Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with tdss and google keeps redirecting


  • This topic is locked This topic is locked
37 replies to this topic

#1 k00lbreeze

k00lbreeze

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SoCal
  • Local time:08:50 PM

Posted 04 February 2012 - 03:38 AM

shortcuts on the start menu have disappeared. I am unable to enable my windows firewall. When I click on a shortcut on the taskbar, I get a window pop up that asks me to associate the shortcut with a prog. I have run rkill, tdss killer, combofix, malwarebytes, spybot s&d and fixncr.reg and I still get the win7 security pop up. Now I'm getting a write delay error and it constantly restarts my pc.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_27
Run by IT2 at 0:23:09 on 2012-02-04
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2922 [GMT -8:00]
.
AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\IT2\Downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun: [QFIbEoUCQmCWD.exe] C:\ProgramData\QFIbEoUCQmCWD.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{1E614EA7-4078-4FF8-B704-1893BA349C18} : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{1E614EA7-4078-4FF8-B704-1893BA349C18}\D4F657E6471696E60265965677D2261646D276164756771697 : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{1E614EA7-4078-4FF8-B704-1893BA349C18}\D4F657E6471696E60265965677D2373616E6E696E676 : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{872458B2-212C-46C6-B67D-E3A2DC2AAA26} : DhcpNameServer = 209.18.47.61 209.18.47.62
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [QFIbEoUCQmCWD.exe] C:\ProgramData\QFIbEoUCQmCWD.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\IT2\AppData\Roaming\Mozilla\Firefox\Profiles\7k8yubnk.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\system32\DRIVERS\avc3.sys --> C:\Windows\system32\DRIVERS\avc3.sys [?]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\BitDefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
R1 BDVEDISK;BDVEDISK;C:\Windows\system32\DRIVERS\bdvedisk.sys --> C:\Windows\system32\DRIVERS\bdvedisk.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-27 652360]
R3 avchv;avchv Function Driver;C:\Windows\system32\DRIVERS\avchv.sys --> C:\Windows\system32\DRIVERS\avchv.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 UsbFltr;WayTech USB Filter Driver;C:\Windows\system32\Drivers\UsbFltr.sys --> C:\Windows\system32\Drivers\UsbFltr.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-12 136176]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]
S3 avckf;avckf;C:\Windows\system32\DRIVERS\avckf.sys --> C:\Windows\system32\DRIVERS\avckf.sys [?]
S3 bdsandbox;bdsandbox;\??\C:\Windows\system32\drivers\bdsandbox.sys --> C:\Windows\system32\drivers\bdsandbox.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-12 136176]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\FAC7.tmp --> C:\Windows\system32\FAC7.tmp [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S4 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2011-5-25 136616]
S4 nlsX86cc;NLS Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2011-12-20 68896]
S4 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-5 2214504]
S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-12-12 1153368]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-4-7 378472]
S4 SuperRam;SuperRam Memory Service;C:\Program Files (x86)\PGWARE\SuperRam\SuperRamService.exe [2011-6-19 1889016]
S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S4 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\BitDefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 466736]
S4 UPDATESRV;BitDefender Desktop Update Service;C:\Program Files\BitDefender\Bitdefender 2012\updatesrv.exe [2011-11-17 62512]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-02-04 07:37:30 -------- d-----w- C:\Users\IT2\Pavark
2012-02-04 07:36:44 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-04 05:54:12 -------- d-----w- C:\ComboFix
2012-02-04 05:33:08 -------- d-----w- C:\Users\IT2\AppData\Local\Mozilla
2012-02-04 05:17:44 -------- d-----w- C:\Users\IT2\AppData\Roaming\Malwarebytes
2012-01-31 00:29:46 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-29 22:17:13 -------- d-----w- C:\Program Files (x86)\Digiarty
2012-01-28 02:36:36 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-01-28 01:53:28 -------- d-----w- C:\Program Files (x86)\Microsoft
2012-01-28 01:53:18 -------- d-----w- C:\ProgramData\HP Photo Creations
2012-01-28 01:53:18 -------- d-----w- C:\Program Files (x86)\HP Photo Creations
2012-01-28 01:53:17 -------- d-----w- C:\Program Files (x86)\Coupons
2012-01-28 01:52:41 750440 ------w- C:\Windows\System32\HPDiscoPM9511.dll
2012-01-28 01:52:37 -------- d-----w- C:\Program Files\HP
2012-01-26 07:36:58 596665 ----a-w- C:\ProgramData\1327552956.bdinstall.bin
2012-01-26 05:26:44 -------- d-----w- C:\ProgramData\Bitdefender
2012-01-26 04:44:48 329800 ----a-w- C:\Windows\System32\drivers\trufos.sys
2012-01-26 04:44:47 442088 ----a-w- C:\Windows\System32\drivers\bdfsfltr.sys
2012-01-26 04:18:41 876 ----a-w- C:\exe.reg
2012-01-26 00:06:03 98816 ----a-w- C:\Windows\sed.exe
2012-01-26 00:06:03 518144 ----a-w- C:\Windows\SWREG.exe
2012-01-26 00:06:03 256000 ----a-w- C:\Windows\PEV.exe
2012-01-26 00:06:03 208896 ----a-w- C:\Windows\MBR.exe
2012-01-23 02:16:57 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-23 02:16:57 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-23 02:16:57 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-23 02:16:57 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-22 03:11:40 -------- d-----w- C:\ProgramData\CPA_VA
2012-01-22 00:05:42 -------- d-----w- C:\Program Files (x86)\Comodo
2012-01-22 00:05:41 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-01-21 08:32:51 -------- d-----w- C:\Program Files\iTunes
2012-01-21 08:32:51 -------- d-----w- C:\Program Files\iPod
2012-01-19 20:52:54 155091 ----a-w- C:\ProgramData\1327006122.bdinstall.bin
2012-01-19 20:47:31 158850 ----a-w- C:\ProgramData\1327005977.bdinstall.bin
2012-01-19 12:16:50 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-19 12:16:50 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-19 12:16:49 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-19 12:16:49 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-19 11:38:13 -------- d-----w- C:\Program Files (x86)\Wise Registry Cleaner
2012-01-19 09:47:11 6144 ------w- C:\Windows\System32\FAC7.tmp
2012-01-19 09:44:35 6144 ------w- C:\Windows\System32\9965.tmp
2012-01-19 09:44:27 -------- d-----w- C:\Program Files (x86)\Sophos
2012-01-17 07:02:18 -------- d-----w- C:\Program Files (x86)\Conduit
2012-01-13 06:37:18 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
2012-01-13 06:37:17 409 ----a-w- C:\temp737.bat
2012-01-10 07:47:04 -------- d-----w- C:\Program Files\Common Files\EPSON
2012-01-10 07:46:37 83456 ----a-w- C:\Windows\System32\E_YD4BHWA.DLL
2012-01-10 07:46:37 118784 ----a-w- C:\Windows\System32\E_YLMHWA.DLL
2012-01-08 10:08:27 -------- d-----w- C:\Program Files (x86)\iTunes
2012-01-08 10:06:36 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-01-08 10:06:36 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-01-08 10:06:36 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-01-08 10:06:36 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-01-08 10:06:36 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-01-08 10:06:36 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-01-08 10:06:36 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-01-07 00:26:25 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EDBD6D2D-AD33-4290-9344-42E46F6E2E77}\offreg.dll
2012-01-06 14:28:17 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EDBD6D2D-AD33-4290-9344-42E46F6E2E77}\mpengine.dll
.
==================== Find3M ====================
.
2012-01-03 00:40:11 280736 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-01-03 00:40:11 280736 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-01-03 00:38:19 281208 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-12-21 01:12:18 68896 ----a-w- C:\Windows\SysWow64\NLSSRV32.EXE
2011-12-21 01:10:32 17184 ----a-w- C:\Windows\System32\nitrolocalui2.dll
2011-12-21 01:10:30 28960 ----a-w- C:\Windows\System32\nitrolocalmon2.dll
2011-12-19 06:03:57 111408 ----a-w- C:\Windows\System32\drivers\41503088.sys
2011-12-14 22:10:51 111408 ----a-w- C:\Windows\System32\drivers\82101476.sys
2011-12-13 02:23:56 228883 ----a-w- C:\ProgramData\1323742714.bdinstall.bin
2011-12-09 02:06:31 81984 ----a-w- C:\Windows\System32\bdod.bin
2011-11-29 01:33:46 543528 ----a-w- C:\Windows\System32\drivers\avckf.sys
2011-11-25 22:00:36 258736 ----a-w- C:\Windows\System32\drivers\avchv.sys
2011-11-25 21:57:34 685192 ----a-w- C:\Windows\System32\drivers\avc3.sys
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-11-16 05:06:49 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-15 22:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-09 02:08:38 508224 ----a-w- C:\Windows\SysWow64\ICCProfiles.dll
.
============= FINISH: 0:24:29.95 ===============

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:50 AM

Posted 04 February 2012 - 01:11 PM

Hi,

Please do the following:


Please download Unhide.exe to your desktop:
  • Double-click on the Unhide.exe icon on your desktop and allow the program to run.
  • This program will remove the hidden attributes from all the files on your system.
  • Note: If you had purposely hidden any files, then you will need to hide them again after this tool has run.

NEXT


  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Edited by CatByte, 04 February 2012 - 01:13 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 k00lbreeze

k00lbreeze
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SoCal
  • Local time:08:50 PM

Posted 04 February 2012 - 09:18 PM

Here are the attached files. Thank you. ;-)

Attached Files



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:50 AM

Posted 04 February 2012 - 09:20 PM

while I'm checking the logs, please advise if unhide restored your icons

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 k00lbreeze

k00lbreeze
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SoCal
  • Local time:08:50 PM

Posted 04 February 2012 - 09:47 PM

no it did not. At least not all of them.

