Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Virus, Chrome and Firefox, Trojan Scan


  • Please log in to reply
16 replies to this topic

#1 chromecarz00

chromecarz00

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 15 February 2012 - 06:01 AM

Hey all,

So I have the redirect virus on both Firefox and Chrome, have run virus scans in Malaware and Spybot, Spybot shows Smitfraud but is unable to remove even in safe mode, likewise with Malaware (shows trojan though), what to do at this point? I was advised to use combo fix or tdsskiller and systematics tool but combofix freezes and tdsskiller "fixes" it but it is detected on the next startup...help?

Thanks in advance!

Edited by hamluis, 15 February 2012 - 10:11 AM.
Moved from Vista to Am I Infected.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:38 PM

Posted 15 February 2012 - 10:25 AM

Hello, can we see both the MBAM and TDSS log.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 chromecarz00

chromecarz00
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 15 February 2012 - 02:27 PM

Thanks for the quick response: I cant find where the tdss log is; after restart the confirmation doesnt come up.



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4356

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19120

2/13/2012 4:37:30 PM
mbam-log-2012-02-13 (16-37-30).txt

Scan type: Full scan (C:\|)
Objects scanned: 401628
Time elapsed: 1 hour(s), 24 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ias (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\Iasv32.dll (Trojan.Agent) -> Quarantined and deleted successfully.





MiniToolBox by Farbar Version: 18-01-2012
Ran by § (administrator) on 15-02-2012 at 11:03:55
Microsoft® Windows Vista™ Business Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=127.0.0.1:57515

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.http", "127.0.0.1"
"network.proxy.http_port", 57515
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 15171 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Cisco AnyConnect VPN Virtual Miniport Adapter for Windows = Cisco AnyConnect VPN Client Connection (Disconnected)
Cisco Systems VPN Adapter = Local Area Connection 2 (Disconnected)
Intel® Wireless WiFi Link 4965AGN = Wireless Network Connection 3 (Connected)
Intel® 82566MM Gigabit Network Connection = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection 3 (Media disconnected)
The following helper DLL cannot be loaded: WSHELPER.DLL.
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.

Windows IP Configuration

Host Name . . . . . . . . . . . . : -PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : oc.cox.net

Ethernet adapter Bluetooth Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #3
Physical Address. . . . . . . . . : 00-19-7E-F4-50-03
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 3:

Connection-specific DNS Suffix . : oc.cox.net
Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-13-E8-38-13-6F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c446:8a1f:9c87:d34b%37(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.108(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, February 15, 2012 10:35:39 AM
Lease Expires . . . . . . . . . . : Thursday, February 16, 2012 10:35:39 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 620762088
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0E-8B-DE-BE-00-16-D3-CE-29-0D
DNS Servers . . . . . . . . . . . : 68.105.28.11
68.105.29.11
68.105.28.12
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82566MM Gigabit Network Connection
Physical Address. . . . . . . . . : 00-16-D3-3E-9A-62
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.Belkin
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 10:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.oc.cox.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 18:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 25:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{D312B1C1-BC76-4364-AEEF-DE0E16971B0E}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 26:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 30:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : oc.cox.net
Description . . . . . . . . . . . : isatap.oc.cox.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 32:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{4F321E49-8AC4-4D0C-BD99-0DAAE850AEF4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


Pinging google.com [74.125.227.131] with 32 bytes of data:

Reply from 74.125.227.131: bytes=32 time=87ms TTL=52

Reply from 74.125.227.131: bytes=32 time=110ms TTL=52



Ping statistics for 74.125.227.131:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 87ms, Maximum = 110ms, Average = 98ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=74ms TTL=54

Reply from 209.191.122.70: bytes=32 time=99ms TTL=54



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 74ms, Maximum = 99ms, Average = 86ms



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
41 ...00 19 7e f4 50 03 ...... Bluetooth Device (Personal Area Network) #3
37 ...00 13 e8 38 13 6f ...... Intel® Wireless WiFi Link 4965AGN
8 ...00 16 d3 3e 9a 62 ...... Intel® 82566MM Gigabit Network Connection
1 ........................... Software Loopback Interface 1
33 ...00 00 00 00 00 00 00 e0 isatap.Belkin
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
27 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
15 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
16 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
18 ...00 00 00 00 00 00 00 e0 isatap.oc.cox.net
19 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
36 ...00 00 00 00 00 00 00 e0 isatap.{D312B1C1-BC76-4364-AEEF-DE0E16971B0E}
28 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
39 ...00 00 00 00 00 00 00 e0 isatap.oc.cox.net
42 ...00 00 00 00 00 00 00 e0 isatap.{4F321E49-8AC4-4D0C-BD99-0DAAE850AEF4}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.108 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.108 281
192.168.1.108 255.255.255.255 On-link 192.168.1.108 281
192.168.1.255 255.255.255.255 On-link 192.168.1.108 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.108 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.108 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
37 281 fe80::/64 On-link
37 281 fe80::c446:8a1f:9c87:d34b/128
On-link
1 306 ff00::/8 On-link
37 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Windows\system32\wshbth.dll [34304] (Microsoft Corporation)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()
Catalog9 25 mswsock.dll [File Not found] ()
Catalog9 26 mswsock.dll [File Not found] ()
Catalog9 27 mswsock.dll [File Not found] ()
Catalog9 28 mswsock.dll [File Not found] ()
Catalog9 29 mswsock.dll [File Not found] ()
Catalog9 30 mswsock.dll [File Not found] ()
Catalog9 31 mswsock.dll [File Not found] ()
Catalog9 32 mswsock.dll [File Not found] ()
Catalog9 33 mswsock.dll [File Not found] ()
Catalog9 34 mswsock.dll [File Not found] ()
Catalog9 35 mswsock.dll [File Not found] ()
Catalog9 36 mswsock.dll [File Not found] ()
Catalog9 37 mswsock.dll [File Not found] ()
Catalog9 38 mswsock.dll [File Not found] ()
Catalog9 39 mswsock.dll [File Not found] ()
Catalog9 40 mswsock.dll [File Not found] ()
Catalog9 41 mswsock.dll [File Not found] ()
Catalog9 42 mswsock.dll [File Not found] ()
Catalog9 43 mswsock.dll [File Not found] ()
Catalog9 44 mswsock.dll [File Not found] ()
Catalog9 45 mswsock.dll [File Not found] ()
Catalog9 46 mswsock.dll [File Not found] ()
Catalog9 47 mswsock.dll [File Not found] ()
Catalog9 48 mswsock.dll [File Not found] ()
Catalog9 49 mswsock.dll [File Not found] ()
Catalog9 50 mswsock.dll [File Not found] ()
Catalog9 51 mswsock.dll [File Not found] ()
Catalog9 52 mswsock.dll [File Not found] ()
Catalog9 53 mswsock.dll [File Not found] ()
Catalog9 54 mswsock.dll [File Not found] ()
Catalog9 55 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/15/2012 11:14:25 AM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000138, fault offset 0x00009f7d,
process id 0x2580, application start time 0xnslookup.exe0.

Error: (02/15/2012 11:14:10 AM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000138, fault offset 0x00009f7d,
process id 0x2140, application start time 0xnslookup.exe0.

Error: (02/15/2012 11:14:01 AM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000138, fault offset 0x00009f7d,
process id 0x25a8, application start time 0xnslookup.exe0.

Error: (02/15/2012 11:13:41 AM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x4c3fcef3, faulting module svchost.exe, version 6.0.6001.18000, time stamp 0x4c3fcef3, exception code 0xc0000005, fault offset 0x000019fc,
process id 0xfb8, application start time 0xsvchost.exe0.

Error: (02/15/2012 11:12:24 AM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x4c3fcef3, faulting module svchost.exe, version 6.0.6001.18000, time stamp 0x4c3fcef3, exception code 0xc0000005, fault offset 0x000019fc,
process id 0x1b38, application start time 0xsvchost.exe0.

Error: (02/15/2012 11:09:54 AM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x4c3fcef3, faulting module svchost.exe, version 6.0.6001.18000, time stamp 0x4c3fcef3, exception code 0xc0000005, fault offset 0x000019fc,
process id 0x26cc, application start time 0xsvchost.exe0.

Error: (02/15/2012 11:03:59 AM) (Source: PC-Doctor) (User: )
Description: (7932) Asapi: (11:03:59:7770)(7932) enumerator - Error -- 116 pcdrsysinfosoftware: Module timed out after 154830 milliseconds and was terminated

Error: (02/15/2012 11:03:59 AM) (Source: PC-Doctor) (User: )
Description: (7932) Asapi: (11:03:59:7140)(7932) Matrix.ModuleImp - Error -- 54 Unable to get information from module due to failed exec.

Error: (02/15/2012 11:03:59 AM) (Source: PC-Doctor) (User: )
Description: (7932) Asapi: (11:03:59:7040)(7932) libCommon.System.Windows - Error -- 726 execAndGetPipeData(./pcdrsysinfosoftware.p5x) readFromPipeTimed failed, killing: 8224

Error: (02/15/2012 11:03:59 AM) (Source: PC-Doctor) (User: )
Description: (7932) Asapi: (11:03:59:5310)(7932) libCommon.System.Windows - Error -- 635 readFromPipeTimed(3324) timed out after 119937 totalBytes: 0


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (06/16/2011 08:07:27 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (06/16/2011 08:06:51 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (06/05/2011 05:10:47 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (06/05/2011 05:10:42 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (06/05/2011 05:07:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/12/2011 00:41:58 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash.

Error: (04/26/2011 07:11:37 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 29 seconds with 0 seconds of active time. This session ended with a crash.

Error: (04/17/2011 06:18:00 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5751 seconds with 300 seconds of active time. This session ended with a crash.

