Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse Hider


  • This topic is locked This topic is locked
9 replies to this topic

#1 lightblue13

lightblue13

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 17 February 2012 - 10:24 AM

When I run AVG, I get a notice that I have Trojan Horse Hider and that it can not be removed. Didn't know I had it until I started my laptop one day and everything appeared to be gone. I was fortunately able to download a spyware that unhid everything and I've been trying to get rid of all virus/malware that I had but can't do anything about the Trojan Horse Hider. Running on Windows 7. Thanks in advance for any help you can provide.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:50 AM

Posted 17 February 2012 - 11:33 AM

Hello, thsi sentnece confuses me,sounds like you installed a malware to fix something.
I was fortunately able to download a spyware that unhid everything

If you still cannot see files..... please download the following program to your desktop:

Unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.


>>>>>>
Lets look at a couple logs.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1 <<<== Use this one first.

Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 lightblue13

lightblue13
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 17 February 2012 - 03:34 PM

Sorry, I meant to say that I had already found a way to unhide all files. Still trying to get rid of Horse Hider. Below are the logs you requested. Thanks again.

MiniToolBox by Farbar Version: 18-01-2012
Ran by Jonathan (administrator) on 17-02-2012 at 11:38:35
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Dell Wireless 1395 WLAN Mini-Card = Wireless Network Connection (Connected)
Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Jonathan-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1395 WLAN Mini-Card
Physical Address. . . . . . . . . : 00-22-69-94-C2-83
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c870:4f3a:dbe5:50dd%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.244(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, February 17, 2012 9:51:48 AM
Lease Expires . . . . . . . . . . : Saturday, February 18, 2012 9:51:48 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 218112617
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-C2-CD-FC-00-21-9B-E6-EA-1C
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Physical Address. . . . . . . . . : 00-21-9B-E6-EA-1C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:14cd:a46:b8c2:4aeb(Preferred)
Link-local IPv6 Address . . . . . : fe80::14cd:a46:b8c2:4aeb%17(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 25:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 51:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.226.136
74.125.226.141
74.125.226.128
74.125.226.133
74.125.226.137
74.125.226.138
74.125.226.131
74.125.226.129
74.125.226.130
74.125.226.142
74.125.226.132
74.125.226.139
74.125.226.135
74.125.226.143
74.125.226.140
74.125.226.134


Pinging google.com [74.125.226.165] with 32 bytes of data:
Reply from 74.125.226.165: bytes=32 time=19ms TTL=55
Reply from 74.125.226.165: bytes=32 time=34ms TTL=55

Ping statistics for 74.125.226.165:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 19ms, Maximum = 34ms, Average = 26ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
98.139.127.62


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=57ms TTL=49
Reply from 209.191.122.70: bytes=32 time=71ms TTL=49

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 57ms, Maximum = 71ms, Average = 64ms
Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 22 69 94 c2 83 ......Dell Wireless 1395 WLAN Mini-Card
10...00 21 9b e6 ea 1c ......Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
15...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
16...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.244 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.244 281
192.168.1.244 255.255.255.255 On-link 192.168.1.244 281
192.168.1.255 255.255.255.255 On-link 192.168.1.244 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.244 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.244 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
17 58 ::/0 On-link
1 306 ::1/128 On-link
17 58 2001::/32 On-link
17 306 2001:0:4137:9e76:14cd:a46:b8c2:4aeb/128
On-link
11 281 fe80::/64 On-link
17 306 fe80::/64 On-link
17 306 fe80::14cd:a46:b8c2:4aeb/128
On-link
11 281 fe80::c870:4f3a:dbe5:50dd/128
On-link
1 306 ff00::/8 On-link
17 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/16/2012 05:53:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5070

Error: (02/16/2012 05:53:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5070

Error: (02/16/2012 05:53:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/16/2012 05:53:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4040

Error: (02/16/2012 05:53:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4040

Error: (02/16/2012 05:53:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/16/2012 05:53:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3042

Error: (02/16/2012 05:53:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3042

Error: (02/16/2012 05:53:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/16/2012 05:53:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2043


System errors:
=============
Error: (02/17/2012 09:52:04 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends the following service: NetBT. This service might not be installed.

Error: (02/17/2012 09:51:36 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends the following service: NetBT. This service might not be installed.

Error: (02/17/2012 00:29:22 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends the following service: NetBT. This service might not be installed.

Error: (02/17/2012 00:28:30 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends the following service: NetBT. This service might not be installed.

Error: (02/16/2012 07:59:42 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends the following service: NetBT. This service might not be installed.

Error: (02/16/2012 03:21:31 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends the following service: NetBT. This service might not be installed.

Error: (02/16/2012 03:20:36 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends the following service: NetBT. This service might not be installed.

Error: (02/16/2012 07:53:31 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends the following service: NetBT. This service might not be installed.

Error: (02/16/2012 03:28:42 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends the following service: NetBT. This service might not be installed.