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:50 AM

Posted 04 February 2012 - 09:49 PM

What is still outstanding?

Please run the following:

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 k00lbreeze

k00lbreeze
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SoCal
  • Local time:08:50 PM

Posted 04 February 2012 - 11:00 PM

ComboFix 12-01-30.02 - IT2 02/04/2012 19:51:06.5.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2502 [GMT -8:00]
Running from: c:\users\IT2\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\IT Temp.koolbreeze-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\IT Temp.koolbreeze-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\IT Temp.koolbreeze-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
.
---- Previous Run -------
.
c:\programdata\~CNnkR8UscyTTlf
c:\programdata\~CNnkR8UscyTTlfr
c:\programdata\CNnkR8UscyTTlf
c:\programdata\CNnkR8UscyTTlf.exe
c:\programdata\QFIbEoUCQmCWD.exe
c:\users\IT Temp.koolbreeze-PC\Desktop\System Check.lnk
c:\windows\svchost.exe
K:\Autorun.inf
K:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-05 to 2012-02-05 )))))))))))))))))))))))))))))))
.
.
2012-02-05 03:51 . 2012-02-05 03:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-02-05 03:51 . 2012-02-05 03:51 -------- d-----w- c:\users\Jeanette\AppData\Local\temp
2012-02-05 03:51 . 2012-02-05 03:51 -------- d-----w- c:\users\IT Temp\AppData\Local\temp
2012-02-05 03:51 . 2012-02-05 03:51 -------- d-----w- c:\users\IT Temp.koolbreeze-PC\AppData\Local\temp
2012-02-05 03:51 . 2012-02-05 03:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-05 01:15 . 2012-02-05 01:15 155994 ----a-w- c:\programdata\1328404484.bdinstall.bin
2012-02-04 06:04 . 2012-02-05 03:51 -------- d-----w- c:\users\koolbreeze\AppData\Local\temp
2012-02-04 05:10 . 2012-02-04 08:46 -------- d-----w- c:\users\IT2
2012-01-31 00:29 . 2012-02-04 05:39 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-29 22:18 . 2012-01-29 23:06 -------- d-----w- c:\users\IT Temp.koolbreeze-PC\AppData\Roaming\dvdcss
2012-01-29 22:17 . 2012-01-29 22:17 -------- d-----w- c:\users\IT Temp.koolbreeze-PC\AppData\Roaming\Digiarty
2012-01-29 22:17 . 2012-01-29 22:17 -------- d-----w- c:\program files (x86)\Digiarty
2012-01-28 01:53 . 2012-01-30 00:11 -------- d-----w- c:\program files (x86)\Microsoft
2012-01-28 01:53 . 2012-01-28 01:53 -------- d-----w- c:\programdata\HP Photo Creations
2012-01-28 01:53 . 2012-01-28 01:53 -------- d-----w- c:\program files (x86)\HP Photo Creations
2012-01-28 01:53 . 2012-01-28 01:53 -------- d-----w- c:\program files (x86)\Coupons
2012-01-28 01:52 . 2012-01-28 01:52 -------- d-----w- c:\users\IT Temp.koolbreeze-PC\AppData\Roaming\HpUpdate
2012-01-28 01:52 . 2010-11-17 05:24 750440 ------w- c:\windows\system32\HPDiscoPM9511.dll
2012-01-28 01:52 . 2012-01-28 01:52 -------- d-----w- c:\program files\HP
2012-01-26 07:36 . 2012-01-26 07:36 596665 ----a-w- c:\programdata\1327552956.bdinstall.bin
2012-01-26 05:26 . 2012-01-26 05:26 -------- d-----w- c:\users\IT Temp.koolbreeze-PC\AppData\Roaming\Bitdefender
2012-01-26 04:18 . 2012-01-26 04:18 876 ----a-w- C:\exe.reg
2012-01-23 02:16 . 2012-01-23 02:16 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-23 02:16 . 2012-01-23 02:16 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-23 02:16 . 2012-01-23 02:16 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-23 02:16 . 2012-01-23 02:16 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-22 03:11 . 2012-01-23 02:03 -------- d-----w- c:\programdata\CPA_VA
2012-01-22 00:05 . 2012-01-23 02:03 -------- d-----w- c:\program files (x86)\Comodo
2012-01-22 00:05 . 2012-01-22 00:05 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-01-22 00:01 . 2012-01-25 23:55 -------- d-----w- c:\users\IT Temp.koolbreeze-PC\Pavark
2012-01-21 08:32 . 2012-01-21 08:33 -------- d-----w- c:\program files\iTunes
2012-01-21 08:32 . 2012-01-21 08:32 -------- d-----w- c:\program files\iPod
2012-01-21 08:29 . 2012-01-21 08:29 -------- d-----w- c:\users\IT Temp.koolbreeze-PC\AppData\Local\Adobe
2012-01-21 04:13 . 2012-01-21 04:13 -------- d-----w- c:\users\IT Temp.koolbreeze-PC\AppData\Roaming\Ahead
2012-01-19 20:52 . 2012-01-19 20:52 155091 ----a-w- c:\programdata\1327006122.bdinstall.bin
2012-01-19 20:47 . 2012-01-19 20:47 158850 ----a-w- c:\programdata\1327005977.bdinstall.bin
2012-01-19 12:16 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-19 12:16 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-19 12:16 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-19 12:16 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-19 11:38 . 2012-01-19 11:52 -------- d-----w- c:\users\IT Temp.koolbreeze-PC\AppData\Roaming\Wise Registry Cleaner
2012-01-19 11:38 . 2012-01-19 11:38 -------- d-----w- c:\program files (x86)\Wise Registry Cleaner
2012-01-19 09:47 . 2011-05-12 22:03 6144 ------w- c:\windows\system32\FAC7.tmp
2012-01-19 09:44 . 2011-05-12 22:03 6144 ------w- c:\windows\system32\9965.tmp
2012-01-19 09:44 . 2012-01-19 09:44 -------- d-----w- c:\program files (x86)\Sophos
2012-01-17 07:03 . 2012-01-17 07:06 -------- d-----w- c:\users\IT Temp.koolbreeze-PC\AppData\Roaming\GetRightToGo
2012-01-17 07:02 . 2012-01-19 09:36 -------- d-----w- c:\users\IT Temp.koolbreeze-PC\AppData\Local\Conduit
2012-01-17 07:02 . 2012-01-17 07:02 -------- d-----w- c:\program files (x86)\Conduit
2012-01-13 06:37 . 2012-01-13 06:37 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2012-01-13 06:37 . 2012-01-13 06:37 409 ----a-w- C:\temp737.bat
2012-01-13 06:37 . 2012-01-13 06:37 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-01-12 14:43 . 2012-01-12 14:43 0 ----a-w- c:\users\IT Temp.koolbreeze-PC\AppData\Local\BIT9914.tmp
2012-01-10 07:47 . 2012-01-10 07:47 -------- d-----w- c:\program files\Common Files\EPSON
2012-01-10 07:46 . 2010-09-29 02:01 118784 ----a-w- c:\windows\system32\E_YLMHWA.DLL
2012-01-10 07:46 . 2010-08-10 02:02 83456 ----a-w- c:\windows\system32\E_YD4BHWA.DLL
2012-01-10 07:37 . 2012-01-28 01:50 -------- d-----w- c:\users\IT Temp.koolbreeze-PC\AppData\Local\HP
2012-01-10 07:15 . 2012-01-10 07:15 -------- d-----w- c:\users\IT Temp.koolbreeze-PC\AppData\Local\Google
2012-01-08 17:03 . 2012-01-08 17:03 0 ----a-w- c:\users\Jeanette\AppData\Local\BIT6AB4.tmp
2012-01-08 10:08 . 2012-01-21 08:33 -------- d-----w- c:\program files (x86)\iTunes
2012-01-08 10:06 . 2012-01-08 10:06 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-01-08 10:06 . 2012-01-08 10:06 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-01-08 10:06 . 2012-01-08 10:06 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-01-08 10:06 . 2012-01-08 10:06 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-01-08 10:06 . 2012-01-08 10:06 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-01-08 10:06 . 2012-01-08 10:06 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-01-08 10:06 . 2011-08-24 21:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-01-08 10:02 . 2012-01-08 10:02 -------- d-----w- c:\users\IT Temp.koolbreeze-PC\AppData\Local\Apple
2012-01-08 09:56 . 2012-01-08 10:02 -------- d-----w- c:\users\IT Temp.koolbreeze-PC\AppData\Roaming\Apple Computer
2012-01-08 09:56 . 2012-01-08 09:56 -------- d-----w- c:\users\IT Temp.koolbreeze-PC\AppData\Local\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-03 00:40 . 2011-05-03 04:18 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-01-03 00:40 . 2011-05-03 04:13 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-01-03 00:38 . 2011-05-03 04:13 281208 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-12-21 01:12 . 2011-12-21 01:12 68896 ----a-w- c:\windows\SysWow64\NLSSRV32.EXE
2011-12-21 01:10 . 2012-01-04 19:08 17184 ----a-w- c:\windows\system32\nitrolocalui2.dll
2011-12-21 01:10 . 2012-01-04 19:08 28960 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2011-12-19 06:03 . 2011-12-19 06:03 111408 ----a-w- c:\windows\system32\drivers\41503088.sys
2011-12-14 22:10 . 2011-12-14 22:10 111408 ----a-w- c:\windows\system32\drivers\82101476.sys
2011-12-13 02:23 . 2011-12-13 02:23 228883 ----a-w- c:\programdata\1323742714.bdinstall.bin
2011-12-11 22:16 . 2011-03-29 02:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-09 13:44 . 2011-12-09 13:44 0 ----a-w- c:\users\Jeanette\AppData\Local\BITC8E7.tmp
2011-12-09 02:06 . 2011-08-30 18:43 81984 ----a-w- c:\windows\system32\bdod.bin
2011-12-04 18:58 . 2011-12-04 18:58 0 ----a-w- c:\users\koolbreeze\AppData\Local\BIT1559.tmp
2011-12-04 00:49 . 2011-12-04 00:49 0 ----a-w- c:\users\koolbreeze\AppData\Local\BIT8EAA.tmp
2011-11-30 10:21 . 2011-12-11 21:46 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EA6F135-C7F2-47A4-86A0-A6F43D105423}\mpengine.dll
2011-11-29 01:33 . 2011-11-29 01:33 543528 ----a-w- c:\windows\system32\drivers\avckf.sys
2011-11-25 22:00 . 2011-11-25 22:00 258736 ----a-w- c:\windows\system32\drivers\avchv.sys
2011-11-24 04:52 . 2011-12-14 22:32 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-16 05:06 . 2011-09-18 03:28 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-15 22:29 . 2011-05-03 00:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-09 02:08 . 2011-11-09 02:08 508224 ----a-w- c:\windows\SysWow64\ICCProfiles.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-04_06.05.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-03 02:58 . 2012-02-05 01:24 42400 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2011-05-03 02:58 . 2012-02-04 05:44 42400 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-05 03:54 46290 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-02-02 20:04 46290 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-03 02:58 . 2012-02-05 01:24 12514 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4115008630-901050381-4270734183-1001_UserData.bin
- 2011-05-02 23:42 . 2012-02-04 05:18 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-02 23:42 . 2012-02-04 08:22 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-02 23:42 . 2012-02-04 08:22 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-02 23:42 . 2012-02-04 05:18 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-04 05:18 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-04 08:22 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-03 00:47 . 2012-02-05 03:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-03 00:47 . 2012-02-04 05:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-03 00:47 . 2012-02-05 03:53 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-03 00:47 . 2012-02-04 05:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-03 00:47 . 2012-02-04 05:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-03 00:47 . 2012-02-05 03:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-03 00:47 . 2012-02-04 05:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-03 00:47 . 2012-02-05 03:53 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-03 00:47 . 2012-02-05 03:53 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-03 00:47 . 2012-02-04 05:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-04 05:53 . 2012-02-04 05:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-05 03:53 . 2012-02-05 03:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-04 05:53 . 2012-02-04 05:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-05 03:53 . 2012-02-05 03:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-02-05 01:27 623940 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-05 01:27 106316 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:46 . 2012-02-05 00:55 108280 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2012-02-04 05:51 468452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-05 03:51 468452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-05 01:19 . 2012-02-05 03:51 2596916 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4115008630-901050381-4270734183-1009-12288.dat
- 2011-05-03 04:56 . 2012-02-02 20:00 5936320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4115008630-901050381-4270734183-1001-12288.dat
+ 2011-05-03 04:56 . 2012-02-05 03:51 5936320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4115008630-901050381-4270734183-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
c:\users\koolbreeze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\IT2\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 SuperMounter;SuperMounter; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12 136176]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12 136176]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\FAC7.tmp [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2011-05-26 136616]
R4 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-12-21 68896]
R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-08 378472]
R4 SuperRam;SuperRam Memory Service;c:\program files (x86)\PGWARE\SuperRam\SuperRamService.exe [2011-06-05 1889016]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12 19:14]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12 19:14]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4115008630-901050381-4270734183-1001Core.job
- c:\users\koolbreeze\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 23:48]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4115008630-901050381-4270734183-1001UA.job
- c:\users\koolbreeze\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 23:48]
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\IT2\AppData\Roaming\Mozilla\Firefox\Profiles\7k8yubnk.default\
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\FAC7.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-02-04 19:57:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-05 03:57
ComboFix2.txt 2012-01-31 00:25
ComboFix3.txt 2012-01-28 02:31
ComboFix4.txt 2012-01-26 00:19
.
Pre-Run: 253,157,203,968 bytes free
Post-Run: 253,230,239,744 bytes free
.
- - End Of File - - 38244528715D91577F58603327912485

