:20.586 Initialize success
02:47:48.510 AVAST engine defs: 12012301
02:48:29.773 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000050
02:48:29.775 Disk 0 Vendor: WDC_WD64 1.10 Size: 610480MB BusType: 8
02:48:30.100 Disk 0 MBR read successfully
02:48:30.103 Disk 0 MBR scan
02:48:30.108 Disk 0 Windows VISTA default MBR code
02:48:30.185 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 589997 MB offset 2048
02:48:30.190 Disk 0 Partition - 00 0F Extended LBA 20479 MB offset 1208315904
02:48:30.353 Disk 0 Partition 2 00 0B FAT32 MSDOS5.0 20479 MB offset 1208315967
02:48:30.620 Disk 0 scanning sectors +1250258625
02:48:31.326 Disk 0 scanning C:\Windows\system32\drivers
02:50:38.803 Service scanning
02:50:40.053 Modules scanning
02:52:55.243 Disk 0 trace - called modules:
02:52:55.658 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys ahcix86s.sys
02:52:55.663 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fd4ac8]
02:52:55.668 3 CLASSPNP.SYS[8a79d8b3] -> nt!IofCallDriver -> [0x85eebdb0]
02:52:55.673 5 acpi.sys[806106bc] -> nt!IofCallDriver -> \Device\00000050[0x861d7c90]
02:52:56.928 AVAST engine scan C:\Windows
02:57:46.330 AVAST engine scan C:\Windows\system32
03:13:42.613 AVAST engine scan C:\Windows\system32\drivers
03:16:39.432 AVAST engine scan C:\Users\John
05:11:42.553 File: C:\Users\John\AppData\Local\Temp\GydKjzTwpKrUJB.exe.tmp **INFECTED** Win32:FakeSysdefs-A [Trj]
05:19:42.097 File: C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\48186f4a-1ad65045 **INFECTED** Win32:FakeSysdefs-A [Trj]
05:58:22.738 AVAST engine scan C:\ProgramData
06:22:43.865 Scan finished successfully
11:00:34.565 Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\MBR.dat"
11:00:34.565 The log file has been saved successfully to "C:\Users\John\Desktop\aswMBR.txt"



Sorry fell asleep

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:41 AM

Posted 24 January 2012 - 09:22 PM

Run malwarebytes again

Select-Full scan-remove infections

Restart the PC,run a scan again.Make sure you get a clean log

Run aswmbr again and post the log

#9 Avatarvicous

Avatarvicous
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 25 January 2012 - 01:26 PM

aswMBR version 0.9.9.1509 Copyright© 2011 AVAST Software
Run date: 2012-01-25 09:22:23
-----------------------------
09:22:23.108 OS Version: Windows 6.0.6002 Service Pack 2
09:22:23.108 Number of processors: 3 586 0x203
09:22:23.108 ComputerName: JOHN-PC UserName: John
09:22:24.808 Initialize success
09:22:31.243 AVAST engine defs: 12012301
09:22:32.086 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000050
09:22:32.086 Disk 0 Vendor: WDC_WD64 1.10 Size: 610480MB BusType: 8
09:22:32.101 Disk 0 MBR read successfully
09:22:32.101 Disk 0 MBR scan
09:22:32.148 Disk 0 Windows VISTA default MBR code
09:22:32.164 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 589997 MB offset 2048
09:22:32.179 Disk 0 Partition - 00 0F Extended LBA 20479 MB offset 1208315904
09:22:32.210 Disk 0 Partition 2 00 0B FAT32 MSDOS5.0 20479 MB offset 1208315967
09:22:32.210 Disk 0 scanning sectors +1250258625
09:22:32.288 Disk 0 scanning C:\Windows\system32\drivers
09:22:39.277 Service scanning
09:22:40.541 Modules scanning
09:22:44.004 Disk 0 trace - called modules:
09:22:44.519 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys ahcix86s.sys
09:22:44.534 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86edba60]
09:22:44.534 3 CLASSPNP.SYS[8a79e8b3] -> nt!IofCallDriver -> [0x85e8e700]
09:22:44.534 5 acpi.sys[806126bc] -> nt!IofCallDriver -> \Device\00000050[0x861e77f0]
09:22:45.814 AVAST engine scan C:\Windows
09:22:49.589 AVAST engine scan C:\Windows\system32
09:24:48.617 AVAST engine scan C:\Windows\system32\drivers
09:25:01.892 AVAST engine scan C:\Users\John
10:03:58.882 AVAST engine scan C:\ProgramData
10:10:08.789 Scan finished successfully
10:41:04.877 Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\MBR.dat"
10:41:04.892 The log file has been saved successfully to "C:\Users\John\Desktop\aswMBR.txt"

Seems Clean however I donot understand why Mbam did not remove it the first 20 times I ran it.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:41 AM

Posted 25 January 2012 - 08:44 PM

//Seems Clean however I donot understand why Mbam did not remove it the first 20 times I ran it. //

Did you notice DELETE on reboot in MBAM logs? you need to reboot and run a scan for clean log

Download


ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Edited by narenxp, 25 January 2012 - 08:44 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users