Error: (02/16/2012 03:28:19 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends the following service: NetBT. This service might not be installed.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
µTorrent (Version: 2.2.0)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 10 ActiveX (Version: 10.1.102.64)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Adobe Shockwave Player 11.5 (Version: 11.5.9.615)
Adobe SVG Viewer 3.0 (Version: 3.0)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2112)
AVG 2012 (Version: 2012.0.1913)
Bonjour (Version: 3.0.0.10)
Complitly
Compresor WinRAR
Conduit Engine (Version: )
CopyTrans Suite Remove Only (Version: 2.15)
FrostWire 4.21.3 (Version: 4.21.3.0)
FrostWire 5.2.11 (Version: 5.2.11.0)
Google SketchUp 8 (Version: 3.0.4811)
HitmanPro 3.6 (Version: 3.6.0.138)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Intel® TV Wizard
iPod To Computer Transfer 6.2
iTunes (Version: 10.5.3.3)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
Java™ 6 Update 4 (Version: 1.6.0.40)
LimeWire 4.16.6 (Version: 4.16.6)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Ultimate 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 10.0.1 (x86 en-US) (Version: 10.0.1)
Mplayer 0.6.9 (Version: 0.6.9)
QuickTime (Version: 7.71.80.42)
RICOH Media Driver ver.2.07.01.04 (Version: 2.07.01.04)
Skype Click to Call (Version: 5.9.9216)
Skype™ 5.8 (Version: 5.8.154)
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware (Version: 4.41.1000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
uTorrentBar Toolbar (Version: 6.2.7.3)
VLC media player 1.1.11 (Version: 1.1.11)

========================= Memory info: ===================================

Percentage of memory in use: 29%
Total physical RAM: 3062.04 MB
Available physical RAM: 2162.09 MB
Total Pagefile: 6122.37 MB
Available Pagefile: 4994.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1926.41 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:148.95 GB) (Free:9.89 GB) NTFS

========================= Users: ========================================

User accounts for \\JONATHAN-PC

Administrator Guest Jonathan


**** End of log ****





Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.17.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Jonathan :: JONATHAN-PC [administrator]

2/17/2012 11:43:12 AM
mbam-log-2012-02-17 (11-43-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192771
Time elapsed: 9 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Jonathan\AppData\Local\temp\lEYskaMF.exe.part (Adware.Agent) -> Quarantined and deleted successfully.

(end)








SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/17/2012 at 03:07 PM

Application Version : 4.41.1000

Core Rules Database Version : 6230
Trace Rules Database Version: 4042

Scan type : Complete Scan
Total Scan Time : 03:04:59

Memory items scanned : 356
Memory threats detected : 0
Registry items scanned : 8780
Registry threats detected : 0
File items scanned : 90606
File threats detected : 87

Adware.Tracking Cookie
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\HW08X5XQ.txt
8tracks.com [ C:\Users\Jonathan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7QRLAEZ2 ]
art.aim4media.com [ C:\Users\Jonathan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7QRLAEZ2 ]
cdn.gotraffic.net [ C:\Users\Jonathan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7QRLAEZ2 ]
cdn.tremormedia.com [ C:\Users\Jonathan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7QRLAEZ2 ]
content.yieldmanager.edgesuite.net [ C:\Users\Jonathan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7QRLAEZ2 ]
core.insightexpressai.com [ C:\Users\Jonathan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7QRLAEZ2 ]
ds.serving-sys.com [ C:\Users\Jonathan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7QRLAEZ2 ]
konac.kontera.com [ C:\Users\Jonathan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7QRLAEZ2 ]
media.mtvnservices.com [ C:\Users\Jonathan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7QRLAEZ2 ]
objects.tremormedia.com [ C:\Users\Jonathan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7QRLAEZ2 ]
s0.2mdn.net [ C:\Users\Jonathan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7QRLAEZ2 ]
secure-uk.imrworldwide.com [ C:\Users\Jonathan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7QRLAEZ2 ]
secure-us.imrworldwide.com [ C:\Users\Jonathan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7QRLAEZ2 ]
stat.easydate.biz [ C:\Users\Jonathan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7QRLAEZ2 ]
tag.mediashakers.hiro.tv [ C:\Users\Jonathan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7QRLAEZ2 ]
videos.mediaite.com [ C:\Users\Jonathan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7QRLAEZ2 ]
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\Low\jonathan@ad.wsod[2].txt
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\Low\jonathan@adecn[1].txt
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\Low\jonathan@ads.pointroll[1].txt
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\Low\jonathan@ads.us.e-planning[1].txt
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\Low\jonathan@adviva[1].txt
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\Low\jonathan@adxpose[2].txt
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\Low\jonathan@apmebf[1].txt
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\Low\jonathan@at.atwola[2].txt
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\Low\jonathan@cdn1.trafficmp[2].txt
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\Low\jonathan@content.yieldmanager[2].txt
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\Low\jonathan@content.yieldmanager[3].txt
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\Low\jonathan@divx.112.2o7[1].txt
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\Low\jonathan@fastclick[1].txt
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\Low\jonathan@imrworldwide[2].txt
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\Low\jonathan@interclick[1].txt
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\Low\jonathan@mediabrandsww[1].txt
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\Low\jonathan@mediafire[1].txt
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\Low\jonathan@mediaplex[1].txt
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\Low\jonathan@microsoftsto.112.2o7[1].txt
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\Low\jonathan@microsoftwindows.112.2o7[1].txt
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\Low\jonathan@overture[1].txt
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\Low\jonathan@pointroll[2].txt
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\Low\jonathan@revsci[2].txt
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\Low\jonathan@smartadserver[2].txt
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\Low\jonathan@specificclick[2].txt
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\Low\jonathan@surveymonkey.122.2o7[1].txt
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\Low\jonathan@tacoda.at.atwola[1].txt
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\Low\jonathan@trafficmp[2].txt
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\Low\jonathan@xiti[1].txt
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\Low\jonathan@zedo[2].txt
ad.insightexpressai.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
adserv6.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
art.aim4media.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
cdn.fondnessmedia.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
cdn.tremormedia.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
content.yieldmanager.edgesuite.net [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
convoad.technoratimedia.net [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
core.insightexpressai.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
crackle.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
data-ero-advertising.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
ds.serving-sys.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
i.adultswim.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
ictv-ic-ec.indieclicktv.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
media.heavy.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
media.movieweb.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
media.mtvnservices.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
media.npr.org [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
media.oprah.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
media.scanscout.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
media1.break.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
media2.onsugar.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
media4.onsugar.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
mediacast.realgravity.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
msnbcmedia.msn.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
objects.tremormedia.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
s0.2mdn.net [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
secure-uk.imrworldwide.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
secure-us.imrworldwide.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
sftrack.searchforce.net [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
stat.easydate.biz [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
tag.2bluemedia.hiro.tv [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
video.baronsmedia.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
www.baronsmedia.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
www.goodcholesterolcount.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]
www.porntube.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ELMSNXL6 ]