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:50 AM

Posted 04 February 2012 - 11:18 PM

Please post the TDSSKiller log, should be on your C:\ drive

how is the computer running now?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 k00lbreeze

k00lbreeze
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SoCal
  • Local time:08:50 PM

Posted 05 February 2012 - 12:30 AM

Still missing icons and I still have the association problem. Here is the tdss log:


21:38:46.0061 1616 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
21:38:46.0466 1616 ============================================================
21:38:46.0466 1616 Current date / time: 2012/02/03 21:38:46.0466
21:38:46.0466 1616 SystemInfo:
21:38:46.0466 1616
21:38:46.0466 1616 OS Version: 6.1.7601 ServicePack: 1.0
21:38:46.0466 1616 Product type: Workstation
21:38:46.0466 1616 ComputerName: KOOLBREEZE-PC
21:38:46.0466 1616 UserName: IT2
21:38:46.0466 1616 Windows directory: C:\Windows
21:38:46.0466 1616 System windows directory: C:\Windows
21:38:46.0466 1616 Running under WOW64
21:38:46.0467 1616 Processor architecture: Intel x64
21:38:46.0467 1616 Number of processors: 2
21:38:46.0467 1616 Page size: 0x1000
21:38:46.0467 1616 Boot type: Safe boot with network
21:38:46.0467 1616 ============================================================
21:38:47.0012 1616 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:38:47.0025 1616 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:38:47.0027 1616 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB5E00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0xEC932, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x20, Type 'W'
21:38:51.0861 1616 Drive \Device\Harddisk7\DR7 - Size: 0x1E017FE00 (7.50 Gb), SectorSize: 0x200, Cylinders: 0x3D3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:38:51.0862 1616 \Device\Harddisk0\DR0:
21:38:51.0876 1616 MBR used
21:38:51.0876 1616 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384000
21:38:51.0876 1616 \Device\Harddisk1\DR1:
21:38:51.0876 1616 MBR used
21:38:51.0876 1616 \Device\Harddisk2\DR2:
21:38:51.0878 1616 MBR used
21:38:51.0878 1616 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x747061A1
21:38:51.0878 1616 \Device\Harddisk7\DR7:
21:38:51.0878 1616 MBR used
21:38:51.0878 1616 \Device\Harddisk7\DR7\Partition0: MBR, Type 0x7, StartLBA 0x20, BlocksNum 0xF00BDF
21:38:51.0984 1616 Initialize success
21:38:51.0984 1616 ============================================================
21:38:54.0047 2536 ============================================================
21:38:54.0047 2536 Scan started
21:38:54.0047 2536 Mode: Manual;
21:38:54.0047 2536 ============================================================
21:38:55.0928 2536 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:38:55.0931 2536 1394ohci - ok
21:38:55.0976 2536 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:38:55.0980 2536 ACPI - ok
21:38:56.0002 2536 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:38:56.0003 2536 AcpiPmi - ok
21:38:56.0088 2536 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:38:56.0106 2536 adp94xx - ok
21:38:56.0141 2536 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:38:56.0146 2536 adpahci - ok
21:38:56.0157 2536 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:38:56.0159 2536 adpu320 - ok
21:38:56.0232 2536 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:38:56.0244 2536 AFD - ok
21:38:56.0281 2536 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:38:56.0282 2536 agp440 - ok
21:38:56.0315 2536 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:38:56.0316 2536 aliide - ok
21:38:56.0359 2536 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:38:56.0361 2536 amdide - ok
21:38:56.0406 2536 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:38:56.0422 2536 AmdK8 - ok
21:38:56.0492 2536 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:38:56.0493 2536 AmdPPM - ok
21:38:56.0513 2536 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:38:56.0515 2536 amdsata - ok
21:38:56.0544 2536 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:38:56.0547 2536 amdsbs - ok
21:38:56.0564 2536 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:38:56.0565 2536 amdxata - ok
21:38:56.0634 2536 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:38:56.0643 2536 AppID - ok
21:38:56.0729 2536 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:38:56.0734 2536 arc - ok
21:38:56.0804 2536 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:38:56.0814 2536 arcsas - ok
21:38:56.0862 2536 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:38:56.0863 2536 AsyncMac - ok
21:38:56.0944 2536 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:38:56.0945 2536 atapi - ok
21:38:57.0026 2536 athur (a42a4052a7dc86e3a01dfae97ffe2ed1) C:\Windows\system32\DRIVERS\athurx.sys
21:38:57.0062 2536 athur - ok
21:38:57.0139 2536 avc3 (e275a45da5e9e6f043c47c245a9007aa) C:\Windows\system32\DRIVERS\avc3.sys
21:38:57.0155 2536 avc3 - ok
21:38:57.0189 2536 avchv (4c6bcc638798abe1f70afca70d889c3f) C:\Windows\system32\DRIVERS\avchv.sys
21:38:57.0190 2536 avchv - ok
21:38:57.0220 2536 avckf (3c64d0e61572bfe2c5c2beb8cb850d5b) C:\Windows\system32\DRIVERS\avckf.sys
21:38:57.0226 2536 avckf - ok
21:38:57.0271 2536 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:38:57.0276 2536 b06bdrv - ok
21:38:57.0333 2536 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:38:57.0337 2536 b57nd60a - ok
21:38:57.0408 2536 bdfsfltr (ea195950fa5dd4a8f7bc00822213a363) C:\Windows\system32\DRIVERS\bdfsfltr.sys
21:38:57.0412 2536 bdfsfltr - ok
21:38:57.0514 2536 bdfwfpf (4ce4b0098fc315c237fa8867f07886c4) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
21:38:57.0514 2536 bdfwfpf - ok
21:38:57.0579 2536 bdsandbox (afda933f10d5b536b8713f119eba6912) C:\Windows\system32\drivers\bdsandbox.sys
21:38:57.0581 2536 bdsandbox - ok
21:38:57.0647 2536 BDVEDISK (b89deff4817b4cc6fc2bcd8f83b4e75d) C:\Windows\system32\DRIVERS\bdvedisk.sys
21:38:57.0649 2536 BDVEDISK - ok
21:38:57.0681 2536 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:38:57.0683 2536 Beep - ok
21:38:57.0714 2536 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:38:57.0715 2536 blbdrive - ok
21:38:57.0772 2536 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:38:57.0774 2536 bowser - ok
21:38:57.0811 2536 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:38:57.0812 2536 BrFiltLo - ok
21:38:57.0821 2536 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:38:57.0821 2536 BrFiltUp - ok
21:38:57.0840 2536 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:38:57.0841 2536 BridgeMP - ok
21:38:57.0872 2536 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:38:57.0875 2536 Brserid - ok
21:38:57.0884 2536 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:38:57.0885 2536 BrSerWdm - ok
21:38:57.0892 2536 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:38:57.0893 2536 BrUsbMdm - ok
21:38:57.0901 2536 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:38:57.0901 2536 BrUsbSer - ok
21:38:57.0912 2536 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:38:57.0913 2536 BTHMODEM - ok
21:38:57.0928 2536 catchme - ok
21:38:57.0945 2536 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:38:57.0947 2536 cdfs - ok
21:38:58.0005 2536 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:38:58.0007 2536 cdrom - ok
21:38:58.0035 2536 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:38:58.0036 2536 circlass - ok
21:38:58.0074 2536 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:38:58.0078 2536 CLFS - ok
21:38:58.0136 2536 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:38:58.0137 2536 CmBatt - ok
21:38:58.0178 2536 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:38:58.0178 2536 cmdide - ok
21:38:58.0220 2536 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:38:58.0226 2536 CNG - ok
21:38:58.0244 2536 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:38:58.0245 2536 Compbatt - ok
21:38:58.0288 2536 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:38:58.0289 2536 CompositeBus - ok
21:38:58.0311 2536 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:38:58.0312 2536 crcdisk - ok
21:38:58.0389 2536 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:38:58.0395 2536 CSC - ok
21:38:58.0469 2536 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:38:58.0471 2536 DfsC - ok
21:38:58.0479 2536 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:38:58.0480 2536 discache - ok
21:38:58.0505 2536 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:38:58.0509 2536 Disk - ok
21:38:58.0553 2536 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:38:58.0554 2536 drmkaud - ok
21:38:58.0606 2536 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:38:58.0631 2536 DXGKrnl - ok
21:38:58.0655 2536 EagleX64 - ok
21:38:58.0761 2536 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:38:58.0822 2536 ebdrv - ok
21:38:58.0870 2536 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:38:58.0875 2536 elxstor - ok
21:38:58.0923 2536 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:38:58.0924 2536 ErrDev - ok
21:38:58.0949 2536 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:38:58.0952 2536 exfat - ok
21:38:58.0972 2536 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:38:58.0975 2536 fastfat - ok
21:38:58.0992 2536 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:38:58.0993 2536 fdc - ok
21:38:59.0011 2536 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:38:59.0013 2536 FileInfo - ok
21:38:59.0026 2536 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:38:59.0027 2536 Filetrace - ok
21:38:59.0036 2536 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:38:59.0037 2536 flpydisk - ok
21:38:59.0078 2536 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:38:59.0082 2536 FltMgr - ok
21:38:59.0104 2536 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:38:59.0105 2536 FsDepends - ok
21:38:59.0123 2536 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:38:59.0124 2536 Fs_Rec - ok
21:38:59.0156 2536 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:38:59.0159 2536 fvevol - ok
21:38:59.0178 2536 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:38:59.0179 2536 gagp30kx - ok
21:38:59.0212 2536 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:38:59.0213 2536 GEARAspiWDM - ok
21:38:59.0260 2536 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:38:59.0261 2536 hcw85cir - ok
21:38:59.0305 2536 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:38:59.0309 2536 HdAudAddService - ok
21:38:59.0352 2536 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:38:59.0354 2536 HDAudBus - ok
21:38:59.0372 2536 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:38:59.0373 2536 HidBatt - ok
