Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Link Redirection


  • Please log in to reply
8 replies to this topic

#1 CPtechwish

CPtechwish

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 29 February 2012 - 12:20 PM

HP Probook 4520S, running Windows 7, 64-bit is being redirected from any google link when using either internet explorer (IE8) or firefox. TrendMicro is blocking entry to all the sites she's been redirected to (fortunately.)

This computer had the Windows Recovery virus about a week ago and we restored it to an earlier point and then ran a Malwarebytes scan on it and the problem seemed to be gone. So this problem may or may not be related.

For now she is getting around the problem by typing in or copying and pasting URLs.

Would be appreciative of any help you can offer.

Thanks.

Edited by Budapest, 29 February 2012 - 04:30 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~Budapest


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:09 AM

Posted 29 February 2012 - 07:37 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Restart the PC

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Edited by narenxp, 29 February 2012 - 07:38 PM.


#3 CPtechwish

CPtechwish
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 29 February 2012 - 08:40 PM

Ran the two downloads. Here are the scan logs:

TDSSKiller:

18:07:53.0569 0472 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24
18:07:54.0069 0472 ============================================================
18:07:54.0069 0472 Current date / time: 2012/02/29 18:07:54.0069
18:07:54.0069 0472 SystemInfo:
18:07:54.0069 0472
18:07:54.0069 0472 OS Version: 6.1.7601 ServicePack: 1.0
18:07:54.0069 0472 Product type: Workstation
18:07:54.0069 0472 ComputerName: CPLT6
18:07:54.0069 0472 UserName: dstevens
18:07:54.0069 0472 Windows directory: C:\Windows
18:07:54.0069 0472 System windows directory: C:\Windows
18:07:54.0069 0472 Running under WOW64
18:07:54.0069 0472 Processor architecture: Intel x64
18:07:54.0069 0472 Number of processors: 4
18:07:54.0069 0472 Page size: 0x1000
18:07:54.0069 0472 Boot type: Normal boot
18:07:54.0069 0472 ============================================================
18:07:54.0865 0472 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:07:54.0865 0472 \Device\Harddisk0\DR0:
18:07:54.0865 0472 MBR used
18:07:54.0865 0472 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x25392000
18:07:54.0865 0472 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x25392800, BlocksNum 0x96000
18:07:54.0896 0472 Initialize success
18:07:54.0896 0472 ============================================================
18:08:20.0764 3448 ============================================================
18:08:20.0764 3448 Scan started
18:08:20.0764 3448 Mode: Manual; TDLFS;
18:08:20.0764 3448 ============================================================
18:08:21.0342 3448 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:08:21.0342 3448 1394ohci - ok
18:08:21.0404 3448 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
18:08:21.0404 3448 Accelerometer - ok
18:08:21.0451 3448 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:08:21.0467 3448 ACPI - ok
18:08:21.0513 3448 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:08:21.0529 3448 AcpiPmi - ok
18:08:21.0654 3448 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:08:21.0654 3448 adp94xx - ok
18:08:21.0685 3448 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:08:21.0685 3448 adpahci - ok
18:08:21.0701 3448 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:08:21.0701 3448 adpu320 - ok
18:08:21.0716 3448 Afc - ok
18:08:21.0779 3448 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
18:08:21.0794 3448 AFD - ok
18:08:21.0888 3448 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
18:08:21.0904 3448 AgereSoftModem - ok
18:08:21.0935 3448 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:08:21.0935 3448 agp440 - ok
18:08:21.0997 3448 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:08:21.0997 3448 aliide - ok
18:08:22.0060 3448 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:08:22.0060 3448 amdide - ok
18:08:22.0107 3448 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:08:22.0107 3448 AmdK8 - ok
18:08:22.0138 3448 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:08:22.0138 3448 AmdPPM - ok
18:08:22.0169 3448 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
18:08:22.0169 3448 amdsata - ok