Error: (04/15/2011 01:11:31 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (04/15/2011 01:09:41 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system (Version: 12.0.6425.1000)
Acrobat.com (Version: 2.0.0)
Acronis True Image WD Edition (Version: 13.0.14010)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Ad-Aware
Ad-Aware (Version: 8.0.0)
Ad-Aware (Version: 9.0.7)
Adobe AIR (Version: 2.7.1.19610)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0.1)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0.2)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin (Version: 11.0.1.152)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer 1.1 (Version: 1)
Adobe Help Viewer CS3 (Version: 1)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Photoshop CS3 (Version: 10.0)
Adobe Reader 9.4.5 (Version: 9.4.5)
Adobe Setup (Version: 1.0)
Adobe Shockwave Player 11.5 (Version: 11.5.2.602)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ArtRage 2 Starter Edition (Version: 2.5.20)
ASIO4ALL (Version: 2.10)
Ask Toolbar (Version: 1.8.0.0)
AusLogics Disk Defrag (Version: version 1.4)
AusLogics Registry Defrag (Version: version 4.1)
Autostar Suite
Belarc Advisor 8.1
Brother MFL-Pro Suite (Version: 1.00)
BumpTop (Version: 1.0.3038)
BumpTop (Version: 2.1.6225)
Cisco AnyConnect VPN Client (Version: 2.4.1012)
Cisco Systems VPN Client 5.0.07.0290 (Version: 5.0.6)
Client Security - Password Manager (Version: 8.20.0023.00)
Collab
Digital Guitar Tuner 2.3
Diskeeper Home (Version: 9.0.545)
DivX Converter (Version: 6.6.1)
DivX Setup (Version: 2.6.1.5)
Eusing Free Registry Cleaner
Facebook Video Calling 1.1.1.1 (Version: 1.1.1)
FileAlyzer (Version: 1.6.0.4)
FL Studio 10
Free Audio Mixer 3.0.0.0
GDR 3077 for SQL Server Database Services 2005 ENU (KB960089) (Version: 9.2.3077)
GMATPrep™ (Version: 2.3.601.409)
Google Chrome (Version: 17.0.963.46)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.99)
Google Updater (Version: 2.4.2432.1652)
GoToMeeting 4.5.0.457
Help Center (Version: 2.00n)
IL Download Manager
Intel® Active Management Technology Device Software
Intel® Graphics Media Accelerator Driver (Version: 7.14.10.1244)
Intel® Management Engine Interface
Intel® Network Connections Drivers (Version: 14.5)
Intel® PROSet/Wireless WiFi Software (Version: 13.00.0000)
InterVideo VirtualDrive
IP Camera Adapter (Version: 1.0.0)
iTunes (Version: 10.5.3.3)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 18 (Version: 6.0.180)
Java™ 6 Update 7 (Version: 1.6.0.70)
JGoodies JDiskReport 1.3.1 (Version: 1.3.1 (2008-07-30 08:01:08))
John's Background Switcher 4.3 (Version: 4.3)
Lenovo Auto Scroll Utility (Version: 1.00)
Lenovo Registration
Lenovo System Interface Driver (Version: 1.05)
Lenovo ThinkVantage Toolbox (Version: 6.0.5849.23)
Maintenance Manager (Version: 3.0.5.0)
Malwarebytes' Anti-Malware
Manual video for trueSpace7.6
MarketMeSuite (Version: 2.4.9)
Message Center (Version: 2.01f)
Message Center Plus (Version: 2.0.0012.00)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Corporation (Version: 9.0.0.0)
Microsoft LifeCam (Version: 2.4.542.0)
Microsoft Office 2003 Web Components (Version: 12.0.6213.1000)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.2.3042.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Tablet PC Ink Screen Saver PowerToy (Version: 1.0.10000.41180)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual Studio 2005 Tools for Applications - ENU
Microsoft Visual Studio 2005 Tools for Applications - ENU (Version: 8.0.50727.146)
Motherboard Monitor 5 (Version: 5)
Mozilla Firefox (3.6.13) (Version: 3.6.13 (en-US))
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
Mozilla Firefox 4.0b9 (x86 en-US) (Version: 4.0b9)
MSVC80_x86 (Version: 1.0.1.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MultiTouch Driver (Version: 3.0.0.3)
Nokia Connectivity Cable Driver (Version: 7.1.6.0)
Nokia Flashing Cable Driver (Version: 8.23.0.0)
NOOKstudy (Version: 1.1.2.3348)
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
On Screen Display (Version: 6.42.00)
OnLive
OpenAL
OpenOffice.org Installer 1.0 (Version: 1.0.9221)
PC Connectivity Solution (Version: 8.22.4.0)
PDF Settings (Version: 1.0)
PhotoView 360 (Version: 18.40.57)
PoiZone
Portal
Presentation Director (Version: 4.08)
Productivity Center Supplement for ThinkPad (Version: 3.00b)
QuickTime (Version: 7.71.80.42)
Rainmeter
RegAlyzer (OpenSBI Edition) (Version: 1.6.0.12)
Registry patch for Windows Vista USB S3 PM Enablement (Version: 1.00)
Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista (Version: 1.01)
Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista (Version: 1.01)
Rescue and Recovery (Version: 4.21.0015.00)
Rinse (Version: 1.83)
Rinse (Version: 1.83P)
RunAlyzer (Version: 1.6.0.21)
SanctionedMedia (Version: 4.5.0.0)
Shape Collage
Skype™ 5.1 (Version: 5.1.112)
Software Update Wizard (Redist) 4.5 (Version: 4.5)
SolidWorks 2010 SP04 (Version: 18.140.57)
SolidWorks 2010 SP04 (Version: 18.4.0.57)
SolidWorks eDrawings 2010 (Version: 10.4.126)
SolidWorks Flow Simulation 2010 SP04 (Version: 18.40.58)
SoundMAX (Version: 6.10.1.5510)
SplitMediaLabs VH Screen Capture Driver (x86) (Version: 3.0.0.7)
Spotify (Version: 0.8.1.64.g5c5914e3)
Spybot - Search & Destroy (Version: 1.6.2)
Steam (Version: 1.0.0.0)
System Migration Assistant (Version: 5.20.0163)
System Requirements Lab CYRI (Version: 4.3.1.0)
System Update (Version: 3.14.0034)
ThinkPad EasyEject Utility (Version: 2.39)
ThinkPad FullScreen Magnifier (Version: 2.30)
ThinkPad Keyboard Customizer Utility (Version: 1.0.01)
ThinkPad Mobility Center Customization (Version: 1.50.0000)
ThinkPad Modem (Version: 7.70.00)
ThinkPad Power Management Driver (Version: 1.62.00.00)
ThinkPad Tablet Button Driver (Version: 3.05)
ThinkPad Tablet Shortcut Menu (Version: 6.26)
ThinkPad TrackPoint Driver (Version: 4.71.0.0)
ThinkVantage Access Connections (Version: 5.33)
ThinkVantage Active Protection System (Version: 1.70)
ThinkVantage Fingerprint Software (Version: 5.8.4.5476)
ThinkVantage Technologies Welcome Message (Version: 1.18)
TomTom HOME 2.7.6.2056 (Version: 2.7.6.2056)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Toxic Biohazard
TVersity Codec Pack 1.7 (Version: 1.7)
TVersity Media Server 1.9.7 (Version: 1.9.7)
TVersitybar Toolbar (Version: 6.8.5.1)
Tweet Adder 3 (Version: 3.0.31)
TypingMaster Pro (Version: 7.00)
Unified Remote (Version: 2.2.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2553975)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Virtual DJ - Atomix Productions
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VLC media player 1.1.11 (Version: 1.1.11)
Wallpapers
WIDCOMM Bluetooth Software (Version: 6.3.0.8200)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (02/25/2010 6.2.0.9419) (Version: 02/25/2010 6.2.0.9419)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (Version: 04/08/2010 6.3.5.430)
Windows Driver Package - Broadcom Bluetooth (01/19/2010 6.2.0.1417) (Version: 01/19/2010 6.2.0.1417)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Driver Package - Intel (e1express) Net (03/24/2007 9.7.237.0) (Version: 03/24/2007 9.7.237.0)
Windows Driver Package - Intel (iaStor) hdc (02/12/2007 7.0.0.1020) (Version: 02/12/2007 7.0.0.1020)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011) (Version: 11/15/2006 8.2.0.1011)
Windows Driver Package - Intel hdc (12/06/2006 6.8.0.3002) (Version: 12/06/2006 6.8.0.3002)
Windows Driver Package - Intel System (09/15/2006 7.0.0.1011) (Version: 09/15/2006 7.0.0.1011)
Windows Driver Package - Intel System (09/15/2006 8.0.0.1008) (Version: 09/15/2006 8.0.0.1008)
Windows Driver Package - Intel System (09/15/2006 8.0.0.1010) (Version: 09/15/2006 8.0.0.1010)
Windows Driver Package - Intel System (09/15/2006 8.2.0.1000) (Version: 09/15/2006 8.2.0.1000)
Windows Driver Package - Intel USB (09/15/2006 8.0.0.1008) (Version: 09/15/2006 8.0.0.1008)
Windows Driver Package - Lenovo (IBMPMDRV) System (05/31/2007 1.43) (Version: 05/31/2007 1.43)
Windows Driver Package - Nokia Modem (05/22/2008 3.8) (Version: 05/22/2008 3.8)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0) (Version: 10/12/2007 6.85.4.0)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Live Toolbar (Version: 03.01.0130)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Mobile Device Center (Version: 6.1.6965.0)
Windows Mobile Device Center Driver Update (Version: 6.1.6965.0)
WinRAR archiver
XBMC
Xiph.Org Open Codecs 0.85.17777 (Version: 0.85.17777)

========================= Memory info: ===================================

Percentage of memory in use: 84%
Total physical RAM: 3061.35 MB
Available physical RAM: 469.5 MB
Total Pagefile: 6325.67 MB
Available Pagefile: 3371.31 MB
Total Virtual: 2047.88 MB
Available Virtual: 1939.66 MB

========================= Partitions: =====================================

1 Drive c: (SW_Preload) (Fixed) (Total:444.03 GB) (Free:231.06 GB) NTFS

========================= Users: ========================================

User accounts for \\MINWINPC

 Administrator Guest


**** End of log ****

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:38 PM

Posted 15 February 2012 - 04:18 PM

A report will be automatically saved at the root of the System drive ((usually C:\) in the form of
"TDSSKiller.[Version]_[Date]_[Time]_log.txt"
(for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt).
Please copy and paste the contents of that file here.

Edited by boopme, 15 February 2012 - 04:19 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 chromecarz00

chromecarz00
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 15 February 2012 - 04:45 PM