21:38:59.0393 2536 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:38:59.0395 2536 HidBth - ok
21:38:59.0414 2536 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:38:59.0415 2536 HidIr - ok
21:38:59.0476 2536 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
21:38:59.0477 2536 HidUsb - ok
21:38:59.0493 2536 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:38:59.0495 2536 HpSAMD - ok
21:38:59.0541 2536 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:38:59.0549 2536 HTTP - ok
21:38:59.0585 2536 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:38:59.0586 2536 hwpolicy - ok
21:38:59.0611 2536 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:38:59.0613 2536 i8042prt - ok
21:38:59.0650 2536 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:38:59.0654 2536 iaStorV - ok
21:38:59.0693 2536 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:38:59.0694 2536 iirsp - ok
21:38:59.0733 2536 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:38:59.0734 2536 intelide - ok
21:38:59.0758 2536 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:38:59.0759 2536 intelppm - ok
21:38:59.0795 2536 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:38:59.0796 2536 IpFilterDriver - ok
21:38:59.0813 2536 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:38:59.0815 2536 IPMIDRV - ok
21:38:59.0836 2536 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:38:59.0838 2536 IPNAT - ok
21:38:59.0864 2536 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:38:59.0865 2536 IRENUM - ok
21:38:59.0886 2536 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:38:59.0886 2536 isapnp - ok
21:38:59.0914 2536 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:38:59.0918 2536 iScsiPrt - ok
21:38:59.0944 2536 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:38:59.0944 2536 kbdclass - ok
21:38:59.0956 2536 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:38:59.0957 2536 kbdhid - ok
21:38:59.0988 2536 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:38:59.0990 2536 KSecDD - ok
21:39:00.0004 2536 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:39:00.0007 2536 KSecPkg - ok
21:39:00.0029 2536 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:39:00.0030 2536 ksthunk - ok
21:39:00.0065 2536 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:39:00.0066 2536 lltdio - ok
21:39:00.0120 2536 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:39:00.0122 2536 LSI_FC - ok
21:39:00.0134 2536 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:39:00.0136 2536 LSI_SAS - ok
21:39:00.0159 2536 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:39:00.0160 2536 LSI_SAS2 - ok
21:39:00.0178 2536 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:39:00.0180 2536 LSI_SCSI - ok
21:39:00.0205 2536 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:39:00.0207 2536 luafv - ok
21:39:00.0264 2536 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
21:39:00.0265 2536 MBAMProtector - ok
21:39:00.0308 2536 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:39:00.0309 2536 megasas - ok
21:39:00.0335 2536 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:39:00.0339 2536 MegaSR - ok
21:39:00.0373 2536 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\FAC7.tmp
21:39:00.0442 2536 MEMSWEEP2 - ok
21:39:00.0494 2536 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:39:00.0495 2536 Modem - ok
21:39:00.0521 2536 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:39:00.0522 2536 monitor - ok
21:39:00.0564 2536 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
21:39:00.0564 2536 mouclass - ok
21:39:00.0588 2536 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:39:00.0589 2536 mouhid - ok
21:39:00.0630 2536 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:39:00.0632 2536 mountmgr - ok
21:39:00.0687 2536 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
21:39:00.0691 2536 MpFilter - ok
21:39:00.0720 2536 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:39:00.0723 2536 mpio - ok
21:39:00.0746 2536 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
21:39:00.0747 2536 MpNWMon - ok
21:39:00.0779 2536 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:39:00.0781 2536 mpsdrv - ok
21:39:00.0808 2536 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:39:00.0811 2536 MRxDAV - ok
21:39:00.0846 2536 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:39:00.0849 2536 mrxsmb - ok
21:39:00.0885 2536 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:39:00.0890 2536 mrxsmb10 - ok
21:39:00.0906 2536 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:39:00.0908 2536 mrxsmb20 - ok
21:39:00.0941 2536 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:39:00.0942 2536 msahci - ok
21:39:00.0976 2536 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:39:00.0978 2536 msdsm - ok
21:39:01.0006 2536 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:39:01.0007 2536 Msfs - ok
21:39:01.0035 2536 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:39:01.0036 2536 mshidkmdf - ok
21:39:01.0074 2536 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:39:01.0075 2536 msisadrv - ok
21:39:01.0103 2536 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:39:01.0104 2536 MSKSSRV - ok
21:39:01.0119 2536 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:39:01.0120 2536 MSPCLOCK - ok
21:39:01.0126 2536 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:39:01.0127 2536 MSPQM - ok
21:39:01.0162 2536 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:39:01.0168 2536 MsRPC - ok
21:39:01.0187 2536 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:39:01.0188 2536 mssmbios - ok
21:39:01.0205 2536 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:39:01.0206 2536 MSTEE - ok
21:39:01.0216 2536 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:39:01.0217 2536 MTConfig - ok
21:39:01.0260 2536 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
21:39:01.0260 2536 MTsensor - ok
21:39:01.0277 2536 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:39:01.0279 2536 Mup - ok
21:39:01.0319 2536 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:39:01.0324 2536 NativeWifiP - ok
21:39:01.0390 2536 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:39:01.0423 2536 NDIS - ok
21:39:01.0440 2536 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:39:01.0441 2536 NdisCap - ok
21:39:01.0460 2536 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:39:01.0461 2536 NdisTapi - ok
21:39:01.0500 2536 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:39:01.0501 2536 Ndisuio - ok
21:39:01.0537 2536 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:39:01.0540 2536 NdisWan - ok
21:39:01.0818 2536 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:39:01.0839 2536 NDProxy - ok
21:39:01.0868 2536 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:39:01.0869 2536 NetBIOS - ok
21:39:01.0912 2536 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:39:01.0915 2536 NetBT - ok
21:39:01.0954 2536 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:39:01.0956 2536 nfrd960 - ok
21:39:01.0991 2536 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:39:01.0992 2536 NisDrv - ok
21:39:02.0068 2536 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:39:02.0069 2536 Npfs - ok
21:39:02.0084 2536 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:39:02.0085 2536 nsiproxy - ok
21:39:02.0135 2536 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:39:02.0186 2536 Ntfs - ok
21:39:02.0207 2536 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:39:02.0207 2536 Null - ok
21:39:02.0554 2536 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:39:02.0838 2536 nvlddmkm - ok
21:39:02.0892 2536 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:39:02.0894 2536 nvraid - ok
21:39:02.0919 2536 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:39:02.0921 2536 nvstor - ok
21:39:02.0940 2536 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:39:02.0942 2536 nv_agp - ok
21:39:02.0964 2536 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:39:02.0965 2536 ohci1394 - ok
21:39:03.0012 2536 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:39:03.0014 2536 Parport - ok
21:39:03.0047 2536 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:39:03.0049 2536 partmgr - ok
21:39:03.0080 2536 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:39:03.0083 2536 pci - ok
21:39:03.0097 2536 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:39:03.0098 2536 pciide - ok
21:39:03.0119 2536 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:39:03.0122 2536 pcmcia - ok
21:39:03.0134 2536 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:39:03.0137 2536 pcw - ok
21:39:03.0161 2536 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:39:03.0168 2536 PEAUTH - ok
21:39:03.0244 2536 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:39:03.0246 2536 PptpMiniport - ok
21:39:03.0264 2536 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:39:03.0266 2536 Processor - ok
21:39:03.0311 2536 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:39:03.0313 2536 Psched - ok
21:39:03.0365 2536 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:39:03.0416 2536 ql2300 - ok
21:39:03.0440 2536 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:39:03.0442 2536 ql40xx - ok
21:39:03.0460 2536 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:39:03.0461 2536 QWAVEdrv - ok
21:39:03.0476 2536 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:39:03.0476 2536 RasAcd - ok
21:39:03.0499 2536 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:39:03.0500 2536 RasAgileVpn - ok
21:39:03.0536 2536 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:39:03.0538 2536 Rasl2tp - ok
21:39:03.0552 2536 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:39:03.0554 2536 RasPppoe - ok
21:39:03.0568 2536 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:39:03.0570 2536 RasSstp - ok
21:39:03.0608 2536 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:39:03.0613 2536 rdbss - ok
21:39:03.0629 2536 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:39:03.0630 2536 rdpbus - ok
21:39:03.0644 2536 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:39:03.0645 2536 RDPCDD - ok
21:39:03.0677 2536 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
21:39:03.0679 2536 RDPDR - ok
21:39:03.0710 2536 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:39:03.0711 2536 RDPENCDD - ok
21:39:03.0723 2536 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:39:03.0724 2536 RDPREFMP - ok
21:39:03.0763 2536 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:39:03.0765 2536 RDPWD - ok
21:39:03.0825 2536 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:39:03.0828 2536 rdyboost - ok
21:39:03.0863 2536 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:39:03.0865 2536 rspndr - ok