18:08:22.0185 3448 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:08:22.0185 3448 amdsbs - ok
18:08:22.0232 3448 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
18:08:22.0232 3448 amdxata - ok
18:08:22.0357 3448 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:08:22.0357 3448 AppID - ok
18:08:22.0403 3448 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:08:22.0403 3448 arc - ok
18:08:22.0419 3448 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:08:22.0419 3448 arcsas - ok
18:08:22.0450 3448 ARCVCAM (ce2168c926927ba926301baf172bc693) C:\Windows\system32\DRIVERS\ArcSoftVCapture.sys
18:08:22.0450 3448 ARCVCAM - ok
18:08:22.0544 3448 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:08:22.0544 3448 AsyncMac - ok
18:08:22.0575 3448 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:08:22.0575 3448 atapi - ok
18:08:22.0638 3448 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:08:22.0638 3448 b06bdrv - ok
18:08:22.0669 3448 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:08:22.0684 3448 b57nd60a - ok
18:08:22.0700 3448 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:08:22.0700 3448 Beep - ok
18:08:22.0762 3448 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:08:22.0762 3448 blbdrive - ok
18:08:22.0840 3448 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:08:22.0840 3448 bowser - ok
18:08:22.0887 3448 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:08:22.0887 3448 BrFiltLo - ok
18:08:22.0919 3448 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:08:22.0919 3448 BrFiltUp - ok
18:08:22.0934 3448 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:08:22.0934 3448 Brserid - ok
18:08:22.0981 3448 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:08:22.0997 3448 BrSerWdm - ok
18:08:23.0012 3448 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:08:23.0012 3448 BrUsbMdm - ok
18:08:23.0028 3448 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:08:23.0028 3448 BrUsbSer - ok
18:08:23.0075 3448 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
18:08:23.0075 3448 BthEnum - ok
18:08:23.0121 3448 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:08:23.0121 3448 BTHMODEM - ok
18:08:23.0137 3448 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
18:08:23.0153 3448 BthPan - ok
18:08:23.0200 3448 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
18:08:23.0215 3448 BTHPORT - ok
18:08:23.0231 3448 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
18:08:23.0231 3448 BTHUSB - ok
18:08:23.0278 3448 BTMCOM (e588420b950dac5ac397f76660bce520) C:\Windows\System32\Drivers\btmcom.sys
18:08:23.0278 3448 BTMCOM - ok
18:08:23.0324 3448 BTMHID (111160e8f47fafc0bd026293ebb95b70) C:\Windows\system32\DRIVERS\btmhid.sys
18:08:23.0340 3448 BTMHID - ok
18:08:23.0387 3448 BTMUSB (4eef6b894e05fc245640dcee9190a053) C:\Windows\system32\Drivers\btmusb.sys
18:08:23.0418 3448 BTMUSB - ok
18:08:23.0481 3448 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:08:23.0481 3448 cdfs - ok
18:08:23.0543 3448 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:08:23.0543 3448 cdrom - ok
18:08:23.0574 3448 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:08:23.0590 3448 circlass - ok
18:08:23.0605 3448 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:08:23.0621 3448 CLFS - ok
18:08:23.0683 3448 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:08:23.0683 3448 CmBatt - ok
18:08:23.0746 3448 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:08:23.0746 3448 cmdide - ok
18:08:23.0777 3448 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:08:23.0777 3448 CNG - ok
18:08:23.0808 3448 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:08:23.0808 3448 Compbatt - ok
18:08:23.0824 3448 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:08:23.0824 3448 CompositeBus - ok
18:08:23.0902 3448 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:08:23.0902 3448 crcdisk - ok
18:08:23.0964 3448 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
18:08:23.0964 3448 CSC - ok
18:08:23.0996 3448 DAMDrv (a8ba4da23ac20bda23ca15234d42a3fa) C:\Windows\system32\DRIVERS\DAMDrv64.sys
18:08:23.0996 3448 DAMDrv - ok
18:08:24.0043 3448 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:08:24.0043 3448 DfsC - ok
18:08:24.0121 3448 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:08:24.0121 3448 discache - ok
18:08:24.0167 3448 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:08:24.0167 3448 Disk - ok