10:21:16.0608 7820 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
10:21:17.0143 7820 ============================================================
10:21:17.0143 7820 Current date / time: 2012/02/15 10:21:17.0143
10:21:17.0143 7820 SystemInfo:
10:21:17.0143 7820
10:21:17.0144 7820 OS Version: 6.0.6002 ServicePack: 2.0
10:21:17.0144 7820 Product type: Workstation
10:21:17.0144 7820 ComputerName: MINWINPC
10:21:17.0144 7820 UserName: §
10:21:17.0144 7820 Windows directory: C:\Windows
10:21:17.0144 7820 System windows directory: C:\Windows
10:21:17.0144 7820 Processor architecture: Intel x86
10:21:17.0144 7820 Number of processors: 2
10:21:17.0144 7820 Page size: 0x1000
10:21:17.0144 7820 Boot type: Normal boot
10:21:17.0144 7820 ============================================================
10:21:17.0760 7820 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
10:21:17.0768 7820 \Device\Harddisk0\DR0:
10:21:17.0770 7820 MBR used
10:21:17.0770 7820 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2B76800, BlocksNum 0x3780F800
10:21:17.0790 7820 Initialize success
10:21:17.0790 7820 ============================================================
10:21:26.0749 6552 ============================================================
10:21:26.0749 6552 Scan started
10:21:26.0749 6552 Mode: Manual;
10:21:26.0749 6552 ============================================================
10:21:27.0464 6552 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
10:21:27.0469 6552 ACPI - ok
10:21:27.0537 6552 ADIHdAudAddService (a51ea92451897824c5c7474a160af773) C:\Windows\system32\drivers\ADIHdAud.sys
10:21:27.0541 6552 ADIHdAudAddService - ok
10:21:27.0591 6552 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
10:21:27.0594 6552 adp94xx - ok
10:21:27.0636 6552 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
10:21:27.0641 6552 adpahci - ok
10:21:27.0687 6552 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
10:21:27.0690 6552 adpu160m - ok
10:21:27.0733 6552 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
10:21:27.0735 6552 adpu320 - ok
10:21:27.0800 6552 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
10:21:27.0802 6552 AFD - ok
10:21:27.0843 6552 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
10:21:27.0844 6552 agp440 - ok
10:21:27.0895 6552 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:21:27.0897 6552 aic78xx - ok
10:21:27.0948 6552 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
10:21:27.0949 6552 aliide - ok
10:21:27.0993 6552 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
10:21:27.0994 6552 amdagp - ok
10:21:28.0033 6552 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
10:21:28.0033 6552 amdide - ok
10:21:28.0076 6552 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
10:21:28.0077 6552 AmdK7 - ok
10:21:28.0115 6552 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
10:21:28.0116 6552 AmdK8 - ok
10:21:28.0168 6552 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
10:21:28.0170 6552 arc - ok
10:21:28.0206 6552 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
10:21:28.0210 6552 arcsas - ok
10:21:28.0261 6552 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
10:21:28.0261 6552 AsyncMac - ok
10:21:28.0310 6552 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
10:21:28.0311 6552 atapi - ok
10:21:28.0356 6552 b57nd60x (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:21:28.0358 6552 b57nd60x - ok
10:21:28.0401 6552 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
10:21:28.0402 6552 Beep - ok
10:21:28.0431 6552 blbdrive - ok
10:21:28.0476 6552 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
10:21:28.0477 6552 bowser - ok
10:21:28.0519 6552 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:21:28.0520 6552 BrFiltLo - ok
10:21:28.0560 6552 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:21:28.0560 6552 BrFiltUp - ok
10:21:28.0603 6552 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:21:28.0604 6552 Brserid - ok
10:21:28.0669 6552 BrSerIf (1a5fc78e41840edf79d65ec16eff2787) C:\Windows\system32\Drivers\BrSerIf.sys
10:21:28.0669 6552 BrSerIf - ok
10:21:28.0711 6552 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:21:28.0712 6552 BrSerWdm - ok
10:21:28.0759 6552 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:21:28.0760 6552 BrUsbMdm - ok
10:21:28.0811 6552 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\Windows\system32\Drivers\BrUsbSer.sys
10:21:28.0812 6552 BrUsbSer - ok
10:21:28.0869 6552 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
10:21:28.0870 6552 BthEnum - ok
10:21:28.0947 6552 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
10:21:28.0947 6552 BTHMODEM - ok
10:21:29.0021 6552 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
10:21:29.0022 6552 BthPan - ok
10:21:29.0084 6552 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
10:21:29.0088 6552 BTHPORT - ok
10:21:29.0134 6552 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
10:21:29.0134 6552 BTHUSB - ok
10:21:29.0198 6552 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
10:21:29.0199 6552 btusbflt - ok
10:21:29.0248 6552 BTWAMPFL (2a0de6423d6be95c96124fc66046176e) C:\Windows\system32\DRIVERS\btwampfl.sys
10:21:29.0251 6552 BTWAMPFL - ok
10:21:29.0284 6552 btwaudio (cc0a5e69d19b5c1ecc6cf9bf3acc3969) C:\Windows\system32\drivers\btwaudio.sys
10:21:29.0285 6552 btwaudio - ok
10:21:29.0322 6552 btwavdt (9abea4dc976e3f47da2d4b169719cbaa) C:\Windows\system32\drivers\btwavdt.sys
10:21:29.0323 6552 btwavdt - ok
10:21:29.0364 6552 btwl2cap (a94032a7755164e13c75e0e7409afd65) C:\Windows\system32\DRIVERS\btwl2cap.sys
10:21:29.0366 6552 btwl2cap - ok
10:21:29.0405 6552 btwrchid (1e5468447e4d18fbea5f01267d6495a5) C:\Windows\system32\DRIVERS\btwrchid.sys
10:21:29.0406 6552 btwrchid - ok
10:21:29.0483 6552 catchme - ok
10:21:29.0535 6552 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
10:21:29.0536 6552 cdfs - ok
10:21:29.0561 6552 cdrom - ok
10:21:29.0619 6552 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
10:21:29.0620 6552 circlass - ok
10:21:29.0674 6552 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
10:21:29.0679 6552 CLFS - ok
10:21:29.0743 6552 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
10:21:29.0744 6552 CmBatt - ok
10:21:29.0781 6552 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
10:21:29.0782 6552 cmdide - ok
10:21:29.0831 6552 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
10:21:29.0832 6552 Compbatt - ok
10:21:29.0860 6552 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
10:21:29.0861 6552 crcdisk - ok
10:21:29.0901 6552 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
10:21:29.0902 6552 Crusoe - ok
10:21:29.0975 6552 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
10:21:29.0977 6552 CSC - ok
10:21:30.0028 6552 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
10:21:30.0029 6552 CVirtA - ok
10:21:30.0087 6552 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys
10:21:30.0090 6552 CVPNDRVA - ok
10:21:30.0148 6552 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
10:21:30.0149 6552 DfsC - ok
10:21:30.0201 6552 DgiVecp (7f19dba1a467b838ccb23124a2c55568) C:\Windows\system32\Drivers\DgiVecp.sys
10:21:30.0202 6552 DgiVecp - ok
10:21:30.0273 6552 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
10:21:30.0274 6552 disk - ok
10:21:30.0343 6552 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
10:21:30.0344 6552 DNE - ok
10:21:30.0392 6552 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
10:21:30.0394 6552 Dot4 - ok
10:21:30.0430 6552 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:21:30.0430 6552 Dot4Print - ok
10:21:30.0471 6552 Dot4Scan (a84d8a9006b1ae515cc7b6b3586c295a) C:\Windows\system32\DRIVERS\Dot4Scan.sys
10:21:30.0471 6552 Dot4Scan - ok
10:21:30.0503 6552 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
10:21:30.0504 6552 dot4usb - ok
10:21:30.0567 6552 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
10:21:30.0567 6552 drmkaud - ok
10:21:30.0619 6552 DroidCam (d9f07d1b8dff55480a88eb4f9cde5824) C:\Windows\system32\drivers\droidcam.sys
10:21:30.0620 6552 DroidCam - ok
10:21:30.0688 6552 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
10:21:30.0693 6552 DXGKrnl - ok
10:21:30.0747 6552 e1express (684780bc2120dc5c7b61c4e4da340f6c) C:\Windows\system32\DRIVERS\e1e6032.sys
10:21:30.0749 6552 e1express - ok
10:21:30.0788 6552 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:21:30.0789 6552 E1G60 - ok
10:21:30.0843 6552 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
10:21:30.0845 6552 Ecache - ok
10:21:30.0884 6552 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
10:21:30.0887 6552 elxstor - ok
10:21:30.0999 6552 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
10:21:31.0000 6552 exfat - ok
10:21:31.0065 6552 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
10:21:31.0066 6552 fastfat - ok
10:21:31.0123 6552 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
10:21:31.0124 6552 fdc - ok
10:21:31.0205 6552 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
10:21:31.0206 6552 FileInfo - ok
10:21:31.0236 6552 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
10:21:31.0237 6552 Filetrace - ok
10:21:31.0298 6552 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
10:21:31.0300 6552 flpydisk - ok
10:21:31.0351 6552 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
10:21:31.0353 6552 FltMgr - ok
10:21:31.0398 6552 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
10:21:31.0398 6552 Fs_Rec - ok
10:21:31.0438 6552 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
10:21:31.0439 6552 gagp30kx - ok
10:21:31.0495 6552 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:21:31.0495 6552 GEARAspiWDM - ok
10:21:31.0567 6552 GzTpHid (f5384d94508875c427ac9e4f0018e854) C:\Windows\system32\DRIVERS\GzTpHid.sys
10:21:31.0568 6552 GzTpHid - ok
10:21:31.0622 6552 HBtnKey (72e296127300412d1d472f6471c69ab2) C:\Windows\system32\DRIVERS\tkbtnpn.sys
10:21:31.0623 6552 HBtnKey - ok
10:21:31.0674 6552 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
10:21:31.0676 6552 HdAudAddService - ok
10:21:31.0728 6552 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:21:31.0728 6552 HDAudBus - ok
10:21:31.0782 6552 HECI (fa83d4e20326aa10216b81b8bb27bc44) C:\Windows\system32\DRIVERS\HECI.sys
10:21:31.0783 6552 HECI - ok
10:21:31.0828 6552 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
10:21:31.0829 6552 HidBth - ok
10:21:31.0870 6552 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:21:31.0871 6552 HidIr - ok
10:21:31.0940 6552 HidUsb (c917f0c196ac0e4b6b9d3f0fa860af53) C:\Windows\system32\DRIVERS\hidusb.sys
10:21:31.0941 6552 HidUsb - ok
10:21:31.0985 6552 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
10:21:31.0987 6552 HpCISSs - ok
10:21:32.0082 6552 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
10:21:32.0088 6552 HSFHWAZL - ok
10:21:32.0178 6552 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
10:21:32.0186 6552 HSF_DPV - ok
10:21:32.0243 6552 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
10:21:32.0244 6552 HSXHWAZL - ok
10:21:32.0295 6552 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
10:21:32.0299 6552 HTTP - ok
10:21:32.0348 6552 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
10:21:32.0349 6552 i2omp - ok
10:21:32.0401 6552 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
10:21:32.0401 6552 i8042prt - ok
10:21:32.0505 6552 ialm (8dad27dd28a4274866767c89c0bf154f) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:21:32.0525 6552 ialm - ok
10:21:32.0592 6552 iaStor (01446278d4563b3013c92830ae6cbb26) C:\Windows\system32\DRIVERS\iaStor.sys
10:21:32.0595 6552 iaStor - ok
10:21:32.0658 6552 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
10:21:32.0661 6552 iaStorV - ok
10:21:32.0694 6552 IBMPMDRV (fa3d0a6da7bb7968efe5c5bc267f0e55) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
10:21:32.0695 6552 IBMPMDRV - ok
10:21:32.0802 6552 igfx (8dad27dd28a4274866767c89c0bf154f) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:21:32.0821 6552 igfx - ok
10:21:32.0869 6552 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:21:32.0870 6552 iirsp - ok
10:21:32.0971 6552 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
10:21:32.0972 6552 intelide - ok
10:21:33.0038 6552 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
10:21:33.0039 6552 intelppm - ok
10:21:33.0088 6552 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:21:33.0089 6552 IpFilterDriver - ok
10:21:33.0113 6552 IpInIp - ok
10:21:33.0176 6552 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
10:21:33.0177 6552 IPMIDRV - ok
10:21:33.0234 6552 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
10:21:33.0235 6552 IPNAT - ok
10:21:33.0295 6552 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
10:21:33.0295 6552 IRENUM - ok
10:21:33.0356 6552 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
10:21:33.0357 6552 isapnp - ok
10:21:33.0402 6552 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
10:21:33.0407 6552 iScsiPrt - ok
10:21:33.0476 6552 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:21:33.0477 6552 iteatapi - ok
10:21:33.0532 6552 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:21:33.0533 6552 iteraid - ok
10:21:33.0563 6552 Iviaspi (6cc0445b21295f16116cf787f8028444) C:\Windows\system32\drivers\iviaspi.sys
10:21:33.0564 6552 Iviaspi - ok
10:21:33.0592 6552 iviVD (2071443f12b5823cf8dad4f28a1dae17) C:\Windows\system32\DRIVERS\iviVD.sys
10:21:33.0592 6552 iviVD - ok
10:21:33.0632 6552 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:21:33.0634 6552 kbdclass - ok
10:21:33.0664 6552 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
10:21:33.0665 6552 kbdhid - ok
10:21:33.0720 6552 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
10:21:33.0724 6552 KSecDD - ok
10:21:33.0795 6552 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\Windows\system32\DRIVERS\Lbd.sys
10:21:33.0796 6552 Lbd - ok
10:21:33.0849 6552 lenovo.smi (9aac267a225f3caebb9e633f7eb16e4b) C:\Windows\system32\DRIVERS\smiif32.sys
10:21:33.0850 6552 lenovo.smi - ok
10:21:33.0904 6552 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
10:21:33.0905 6552 lltdio - ok
10:21:33.0968 6552 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
10:21:33.0969 6552 LSI_FC - ok
10:21:34.0018 6552 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
10:21:34.0019 6552 LSI_SAS - ok
10:21:34.0058 6552 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
10:21:34.0060 6552 LSI_SCSI - ok
10:21:34.0103 6552 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
10:21:34.0104 6552 luafv - ok
10:21:34.0156 6552 mbmiodrvr (290fb01f7f51eff0960599404a09f8d6) C:\Windows\system32\mbmiodrvr.sys
10:21:34.0158 6552 mbmiodrvr - ok
10:21:34.0178 6552 mcdbus - ok
10:21:34.0221 6552 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
10:21:34.0221 6552 mdmxsdk - ok
10:21:34.0252 6552 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
10:21:34.0254 6552 megasas - ok
10:21:34.0285 6552 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
10:21:34.0286 6552 Modem - ok
10:21:34.0324 6552 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
10:21:34.0325 6552 monitor - ok
10:21:34.0354 6552 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
10:21:34.0356 6552 mouclass - ok
10:21:34.0397 6552 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
10:21:34.0398 6552 mouhid - ok
10:21:34.0418 6552 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
10:21:34.0419 6552 MountMgr - ok
10:21:34.0449 6552 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
10:21:34.0451 6552 mpio - ok
10:21:34.0477 6552 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
10:21:34.0479 6552 mpsdrv - ok
10:21:34.0513 6552 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:21:34.0515 6552 Mraid35x - ok
10:21:34.0574 6552 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
10:21:34.0578 6552 MRxDAV - ok
10:21:34.0626 6552 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:21:34.0629 6552 mrxsmb - ok
10:21:34.0701 6552 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:21:34.0709 6552 mrxsmb10 - ok
10:21:34.0770 6552 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:21:34.0773 6552 mrxsmb20 - ok
10:21:34.0802 6552 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
10:21:34.0803 6552 msahci - ok
10:21:34.0841 6552 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
10:21:34.0844 6552 msdsm - ok
10:21:34.0888 6552 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
10:21:34.0889 6552 Msfs - ok
10:21:34.0931 6552 MSHUSBVideo (01446556c149bba152e2ff79e296889f) C:\Windows\system32\Drivers\nx6000.sys
10:21:34.0932 6552 MSHUSBVideo - ok
10:21:34.0965 6552 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
10:21:34.0965 6552 msisadrv - ok
10:21:35.0009 6552 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
10:21:35.0011 6552 MSKSSRV - ok
10:21:35.0047 6552 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
10:21:35.0048 6552 MSPCLOCK - ok
10:21:35.0082 6552 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
10:21:35.0083 6552 MSPQM - ok
10:21:35.0109 6552 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
10:21:35.0111 6552 MsRPC - ok
10:21:35.0142 6552 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
10:21:35.0145 6552 mssmbios - ok
10:21:35.0190 6552 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
10:21:35.0191 6552 MSTEE - ok