21:39:03.0913 2536 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:39:03.0916 2536 RTL8167 - ok
21:39:03.0945 2536 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
21:39:03.0946 2536 s3cap - ok
21:39:03.0966 2536 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:39:03.0968 2536 sbp2port - ok
21:39:04.0018 2536 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:39:04.0019 2536 scfilter - ok
21:39:04.0042 2536 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:39:04.0043 2536 secdrv - ok
21:39:04.0062 2536 Ser2pl - ok
21:39:04.0080 2536 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:39:04.0081 2536 Serenum - ok
21:39:04.0094 2536 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:39:04.0096 2536 Serial - ok
21:39:04.0142 2536 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:39:04.0143 2536 sermouse - ok
21:39:04.0178 2536 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:39:04.0179 2536 sffdisk - ok
21:39:04.0206 2536 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:39:04.0206 2536 sffp_mmc - ok
21:39:04.0218 2536 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:39:04.0219 2536 sffp_sd - ok
21:39:04.0231 2536 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:39:04.0232 2536 sfloppy - ok
21:39:04.0247 2536 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:39:04.0248 2536 SiSRaid2 - ok
21:39:04.0260 2536 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:39:04.0261 2536 SiSRaid4 - ok
21:39:04.0293 2536 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:39:04.0295 2536 Smb - ok
21:39:04.0309 2536 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:39:04.0312 2536 spldr - ok
21:39:04.0368 2536 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:39:04.0374 2536 srv - ok
21:39:04.0430 2536 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:39:04.0436 2536 srv2 - ok
21:39:04.0451 2536 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:39:04.0455 2536 srvnet - ok
21:39:04.0493 2536 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:39:04.0494 2536 stexstor - ok
21:39:04.0538 2536 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
21:39:04.0539 2536 storflt - ok
21:39:04.0564 2536 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
21:39:04.0565 2536 storvsc - ok
21:39:04.0587 2536 SuperMounter - ok
21:39:04.0623 2536 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:39:04.0623 2536 swenum - ok
21:39:04.0719 2536 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:39:04.0779 2536 Tcpip - ok
21:39:04.0861 2536 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:39:04.0869 2536 TCPIP6 - ok
21:39:04.0902 2536 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:39:04.0905 2536 tcpipreg - ok
21:39:04.0927 2536 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:39:04.0928 2536 TDPIPE - ok
21:39:04.0944 2536 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:39:04.0945 2536 TDTCP - ok
21:39:04.0980 2536 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:39:04.0982 2536 tdx - ok
21:39:05.0014 2536 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:39:05.0014 2536 TermDD - ok
21:39:05.0062 2536 trufos (df219721ddffcbe03aa894b6b6742ba1) C:\Windows\system32\DRIVERS\trufos.sys
21:39:05.0066 2536 trufos - ok
21:39:05.0103 2536 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:39:05.0104 2536 tssecsrv - ok
21:39:05.0143 2536 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:39:05.0145 2536 TsUsbFlt - ok
21:39:05.0205 2536 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:39:05.0207 2536 tunnel - ok
21:39:05.0229 2536 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:39:05.0231 2536 uagp35 - ok
21:39:05.0273 2536 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:39:05.0277 2536 udfs - ok
21:39:05.0344 2536 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:39:05.0346 2536 uliagpkx - ok
21:39:05.0367 2536 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:39:05.0368 2536 umbus - ok
21:39:05.0380 2536 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:39:05.0384 2536 UmPass - ok
21:39:05.0444 2536 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
21:39:05.0446 2536 USBAAPL64 - ok
21:39:05.0456 2536 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:39:05.0458 2536 usbccgp - ok
21:39:05.0486 2536 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:39:05.0488 2536 usbcir - ok
21:39:05.0505 2536 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:39:05.0506 2536 usbehci - ok
21:39:05.0532 2536 UsbFltr (68bad03835873d4bbbde95cbb135a395) C:\Windows\system32\Drivers\UsbFltr.sys
21:39:05.0532 2536 UsbFltr - ok
21:39:05.0564 2536 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:39:05.0568 2536 usbhub - ok
21:39:05.0578 2536 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
21:39:05.0579 2536 usbohci - ok
21:39:05.0609 2536 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:39:05.0610 2536 usbprint - ok
21:39:05.0625 2536 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:39:05.0626 2536 usbscan - ok
21:39:05.0637 2536 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:39:05.0639 2536 USBSTOR - ok
21:39:05.0658 2536 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:39:05.0659 2536 usbuhci - ok
21:39:05.0686 2536 VBoxDrv (f8899654688af11b5e8ddf9ed53cb72e) C:\Windows\system32\DRIVERS\VBoxDrv.sys
21:39:05.0689 2536 VBoxDrv - ok
21:39:05.0704 2536 VBoxNetAdp (01f5ff577ca9d3555941c5c266af4385) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
21:39:05.0705 2536 VBoxNetAdp - ok
21:39:05.0718 2536 VBoxNetFlt (2666d93096570f92346e3117b9c051e8) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
21:39:05.0718 2536 VBoxNetFlt - ok
21:39:05.0757 2536 VBoxUSBMon (92d8db75837262e3811dfabf80dc08e0) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
21:39:05.0759 2536 VBoxUSBMon - ok
21:39:05.0792 2536 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:39:05.0793 2536 vdrvroot - ok
21:39:05.0832 2536 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:39:05.0833 2536 vga - ok
21:39:05.0849 2536 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:39:05.0850 2536 VgaSave - ok
21:39:05.0883 2536 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:39:05.0885 2536 vhdmp - ok
21:39:05.0908 2536 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:39:05.0921 2536 viaide - ok
21:39:05.0938 2536 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
21:39:05.0941 2536 vmbus - ok
21:39:05.0955 2536 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
21:39:05.0956 2536 VMBusHID - ok
21:39:05.0989 2536 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:39:05.0990 2536 volmgr - ok
21:39:06.0034 2536 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:39:06.0039 2536 volmgrx - ok
21:39:06.0057 2536 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:39:06.0061 2536 volsnap - ok
21:39:06.0086 2536 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:39:06.0088 2536 vsmraid - ok
21:39:06.0104 2536 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:39:06.0105 2536 vwifibus - ok
21:39:06.0120 2536 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:39:06.0121 2536 vwififlt - ok
21:39:06.0140 2536 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:39:06.0140 2536 WacomPen - ok
21:39:06.0190 2536 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:39:06.0192 2536 WANARP - ok
21:39:06.0195 2536 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:39:06.0195 2536 Wanarpv6 - ok
21:39:06.0221 2536 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:39:06.0222 2536 Wd - ok
21:39:06.0248 2536 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:39:06.0255 2536 Wdf01000 - ok
21:39:06.0321 2536 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:39:06.0322 2536 WfpLwf - ok
21:39:06.0333 2536 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:39:06.0334 2536 WIMMount - ok
21:39:06.0384 2536 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:39:06.0401 2536 WinUsb - ok
21:39:06.0616 2536 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:39:06.0617 2536 WmiAcpi - ok
21:39:06.0674 2536 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:39:06.0675 2536 ws2ifsl - ok
21:39:06.0733 2536 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:39:06.0735 2536 WudfPf - ok
21:39:06.0766 2536 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:39:06.0768 2536 WUDFRd - ok
21:39:06.0795 2536 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
21:39:06.0820 2536 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
21:39:06.0820 2536 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
21:39:06.0838 2536 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
21:39:06.0841 2536 \Device\Harddisk1\DR1 - ok
21:39:06.0875 2536 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
21:39:06.0879 2536 \Device\Harddisk2\DR2 - ok
21:39:06.0883 2536 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk7\DR7
21:39:09.0132 2536 \Device\Harddisk7\DR7 - ok
21:39:09.0134 2536 Boot (0x1200) (c0567c0b53b947f0907180bb8e9f549c) \Device\Harddisk0\DR0\Partition0
21:39:09.0135 2536 \Device\Harddisk0\DR0\Partition0 - ok
21:39:09.0138 2536 Boot (0x1200) (965458fc126dd2778950c2001965740a) \Device\Harddisk2\DR2\Partition0
21:39:09.0140 2536 \Device\Harddisk2\DR2\Partition0 - ok
21:39:09.0143 2536 Boot (0x1200) (62cf7d0383f8a6614b2decba0c5ea930) \Device\Harddisk7\DR7\Partition0
21:39:09.0145 2536 \Device\Harddisk7\DR7\Partition0 - ok
21:39:09.0145 2536 ============================================================
21:39:09.0145 2536 Scan finished
21:39:09.0145 2536 ============================================================
21:39:09.0150 0580 Detected object count: 1
21:39:09.0150 0580 Actual detected object count: 1
21:39:20.0944 0580 \Device\Harddisk0\DR0\# - copied to quarantine
21:39:20.0944 0580 \Device\Harddisk0\DR0 - copied to quarantine
21:39:20.0971 0580 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
21:39:20.0972 0580 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
21:39:21.0004 0580 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
21:39:21.0009 0580 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
21:39:21.0010 0580 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
21:39:21.0010 0580 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
21:39:21.0011 0580 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
21:39:21.0013 0580 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
21:39:21.0016 0580 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
21:39:21.0016 0580 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
21:39:21.0022 0580 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
21:39:21.0023 0580 \Device\Harddisk0\DR0 - ok
21:39:21.0023 0580 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
21:41:47.0644 2224 Deinitialize success