18:08:24.0183 3448 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:08:24.0183 3448 drmkaud - ok
18:08:24.0230 3448 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:08:24.0245 3448 DXGKrnl - ok
18:08:24.0339 3448 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:08:24.0370 3448 ebdrv - ok
18:08:24.0464 3448 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:08:24.0480 3448 elxstor - ok
18:08:24.0495 3448 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:08:24.0495 3448 ErrDev - ok
18:08:24.0542 3448 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:08:24.0542 3448 exfat - ok
18:08:24.0558 3448 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:08:24.0558 3448 fastfat - ok
18:08:24.0589 3448 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:08:24.0589 3448 fdc - ok
18:08:24.0667 3448 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:08:24.0667 3448 FileInfo - ok
18:08:24.0683 3448 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:08:24.0683 3448 Filetrace - ok
18:08:24.0714 3448 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:08:24.0714 3448 flpydisk - ok
18:08:24.0745 3448 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:08:24.0761 3448 FltMgr - ok
18:08:24.0792 3448 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:08:24.0792 3448 FsDepends - ok
18:08:24.0792 3448 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:08:24.0807 3448 Fs_Rec - ok
18:08:24.0886 3448 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:08:24.0886 3448 fvevol - ok
18:08:24.0932 3448 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:08:24.0932 3448 gagp30kx - ok
18:08:24.0964 3448 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:08:24.0964 3448 GEARAspiWDM - ok
18:08:24.0979 3448 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:08:24.0979 3448 hcw85cir - ok
18:08:25.0026 3448 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:08:25.0042 3448 HdAudAddService - ok
18:08:25.0120 3448 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:08:25.0135 3448 HDAudBus - ok
18:08:25.0182 3448 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
18:08:25.0182 3448 HECIx64 - ok
18:08:25.0213 3448 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:08:25.0213 3448 HidBatt - ok
18:08:25.0229 3448 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:08:25.0229 3448 HidBth - ok
18:08:25.0245 3448 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:08:25.0245 3448 HidIr - ok
18:08:25.0338 3448 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:08:25.0338 3448 HidUsb - ok
18:08:25.0416 3448 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
18:08:25.0416 3448 hpdskflt - ok
18:08:25.0448 3448 HpqKbFiltr (b98ee5d4535a685634b90f7e04de0df7) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
18:08:25.0448 3448 HpqKbFiltr - ok
18:08:25.0526 3448 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:08:25.0541 3448 HpSAMD - ok
18:08:25.0588 3448 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:08:25.0588 3448 HTTP - ok
18:08:25.0619 3448 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:08:25.0619 3448 hwpolicy - ok
18:08:25.0651 3448 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:08:25.0651 3448 i8042prt - ok
18:08:25.0729 3448 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
18:08:25.0729 3448 iaStor - ok
18:08:25.0775 3448 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
18:08:25.0775 3448 iaStorV - ok
18:08:25.0963 3448 igfx (1be8d9ca4f2363b8e8015621878e0043) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:08:26.0103 3448 igfx - ok
18:08:26.0197 3448 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:08:26.0197 3448 iirsp - ok
18:08:26.0244 3448 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
18:08:26.0244 3448 Impcd - ok
18:08:26.0275 3448 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
18:08:26.0275 3448 IntcDAud - ok
18:08:26.0306 3448 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:08:26.0306 3448 intelide - ok
18:08:26.0337 3448 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:08:26.0337 3448 intelppm - ok
18:08:26.0384 3448 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:08:26.0384 3448 IpFilterDriver - ok
18:08:26.0415 3448 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:08:26.0415 3448 IPMIDRV - ok
18:08:26.0447 3448 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:08:26.0447 3448 IPNAT - ok
18:08:26.0478 3448 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:08:26.0478 3448 IRENUM - ok