Adware.Vundo/Variant-MSFake
C:\PROGRAM FILES\MPLAYER\CODECS\WMAVDS32.AX

Trojan.WinUp
C:\SYSTEM VOLUME INFORMATION\SYSTEMRESTORE\FRSTAGING\ANSYS INC\V130\CFD-POST\TOOLS\PERL-5.9.5\LIB\MSWIN32-X64-PERLIO\AUTO\WIN32\WIN32.DLL
C:\SYSTEM VOLUME INFORMATION\SYSTEMRESTORE\FRSTAGING\ANSYS INC\V130\CFX\TOOLS\PERL-5.9.5\LIB\MSWIN32-X64-PERLIO\AUTO\WIN32\WIN32.DLL
C:\SYSTEM VOLUME INFORMATION\SYSTEMRESTORE\FRSTAGING\ANSYS INC\V130\TURBOGRID\TOOLS\PERL-5.9.5\LIB\MSWIN32-X64-PERLIO\AUTO\WIN32\WIN32.DLL

Trojan.Dropper/SVCHost-Fake
C:\USERS\JONATHAN\DESKTOP\MALWAREBYTES' ANTI-MALWARE\CHAMELEON\SVCHOST.EXE

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:50 AM

Posted 17 February 2012 - 04:02 PM

Ok, that was good,please run these 2 and tell me how it is after.

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.




I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 lightblue13

lightblue13
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 17 February 2012 - 08:36 PM

TDSSKiller did not require a reboot nor did it find any threats. Log below.