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:50 AM

Posted 05 February 2012 - 08:49 AM

what icons are you missing and from where?

Please rerun TDSSKiller with the following option checked
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 k00lbreeze

k00lbreeze
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SoCal
  • Local time:08:50 PM

Posted 05 February 2012 - 01:36 PM

It found a physical drive at medium risk. Here is the log file:


10:33:41.0968 3196 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
10:33:42.0477 3196 ============================================================
10:33:42.0477 3196 Current date / time: 2012/02/05 10:33:42.0477
10:33:42.0477 3196 SystemInfo:
10:33:42.0477 3196
10:33:42.0477 3196 OS Version: 6.1.7601 ServicePack: 1.0
10:33:42.0477 3196 Product type: Workstation
10:33:42.0477 3196 ComputerName: KOOLBREEZE-PC
10:33:42.0477 3196 UserName: IT2
10:33:42.0477 3196 Windows directory: C:\Windows
10:33:42.0477 3196 System windows directory: C:\Windows
10:33:42.0477 3196 Running under WOW64
10:33:42.0478 3196 Processor architecture: Intel x64
10:33:42.0478 3196 Number of processors: 2
10:33:42.0478 3196 Page size: 0x1000
10:33:42.0478 3196 Boot type: Normal boot
10:33:42.0478 3196 ============================================================
10:33:42.0936 3196 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:33:42.0936 3196 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:33:42.0994 3196 Drive \Device\Harddisk6\DR6 - Size: 0xE8E0DB5E00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0xEC932, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x20, Type 'W'
10:33:43.0052 3196 \Device\Harddisk0\DR0:
10:33:43.0061 3196 MBR used
10:33:43.0061 3196 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384000
10:33:43.0061 3196 \Device\Harddisk1\DR1:
10:33:43.0061 3196 MBR used
10:33:43.0061 3196 \Device\Harddisk6\DR6:
10:33:43.0063 3196 MBR used
10:33:43.0063 3196 \Device\Harddisk6\DR6\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x747061A1
10:33:43.0081 3196 Initialize success
10:33:43.0081 3196 ============================================================
10:34:04.0507 3988 ============================================================
10:34:04.0507 3988 Scan started
10:34:04.0507 3988 Mode: Manual; TDLFS;
10:34:04.0507 3988 ============================================================
10:34:04.0872 3988 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:34:04.0873 3988 1394ohci - ok
10:34:04.0945 3988 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:34:04.0947 3988 ACPI - ok
10:34:04.0988 3988 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:34:04.0988 3988 AcpiPmi - ok
10:34:05.0040 3988 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:34:05.0042 3988 adp94xx - ok
10:34:05.0068 3988 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:34:05.0070 3988 adpahci - ok
10:34:05.0079 3988 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:34:05.0080 3988 adpu320 - ok
10:34:05.0156 3988 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
10:34:05.0158 3988 AFD - ok
10:34:05.0216 3988 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:34:05.0217 3988 agp440 - ok
10:34:05.0234 3988 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:34:05.0235 3988 aliide - ok
10:34:05.0252 3988 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:34:05.0252 3988 amdide - ok
10:34:05.0291 3988 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:34:05.0292 3988 AmdK8 - ok
10:34:05.0311 3988 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:34:05.0311 3988 AmdPPM - ok
10:34:05.0332 3988 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:34:05.0332 3988 amdsata - ok
10:34:05.0355 3988 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:34:05.0356 3988 amdsbs - ok
10:34:05.0371 3988 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:34:05.0371 3988 amdxata - ok
10:34:05.0435 3988 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:34:05.0435 3988 AppID - ok
10:34:05.0481 3988 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:34:05.0481 3988 arc - ok
10:34:05.0498 3988 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:34:05.0498 3988 arcsas - ok
10:34:05.0523 3988 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:34:05.0523 3988 AsyncMac - ok
10:34:05.0564 3988 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:34:05.0564 3988 atapi - ok
10:34:05.0656 3988 athur (a42a4052a7dc86e3a01dfae97ffe2ed1) C:\Windows\system32\DRIVERS\athurx.sys
10:34:05.0664 3988 athur - ok
10:34:05.0723 3988 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:34:05.0725 3988 b06bdrv - ok
10:34:05.0752 3988 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:34:05.0753 3988 b57nd60a - ok
10:34:05.0809 3988 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:34:05.0809 3988 Beep - ok
10:34:05.0858 3988 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:34:05.0858 3988 blbdrive - ok
10:34:05.0917 3988 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:34:05.0917 3988 bowser - ok
10:34:05.0939 3988 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:34:05.0939 3988 BrFiltLo - ok
10:34:05.0948 3988 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:34:05.0949 3988 BrFiltUp - ok
10:34:05.0984 3988 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
10:34:05.0984 3988 BridgeMP - ok
10:34:06.0016 3988 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:34:06.0017 3988 Brserid - ok
10:34:06.0024 3988 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:34:06.0025 3988 BrSerWdm - ok
10:34:06.0032 3988 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:34:06.0032 3988 BrUsbMdm - ok
10:34:06.0043 3988 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:34:06.0043 3988 BrUsbSer - ok
10:34:06.0058 3988 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:34:06.0058 3988 BTHMODEM - ok
10:34:06.0098 3988 catchme - ok
10:34:06.0115 3988 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:34:06.0115 3988 cdfs - ok
10:34:06.0166 3988 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
10:34:06.0167 3988 cdrom - ok
10:34:06.0188 3988 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:34:06.0188 3988 circlass - ok
10:34:06.0218 3988 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:34:06.0220 3988 CLFS - ok
10:34:06.0261 3988 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:34:06.0261 3988 CmBatt - ok
10:34:06.0297 3988 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:34:06.0297 3988 cmdide - ok
10:34:06.0340 3988 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:34:06.0342 3988 CNG - ok
10:34:06.0355 3988 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:34:06.0356 3988 Compbatt - ok
10:34:06.0383 3988 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:34:06.0383 3988 CompositeBus - ok
10:34:06.0405 3988 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:34:06.0406 3988 crcdisk - ok
10:34:06.0466 3988 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
10:34:06.0468 3988 CSC - ok
10:34:06.0514 3988 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:34:06.0514 3988 DfsC - ok
10:34:06.0531 3988 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:34:06.0532 3988 discache - ok
10:34:06.0558 3988 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:34:06.0559 3988 Disk - ok
10:34:06.0597 3988 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:34:06.0597 3988 drmkaud - ok
10:34:06.0634 3988 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:34:06.0638 3988 DXGKrnl - ok
10:34:06.0692 3988 EagleX64 - ok
10:34:06.0815 3988 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:34:06.0829 3988 ebdrv - ok
10:34:06.0880 3988 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:34:06.0882 3988 elxstor - ok
10:34:06.0934 3988 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:34:06.0934 3988 ErrDev - ok
10:34:06.0960 3988 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:34:06.0960 3988 exfat - ok
10:34:06.0983 3988 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:34:06.0984 3988 fastfat - ok
10:34:07.0003 3988 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:34:07.0003 3988 fdc - ok
10:34:07.0022 3988 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:34:07.0023 3988 FileInfo - ok
10:34:07.0037 3988 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:34:07.0037 3988 Filetrace - ok
10:34:07.0051 3988 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:34:07.0052 3988 flpydisk - ok
10:34:07.0089 3988 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:34:07.0090 3988 FltMgr - ok
10:34:07.0107 3988 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:34:07.0107 3988 FsDepends - ok
10:34:07.0126 3988 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:34:07.0126 3988 Fs_Rec - ok
10:34:07.0167 3988 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:34:07.0168 3988 fvevol - ok
10:34:07.0189 3988 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:34:07.0189 3988 gagp30kx - ok
10:34:07.0223 3988 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:34:07.0223 3988 GEARAspiWDM - ok
10:34:07.0271 3988 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:34:07.0272 3988 hcw85cir - ok
10:34:07.0299 3988 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:34:07.0300 3988 HdAudAddService - ok
10:34:07.0338 3988 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:34:07.0339 3988 HDAudBus - ok
10:34:07.0358 3988 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:34:07.0358 3988 HidBatt - ok
10:34:07.0379 3988 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:34:07.0379 3988 HidBth - ok
10:34:07.0392 3988 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:34:07.0392 3988 HidIr - ok
10:34:07.0462 3988 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
10:34:07.0462 3988 HidUsb - ok
10:34:07.0488 3988 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:34:07.0488 3988 HpSAMD - ok
10:34:07.0527 3988 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:34:07.0530 3988 HTTP - ok
10:34:07.0563 3988 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:34:07.0563 3988 hwpolicy - ok
10:34:07.0597 3988 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:34:07.0597 3988 i8042prt - ok
10:34:07.0628 3988 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:34:07.0629 3988 iaStorV - ok
10:34:07.0671 3988 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:34:07.0671 3988 iirsp - ok
10:34:07.0694 3988 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:34:07.0694 3988 intelide - ok
10:34:07.0719 3988 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:34:07.0719 3988 intelppm - ok
10:34:07.0756 3988 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:34:07.0757 3988 IpFilterDriver - ok
10:34:07.0774 3988 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:34:07.0775 3988 IPMIDRV - ok
10:34:07.0800 3988 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:34:07.0800 3988 IPNAT - ok
10:34:07.0825 3988 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:34:07.0826 3988 IRENUM - ok
10:34:07.0847 3988 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:34:07.0847 3988 isapnp - ok
10:34:07.0867 3988 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:34:07.0868 3988 iScsiPrt - ok
10:34:07.0888 3988 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
10:34:07.0889 3988 kbdclass - ok
10:34:07.0900 3988 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
10:34:07.0900 3988 kbdhid - ok
10:34:07.0933 3988 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:34:07.0933 3988 KSecDD - ok
10:34:07.0949 3988 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:34:07.0950 3988 KSecPkg - ok
10:34:07.0974 3988 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:34:07.0974 3988 ksthunk - ok
10:34:08.0009 3988 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:34:08.0010 3988 lltdio - ok
10:34:08.0064 3988 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:34:08.0065 3988 LSI_FC - ok
10:34:08.0079 3988 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:34:08.0079 3988 LSI_SAS - ok
10:34:08.0103 3988 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:34:08.0104 3988 LSI_SAS2 - ok
10:34:08.0139 3988 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:34:08.0140 3988 LSI_SCSI - ok
10:34:08.0166 3988 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:34:08.0167 3988 luafv - ok
10:34:08.0194 3988 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:34:08.0195 3988 megasas - ok
10:34:08.0221 3988 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:34:08.0222 3988 MegaSR - ok
10:34:08.0276 3988 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\FAC7.tmp
10:34:08.0276 3988 MEMSWEEP2 - ok
10:34:08.0297 3988 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:34:08.0297 3988 Modem - ok
10:34:08.0324 3988 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:34:08.0324 3988 monitor - ok
10:34:08.0359 3988 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
10:34:08.0359 3988 mouclass - ok
10:34:08.0382 3988 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:34:08.0383 3988 mouhid - ok
10:34:08.0424 3988 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:34:08.0425 3988 mountmgr - ok
10:34:08.0448 3988 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:34:08.0449 3988 mpio - ok
10:34:08.0474 3988 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:34:08.0474 3988 mpsdrv - ok
10:34:08.0503 3988 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:34:08.0504 3988 MRxDAV - ok
10:34:08.0541 3988 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:34:08.0542 3988 mrxsmb - ok
10:34:08.0580 3988 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:34:08.0581 3988 mrxsmb10 - ok
10:34:08.0600 3988 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:34:08.0601 3988 mrxsmb20 - ok
10:34:08.0636 3988 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:34:08.0636 3988 msahci - ok
10:34:08.0670 3988 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:34:08.0671 3988 msdsm - ok
10:34:08.0700 3988 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:34:08.0701 3988 Msfs - ok
10:34:08.0713 3988 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:34:08.0714 3988 mshidkmdf - ok
10:34:08.0727 3988 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:34:08.0727 3988 msisadrv - ok
10:34:08.0756 3988 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:34:08.0756 3988 MSKSSRV - ok
10:34:08.0766 3988 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:34:08.0766 3988 MSPCLOCK - ok
10:34:08.0774 3988 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:34:08.0774 3988 MSPQM - ok
10:34:08.0815 3988 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:34:08.0816 3988 MsRPC - ok