18:08:26.0509 3448 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:08:26.0509 3448 isapnp - ok
18:08:26.0540 3448 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:08:26.0540 3448 iScsiPrt - ok
18:08:26.0603 3448 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:08:26.0603 3448 kbdclass - ok
18:08:26.0650 3448 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:08:26.0650 3448 kbdhid - ok
18:08:26.0665 3448 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:08:26.0681 3448 KSecDD - ok
18:08:26.0696 3448 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:08:26.0696 3448 KSecPkg - ok
18:08:26.0728 3448 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:08:26.0728 3448 ksthunk - ok
18:08:26.0821 3448 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:08:26.0821 3448 lltdio - ok
18:08:26.0837 3448 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:08:26.0853 3448 LSI_FC - ok
18:08:26.0868 3448 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:08:26.0868 3448 LSI_SAS - ok
18:08:26.0868 3448 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:08:26.0868 3448 LSI_SAS2 - ok
18:08:26.0899 3448 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:08:26.0899 3448 LSI_SCSI - ok
18:08:26.0931 3448 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:08:26.0931 3448 luafv - ok
18:08:26.0946 3448 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:08:26.0962 3448 megasas - ok
18:08:26.0977 3448 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:08:26.0977 3448 MegaSR - ok
18:08:27.0040 3448 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:08:27.0056 3448 Modem - ok
18:08:27.0071 3448 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:08:27.0071 3448 monitor - ok
18:08:27.0102 3448 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:08:27.0102 3448 mouclass - ok
18:08:27.0149 3448 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:08:27.0149 3448 mouhid - ok
18:08:27.0165 3448 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:08:27.0165 3448 mountmgr - ok
18:08:27.0196 3448 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:08:27.0196 3448 mpio - ok
18:08:27.0243 3448 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:08:27.0243 3448 mpsdrv - ok
18:08:27.0290 3448 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:08:27.0290 3448 MRxDAV - ok
18:08:27.0321 3448 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:08:27.0321 3448 mrxsmb - ok
18:08:27.0352 3448 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:08:27.0352 3448 mrxsmb10 - ok
18:08:27.0368 3448 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:08:27.0368 3448 mrxsmb20 - ok
18:08:27.0383 3448 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:08:27.0383 3448 msahci - ok
18:08:27.0415 3448 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:08:27.0415 3448 msdsm - ok
18:08:27.0493 3448 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:08:27.0493 3448 Msfs - ok
18:08:27.0508 3448 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:08:27.0508 3448 mshidkmdf - ok
18:08:27.0524 3448 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:08:27.0524 3448 msisadrv - ok
18:08:27.0571 3448 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:08:27.0571 3448 MSKSSRV - ok
18:08:27.0586 3448 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:08:27.0586 3448 MSPCLOCK - ok
18:08:27.0602 3448 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:08:27.0602 3448 MSPQM - ok
18:08:27.0633 3448 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:08:27.0633 3448 MsRPC - ok
18:08:27.0680 3448 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:08:27.0680 3448 mssmbios - ok
18:08:27.0696 3448 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:08:27.0696 3448 MSTEE - ok
18:08:27.0727 3448 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:08:27.0727 3448 MTConfig - ok
18:08:27.0742 3448 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:08:27.0742 3448 Mup - ok
18:08:27.0789 3448 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:08:27.0789 3448 NativeWifiP - ok
18:08:27.0820 3448 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:08:27.0820 3448 NDIS - ok
18:08:27.0899 3448 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:08:27.0899 3448 NdisCap - ok
18:08:27.0930 3448 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:08:27.0930 3448 NdisTapi - ok
18:08:27.0977 3448 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:08:27.0977 3448 Ndisuio - ok