16:03:44.0372 5948 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
16:03:46.0377 5948 ============================================================
16:03:46.0378 5948 Current date / time: 2012/02/17 16:03:46.0377
16:03:46.0378 5948 SystemInfo:
16:03:46.0378 5948
16:03:46.0378 5948 OS Version: 6.1.7601 ServicePack: 1.0
16:03:46.0378 5948 Product type: Workstation
16:03:46.0378 5948 ComputerName: JONATHAN-PC
16:03:46.0378 5948 UserName: Jonathan
16:03:46.0378 5948 Windows directory: C:\Windows
16:03:46.0378 5948 System windows directory: C:\Windows
16:03:46.0379 5948 Processor architecture: Intel x86
16:03:46.0379 5948 Number of processors: 2
16:03:46.0379 5948 Page size: 0x1000
16:03:46.0379 5948 Boot type: Normal boot
16:03:46.0379 5948 ============================================================
16:03:50.0010 5948 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:03:50.0020 5948 \Device\Harddisk0\DR0:
16:03:50.0021 5948 MBR used
16:03:50.0022 5948 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:03:50.0022 5948 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
16:03:50.0058 5948 Initialize success
16:03:50.0058 5948 ============================================================
16:03:53.0677 5992 ============================================================
16:03:53.0677 5992 Scan started
16:03:53.0677 5992 Mode: Manual;
16:03:53.0677 5992 ============================================================
16:03:55.0018 5992 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
16:03:55.0022 5992 1394ohci - ok
16:03:55.0253 5992 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
16:03:55.0260 5992 ACPI - ok
16:03:55.0471 5992 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
16:03:55.0474 5992 AcpiPmi - ok
16:03:55.0744 5992 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
16:03:55.0778 5992 adp94xx - ok
16:03:55.0990 5992 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
16:03:56.0002 5992 adpahci - ok
16:03:56.0256 5992 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
16:03:56.0277 5992 adpu320 - ok
16:03:56.0602 5992 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
16:03:56.0610 5992 AFD - ok
16:03:56.0746 5992 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
16:03:56.0750 5992 agp440 - ok
16:03:56.0966 5992 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
16:03:56.0970 5992 aic78xx - ok
16:03:57.0205 5992 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
16:03:57.0207 5992 aliide - ok
16:03:57.0375 5992 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
16:03:57.0378 5992 amdagp - ok
16:03:57.0529 5992 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
16:03:57.0531 5992 amdide - ok
16:03:57.0650 5992 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
16:03:57.0653 5992 AmdK8 - ok
16:03:57.0758 5992 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
16:03:57.0761 5992 AmdPPM - ok
16:03:57.0900 5992 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
16:03:57.0903 5992 amdsata - ok
16:03:58.0112 5992 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
16:03:58.0118 5992 amdsbs - ok
16:03:58.0214 5992 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
16:03:58.0217 5992 amdxata - ok
16:03:58.0436 5992 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
16:03:58.0439 5992 AppID - ok
16:03:58.0694 5992 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
16:03:58.0698 5992 arc - ok
16:03:58.0733 5992 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
16:03:58.0737 5992 arcsas - ok
16:03:58.0941 5992 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
16:03:58.0943 5992 AsyncMac - ok
16:03:59.0040 5992 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
16:03:59.0042 5992 atapi - ok
16:03:59.0311 5992 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
16:03:59.0315 5992 AVGIDSDriver - ok
16:03:59.0543 5992 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
16:03:59.0546 5992 AVGIDSEH - ok
16:03:59.0768 5992 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
16:03:59.0770 5992 AVGIDSFilter - ok
16:04:00.0000 5992 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
16:04:00.0003 5992 AVGIDSShim - ok
16:04:00.0247 5992 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
16:04:00.0252 5992 Avgldx86 - ok
16:04:00.0492 5992 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
16:04:00.0529 5992 Avgmfx86 - ok
16:04:00.0754 5992 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
16:04:00.0757 5992 Avgrkx86 - ok
16:04:00.0988 5992 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
16:04:01.0000 5992 Avgtdix - ok
16:04:01.0249 5992 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
16:04:01.0273 5992 b06bdrv - ok
16:04:01.0486 5992 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
16:04:01.0492 5992 b57nd60x - ok
16:04:01.0816 5992 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) C:\Windows\system32\DRIVERS\bcmwl6.sys
16:04:01.0863 5992 BCM43XX - ok
16:04:02.0074 5992 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
16:04:02.0076 5992 Beep - ok
16:04:02.0310 5992 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
16:04:02.0313 5992 blbdrive - ok
16:04:02.0563 5992 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
16:04:02.0566 5992 bowser - ok
16:04:02.0629 5992 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:04:02.0632 5992 BrFiltLo - ok
16:04:02.0837 5992 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:04:02.0840 5992 BrFiltUp - ok
16:04:02.0990 5992 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
16:04:02.0994 5992 BridgeMP - ok
16:04:03.0133 5992 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
16:04:03.0145 5992 Brserid - ok
16:04:03.0355 5992 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
16:04:03.0358 5992 BrSerWdm - ok
16:04:03.0423 5992 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:04:03.0426 5992 BrUsbMdm - ok
16:04:03.0615 5992 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
16:04:03.0617 5992 BrUsbSer - ok
16:04:03.0691 5992 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
16:04:03.0695 5992 BTHMODEM - ok
16:04:03.0977 5992 catchme - ok
16:04:04.0162 5992 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
16:04:04.0165 5992 cdfs - ok
16:04:04.0409 5992 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
16:04:04.0412 5992 cdrom - ok
16:04:04.0636 5992 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
16:04:04.0639 5992 circlass - ok
16:04:04.0767 5992 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
16:04:04.0846 5992 CLFS - ok
16:04:05.0124 5992 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
16:04:05.0126 5992 CmBatt - ok
16:04:05.0193 5992 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
16:04:05.0196 5992 cmdide - ok
16:04:05.0411 5992 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
16:04:05.0445 5992 CNG - ok
16:04:05.0657 5992 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
16:04:05.0659 5992 Compbatt - ok
16:04:05.0729 5992 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
16:04:05.0731 5992 CompositeBus - ok
16:04:05.0948 5992 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
16:04:05.0951 5992 crcdisk - ok
16:04:06.0199 5992 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
16:04:06.0222 5992 CSC - ok
16:04:06.0455 5992 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
16:04:06.0458 5992 DfsC - ok
16:04:06.0789 5992 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
16:04:06.0805 5992 discache - ok