10:34:08.0832 3988 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:34:08.0832 3988 mssmbios - ok
10:34:08.0850 3988 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:34:08.0850 3988 MSTEE - ok
10:34:08.0859 3988 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:34:08.0860 3988 MTConfig - ok
10:34:08.0904 3988 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
10:34:08.0904 3988 MTsensor - ok
10:34:08.0922 3988 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:34:08.0922 3988 Mup - ok
10:34:08.0964 3988 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:34:08.0965 3988 NativeWifiP - ok
10:34:09.0025 3988 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:34:09.0029 3988 NDIS - ok
10:34:09.0060 3988 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:34:09.0060 3988 NdisCap - ok
10:34:09.0080 3988 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:34:09.0080 3988 NdisTapi - ok
10:34:09.0111 3988 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:34:09.0112 3988 Ndisuio - ok
10:34:09.0148 3988 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:34:09.0149 3988 NdisWan - ok
10:34:09.0187 3988 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:34:09.0188 3988 NDProxy - ok
10:34:09.0204 3988 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:34:09.0205 3988 NetBIOS - ok
10:34:09.0249 3988 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:34:09.0250 3988 NetBT - ok
10:34:09.0291 3988 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:34:09.0291 3988 nfrd960 - ok
10:34:09.0388 3988 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:34:09.0388 3988 Npfs - ok
10:34:09.0404 3988 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:34:09.0404 3988 nsiproxy - ok
10:34:09.0473 3988 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:34:09.0481 3988 Ntfs - ok
10:34:09.0510 3988 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:34:09.0510 3988 Null - ok
10:34:09.0811 3988 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:34:09.0867 3988 nvlddmkm - ok
10:34:09.0903 3988 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:34:09.0904 3988 nvraid - ok
10:34:09.0930 3988 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:34:09.0930 3988 nvstor - ok
10:34:09.0952 3988 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:34:09.0952 3988 nv_agp - ok
10:34:09.0984 3988 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:34:09.0984 3988 ohci1394 - ok
10:34:10.0031 3988 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:34:10.0032 3988 Parport - ok
10:34:10.0067 3988 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:34:10.0068 3988 partmgr - ok
10:34:10.0109 3988 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:34:10.0110 3988 pci - ok
10:34:10.0125 3988 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:34:10.0125 3988 pciide - ok
10:34:10.0147 3988 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:34:10.0148 3988 pcmcia - ok
10:34:10.0162 3988 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:34:10.0163 3988 pcw - ok
10:34:10.0190 3988 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:34:10.0192 3988 PEAUTH - ok
10:34:10.0272 3988 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:34:10.0273 3988 PptpMiniport - ok
10:34:10.0284 3988 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:34:10.0284 3988 Processor - ok
10:34:10.0323 3988 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:34:10.0323 3988 Psched - ok
10:34:10.0360 3988 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:34:10.0367 3988 ql2300 - ok
10:34:10.0385 3988 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:34:10.0385 3988 ql40xx - ok
10:34:10.0405 3988 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:34:10.0405 3988 QWAVEdrv - ok
10:34:10.0420 3988 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:34:10.0421 3988 RasAcd - ok
10:34:10.0444 3988 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:34:10.0445 3988 RasAgileVpn - ok
10:34:10.0489 3988 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:34:10.0489 3988 Rasl2tp - ok
10:34:10.0514 3988 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:34:10.0514 3988 RasPppoe - ok
10:34:10.0530 3988 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:34:10.0530 3988 RasSstp - ok
10:34:10.0552 3988 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:34:10.0553 3988 rdbss - ok
10:34:10.0573 3988 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:34:10.0574 3988 rdpbus - ok
10:34:10.0588 3988 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:34:10.0588 3988 RDPCDD - ok
10:34:10.0620 3988 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
10:34:10.0621 3988 RDPDR - ok
10:34:10.0638 3988 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:34:10.0638 3988 RDPENCDD - ok
10:34:10.0651 3988 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:34:10.0651 3988 RDPREFMP - ok
10:34:10.0690 3988 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
10:34:10.0691 3988 RDPWD - ok
10:34:10.0741 3988 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:34:10.0742 3988 rdyboost - ok
10:34:10.0774 3988 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:34:10.0774 3988 rspndr - ok
10:34:10.0824 3988 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:34:10.0827 3988 RTL8167 - ok
10:34:10.0864 3988 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
10:34:10.0864 3988 s3cap - ok
10:34:10.0885 3988 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:34:10.0886 3988 sbp2port - ok
10:34:10.0937 3988 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:34:10.0937 3988 scfilter - ok
10:34:10.0970 3988 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:34:10.0970 3988 secdrv - ok
10:34:11.0000 3988 Ser2pl - ok
10:34:11.0015 3988 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:34:11.0016 3988 Serenum - ok
10:34:11.0038 3988 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:34:11.0038 3988 Serial - ok
10:34:11.0078 3988 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:34:11.0078 3988 sermouse - ok
10:34:11.0106 3988 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:34:11.0106 3988 sffdisk - ok
10:34:11.0133 3988 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:34:11.0133 3988 sffp_mmc - ok
10:34:11.0146 3988 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:34:11.0146 3988 sffp_sd - ok
10:34:11.0167 3988 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:34:11.0167 3988 sfloppy - ok
10:34:11.0189 3988 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:34:11.0189 3988 SiSRaid2 - ok
10:34:11.0204 3988 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:34:11.0204 3988 SiSRaid4 - ok
10:34:11.0229 3988 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:34:11.0229 3988 Smb - ok
10:34:11.0244 3988 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:34:11.0245 3988 spldr - ok
10:34:11.0287 3988 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:34:11.0289 3988 srv - ok
10:34:11.0308 3988 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:34:11.0310 3988 srv2 - ok
10:34:11.0329 3988 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:34:11.0330 3988 srvnet - ok
10:34:11.0363 3988 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:34:11.0363 3988 stexstor - ok
10:34:11.0408 3988 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
10:34:11.0408 3988 storflt - ok
10:34:11.0434 3988 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
10:34:11.0434 3988 storvsc - ok
10:34:11.0462 3988 SuperMounter - ok
10:34:11.0501 3988 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:34:11.0501 3988 swenum - ok
10:34:11.0600 3988 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
10:34:11.0611 3988 Tcpip - ok
10:34:11.0683 3988 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
10:34:11.0691 3988 TCPIP6 - ok
10:34:11.0731 3988 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:34:11.0731 3988 tcpipreg - ok
10:34:11.0772 3988 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:34:11.0772 3988 TDPIPE - ok
10:34:11.0789 3988 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
10:34:11.0789 3988 TDTCP - ok
10:34:11.0825 3988 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:34:11.0826 3988 tdx - ok
10:34:11.0859 3988 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:34:11.0859 3988 TermDD - ok
10:34:11.0915 3988 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:34:11.0915 3988 tssecsrv - ok
10:34:11.0963 3988 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:34:11.0964 3988 TsUsbFlt - ok
10:34:12.0025 3988 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:34:12.0026 3988 tunnel - ok
10:34:12.0049 3988 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:34:12.0050 3988 uagp35 - ok
10:34:12.0093 3988 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:34:12.0095 3988 udfs - ok
10:34:12.0131 3988 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:34:12.0131 3988 uliagpkx - ok
10:34:12.0153 3988 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:34:12.0154 3988 umbus - ok
10:34:12.0166 3988 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:34:12.0167 3988 UmPass - ok
10:34:12.0206 3988 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
10:34:12.0206 3988 USBAAPL64 - ok
10:34:12.0218 3988 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:34:12.0218 3988 usbccgp - ok
10:34:12.0248 3988 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:34:12.0248 3988 usbcir - ok
10:34:12.0267 3988 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:34:12.0267 3988 usbehci - ok
10:34:12.0293 3988 UsbFltr (68bad03835873d4bbbde95cbb135a395) C:\Windows\system32\Drivers\UsbFltr.sys
10:34:12.0294 3988 UsbFltr - ok
10:34:12.0326 3988 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:34:12.0328 3988 usbhub - ok
10:34:12.0348 3988 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
10:34:12.0348 3988 usbohci - ok
10:34:12.0379 3988 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:34:12.0380 3988 usbprint - ok
10:34:12.0395 3988 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:34:12.0396 3988 usbscan - ok
10:34:12.0415 3988 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:34:12.0416 3988 USBSTOR - ok
10:34:12.0436 3988 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:34:12.0437 3988 usbuhci - ok
10:34:12.0472 3988 VBoxDrv (f8899654688af11b5e8ddf9ed53cb72e) C:\Windows\system32\DRIVERS\VBoxDrv.sys
10:34:12.0473 3988 VBoxDrv - ok
10:34:12.0490 3988 VBoxNetAdp (01f5ff577ca9d3555941c5c266af4385) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
10:34:12.0491 3988 VBoxNetAdp - ok
10:34:12.0504 3988 VBoxNetFlt (2666d93096570f92346e3117b9c051e8) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
10:34:12.0505 3988 VBoxNetFlt - ok
10:34:12.0544 3988 VBoxUSBMon (92d8db75837262e3811dfabf80dc08e0) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
10:34:12.0544 3988 VBoxUSBMon - ok
10:34:12.0571 3988 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:34:12.0571 3988 vdrvroot - ok
10:34:12.0593 3988 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:34:12.0594 3988 vga - ok
10:34:12.0611 3988 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:34:12.0611 3988 VgaSave - ok
10:34:12.0636 3988 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:34:12.0637 3988 vhdmp - ok
10:34:12.0661 3988 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:34:12.0662 3988 viaide - ok
10:34:12.0683 3988 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
10:34:12.0684 3988 vmbus - ok
10:34:12.0700 3988 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
10:34:12.0701 3988 VMBusHID - ok
10:34:12.0717 3988 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:34:12.0718 3988 volmgr - ok
10:34:12.0763 3988 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:34:12.0765 3988 volmgrx - ok
10:34:12.0785 3988 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:34:12.0786 3988 volsnap - ok
10:34:12.0814 3988 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:34:12.0815 3988 vsmraid - ok
10:34:12.0832 3988 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
10:34:12.0832 3988 vwifibus - ok
10:34:12.0849 3988 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:34:12.0849 3988 vwififlt - ok
10:34:12.0868 3988 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:34:12.0868 3988 WacomPen - ok
10:34:12.0893 3988 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:34:12.0894 3988 WANARP - ok
10:34:12.0897 3988 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:34:12.0898 3988 Wanarpv6 - ok
10:34:12.0925 3988 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:34:12.0925 3988 Wd - ok
10:34:12.0951 3988 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:34:12.0954 3988 Wdf01000 - ok
10:34:13.0016 3988 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:34:13.0017 3988 WfpLwf - ok
10:34:13.0037 3988 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:34:13.0037 3988 WIMMount - ok
10:34:13.0112 3988 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:34:13.0113 3988 WinUsb - ok
10:34:13.0170 3988 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:34:13.0171 3988 WmiAcpi - ok
10:34:13.0219 3988 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:34:13.0220 3988 ws2ifsl - ok
10:34:13.0253 3988 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:34:13.0254 3988 WudfPf - ok
10:34:13.0270 3988 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:34:13.0270 3988 WUDFRd - ok
10:34:13.0299 3988 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:34:13.0388 3988 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:34:13.0388 3988 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:34:13.0390 3988 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
10:34:13.0431 3988 \Device\Harddisk1\DR1 - ok
10:34:13.0447 3988 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk6\DR6
10:34:13.0649 3988 \Device\Harddisk6\DR6 - ok
10:34:13.0651 3988 Boot (0x1200) (c0567c0b53b947f0907180bb8e9f549c) \Device\Harddisk0\DR0\Partition0
10:34:13.0652 3988 \Device\Harddisk0\DR0\Partition0 - ok
10:34:13.0704 3988 Boot (0x1200) (965458fc126dd2778950c2001965740a) \Device\Harddisk6\DR6\Partition0
10:34:13.0706 3988 \Device\Harddisk6\DR6\Partition0 - ok
10:34:13.0706 3988 ============================================================
10:34:13.0706 3988 Scan finished
10:34:13.0706 3988 ============================================================
10:34:13.0714 3992 Detected object count: 1
10:34:13.0714 3992 Actual detected object count: 1
10:34:49.0976 3992 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
10:34:49.0976 3992 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
10:35:19.0988 1372 Deinitialize success