10:21:35.0223 6552 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
10:21:35.0225 6552 Mup - ok
10:21:35.0266 6552 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
10:21:35.0271 6552 NativeWifiP - ok
10:21:35.0320 6552 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
10:21:35.0346 6552 NDIS - ok
10:21:35.0388 6552 Ndisprot (d3cc1a514fd1ae44a7ed3c5e170961c7) C:\Windows\system32\drivers\Ndisprot.sys
10:21:35.0390 6552 Ndisprot - ok
10:21:35.0422 6552 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
10:21:35.0423 6552 NdisTapi - ok
10:21:35.0452 6552 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
10:21:35.0453 6552 Ndisuio - ok
10:21:35.0501 6552 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:21:35.0505 6552 NdisWan - ok
10:21:35.0538 6552 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
10:21:35.0540 6552 NDProxy - ok
10:21:35.0576 6552 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
10:21:35.0577 6552 NetBIOS - ok
10:21:35.0623 6552 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
10:21:35.0628 6552 netbt - ok
10:21:35.0737 6552 NETw4v32 (cb3af516a6797b27725e3f1e73f3496c) C:\Windows\system32\DRIVERS\NETw4v32.sys
10:21:35.0788 6552 NETw4v32 - ok
10:21:35.0938 6552 NETw5v32 (39cba1ae2a400ef99c3dec9f9f601876) C:\Windows\system32\DRIVERS\NETw5v32.sys
10:21:36.0061 6552 NETw5v32 - ok
10:21:36.0125 6552 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:21:36.0127 6552 nfrd960 - ok
10:21:36.0172 6552 nmwcd (9a908a9bb857c2cceb2907eb9dcaeb8b) C:\Windows\system32\drivers\ccdcmb.sys
10:21:36.0173 6552 nmwcd - ok
10:21:36.0203 6552 nmwcdc (68ec3ee2348e475ea62c66e6aafcfc9b) C:\Windows\system32\drivers\ccdcmbo.sys
10:21:36.0204 6552 nmwcdc - ok
10:21:36.0255 6552 nmwcdnsu (be7fd9ca07e7d39f77c78ba5756930d9) C:\Windows\system32\drivers\nmwcdnsu.sys
10:21:36.0259 6552 nmwcdnsu - ok
10:21:36.0311 6552 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
10:21:36.0312 6552 Npfs - ok
10:21:36.0348 6552 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
10:21:36.0348 6552 nsiproxy - ok
10:21:36.0414 6552 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
10:21:36.0422 6552 Ntfs - ok
10:21:36.0455 6552 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:21:36.0456 6552 ntrigdigi - ok
10:21:36.0487 6552 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
10:21:36.0487 6552 Null - ok
10:21:36.0519 6552 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
10:21:36.0520 6552 nvraid - ok
10:21:36.0554 6552 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
10:21:36.0555 6552 nvstor - ok
10:21:36.0586 6552 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
10:21:36.0589 6552 nv_agp - ok
10:21:36.0612 6552 NwlnkFlt - ok
10:21:36.0633 6552 NwlnkFwd - ok
10:21:36.0689 6552 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
10:21:36.0690 6552 ohci1394 - ok
10:21:36.0751 6552 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
10:21:36.0752 6552 Parport - ok
10:21:36.0806 6552 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
10:21:36.0807 6552 partmgr - ok
10:21:36.0838 6552 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
10:21:36.0839 6552 Parvdm - ok
10:21:36.0879 6552 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
10:21:36.0880 6552 pccsmcfd - ok
10:21:37.0040 6552 PCD5SRVC{DF187064-5DA14001-05040000} (9489c4cf14126a06b061163d2b261c69) C:\PROGRA~1\PCDR5\PCD5SRVC.pkms
10:21:37.0057 6552 PCD5SRVC{DF187064-5DA14001-05040000} - ok
10:21:37.0104 6552 PCDSRVC{3037D694-FD904ACA-06020200}_0 (2dd9d5a9150c7015ac7f215efa59e44f) c:\program files\pc-doctor\pcdsrvc.pkms
10:21:37.0123 6552 PCDSRVC{3037D694-FD904ACA-06020200}_0 - ok
10:21:37.0204 6552 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
10:21:37.0206 6552 pci - ok
10:21:37.0337 6552 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\DRIVERS\pciide.sys
10:21:37.0338 6552 pciide - ok
10:21:37.0390 6552 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
10:21:37.0392 6552 pcmcia - ok
10:21:37.0453 6552 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:21:37.0459 6552 PEAUTH - ok
10:21:37.0563 6552 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
10:21:37.0564 6552 PptpMiniport - ok
10:21:37.0604 6552 PROCDD (1d80309fed4babf8ea9e7b84a394348b) C:\Windows\system32\DRIVERS\PROCDD.SYS
10:21:37.0605 6552 PROCDD - ok
10:21:37.0644 6552 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
10:21:37.0645 6552 Processor - ok
10:21:37.0700 6552 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\Windows\system32\DRIVERS\psadd.sys
10:21:37.0701 6552 psadd - ok
10:21:37.0768 6552 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
10:21:37.0771 6552 PSched - ok
10:21:37.0800 6552 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
10:21:37.0801 6552 PxHelp20 - ok
10:21:37.0859 6552 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
10:21:37.0866 6552 ql2300 - ok
10:21:37.0912 6552 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:21:37.0917 6552 ql40xx - ok
10:21:37.0973 6552 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
10:21:37.0974 6552 QWAVEdrv - ok
10:21:38.0050 6552 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
10:21:38.0051 6552 RasAcd - ok
10:21:38.0104 6552 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:21:38.0105 6552 Rasl2tp - ok
10:21:38.0180 6552 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
10:21:38.0180 6552 RasPppoe - ok
10:21:38.0228 6552 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
10:21:38.0229 6552 RasSstp - ok
10:21:38.0289 6552 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
10:21:38.0291 6552 rdbss - ok
10:21:38.0335 6552 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:21:38.0336 6552 RDPCDD - ok
10:21:38.0410 6552 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\DRIVERS\rdpdr.sys
10:21:38.0413 6552 rdpdr - ok
10:21:38.0437 6552 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
10:21:38.0437 6552 RDPENCDD - ok
10:21:38.0500 6552 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
10:21:38.0505 6552 RDPWD - ok
10:21:38.0591 6552 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
10:21:38.0593 6552 RFCOMM - ok
10:21:38.0629 6552 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
10:21:38.0630 6552 rspndr - ok
10:21:38.0686 6552 rt70x86 (5a54d765d6092b23d47ad9dbf7f6d7e4) C:\Windows\system32\DRIVERS\netr70.sys
10:21:38.0694 6552 rt70x86 - ok
10:21:38.0747 6552 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
10:21:38.0750 6552 sbp2port - ok
10:21:38.0820 6552 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
10:21:38.0821 6552 sdbus - ok
10:21:38.0853 6552 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:21:38.0854 6552 secdrv - ok
10:21:38.0889 6552 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
10:21:38.0890 6552 Serenum - ok
10:21:38.0929 6552 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
10:21:38.0932 6552 Serial - ok
10:21:38.0973 6552 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
10:21:38.0974 6552 sermouse - ok
10:21:39.0077 6552 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
10:21:39.0077 6552 sffdisk - ok
10:21:39.0110 6552 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
10:21:39.0111 6552 sffp_mmc - ok
10:21:39.0145 6552 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
10:21:39.0147 6552 sffp_sd - ok
10:21:39.0187 6552 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
10:21:39.0189 6552 sfloppy - ok
10:21:39.0264 6552 Shockprf (fc0127343bd1ce1986ba12f8937f1057) C:\Windows\system32\DRIVERS\Apsx86.sys
10:21:39.0265 6552 Shockprf - ok
10:21:39.0323 6552 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
10:21:39.0325 6552 sisagp - ok
10:21:39.0378 6552 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
10:21:39.0379 6552 SiSRaid2 - ok
10:21:39.0411 6552 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
10:21:39.0412 6552 SiSRaid4 - ok
10:21:39.0476 6552 Smb (ed23daaaccaf6f7efcfaf0cc155873e8) C:\Windows\system32\DRIVERS\smb.sys
10:21:39.0478 6552 Smb ( Virus.Win32.ZAccess.c ) - infected
10:21:39.0478 6552 Smb - detected Virus.Win32.ZAccess.c (0)
10:21:39.0546 6552 smihlp2 (0b9c01236d25bdcb37aa79dc59dfb7d3) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
10:21:39.0546 6552 smihlp2 - ok
10:21:39.0614 6552 snapman (624f51c7c12b9aeec433a2dd9b43f90f) C:\Windows\system32\DRIVERS\snapman.sys
10:21:39.0616 6552 snapman - ok
10:21:39.0688 6552 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
10:21:39.0689 6552 spldr - ok
10:21:39.0768 6552 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
10:21:39.0771 6552 srv - ok
10:21:39.0812 6552 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
10:21:39.0813 6552 srv2 - ok
10:21:39.0872 6552 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
10:21:39.0873 6552 srvnet - ok
10:21:39.0910 6552 SSPORT - ok
10:21:39.0983 6552 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
10:21:39.0983 6552 StillCam - ok
10:21:40.0048 6552 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
10:21:40.0049 6552 swenum - ok
10:21:40.0107 6552 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:21:40.0108 6552 Symc8xx - ok
10:21:40.0139 6552 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:21:40.0140 6552 Sym_hi - ok
10:21:40.0168 6552 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:21:40.0169 6552 Sym_u3 - ok
10:21:40.0232 6552 tap0901 (2e644070f2240cca9775a6b79cae62cd) C:\Windows\system32\DRIVERS\tap0901.sys
10:21:40.0233 6552 tap0901 - ok
10:21:40.0312 6552 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
10:21:40.0319 6552 Tcpip - ok
10:21:40.0367 6552 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
10:21:40.0373 6552 Tcpip6 - ok
10:21:40.0419 6552 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
10:21:40.0420 6552 tcpipreg - ok
10:21:40.0466 6552 TcUsb (64abea4001f8eb869385e65d85bc302b) C:\Windows\system32\Drivers\tcusb.sys
10:21:40.0469 6552 TcUsb - ok
10:21:40.0514 6552 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
10:21:40.0515 6552 TDPIPE - ok
10:21:40.0549 6552 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
10:21:40.0551 6552 TDTCP - ok
10:21:40.0596 6552 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
10:21:40.0597 6552 tdx - ok
10:21:40.0638 6552 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
10:21:40.0639 6552 TermDD - ok
10:21:40.0717 6552 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys
10:21:40.0718 6552 tifsfilter - ok
10:21:40.0780 6552 timounter (1dcf219ec8de87c99b5ad6216000f6d3) C:\Windows\system32\DRIVERS\timntr.sys
10:21:40.0785 6552 timounter - ok
10:21:40.0840 6552 Tp4Track (1c950ae9c09904c229525f22eefc15db) C:\Windows\system32\DRIVERS\tp4track.sys
10:21:40.0841 6552 Tp4Track - ok
10:21:40.0883 6552 TPDIGIMN (521866a3ce5a1a69b4b4a87bdb52be26) C:\Windows\system32\DRIVERS\ApsHM86.sys
10:21:40.0884 6552 TPDIGIMN - ok
10:21:40.0954 6552 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
10:21:40.0957 6552 TPM - ok
10:21:41.0024 6552 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:21:41.0025 6552 tssecsrv - ok
10:21:41.0052 6552 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
10:21:41.0053 6552 tunmp - ok
10:21:41.0105 6552 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
10:21:41.0106 6552 tunnel - ok
10:21:41.0182 6552 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\Windows\system32\DRIVERS\tvtfilter.sys
10:21:41.0183 6552 tvtfilter - ok
10:21:41.0213 6552 TVTI2C (7e66dda1ef146bfc3a6e36e08e036602) C:\Windows\system32\DRIVERS\Tvti2c.sys
10:21:41.0215 6552 TVTI2C - ok
10:21:41.0262 6552 tvtumon (fc4d5a1ea9d736907cb547085248199f) C:\Windows\system32\DRIVERS\tvtumon.sys
10:21:41.0264 6552 tvtumon - ok
10:21:41.0317 6552 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
10:21:41.0319 6552 uagp35 - ok
10:21:41.0369 6552 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
10:21:41.0375 6552 udfs - ok
10:21:41.0420 6552 UIUSys - ok
10:21:41.0452 6552 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
10:21:41.0454 6552 uliagpkx - ok
10:21:41.0499 6552 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
10:21:41.0505 6552 uliahci - ok
10:21:41.0542 6552 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:21:41.0546 6552 UlSata - ok
10:21:41.0575 6552 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:21:41.0579 6552 ulsata2 - ok
10:21:41.0635 6552 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
10:21:41.0636 6552 umbus - ok
10:21:41.0714 6552 upperdev (a34560a5d516a2f5240180370866b99d) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
10:21:41.0717 6552 upperdev - ok
10:21:41.0782 6552 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
10:21:41.0783 6552 USBAAPL - ok
10:21:41.0829 6552 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
10:21:41.0832 6552 usbaudio - ok
10:21:41.0866 6552 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
10:21:41.0867 6552 usbccgp - ok
10:21:41.0903 6552 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:21:41.0906 6552 usbcir - ok
10:21:41.0951 6552 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
10:21:41.0953 6552 usbehci - ok
10:21:41.0984 6552 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
10:21:41.0989 6552 usbhub - ok
10:21:42.0025 6552 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
10:21:42.0027 6552 usbohci - ok
10:21:42.0062 6552 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
10:21:42.0063 6552 usbprint - ok
10:21:42.0101 6552 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
10:21:42.0103 6552 usbscan - ok
10:21:42.0154 6552 usbser (a96191470581a7091420d25ecd444502) C:\Windows\system32\drivers\usbser.sys
10:21:42.0155 6552 usbser - ok
10:21:42.0187 6552 UsbserFilt (6410eebd6e0427466812858ee84c8467) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
10:21:42.0189 6552 UsbserFilt - ok
10:21:42.0248 6552 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:21:42.0249 6552 USBSTOR - ok
10:21:42.0290 6552 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
10:21:42.0291 6552 usbuhci - ok
10:21:42.0337 6552 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
10:21:42.0341 6552 usbvideo - ok
10:21:42.0404 6552 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
10:21:42.0406 6552 VClone - ok
10:21:42.0460 6552 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
10:21:42.0461 6552 vga - ok
10:21:42.0496 6552 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
10:21:42.0496 6552 VgaSave - ok
10:21:42.0532 6552 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
10:21:42.0533 6552 viaagp - ok
10:21:42.0563 6552 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
10:21:42.0565 6552 ViaC7 - ok
10:21:42.0597 6552 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
10:21:42.0598 6552 viaide - ok
10:21:42.0636 6552 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
10:21:42.0637 6552 volmgr - ok
10:21:42.0688 6552 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
10:21:42.0691 6552 volmgrx - ok
10:21:42.0726 6552 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
10:21:42.0729 6552 volsnap - ok
10:21:42.0775 6552 vpnva (e1f2333a88ec4a5c8ea6be357323b72d) C:\Windows\system32\DRIVERS\vpnva.sys
10:21:42.0776 6552 vpnva - ok
10:21:42.0808 6552 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
10:21:42.0812 6552 vsmraid - ok
10:21:42.0878 6552 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:21:42.0879 6552 WacomPen - ok
10:21:42.0909 6552 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:21:42.0910 6552 Wanarp - ok
10:21:42.0932 6552 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:21:42.0933 6552 Wanarpv6 - ok
10:21:43.0002 6552 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
10:21:43.0003 6552 Wd - ok
10:21:43.0064 6552 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:21:43.0068 6552 Wdf01000 - ok
10:21:43.0210 6552 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
10:21:43.0215 6552 winachsf - ok
10:21:43.0341 6552 wisdpen (6b2f446b11fb390ad8112c0437dce158) C:\Windows\system32\DRIVERS\wisdpen.sys
10:21:43.0342 6552 wisdpen - ok
10:21:43.0405 6552 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
10:21:43.0406 6552 WmiAcpi - ok
10:21:43.0490 6552 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
10:21:43.0491 6552 WpdUsb - ok
10:21:43.0542 6552 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
10:21:43.0543 6552 ws2ifsl - ok
10:21:43.0620 6552 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:21:43.0622 6552 WUDFRd - ok
10:21:43.0672 6552 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
10:21:43.0672 6552 XAudio - ok
10:21:43.0799 6552 MBR (0x1B8) (9df836fad0233224525bd702d5c44a5a) \Device\Harddisk0\DR0
10:21:44.0020 6552 \Device\Harddisk0\DR0 - ok
10:21:44.0024 6552 Boot (0x1200) (63c1521b964880fb1689f1a13c6015c4) \Device\Harddisk0\DR0\Partition0
10:21:44.0025 6552 \Device\Harddisk0\DR0\Partition0 - ok
10:21:44.0026 6552 ============================================================
10:21:44.0026 6552 Scan finished
10:21:44.0026 6552 ============================================================
10:21:44.0038 4444 Detected object count: 1
10:21:44.0038 4444 Actual detected object count: 1
10:22:04.0273 4444 C:\Windows\system32\DRIVERS\smb.sys - copied to quarantine
10:22:07.0321 4444 Backup copy found, using it..
10:22:07.0337 4444 C:\Windows\system32\DRIVERS\smb.sys - will be cured on reboot
10:22:12.0802 4444 Smb ( Virus.Win32.ZAccess.c ) - User select action: Cure
10:31:36.0035 3056 Deinitialize success