16:04:07.0084 5992 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
16:04:07.0088 5992 Disk - ok
16:04:07.0239 5992 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
16:04:07.0242 5992 drmkaud - ok
16:04:07.0394 5992 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
16:04:07.0429 5992 DXGKrnl - ok
16:04:07.0668 5992 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
16:04:07.0771 5992 ebdrv - ok
16:04:08.0001 5992 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
16:04:08.0024 5992 elxstor - ok
16:04:08.0226 5992 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
16:04:08.0228 5992 ErrDev - ok
16:04:08.0384 5992 esgiguard - ok
16:04:08.0592 5992 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
16:04:08.0597 5992 exfat - ok
16:04:08.0627 5992 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
16:04:08.0632 5992 fastfat - ok
16:04:08.0857 5992 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
16:04:08.0860 5992 fdc - ok
16:04:08.0887 5992 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
16:04:08.0890 5992 FileInfo - ok
16:04:09.0095 5992 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
16:04:09.0098 5992 Filetrace - ok
16:04:09.0117 5992 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
16:04:09.0119 5992 flpydisk - ok
16:04:09.0341 5992 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
16:04:09.0346 5992 FltMgr - ok
16:04:09.0368 5992 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
16:04:09.0371 5992 FsDepends - ok
16:04:09.0564 5992 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
16:04:09.0567 5992 Fs_Rec - ok
16:04:09.0724 5992 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
16:04:09.0729 5992 fvevol - ok
16:04:09.0863 5992 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:04:09.0867 5992 gagp30kx - ok
16:04:10.0006 5992 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:04:10.0009 5992 GEARAspiWDM - ok
16:04:10.0097 5992 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
16:04:10.0100 5992 hcw85cir - ok
16:04:10.0333 5992 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
16:04:10.0345 5992 HdAudAddService - ok
16:04:10.0556 5992 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
16:04:10.0560 5992 HDAudBus - ok
16:04:10.0621 5992 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
16:04:10.0623 5992 HidBatt - ok
16:04:10.0831 5992 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
16:04:10.0834 5992 HidBth - ok
16:04:11.0050 5992 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
16:04:11.0053 5992 HidIr - ok
16:04:11.0287 5992 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
16:04:11.0289 5992 HidUsb - ok
16:04:11.0514 5992 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
16:04:11.0518 5992 HpSAMD - ok
16:04:11.0749 5992 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
16:04:11.0773 5992 HTTP - ok
16:04:11.0976 5992 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
16:04:11.0979 5992 hwpolicy - ok
16:04:12.0338 5992 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
16:04:12.0342 5992 i8042prt - ok
16:04:12.0567 5992 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
16:04:12.0579 5992 iaStorV - ok
16:04:12.0924 5992 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:04:13.0050 5992 igfx - ok
16:04:13.0270 5992 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
16:04:13.0274 5992 iirsp - ok
16:04:13.0337 5992 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
16:04:13.0339 5992 intelide - ok
16:04:13.0558 5992 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
16:04:13.0560 5992 intelppm - ok
16:04:13.0582 5992 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:04:13.0585 5992 IpFilterDriver - ok
16:04:13.0803 5992 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
16:04:13.0807 5992 IPMIDRV - ok
16:04:14.0005 5992 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
16:04:14.0009 5992 IPNAT - ok
16:04:14.0236 5992 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
16:04:14.0239 5992 IRENUM - ok
16:04:14.0393 5992 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
16:04:14.0396 5992 isapnp - ok
16:04:14.0485 5992 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
16:04:14.0492 5992 iScsiPrt - ok
16:04:14.0707 5992 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
16:04:14.0710 5992 kbdclass - ok
16:04:14.0925 5992 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
16:04:14.0927 5992 kbdhid - ok
16:04:15.0133 5992 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
16:04:15.0136 5992 KSecDD - ok
16:04:15.0171 5992 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
16:04:15.0176 5992 KSecPkg - ok
16:04:15.0420 5992 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
16:04:15.0423 5992 lltdio - ok
16:04:15.0653 5992 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:04:15.0657 5992 LSI_FC - ok
16:04:15.0887 5992 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:04:15.0891 5992 LSI_SAS - ok
16:04:16.0104 5992 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:04:16.0107 5992 LSI_SAS2 - ok
16:04:16.0130 5992 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:04:16.0134 5992 LSI_SCSI - ok
16:04:16.0352 5992 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
16:04:16.0356 5992 luafv - ok
16:04:16.0578 5992 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
16:04:16.0582 5992 mcdbus - ok
16:04:16.0778 5992 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
16:04:16.0781 5992 megasas - ok
16:04:16.0867 5992 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
16:04:16.0873 5992 MegaSR - ok
16:04:17.0088 5992 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
16:04:17.0090 5992 Modem - ok
16:04:17.0316 5992 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
16:04:17.0318 5992 monitor - ok
16:04:17.0382 5992 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
16:04:17.0385 5992 mouclass - ok
16:04:17.0599 5992 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
16:04:17.0602 5992 mouhid - ok
16:04:17.0672 5992 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
16:04:17.0675 5992 mountmgr - ok
16:04:17.0870 5992 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
16:04:17.0874 5992 mpio - ok
16:04:17.0942 5992 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
16:04:17.0945 5992 mpsdrv - ok
16:04:18.0192 5992 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
16:04:18.0196 5992 MRxDAV - ok
16:04:18.0420 5992 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:04:18.0424 5992 mrxsmb - ok
16:04:18.0500 5992 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:04:18.0506 5992 mrxsmb10 - ok
16:04:18.0713 5992 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:04:18.0717 5992 mrxsmb20 - ok
16:04:18.0846 5992 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
16:04:18.0849 5992 msahci - ok
16:04:18.0975 5992 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
16:04:18.0980 5992 msdsm - ok
16:04:19.0110 5992 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
16:04:19.0113 5992 Msfs - ok
16:04:19.0194 5992 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
16:04:19.0196 5992 mshidkmdf - ok
16:04:19.0267 5992 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
16:04:19.0270 5992 msisadrv - ok
16:04:19.0505 5992 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
16:04:19.0507 5992 MSKSSRV - ok
16:04:19.0629 5992 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
16:04:19.0631 5992 MSPCLOCK - ok
16:04:19.0757 5992 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