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:50 AM

Posted 05 February 2012 - 01:41 PM

I'd like to get a better look at what it has found, please do the following:

We need to get a look at things outside of Windows


Please do the following:

You'll need a CD and a USB flashdrive that has some space on it. We will not be changing any of the data on the usb device just using it for a file.

You will also need to use FireFox to download a file as Internet Explorer seems to mangle the download.

If you have any problems with these steps please let me know. It may look complicated but it's fairly straight forward and for the most part automated.


Download GETxPUD.exe to your desktop
  • Run GETxPUD.exe by double clicking it.
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and when finished, it will open BurnCDCC which will be ready to burn the image.
  • Click on Start and follow the prompts to burn the image to your CD

Using FireFox, please download and save dumpit to your usb device.

You may want to print out this part as you will not be able to view these instructions once booted with the CD you just made.
  • Leave the usb device attached to the computer
  • Now boot your computer with the CD you just burned
    • with the CD in the computer, restart the computer
  • The computer must be set to boot from the CD,depending on your computer you can either do this by pressing F12 and selecting the CD as the first boot option or it can be set in the BIOS
  • Once you have the computer set to boot from the CD allow it to boot
  • A Welcome to xPUD screen will appear
  • Click on File
  • Expand mnt
  • sda1,or sda2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
    (you will be able to tell if it the right one as the screen will populate with your files)
  • Locate the file you downloaded and saved earlier, dumpit
  • double click it to run it
  • a black window will open, follow the instructions to close the window when it's finished
  • a file called MBR.zip should now be placed in the right hand panel
  • Click the Home icon at top
  • Remove the CD and click Power off
  • Click restart

Once the computer has rebooted open the usb device and attach the MBR.zip file to your next reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 k00lbreeze

k00lbreeze
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SoCal
  • Local time:08:50 PM

Posted 05 February 2012 - 01:58 PM

Here you go. Thx

Attached Files

  • Attached File  mbr.zip   4.03KB   5 downloads


#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:50 AM

Posted 05 February 2012 - 02:23 PM

do you have a multi boot set up on your PC?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 k00lbreeze

k00lbreeze
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SoCal
  • Local time:08:50 PM

Posted 05 February 2012 - 02:38 PM

No I do not.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users