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:38 PM

Posted 15 February 2012 - 08:09 PM

OK, that should be a big improvement. You did restart the machine,important.

Lets see whats left and then if its running well we can mop up.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 chromecarz00

chromecarz00
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 16 February 2012 - 02:13 PM

C:\Documents and Settings\§\AppData\Roaming\FixTDSS\Archive\smb.sys a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.02.2012_10.42.09\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.02.2012_11.03.05\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.02.2012_11.18.57\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.02.2012_17.00.46\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.02.2012_03.14.41\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.02.2012_10.21.17\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\Windows\System32\FastUv32.dll probably a variant of Win32/Agent.IMLOJDE trojan cleaned by deleting (after the next restart) - quarantined
C:\Windows\System32\drivers\i8042prt.sys a variant of Win32/Sirefef.DA trojan unable to clean
Operating memory Win32/Sirefef.DN trojan

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:38 PM

Posted 17 February 2012 - 12:43 AM

We still need to run 2 more,

Please open TDSS again.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.




Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 chromecarz00

chromecarz00
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 17 February 2012 - 06:53 AM

Thanks for your continued help!


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-17 03:29:00
-----------------------------
03:29:00.405 OS Version: Windows 6.0.6002 Service Pack 2
03:29:00.407 Number of processors: 2 586 0xF0A
03:29:00.408 ComputerName: MINWINPC UserName: §
03:29:03.947 Initialize success
03:29:08.991 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
03:29:08.994 Disk 0 Vendor: ST950042 0002 Size: 476940MB BusType: 3
03:29:09.015 Disk 0 MBR read successfully
03:29:09.018 Disk 0 MBR scan
03:29:09.022 Disk 0 unknown MBR code
03:29:09.032 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 22252 MB offset 2048
03:29:09.047 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 454687 MB offset 45574144
03:29:09.052 Disk 0 scanning sectors +976773120
03:29:09.089 Disk 0 scanning C:\Windows\system32\drivers
03:29:22.211 Service scanning
03:29:25.526 Service i8042prt C:\Windows\system32\drivers\tskFE37.tmp **LOCKED** 32
03:29:27.517 Modules scanning
03:29:30.416 Module: C:\Windows\system32\DRIVERS\i8042prt.sys **SUSPICIOUS**
03:29:34.762 Disk 0 trace - called modules:
03:29:34.805 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8ff65fc0]<<
03:29:34.810 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x881335a8]
03:29:34.817 3 CLASSPNP.SYS[8bda08b3] -> nt!IofCallDriver -> [0x88c85920]
03:29:34.822 \Driver\00005369[0x88c85a58] -> IRP_MJ_CREATE -> 0x8ff65fc0
03:29:34.827 Scan finished successfully
03:31:18.897 Disk 0 MBR has been saved successfully to "C:\Users\§\Documents\Downloads\MBR.dat"
03:31:18.952 The log file has been saved successfully to "C:\Users\§\Documents\Downloads\aswMBR.txt"