16:04:19.0759 5992 MSPQM - ok
16:04:19.0789 5992 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
16:04:19.0794 5992 MsRPC - ok
16:04:20.0000 5992 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
16:04:20.0002 5992 mssmbios - ok
16:04:20.0230 5992 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
16:04:20.0233 5992 MSTEE - ok
16:04:20.0250 5992 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
16:04:20.0253 5992 MTConfig - ok
16:04:20.0450 5992 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
16:04:20.0453 5992 Mup - ok
16:04:20.0688 5992 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
16:04:20.0694 5992 NativeWifiP - ok
16:04:20.0936 5992 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
16:04:20.0946 5992 NDIS - ok
16:04:21.0161 5992 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
16:04:21.0164 5992 NdisCap - ok
16:04:21.0256 5992 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
16:04:21.0259 5992 NdisTapi - ok
16:04:21.0425 5992 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
16:04:21.0429 5992 Ndisuio - ok
16:04:21.0556 5992 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
16:04:21.0560 5992 NdisWan - ok
16:04:21.0696 5992 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
16:04:21.0700 5992 NDProxy - ok
16:04:21.0921 5992 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
16:04:21.0924 5992 NetBIOS - ok
16:04:22.0169 5992 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
16:04:22.0172 5992 nfrd960 - ok
16:04:22.0397 5992 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
16:04:22.0400 5992 Npfs - ok
16:04:22.0476 5992 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
16:04:22.0479 5992 nsiproxy - ok
16:04:22.0648 5992 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
16:04:22.0684 5992 Ntfs - ok
16:04:22.0884 5992 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
16:04:22.0887 5992 Null - ok
16:04:23.0123 5992 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
16:04:23.0127 5992 nvraid - ok
16:04:23.0348 5992 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
16:04:23.0352 5992 nvstor - ok
16:04:23.0558 5992 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
16:04:23.0562 5992 nv_agp - ok
16:04:23.0787 5992 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
16:04:23.0791 5992 ohci1394 - ok
16:04:24.0020 5992 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
16:04:24.0024 5992 Parport - ok
16:04:24.0099 5992 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
16:04:24.0102 5992 partmgr - ok
16:04:24.0308 5992 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
16:04:24.0310 5992 Parvdm - ok
16:04:24.0527 5992 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
16:04:24.0532 5992 pci - ok
16:04:24.0752 5992 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
16:04:24.0754 5992 pciide - ok
16:04:24.0821 5992 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
16:04:24.0827 5992 pcmcia - ok
16:04:25.0030 5992 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
16:04:25.0033 5992 pcw - ok
16:04:25.0070 5992 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
16:04:25.0094 5992 PEAUTH - ok
16:04:25.0342 5992 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
16:04:25.0346 5992 PptpMiniport - ok
16:04:25.0374 5992 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
16:04:25.0377 5992 Processor - ok
16:04:25.0606 5992 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
16:04:25.0609 5992 Psched - ok
16:04:25.0662 5992 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
16:04:25.0709 5992 ql2300 - ok
16:04:25.0909 5992 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
16:04:25.0913 5992 ql40xx - ok
16:04:25.0992 5992 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
16:04:25.0995 5992 QWAVEdrv - ok
16:04:26.0132 5992 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
16:04:26.0134 5992 RasAcd - ok
16:04:26.0346 5992 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:04:26.0350 5992 RasAgileVpn - ok
16:04:26.0439 5992 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:04:26.0443 5992 Rasl2tp - ok
16:04:26.0672 5992 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
16:04:26.0676 5992 RasPppoe - ok
16:04:26.0844 5992 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
16:04:26.0847 5992 RasSstp - ok
16:04:26.0938 5992 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
16:04:26.0945 5992 rdbss - ok
16:04:27.0127 5992 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
16:04:27.0129 5992 rdpbus - ok
16:04:27.0221 5992 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:04:27.0223 5992 RDPCDD - ok
16:04:27.0424 5992 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
16:04:27.0429 5992 RDPDR - ok
16:04:27.0622 5992 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
16:04:27.0624 5992 RDPENCDD - ok
16:04:27.0653 5992 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
16:04:27.0655 5992 RDPREFMP - ok
16:04:27.0832 5992 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
16:04:27.0835 5992 RdpVideoMiniport - ok
16:04:27.0925 5992 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
16:04:27.0931 5992 RDPWD - ok
16:04:28.0100 5992 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
16:04:28.0106 5992 rdyboost - ok
16:04:28.0303 5992 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys
16:04:28.0306 5992 rimmptsk - ok
16:04:28.0379 5992 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys
16:04:28.0382 5992 rimsptsk - ok
16:04:28.0585 5992 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys
16:04:28.0588 5992 rismxdp - ok
16:04:28.0827 5992 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
16:04:28.0830 5992 rspndr - ok
16:04:28.0953 5992 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
16:04:28.0955 5992 s3cap - ok
16:04:29.0121 5992 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:04:29.0123 5992 SASDIFSV - ok
16:04:29.0183 5992 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:04:29.0186 5992 SASKUTIL - ok
16:04:29.0410 5992 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
16:04:29.0414 5992 sbp2port - ok
16:04:29.0640 5992 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
16:04:29.0643 5992 scfilter - ok
16:04:29.0869 5992 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
16:04:29.0873 5992 sdbus - ok
16:04:30.0103 5992 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:04:30.0106 5992 secdrv - ok
16:04:30.0261 5992 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
16:04:30.0263 5992 Serenum - ok
16:04:30.0362 5992 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
16:04:30.0365 5992 Serial - ok
16:04:30.0569 5992 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
16:04:30.0572 5992 sermouse - ok
16:04:30.0673 5992 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
16:04:30.0675 5992 sffdisk - ok
16:04:30.0818 5992 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
16:04:30.0820 5992 sffp_mmc - ok
16:04:30.0909 5992 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
16:04:30.0911 5992 sffp_sd - ok
16:04:31.0097 5992 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
16:04:31.0099 5992 sfloppy - ok
16:04:31.0231 5992 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
16:04:31.0234 5992 sisagp - ok
16:04:31.0457 5992 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:04:31.0460 5992 SiSRaid2 - ok
16:04:31.0484 5992 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
16:04:31.0488 5992 SiSRaid4 - ok