03:27:19.0125 4600 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
03:27:21.0271 4600 ============================================================
03:27:21.0271 4600 Current date / time: 2012/02/17 03:27:21.0271
03:27:21.0271 4600 SystemInfo:
03:27:21.0271 4600
03:27:21.0271 4600 OS Version: 6.0.6002 ServicePack: 2.0
03:27:21.0271 4600 Product type: Workstation
03:27:21.0271 4600 ComputerName: MINWINPC
03:27:21.0272 4600 UserName: §
03:27:21.0272 4600 Windows directory: C:\Windows
03:27:21.0272 4600 System windows directory: C:\Windows
03:27:21.0272 4600 Processor architecture: Intel x86
03:27:21.0272 4600 Number of processors: 2
03:27:21.0272 4600 Page size: 0x1000
03:27:21.0272 4600 Boot type: Normal boot
03:27:21.0272 4600 ============================================================
03:27:22.0606 4600 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
03:27:22.0614 4600 \Device\Harddisk0\DR0:
03:27:22.0615 4600 MBR used
03:27:22.0615 4600 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2B76800, BlocksNum 0x3780F800
03:27:22.0748 4600 Initialize success
03:27:22.0748 4600 ============================================================
03:27:35.0769 7504 ============================================================
03:27:35.0769 7504 Scan started
03:27:35.0769 7504 Mode: Manual; TDLFS;
03:27:35.0769 7504 ============================================================
03:27:42.0483 7504 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
03:27:42.0491 7504 ACPI - ok
03:27:42.0566 7504 ADIHdAudAddService (a51ea92451897824c5c7474a160af773) C:\Windows\system32\drivers\ADIHdAud.sys
03:27:42.0575 7504 ADIHdAudAddService - ok
03:27:42.0634 7504 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
03:27:42.0646 7504 adp94xx - ok
03:27:42.0696 7504 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
03:27:42.0705 7504 adpahci - ok
03:27:42.0746 7504 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
03:27:42.0750 7504 adpu160m - ok
03:27:42.0784 7504 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
03:27:42.0790 7504 adpu320 - ok
03:27:42.0868 7504 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
03:27:42.0876 7504 AFD - ok
03:27:42.0910 7504 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
03:27:42.0913 7504 agp440 - ok
03:27:42.0963 7504 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
03:27:42.0967 7504 aic78xx - ok
03:27:43.0082 7504 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
03:27:43.0084 7504 aliide - ok
03:27:43.0127 7504 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
03:27:43.0130 7504 amdagp - ok
03:27:43.0175 7504 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
03:27:43.0177 7504 amdide - ok
03:27:43.0218 7504 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
03:27:43.0221 7504 AmdK7 - ok
03:27:43.0266 7504 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
03:27:43.0269 7504 AmdK8 - ok
03:27:43.0343 7504 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
03:27:43.0347 7504 arc - ok
03:27:43.0390 7504 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
03:27:43.0397 7504 arcsas - ok
03:27:43.0757 7504 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
03:27:43.0775 7504 AsyncMac - ok
03:27:43.0823 7504 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
03:27:43.0826 7504 atapi - ok
03:27:43.0878 7504 b57nd60x (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys
03:27:43.0884 7504 b57nd60x - ok
03:27:43.0931 7504 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
03:27:43.0933 7504 Beep - ok
03:27:43.0960 7504 blbdrive - ok
03:27:44.0016 7504 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
03:27:44.0020 7504 bowser - ok
03:27:44.0057 7504 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
03:27:44.0060 7504 BrFiltLo - ok
03:27:44.0098 7504 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
03:27:44.0106 7504 BrFiltUp - ok
03:27:44.0157 7504 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
03:27:44.0162 7504 Brserid - ok
03:27:44.0223 7504 BrSerIf (1a5fc78e41840edf79d65ec16eff2787) C:\Windows\system32\Drivers\BrSerIf.sys
03:27:44.0227 7504 BrSerIf - ok
03:27:44.0282 7504 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
03:27:44.0287 7504 BrSerWdm - ok
03:27:44.0330 7504 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
03:27:44.0335 7504 BrUsbMdm - ok
03:27:44.0475 7504 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\Windows\system32\Drivers\BrUsbSer.sys
03:27:44.0475 7504 BrUsbSer - ok
03:27:44.0522 7504 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
03:27:44.0525 7504 BthEnum - ok
03:27:44.0575 7504 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
03:27:44.0579 7504 BTHMODEM - ok
03:27:44.0641 7504 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
03:27:44.0646 7504 BthPan - ok
03:27:44.0712 7504 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
03:27:44.0725 7504 BTHPORT - ok
03:27:44.0787 7504 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
03:27:44.0791 7504 BTHUSB - ok
03:27:44.0860 7504 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
03:27:44.0863 7504 btusbflt - ok
03:27:44.0906 7504 BTWAMPFL (2a0de6423d6be95c96124fc66046176e) C:\Windows\system32\DRIVERS\btwampfl.sys
03:27:44.0914 7504 BTWAMPFL - ok
03:27:44.0952 7504 btwaudio (cc0a5e69d19b5c1ecc6cf9bf3acc3969) C:\Windows\system32\drivers\btwaudio.sys
03:27:44.0956 7504 btwaudio - ok
03:27:44.0991 7504 btwavdt (9abea4dc976e3f47da2d4b169719cbaa) C:\Windows\system32\drivers\btwavdt.sys
03:27:44.0995 7504 btwavdt - ok
03:27:45.0034 7504 btwl2cap (a94032a7755164e13c75e0e7409afd65) C:\Windows\system32\DRIVERS\btwl2cap.sys
03:27:45.0037 7504 btwl2cap - ok
03:27:45.0074 7504 btwrchid (1e5468447e4d18fbea5f01267d6495a5) C:\Windows\system32\DRIVERS\btwrchid.sys
03:27:45.0076 7504 btwrchid - ok
03:27:45.0153 7504 catchme - ok
03:27:45.0221 7504 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
03:27:45.0226 7504 cdfs - ok
03:27:45.0257 7504 cdrom - ok
03:27:45.0322 7504 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
03:27:45.0325 7504 circlass - ok
03:27:45.0377 7504 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
03:27:45.0394 7504 CLFS - ok
03:27:45.0479 7504 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
03:27:45.0481 7504 CmBatt - ok
03:27:45.0533 7504 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
03:27:45.0535 7504 cmdide - ok
03:27:45.0599 7504 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
03:27:45.0603 7504 Compbatt - ok
03:27:45.0636 7504 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
03:27:45.0638 7504 crcdisk - ok
03:27:45.0686 7504 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
03:27:45.0689 7504 Crusoe - ok
03:27:45.0795 7504 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
03:27:45.0807 7504 CSC - ok
03:27:45.0887 7504 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
03:27:45.0891 7504 CVirtA - ok
03:27:45.0979 7504 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys
03:27:45.0989 7504 CVPNDRVA - ok
03:27:46.0066 7504 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
03:27:46.0069 7504 DfsC - ok
03:27:46.0135 7504 DgiVecp (7f19dba1a467b838ccb23124a2c55568) C:\Windows\system32\Drivers\DgiVecp.sys
03:27:46.0138 7504 DgiVecp - ok
03:27:46.0215 7504 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
03:27:46.0217 7504 disk - ok
03:27:46.0268 7504 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
03:27:46.0274 7504 DNE - ok
03:27:46.0334 7504 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
03:27:46.0339 7504 Dot4 - ok
03:27:46.0388 7504 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
03:27:46.0392 7504 Dot4Print - ok
03:27:46.0438 7504 Dot4Scan (a84d8a9006b1ae515cc7b6b3586c295a) C:\Windows\system32\DRIVERS\Dot4Scan.sys
03:27:46.0441 7504 Dot4Scan - ok
03:27:46.0479 7504 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
03:27:46.0483 7504 dot4usb - ok
03:27:46.0583 7504 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
03:27:46.0585 7504 drmkaud - ok
03:27:46.0644 7504 DroidCam (d9f07d1b8dff55480a88eb4f9cde5824) C:\Windows\system32\drivers\droidcam.sys
03:27:46.0646 7504 DroidCam - ok
03:27:46.0728 7504 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
03:27:46.0752 7504 DXGKrnl - ok
03:27:46.0795 7504 e1express (684780bc2120dc5c7b61c4e4da340f6c) C:\Windows\system32\DRIVERS\e1e6032.sys
03:27:46.0801 7504 e1express - ok
03:27:46.0837 7504 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
03:27:46.0841 7504 E1G60 - ok
03:27:46.0909 7504 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
03:27:46.0915 7504 Ecache - ok
03:27:46.0998 7504 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
03:27:47.0008 7504 elxstor - ok
03:27:47.0090 7504 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
03:27:47.0097 7504 exfat - ok
03:27:47.0156 7504 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
03:27:47.0162 7504 fastfat - ok
03:27:47.0213 7504 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
03:27:47.0216 7504 fdc - ok
03:27:47.0287 7504 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
03:27:47.0291 7504 FileInfo - ok
03:27:47.0326 7504 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
03:27:47.0329 7504 Filetrace - ok
03:27:47.0397 7504 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
03:27:47.0410 7504 flpydisk - ok
03:27:47.0499 7504 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
03:27:47.0511 7504 FltMgr - ok
03:27:47.0670 7504 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
03:27:47.0673 7504 Fs_Rec - ok
03:27:47.0727 7504 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
03:27:47.0731 7504 gagp30kx - ok
03:27:47.0791 7504 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
03:27:47.0795 7504 GEARAspiWDM - ok
03:27:47.0880 7504 GzTpHid (f5384d94508875c427ac9e4f0018e854) C:\Windows\system32\DRIVERS\GzTpHid.sys
03:27:47.0883 7504 GzTpHid - ok
03:27:47.0985 7504 HBtnKey (72e296127300412d1d472f6471c69ab2) C:\Windows\system32\DRIVERS\tkbtnpn.sys
03:27:47.0987 7504 HBtnKey - ok
03:27:48.0069 7504 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
03:27:48.0075 7504 HdAudAddService - ok
03:27:48.0357 7504 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
03:27:48.0361 7504 HDAudBus - ok
03:27:48.0549 7504 HECI (fa83d4e20326aa10216b81b8bb27bc44) C:\Windows\system32\DRIVERS\HECI.sys
03:27:48.0556 7504 HECI - ok
03:27:48.0678 7504 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
03:27:48.0685 7504 HidBth - ok
03:27:48.0868 7504 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
03:27:48.0885 7504 HidIr - ok
03:27:48.0996 7504 HidUsb (c917f0c196ac0e4b6b9d3f0fa860af53) C:\Windows\system32\DRIVERS\hidusb.sys
03:27:49.0000 7504 HidUsb - ok
03:27:49.0082 7504 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
03:27:49.0088 7504 HpCISSs - ok
03:27:49.0180 7504 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
03:27:49.0190 7504 HSFHWAZL - ok
03:27:49.0342 7504 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
03:27:49.0378 7504 HSF_DPV - ok
03:27:49.0454 7504 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
03:27:49.0461 7504 HSXHWAZL - ok
03:27:49.0526 7504 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
03:27:49.0550 7504 HTTP - ok
03:27:49.0651 7504 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
03:27:49.0654 7504 i2omp - ok
03:27:49.0787 7504 i8042prt (7c877c89a98395ce6ad87477c646e80f) C:\Windows\system32\DRIVERS\i8042prt.sys
03:27:49.0793 7504 i8042prt ( Virus.Win32.ZAccess.c ) - infected
03:27:49.0793 7504 i8042prt - detected Virus.Win32.ZAccess.c (0)
03:27:50.0240 7504 ialm (8dad27dd28a4274866767c89c0bf154f) C:\Windows\system32\DRIVERS\igdkmd32.sys
03:27:50.0666 7504 ialm - ok
03:27:50.0985 7504 iaStor (01446278d4563b3013c92830ae6cbb26) C:\Windows\system32\DRIVERS\iaStor.sys
03:27:50.0987 7504 iaStor - ok
03:27:51.0060 7504 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
03:27:51.0070 7504 iaStorV - ok
03:27:51.0136 7504 IBMPMDRV (fa3d0a6da7bb7968efe5c5bc267f0e55) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
03:27:51.0140 7504 IBMPMDRV - ok
03:27:51.0596 7504 igfx (8dad27dd28a4274866767c89c0bf154f) C:\Windows\system32\DRIVERS\igdkmd32.sys
03:27:51.0765 7504 igfx - ok
03:27:51.0847 7504 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
03:27:51.0852 7504 iirsp - ok
03:27:51.0958 7504 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
03:27:51.0960 7504 intelide - ok
03:27:51.0991 7504 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
03:27:51.0994 7504 intelppm - ok
03:27:52.0056 7504 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:27:52.0059 7504 IpFilterDriver - ok
03:27:52.0092 7504 IpInIp - ok
03:27:52.0137 7504 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
03:27:52.0140 7504 IPMIDRV - ok
03:27:52.0179 7504 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
03:27:52.0183 7504 IPNAT - ok
03:27:52.0256 7504 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
03:27:52.0260 7504 IRENUM - ok
03:27:52.0327 7504 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
03:27:52.0331 7504 isapnp - ok
03:27:52.0537 7504 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
03:27:52.0542 7504 iScsiPrt - ok
03:27:52.0586 7504 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
03:27:52.0596 7504 iteatapi - ok
03:27:52.0758 7504 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
03:27:52.0762 7504 iteraid - ok
03:27:52.0822 7504 Iviaspi (6cc0445b21295f16116cf787f8028444) C:\Windows\system32\drivers\iviaspi.sys
03:27:52.0826 7504 Iviaspi - ok
03:27:52.0899 7504 iviVD (2071443f12b5823cf8dad4f28a1dae17) C:\Windows\system32\DRIVERS\iviVD.sys
03:27:52.0904 7504 iviVD - ok
03:27:52.0957 7504 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
03:27:52.0960 7504 kbdclass - ok
03:27:53.0006 7504 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
03:27:53.0008 7504 kbdhid - ok
03:27:53.0111 7504 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
03:27:53.0122 7504 KSecDD - ok
03:27:53.0244 7504 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\Windows\system32\DRIVERS\Lbd.sys
03:27:53.0250 7504 Lbd - ok
03:27:53.0347 7504 lenovo.smi (9aac267a225f3caebb9e633f7eb16e4b) C:\Windows\system32\DRIVERS\smiif32.sys
03:27:53.0350 7504 lenovo.smi - ok
03:27:53.0435 7504 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
03:27:53.0442 7504 lltdio - ok
03:27:53.0591 7504 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
03:27:53.0600 7504 LSI_FC - ok
03:27:53.0813 7504 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
03:27:53.0818 7504 LSI_SAS - ok
03:27:53.0878 7504 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
03:27:53.0881 7504 LSI_SCSI - ok
03:27:53.0923 7504 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
03:27:53.0926 7504 luafv - ok
03:27:53.0984 7504 mbmiodrvr (290fb01f7f51eff0960599404a09f8d6) C:\Windows\system32\mbmiodrvr.sys
03:27:53.0992 7504 mbmiodrvr - ok
03:27:54.0026 7504 mcdbus - ok
03:27:54.0081 7504 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
03:27:54.0084 7504 mdmxsdk - ok
03:27:54.0130 7504 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
03:27:54.0132 7504 megasas - ok
03:27:54.0173 7504 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
03:27:54.0176 7504 Modem - ok
03:27:54.0226 7504 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
03:27:54.0229 7504 monitor - ok
03:27:54.0296 7504 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
03:27:54.0300 7504 mouclass - ok
03:27:54.0390 7504 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
03:27:54.0395 7504 mouhid - ok
03:27:54.0484 7504 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
03:27:54.0487 7504 MountMgr - ok
03:27:54.0524 7504 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
03:27:54.0530 7504 mpio - ok
03:27:54.0593 7504 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
03:27:54.0597 7504 mpsdrv - ok
03:27:54.0754 7504 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
03:27:54.0762 7504 Mraid35x - ok
03:27:54.0917 7504 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
03:27:54.0917 7504 MRxDAV - ok
03:27:54.0965 7504 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
03:27:54.0974 7504 mrxsmb - ok
03:27:55.0066 7504 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:27:55.0073 7504 mrxsmb10 - ok
03:27:55.0134 7504 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:27:55.0138 7504 mrxsmb20 - ok
03:27:55.0216 7504 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
03:27:55.0222 7504 msahci - ok
03:27:55.0321 7504 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
03:27:55.0328 7504 msdsm - ok
03:27:55.0443 7504 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
03:27:55.0448 7504 Msfs - ok
03:27:55.0502 7504 MSHUSBVideo (01446556c149bba152e2ff79e296889f) C:\Windows\system32\Drivers\nx6000.sys
03:27:55.0504 7504 MSHUSBVideo - ok
03:27:55.0552 7504 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
03:27:55.0554 7504 msisadrv - ok
03:27:55.0736 7504 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
03:27:55.0740 7504 MSKSSRV - ok
03:27:55.0822 7504 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
03:27:55.0830 7504 MSPCLOCK - ok
03:27:56.0007 7504 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
03:27:56.0010 7504 MSPQM - ok
03:27:56.0071 7504 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
03:27:56.0089 7504 MsRPC - ok
03:27:56.0183 7504 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
03:27:56.0188 7504 mssmbios - ok
03:27:56.0296 7504 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
03:27:56.0302 7504 MSTEE - ok
03:27:56.0388 7504 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
03:27:56.0391 7504 Mup - ok
03:27:56.0506 7504 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
03:27:56.0526 7504 NativeWifiP - ok
03:27:56.0615 7504 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
03:27:56.0639 7504 NDIS - ok
03:27:56.0701 7504 Ndisprot (d3cc1a514fd1ae44a7ed3c5e170961c7) C:\Windows\system32\drivers\Ndisprot.sys
03:27:56.0703 7504 Ndisprot - ok
03:27:56.0752 7504 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
03:27:56.0755 7504 NdisTapi - ok
03:27:56.0790 7504 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
03:27:56.0792 7504 Ndisuio - ok
03:27:56.0848 7504 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
03:27:56.0855 7504 NdisWan - ok
03:27:56.0926 7504 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
03:27:56.0931 7504 NDProxy - ok
03:27:57.0004 7504 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
03:27:57.0008 7504 NetBIOS - ok
03:27:57.0101 7504 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
03:27:57.0108 7504 netbt - ok
03:27:57.0280 7504 NETw4v32 (cb3af516a6797b27725e3f1e73f3496c) C:\Windows\system32\DRIVERS\NETw4v32.sys
03:27:57.0378 7504 NETw4v32 - ok
03:27:57.0769 7504 NETw5v32 (39cba1ae2a400ef99c3dec9f9f601876) C:\Windows\system32\DRIVERS\NETw5v32.sys
03:27:58.0065 7504 NETw5v32 - ok
03:27:58.0213 7504 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
03:27:58.0222 7504 nfrd960 - ok
03:27:58.0343 7504 nmwcd (9a908a9bb857c2cceb2907eb9dcaeb8b) C:\Windows\system32\drivers\ccdcmb.sys
03:27:58.0347 7504 nmwcd - ok
03:27:58.0456 7504 nmwcdc (68ec3ee2348e475ea62c66e6aafcfc9b) C:\Windows\system32\drivers\ccdcmbo.sys
03:27:58.0459 7504 nmwcdc - ok
03:27:58.0519 7504 nmwcdnsu (be7fd9ca07e7d39f77c78ba5756930d9) C:\Windows\system32\drivers\nmwcdnsu.sys
03:27:58.0526 7504 nmwcdnsu - ok
03:27:58.0589 7504 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
03:27:58.0593 7504 Npfs - ok
03:27:58.0652 7504 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
03:27:58.0657 7504 nsiproxy - ok
03:27:58.0798 7504 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
03:27:58.0839 7504 Ntfs - ok
03:27:58.0915 7504 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
03:27:58.0918 7504 ntrigdigi - ok
03:27:58.0971 7504 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
03:27:58.0974 7504 Null - ok
03:27:59.0028 7504 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
03:27:59.0033 7504 nvraid - ok
03:27:59.0105 7504 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
03:27:59.0108 7504 nvstor - ok
03:27:59.0189 7504 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
03:27:59.0199 7504 nv_agp - ok
03:27:59.0230 7504 NwlnkFlt - ok
03:27:59.0274 7504 NwlnkFwd - ok
03:27:59.0338 7504 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
03:27:59.0341 7504 ohci1394 - ok
03:27:59.0392 7504 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
03:27:59.0395 7504 Parport - ok
03:27:59.0447 7504 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
03:27:59.0450 7504 partmgr - ok
03:27:59.0496 7504 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
03:27:59.0499 7504 Parvdm - ok
03:27:59.0537 7504 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
03:27:59.0541 7504 pccsmcfd - ok
03:27:59.0657 7504 PCD5SRVC{DF187064-5DA14001-05040000} (9489c4cf14126a06b061163d2b261c69) C:\PROGRA~1\PCDR5\PCD5SRVC.pkms
03:27:59.0743 7504 PCD5SRVC{DF187064-5DA14001-05040000} - ok
03:27:59.0786 7504 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
03:27:59.0792 7504 pci - ok
03:27:59.0839 7504 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\DRIVERS\pciide.sys
03:27:59.0841 7504 pciide - ok
03:27:59.0920 7504 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
03:27:59.0926 7504 pcmcia - ok
03:28:00.0076 7504 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
03:28:00.0120 7504 PEAUTH - ok
03:28:00.0336 7504 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
03:28:00.0340 7504 PptpMiniport - ok
03:28:00.0377 7504 PROCDD (1d80309fed4babf8ea9e7b84a394348b) C:\Windows\system32\DRIVERS\PROCDD.SYS
03:28:00.0381 7504 PROCDD - ok
03:28:00.0426 7504 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
03:28:00.0429 7504 Processor - ok
03:28:00.0486 7504 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\Windows\system32\DRIVERS\psadd.sys
03:28:00.0492 7504 psadd - ok
03:28:00.0566 7504 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
03:28:00.0574 7504 PSched - ok
03:28:00.0656 7504 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
03:28:00.0659 7504 PxHelp20 - ok
03:28:00.0718 7504 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
03:28:00.0746 7504 ql2300 - ok
03:28:00.0784 7504 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
03:28:00.0788 7504 ql40xx - ok
03:28:00.0838 7504 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
03:28:00.0841 7504 QWAVEdrv - ok
03:28:00.0947 7504 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
03:28:00.0955 7504 RasAcd - ok
03:28:01.0051 7504 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
03:28:01.0056 7504 Rasl2tp - ok
03:28:01.0135 7504 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
03:28:01.0140 7504 RasPppoe - ok
03:28:01.0273 7504 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
03:28:01.0283 7504 RasSstp - ok
03:28:01.0358 7504 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
03:28:01.0372 7504 rdbss - ok
03:28:01.0465 7504 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
03:28:01.0468 7504 RDPCDD - ok
03:28:01.0613 7504 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\DRIVERS\rdpdr.sys
03:28:01.0621 7504 rdpdr - ok
03:28:01.0759 7504 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
03:28:01.0762 7504 RDPENCDD - ok
03:28:01.0887 7504 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
03:28:01.0896 7504 RDPWD - ok
03:28:02.0123 7504 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
03:28:02.0130 7504 RFCOMM - ok
03:28:02.0284 7504 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
03:28:02.0288 7504 rspndr - ok
03:28:02.0408 7504 rt70x86 (5a54d765d6092b23d47ad9dbf7f6d7e4) C:\Windows\system32\DRIVERS\netr70.sys
03:28:02.0416 7504 rt70x86 - ok
03:28:02.0521 7504 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
03:28:02.0528 7504 sbp2port - ok
03:28:02.0650 7504 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
03:28:02.0656 7504 sdbus - ok
03:28:02.0773 7504 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
03:28:02.0777 7504 secdrv - ok
03:28:02.0940 7504 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
03:28:02.0942 7504 Serenum - ok
03:28:02.0997 7504 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
03:28:03.0002 7504 Serial - ok
03:28:03.0057 7504 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
03:28:03.0060 7504 sermouse - ok
03:28:03.0170 7504 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
03:28:03.0173 7504 sffdisk - ok
03:28:03.0283 7504 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
03:28:03.0286 7504 sffp_mmc - ok
03:28:03.0338 7504 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
03:28:03.0341 7504 sffp_sd - ok
03:28:03.0412 7504 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
03:28:03.0416 7504 sfloppy - ok
03:28:03.0530 7504 Shockprf (fc0127343bd1ce1986ba12f8937f1057) C:\Windows\system32\DRIVERS\Apsx86.sys
03:28:03.0535 7504 Shockprf - ok
03:28:03.0606 7504 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
03:28:03.0609 7504 sisagp - ok
03:28:03.0702 7504 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
03:28:03.0707 7504 SiSRaid2 - ok
03:28:03.0769 7504 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
03:28:03.0774 7504 SiSRaid4 - ok
03:28:03.0892 7504 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
03:28:03.0897 7504 Smb - ok
03:28:04.0010 7504 smihlp2 (0b9c01236d25bdcb37aa79dc59dfb7d3) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
03:28:04.0012 7504 smihlp2 - ok
03:28:04.0160 7504 snapman (624f51c7c12b9aeec433a2dd9b43f90f) C:\Windows\system32\DRIVERS\snapman.sys
03:28:04.0166 7504 snapman - ok
03:28:04.0220 7504 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
03:28:04.0223 7504 spldr - ok
03:28:04.0350 7504 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
03:28:04.0368 7504 srv - ok
03:28:04.0436 7504 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
03:28:04.0442 7504 srv2 - ok
03:28:04.0493 7504 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
03:28:04.0497 7504 srvnet - ok
03:28:04.0541 7504 SSPORT - ok
03:28:04.0613 7504 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
03:28:04.0617 7504 StillCam - ok
03:28:04.0686 7504 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
03:28:04.0689 7504 swenum - ok
03:28:04.0786 7504 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
03:28:04.0793 7504 Symc8xx - ok
03:28:04.0859 7504 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
03:28:04.0862 7504 Sym_hi - ok
03:28:04.0913 7504 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
03:28:04.0916 7504 Sym_u3 - ok
03:28:04.0977 7504 tap0901 (2e644070f2240cca9775a6b79cae62cd) C:\Windows\system32\DRIVERS\tap0901.sys
03:28:04.0980 7504 tap0901 - ok
03:28:05.0066 7504 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
03:28:05.0093 7504 Tcpip - ok
03:28:05.0145 7504 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
03:28:05.0163 7504 Tcpip6 - ok
03:28:05.0303 7504 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
03:28:05.0303 7504 tcpipreg - ok
03:28:05.0365 7504 TcUsb (64abea4001f8eb869385e65d85bc302b) C:\Windows\system32\Drivers\tcusb.sys
03:28:05.0365 7504 TcUsb - ok
03:28:05.0428 7504 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
03:28:05.0428 7504 TDPIPE - ok
03:28:05.0521 7504 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
03:28:05.0521 7504 TDTCP - ok
03:28:05.0568 7504 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
03:28:05.0568 7504 tdx - ok
03:28:05.0677 7504 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
03:28:05.0677 7504 TermDD - ok
03:28:05.0880 7504 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys
03:28:05.0880 7504 tifsfilter - ok
03:28:05.0989 7504 timounter (1dcf219ec8de87c99b5ad6216000f6d3) C:\Windows\system32\DRIVERS\timntr.sys
03:28:06.0005 7504 timounter - ok
03:28:06.0083 7504 Tp4Track (1c950ae9c09904c229525f22eefc15db) C:\Windows\system32\DRIVERS\tp4track.sys
03:28:06.0098 7504 Tp4Track - ok
03:28:06.0187 7504 TPDIGIMN (521866a3ce5a1a69b4b4a87bdb52be26) C:\Windows\system32\DRIVERS\ApsHM86.sys
03:28:06.0241 7504 TPDIGIMN - ok
03:28:06.0348 7504 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
03:28:06.0350 7504 TPM - ok
03:28:06.0421 7504 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
03:28:06.0423 7504 tssecsrv - ok
03:28:06.0474 7504 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
03:28:06.0477 7504 tunmp - ok
03:28:06.0543 7504 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
03:28:06.0547 7504 tunnel - ok
03:28:06.0731 7504 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\Windows\system32\DRIVERS\tvtfilter.sys
03:28:06.0733 7504 tvtfilter - ok
03:28:06.0817 7504 TVTI2C (7e66dda1ef146bfc3a6e36e08e036602) C:\Windows\system32\DRIVERS\Tvti2c.sys
03:28:06.0819 7504 TVTI2C - ok
03:28:06.0891 7504 tvtumon (fc4d5a1ea9d736907cb547085248199f) C:\Windows\system32\DRIVERS\tvtumon.sys
03:28:06.0902 7504 tvtumon - ok
03:28:06.0953 7504 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
03:28:06.0957 7504 uagp35 - ok
03:28:07.0005 7504 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
03:28:07.0014 7504 udfs - ok
03:28:07.0068 7504 UIUSys - ok
03:28:07.0131 7504 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
03:28:07.0137 7504 uliagpkx - ok
03:28:07.0203 7504 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
03:28:07.0213 7504 uliahci - ok
03:28:07.0269 7504 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
03:28:07.0275 7504 UlSata - ok
03:28:07.0310 7504 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
03:28:07.0315 7504 ulsata2 - ok
03:28:07.0362 7504 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
03:28:07.0365 7504 umbus - ok
03:28:07.0433 7504 upperdev (a34560a5d516a2f5240180370866b99d) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
03:28:07.0437 7504 upperdev - ok
03:28:07.0534 7504 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
03:28:07.0538 7504 USBAAPL - ok
03:28:07.0606 7504 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
03:28:07.0611 7504 usbaudio - ok
03:28:07.0650 7504 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
03:28:07.0654 7504 usbccgp - ok
03:28:07.0705 7504 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
03:28:07.0709 7504 usbcir - ok
03:28:07.0794 7504 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
03:28:07.0799 7504 usbehci - ok
03:28:07.0885 7504 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
03:28:07.0894 7504 usbhub - ok
03:28:07.0966 7504 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
03:28:07.0970 7504 usbohci - ok
03:28:08.0020 7504 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
03:28:08.0025 7504 usbprint - ok
03:28:08.0133 7504 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
03:28:08.0136 7504 usbscan - ok
03:28:08.0195 7504 usbser (a96191470581a7091420d25ecd444502) C:\Windows\system32\drivers\usbser.sys
03:28:08.0197 7504 usbser - ok
03:28:08.0236 7504 UsbserFilt (6410eebd6e0427466812858ee84c8467) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
03:28:08.0238 7504 UsbserFilt - ok
03:28:08.0306 7504 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:28:08.0313 7504 USBSTOR - ok
03:28:08.0373 7504 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
03:28:08.0377 7504 usbuhci - ok
03:28:08.0444 7504 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
03:28:08.0452 7504 usbvideo - ok
03:28:08.0577 7504 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
03:28:08.0579 7504 VClone - ok
03:28:08.0658 7504 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
03:28:08.0660 7504 vga - ok
03:28:08.0693 7504 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
03:28:08.0695 7504 VgaSave - ok
03:28:08.0763 7504 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
03:28:08.0768 7504 viaagp - ok
03:28:08.0893 7504 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
03:28:08.0897 7504 ViaC7 - ok
03:28:08.0943 7504 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
03:28:08.0947 7504 viaide - ok
03:28:08.0984 7504 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
03:28:08.0986 7504 volmgr - ok
03:28:09.0034 7504 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
03:28:09.0042 7504 volmgrx - ok
03:28:09.0080 7504 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
03:28:09.0087 7504 volsnap - ok
03:28:09.0179 7504 vpnva (e1f2333a88ec4a5c8ea6be357323b72d) C:\Windows\system32\DRIVERS\vpnva.sys
03:28:09.0183 7504 vpnva - ok
03:28:09.0237 7504 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
03:28:09.0243 7504 vsmraid - ok
03:28:09.0380 7504 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
03:28:09.0384 7504 WacomPen - ok
03:28:09.0429 7504 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
03:28:09.0434 7504 Wanarp - ok
03:28:09.0461 7504 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
03:28:09.0464 7504 Wanarpv6 - ok
03:28:09.0629 7504 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
03:28:09.0631 7504 Wd - ok
03:28:09.0724 7504 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
03:28:09.0826 7504 Wdf01000 - ok
03:28:10.0080 7504 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
03:28:10.0116 7504 winachsf - ok
03:28:10.0256 7504 wisdpen (6b2f446b11fb390ad8112c0437dce158) C:\Windows\system32\DRIVERS\wisdpen.sys
03:28:10.0259 7504 wisdpen - ok
03:28:10.0337 7504 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
03:28:10.0342 7504 WmiAcpi - ok
03:28:10.0471 7504 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
03:28:10.0477 7504 WpdUsb - ok
03:28:10.0573 7504 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
03:28:10.0576 7504 ws2ifsl - ok
03:28:10.0717 7504 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
03:28:10.0721 7504 WUDFRd - ok
03:28:10.0785 7504 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
03:28:10.0788 7504 XAudio - ok
03:28:10.0913 7504 MBR (0x1B8) (9df836fad0233224525bd702d5c44a5a) \Device\Harddisk0\DR0
03:28:11.0720 7504 \Device\Harddisk0\DR0 - ok
03:28:11.0725 7504 Boot (0x1200) (63c1521b964880fb1689f1a13c6015c4) \Device\Harddisk0\DR0\Partition0
03:28:11.0728 7504 \Device\Harddisk0\DR0\Partition0 - ok
03:28:11.0729 7504 ============================================================
03:28:11.0729 7504 Scan finished
03:28:11.0729 7504 ============================================================
03:28:12.0032 7108 Detected object count: 1
03:28:12.0032 7108 Actual detected object count: 1
03:28:15.0162 7108 C:\Windows\system32\DRIVERS\i8042prt.sys - copied to quarantine
03:28:15.0193 7108 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\i8042prt.sys) error 1813
03:28:28.0835 7108 Backup copy not found, trying to cure infected file..
03:28:28.0876 7108 Cure success, using it..
03:28:28.0901 7108 C:\Windows\system32\DRIVERS\i8042prt.sys - will be cured on reboot
03:28:35.0855 7108 i8042prt ( Virus.Win32.ZAccess.c ) - User select action: Cure
03:29:15.0100 0604 Deinitialize success