16:04:31.0733 5992 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
16:04:31.0737 5992 Smb - ok
16:04:31.0969 5992 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
16:04:31.0971 5992 spldr - ok
16:04:32.0232 5992 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
16:04:32.0240 5992 srv - ok
16:04:32.0447 5992 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
16:04:32.0460 5992 srv2 - ok
16:04:32.0692 5992 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:04:32.0698 5992 SrvHsfHDA - ok
16:04:32.0854 5992 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
16:04:32.0890 5992 SrvHsfV92 - ok
16:04:32.0985 5992 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
16:04:33.0010 5992 SrvHsfWinac - ok
16:04:33.0221 5992 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
16:04:33.0225 5992 srvnet - ok
16:04:33.0449 5992 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
16:04:33.0452 5992 stexstor - ok
16:04:33.0680 5992 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
16:04:33.0683 5992 storflt - ok
16:04:33.0817 5992 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
16:04:33.0819 5992 storvsc - ok
16:04:33.0908 5992 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
16:04:33.0910 5992 swenum - ok
16:04:34.0073 5992 Synth3dVsc - ok
16:04:34.0203 5992 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
16:04:34.0263 5992 Tcpip - ok
16:04:34.0526 5992 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
16:04:34.0543 5992 TCPIP6 - ok
16:04:34.0746 5992 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
16:04:34.0749 5992 tcpipreg - ok
16:04:34.0888 5992 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
16:04:34.0890 5992 TDPIPE - ok
16:04:34.0949 5992 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
16:04:34.0952 5992 TDTCP - ok
16:04:35.0099 5992 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
16:04:35.0103 5992 tdx - ok
16:04:35.0194 5992 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
16:04:35.0197 5992 TermDD - ok
16:04:35.0432 5992 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:04:35.0435 5992 tssecsrv - ok
16:04:35.0667 5992 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
16:04:35.0670 5992 TsUsbFlt - ok
16:04:35.0804 5992 tsusbhub - ok
16:04:35.0953 5992 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
16:04:35.0957 5992 tunnel - ok
16:04:36.0159 5992 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
16:04:36.0163 5992 uagp35 - ok
16:04:36.0370 5992 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
16:04:36.0377 5992 udfs - ok
16:04:36.0600 5992 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
16:04:36.0604 5992 uliagpkx - ok
16:04:36.0817 5992 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
16:04:36.0821 5992 umbus - ok
16:04:37.0029 5992 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
16:04:37.0032 5992 UmPass - ok
16:04:37.0256 5992 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
16:04:37.0259 5992 USBAAPL - ok
16:04:37.0344 5992 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
16:04:37.0347 5992 usbccgp - ok
16:04:37.0567 5992 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
16:04:37.0571 5992 usbcir - ok
16:04:37.0598 5992 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
16:04:37.0600 5992 usbehci - ok
16:04:37.0814 5992 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
16:04:37.0820 5992 usbhub - ok
16:04:37.0982 5992 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
16:04:37.0984 5992 usbohci - ok
16:04:38.0048 5992 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
16:04:38.0051 5992 usbprint - ok
16:04:38.0252 5992 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:04:38.0256 5992 USBSTOR - ok
16:04:38.0396 5992 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
16:04:38.0399 5992 usbuhci - ok
16:04:38.0532 5992 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
16:04:38.0536 5992 vdrvroot - ok
16:04:38.0742 5992 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
16:04:38.0745 5992 vga - ok
16:04:38.0793 5992 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
16:04:38.0796 5992 VgaSave - ok
16:04:38.0928 5992 VGPU - ok
16:04:39.0017 5992 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
16:04:39.0022 5992 vhdmp - ok
16:04:39.0246 5992 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
16:04:39.0250 5992 viaagp - ok
16:04:39.0438 5992 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
16:04:39.0441 5992 ViaC7 - ok
16:04:39.0537 5992 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
16:04:39.0539 5992 viaide - ok
16:04:39.0675 5992 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
16:04:39.0681 5992 vmbus - ok
16:04:39.0764 5992 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
16:04:39.0767 5992 VMBusHID - ok
16:04:39.0902 5992 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
16:04:39.0906 5992 volmgr - ok
16:04:39.0990 5992 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
16:04:40.0002 5992 volmgrx - ok
16:04:40.0195 5992 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
16:04:40.0202 5992 volsnap - ok
16:04:40.0231 5992 vpnva - ok
16:04:40.0444 5992 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
16:04:40.0449 5992 vsmraid - ok
16:04:40.0494 5992 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
16:04:40.0497 5992 vwifibus - ok
16:04:40.0709 5992 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
16:04:40.0712 5992 vwififlt - ok
16:04:40.0751 5992 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
16:04:40.0754 5992 WacomPen - ok
16:04:40.0978 5992 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
16:04:40.0981 5992 WANARP - ok
16:04:40.0989 5992 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
16:04:40.0991 5992 Wanarpv6 - ok
16:04:41.0225 5992 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
16:04:41.0228 5992 Wd - ok
16:04:41.0264 5992 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
16:04:41.0288 5992 Wdf01000 - ok
16:04:41.0531 5992 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
16:04:41.0534 5992 WfpLwf - ok
16:04:41.0567 5992 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
16:04:41.0570 5992 WIMMount - ok
16:04:41.0825 5992 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
16:04:41.0828 5992 WinUsb - ok
16:04:42.0045 5992 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
16:04:42.0046 5992 WmiAcpi - ok
16:04:42.0272 5992 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
16:04:42.0275 5992 ws2ifsl - ok
16:04:42.0358 5992 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
16:04:42.0362 5992 WudfPf - ok
16:04:42.0583 5992 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:04:42.0588 5992 WUDFRd - ok
16:04:42.0825 5992 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
16:04:42.0832 5992 yukonw7 - ok
16:04:42.0902 5992 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:04:42.0983 5992 \Device\Harddisk0\DR0 - ok
16:04:42.0985 5992 Boot (0x1200) (af7c4a82cf7d2756e272e8e60141a247) \Device\Harddisk0\DR0\Partition0
16:04:42.0987 5992 \Device\Harddisk0\DR0\Partition0 - ok
16:04:42.0999 5992 Boot (0x1200) (c4295bf27f3213eeff438e1b71c56723) \Device\Harddisk0\DR0\Partition1
16:04:43.0001 5992 \Device\Harddisk0\DR0\Partition1 - ok
16:04:43.0002 5992 ============================================================
16:04:43.0002 5992 Scan finished
16:04:43.0002 5992 ============================================================
16:04:43.0006 5984 Detected object count: 0
16:04:43.0006 5984 Actual detected object count: 0