I got no popup after restart just fyi...

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:38 PM

Posted 17 February 2012 - 11:08 AM

Great! thismay have been the troublemaker.
03:28:12.0032 7108 Detected object count: 1
03:28:12.0032 7108 Actual detected object count: 1
03:28:15.0162 7108 C:\Windows\system32\DRIVERS\i8042prt.sys - copied to quarantine
03:28:15.0193 7108 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\i8042prt.sys) error 1813
03:28:28.0835 7108 Backup copy not found, trying to cure infected file..
03:28:28.0876 7108 Cure success, using it..
03:28:28.0901 7108 C:\Windows\system32\DRIVERS\i8042prt.sys - will be cured on reboot
03:28:35.0855 7108 i8042prt ( Virus.Win32.ZAccess.c ) - User select action: Cure
03:29:15.0100 0604 Deinitialize success



We need to see if everything elsr is out now..


Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1 <<<== Use this one first.

Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware


Now reun ESET please...

Edited by boopme, 17 February 2012 - 11:10 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 chromecarz00

chromecarz00
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 17 February 2012 - 08:57 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4356

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

2/17/2012 12:04:32 PM
mbam-log-2012-02-17 (12-04-32).txt

Scan type: Quick scan
Objects scanned: 165429
Time elapsed: 11 minute(s), 5 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
C:\Windows\system\svchost.exe (Backdoor.Bot) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\system\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.




C:\TDSSKiller_Quarantine\17.02.2012_03.27.21\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\Windows\System32\AIRPLUS.dll probably a variant of Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\Windows\System32\PD0620VID.dll probably a variant of Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\Windows\System32\smtpd32.dll probably a variant of Win32/Sirefef.ER trojan cleaned by deleting (after the next restart) - quarantined
C:\Windows\System32\tzontservice.dll probably a variant of Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\Windows\System32\drivers\tdx.sys a variant of Win32/Sirefef.DA trojan unable to clean
C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
Operating memory Win32/Sirefef.DN trojan

Edited by chromecarz00, 17 February 2012 - 08:57 PM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:38 PM

Posted 17 February 2012 - 09:21 PM

Hello MBAM ran an old version 1.46,now at 1.50
Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 chromecarz00

chromecarz00
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 22 February 2012 - 05:17 PM

Sorry for the late response! I never got an email regarding a new post on the topic!


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-17 03:29:00
-----------------------------
03:29:00.405 OS Version: Windows 6.0.6002 Service Pack 2
03:29:00.407 Number of processors: 2 586 0xF0A
03:29:00.408 ComputerName: MINWINPC UserName: §
03:29:03.947 Initialize success
03:29:08.991 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
03:29:08.994 Disk 0 Vendor: ST950042 0002 Size: 476940MB BusType: 3
03:29:09.015 Disk 0 MBR read successfully
03:29:09.018 Disk 0 MBR scan
03:29:09.022 Disk 0 unknown MBR code
03:29:09.032 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 22252 MB offset 2048
03:29:09.047 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 454687 MB offset 45574144
03:29:09.052 Disk 0 scanning sectors +976773120
03:29:09.089 Disk 0 scanning C:\Windows\system32\drivers
03:29:22.211 Service scanning
03:29:25.526 Service i8042prt C:\Windows\system32\drivers\tskFE37.tmp **LOCKED** 32
03:29:27.517 Modules scanning
03:29:30.416 Module: C:\Windows\system32\DRIVERS\i8042prt.sys **SUSPICIOUS**
03:29:34.762 Disk 0 trace - called modules:
03:29:34.805 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8ff65fc0]<<
03:29:34.810 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x881335a8]
03:29:34.817 3 CLASSPNP.SYS[8bda08b3] -> nt!IofCallDriver -> [0x88c85920]
03:29:34.822 \Driver\00005369[0x88c85a58] -> IRP_MJ_CREATE -> 0x8ff65fc0
03:29:34.827 Scan finished successfully
03:31:18.897 Disk 0 MBR has been saved successfully to "C:\Users\§\Documents\Downloads\MBR.dat"
03:31:18.952 The log file has been saved successfully to "C:\Users\§\Documents\Downloads\aswMBR.txt"


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-22 14:13:48
-----------------------------
14:13:48.025 OS Version: Windows 6.0.6002 Service Pack 2
14:13:48.025 Number of processors: 2 586 0xF0A
14:13:48.026 ComputerName: MINWINPC UserName: §
14:14:11.971 Initialize success
14:14:32.758 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
14:14:32.769 Disk 0 Vendor: ST950042 0002 Size: 476940MB BusType: 3
14:14:32.791 Disk 0 MBR read successfully
14:14:32.795 Disk 0 MBR scan
14:14:32.800 Disk 0 unknown MBR code
14:14:32.808 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 22252 MB offset 2048
14:14:32.822 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 454687 MB offset 45574144
14:14:32.830 Disk 0 scanning sectors +976773120
14:14:32.873 Disk 0 scanning C:\Windows\system32\drivers
14:14:46.006 Service scanning
14:15:09.486 Modules scanning
14:15:13.748 Module: C:\Windows\system32\DRIVERS\tdx.sys **SUSPICIOUS**
14:15:16.653 Disk 0 trace - called modules:
14:15:16.682 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xb2fb8fc0]<<
14:15:17.005 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8809b6e0]
14:15:17.016 3 CLASSPNP.SYS[8bda58b3] -> nt!IofCallDriver -> [0x8bbe9030]
14:15:17.026 \Driver\00007327[0x8bbfb5e0] -> IRP_MJ_CREATE -> 0xb2fb8fc0
14:15:17.035 Scan finished successfully
14:16:59.921 Disk 0 MBR has been saved successfully to "C:\Users\§\Documents\Downloads\MBR.dat"
14:16:59.944 The log file has been saved successfully to "C:\Users\§\Documents\Downloads\aswMBR.txt"



MB Log is coming after restart

#14 chromecarz00

chromecarz00
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 23 February 2012 - 12:31 AM

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.01.13.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19120
§ :: MINWINPC [administrator]

2/22/2012 3:23:08 PM
mbam-log-2012-02-22 (15-23-08).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 479667
Time elapsed: 3 hour(s), 8 minute(s), 29 second(s)

Memory Processes Detected: 1
C:\Windows\system\svchost.exe (Backdoor.Bot) -> 1104 -> Delete on reboot.

Memory Modules Detected: 1
C:\Windows\System32\NCUSBw32.dll (Trojan.Dropper) -> Delete on reboot.

Registry Keys Detected: 13
HKCR\CLSID\{3B8B90F0-A76C-4a02-B44A-BB338D8D00F0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{E3EA4FD0-CADE-4ae5-84F7-086EEE888BE4} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{E3EA4FDA-CADE-4AE5-84F7-086EEE888BE4} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\PandoBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\PandoBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FE4C2C37-EDC8-4C00-B864-3C38CF3BA834} (Adware.Adshot) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B1BA40A2-75F2-51BD-F413-04B13A2C8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E3EA4FD1-CADE-4AE5-84F7-086EEE888BE4} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Windows\System32\NCUSBw32.dll (Trojan.Dropper) -> Delete on reboot.
C:\Users\§\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\plugins\NPPandBr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\§\Desktop\stuff\stressre.exe (Joke.Stressreducer) -> Quarantined and deleted successfully.
C:\Windows\system\svchost.exe (Backdoor.Bot) -> Delete on reboot.

(end)

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:38 PM

Posted 23 February 2012 - 12:55 PM

OK, I see a reoccurring Backdoor Bot and a suspicious file. Let me say this first.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you still want to clean then...Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users