NOTE: For this log I erased my name where it appeared in file names but everything else appears exactly like the log

C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.02.2012_18.13.35\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.02.2012_18.13.35\mbr0000\tdlfs0000\tsk0005.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.02.2012_18.13.35\mbr0000\tdlfs0000\tsk0006.dta a variant of Win32/Rootkit.Kryptik.HP trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.02.2012_18.13.35\mbr0000\tdlfs0000\tsk0007.dta a variant of Win32/Olmarik.AYG trojan cleaned by deleting - quarantined
C:\Users\J\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\7bec11ca-3c243aee Java/Exploit.CVE-2011-3544.F trojan deleted - quarantined
C:\Users\J\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\7c88068a-162b206c Java/Agent.BV trojan deleted - quarantined
C:\Users\J\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\1ae8aca3-634dbe1e multiple threats deleted - quarantined
C:\Users\J\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\2b29fca3-6d5d48c1 a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\J\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\38e63bec-4421c5d5 Java/Agent.BV trojan deleted - quarantined
C:\Users\J\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\677b6c70-3e644972 Java/TrojanDownloader.OpenStream.NCO trojan deleted - quarantined
C:\Users\J\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\4c81ed73-59cb7b9b probably a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\J\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\5ad4b738-3c9d7cdf Java/Agent.BV trojan deleted - quarantined
C:\Users\J\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\1a4a41fc-45885a72 Java/Exploit.CVE-2011-3544.AC trojan deleted - quarantined
C:\Users\J\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\69928a3d-76400bc5 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Users\J\Documents\Software\frostwire-4.21.3.windows.exe Win32/OpenCandy application deleted - quarantined
C:\Users\J\Documents\Software\frostwire-5.2.3.windows.exe Win32/OpenCandy application deleted - quarantined
C:\Users\J\Documents\Software\VLC_win32-setup.exe Win32/Toolbar.Zugo application deleted - quarantined
C:\Users\J\Documents\Software\XvidSetup.exe multiple threats deleted - quarantined
C:\Windows\System32\drivers\netbt.sys Win32/Sirefef.DA trojan unable to clean
C:\Windows.old\$Recycle.Bin\S-1-5-21-3885015254-1690940735-3209433442-1000\$R2KMVOZ.exe Win32/OpenCandy application deleted - quarantined
C:\Windows.old\Documents and Settings\JH\AppData\Local\Application Data\Temp\OpenCandy\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\JH\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-2e43b223 multiple threats deleted - quarantined
C:\Windows.old\Documents and Settings\JH\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\29c44cd8-7d7ddde1 multiple threats deleted - quarantined
C:\Windows.old\Documents and Settings\JH\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\312015a9-2f8aa6fb a variant of Java/Exploit.Agent.NAC trojan deleted - quarantined
C:\Windows.old\Documents and Settings\JH\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\556445eb-5131ba14 probably a variant of Win32/Agent.DYXWUMY trojan deleted - quarantined
C:\Windows.old\Documents and Settings\JH\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\5473416c-2539ed77 multiple threats deleted - quarantined
C:\Windows.old\Documents and Settings\JH\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-731978e2 Java/TrojanDownloader.Agent.NBL trojan deleted - quarantined
C:\Windows.old\Documents and Settings\JH\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\7e502985-61c4d652 multiple threats deleted - quarantined
C:\Windows.old\Documents and Settings\JH\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\66b940b4-6a98b6cc multiple threats deleted - quarantined
C:\Windows.old\Documents and Settings\JH\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.3.windows.exe Win32/OpenCandy application deleted - quarantined
C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\59a2bba2-2e675533 Java/Exploit.CVE-2009-2843.B trojan cleaned by deleting - quarantined
C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\1763d7e9-27070b0a Java/Exploit.CVE-2009-2843.B trojan deleted - quarantined
C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\412339b8-204d8434 Java/Exploit.CVE-2009-2843.B trojan cleaned by deleting - quarantined
C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2fbb37bf-551d016b Java/Exploit.CVE-2009-2843.B trojan deleted - quarantined
C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\4052083f-6020dff3 multiple threats deleted - quarantined
C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\589e5d87-16cf9843 multiple threats deleted - quarantined

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:50 AM

Posted 17 February 2012 - 09:07 PM

Does AVG still see the Hider? If so does it say where.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 lightblue13

lightblue13
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 17 February 2012 - 09:52 PM

Yes, it's located in:
C:\Windows\System32\drivers\netbt.sys

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:50 AM

Posted 17 February 2012 - 11:15 PM

OK, as its a system file we need to get a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 lightblue13

lightblue13
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 18 February 2012 - 08:16 AM

Will do. Thanks for your help.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:50 AM

Posted 18 February 2012 - 08:32 PM

You're welcome,you'll be OK shortly.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 3 days and ALL logs are answered.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users