18:08:27.0992 3448 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:08:27.0992 3448 NdisWan - ok
18:08:28.0023 3448 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:08:28.0023 3448 NDProxy - ok
18:08:28.0039 3448 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:08:28.0039 3448 NetBIOS - ok
18:08:28.0102 3448 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:08:28.0102 3448 NetBT - ok
18:08:28.0180 3448 netr28x (24cf1304d899124336f67f88f3c15e21) C:\Windows\system32\DRIVERS\netr28x.sys
18:08:28.0180 3448 netr28x - ok
18:08:28.0258 3448 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:08:28.0258 3448 nfrd960 - ok
18:08:28.0273 3448 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:08:28.0273 3448 Npfs - ok
18:08:28.0289 3448 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:08:28.0289 3448 nsiproxy - ok
18:08:28.0351 3448 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
18:08:28.0367 3448 Ntfs - ok
18:08:28.0445 3448 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:08:28.0445 3448 Null - ok
18:08:28.0476 3448 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
18:08:28.0476 3448 nvraid - ok
18:08:28.0492 3448 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
18:08:28.0492 3448 nvstor - ok
18:08:28.0523 3448 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:08:28.0523 3448 nv_agp - ok
18:08:28.0539 3448 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:08:28.0539 3448 ohci1394 - ok
18:08:28.0601 3448 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:08:28.0617 3448 Parport - ok
18:08:28.0679 3448 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:08:28.0679 3448 partmgr - ok
18:08:28.0710 3448 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:08:28.0710 3448 pci - ok
18:08:28.0710 3448 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:08:28.0710 3448 pciide - ok
18:08:28.0757 3448 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:08:28.0757 3448 pcmcia - ok
18:08:28.0757 3448 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:08:28.0757 3448 pcw - ok
18:08:28.0804 3448 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:08:28.0804 3448 PEAUTH - ok
18:08:28.0929 3448 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:08:28.0929 3448 PptpMiniport - ok
18:08:28.0960 3448 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:08:28.0960 3448 Processor - ok
18:08:29.0023 3448 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:08:29.0023 3448 Psched - ok
18:08:29.0054 3448 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:08:29.0069 3448 ql2300 - ok
18:08:29.0116 3448 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:08:29.0116 3448 ql40xx - ok
18:08:29.0132 3448 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:08:29.0132 3448 QWAVEdrv - ok
18:08:29.0179 3448 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:08:29.0179 3448 RasAcd - ok
18:08:29.0226 3448 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:08:29.0226 3448 RasAgileVpn - ok
18:08:29.0257 3448 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:08:29.0257 3448 Rasl2tp - ok
18:08:29.0272 3448 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:08:29.0272 3448 RasPppoe - ok
18:08:29.0304 3448 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:08:29.0304 3448 RasSstp - ok
18:08:29.0319 3448 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:08:29.0319 3448 rdbss - ok
18:08:29.0335 3448 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:08:29.0335 3448 rdpbus - ok
18:08:29.0350 3448 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:08:29.0350 3448 RDPCDD - ok
18:08:29.0413 3448 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
18:08:29.0413 3448 RDPDR - ok
18:08:29.0444 3448 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:08:29.0444 3448 RDPENCDD - ok
18:08:29.0460 3448 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:08:29.0460 3448 RDPREFMP - ok
18:08:29.0491 3448 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
18:08:29.0491 3448 RDPWD - ok
18:08:29.0553 3448 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:08:29.0553 3448 rdyboost - ok
18:08:29.0616 3448 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
18:08:29.0631 3448 RFCOMM - ok
18:08:29.0663 3448 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:08:29.0663 3448 rspndr - ok
18:08:29.0741 3448 RSUSBSTOR (30f463768d5143bfd7b2df822b53cf4d) C:\Windows\system32\Drivers\RtsUStor.sys
18:08:29.0756 3448 RSUSBSTOR - ok
18:08:29.0756 3448 RsvLock (ecbab4cd65cbedbe26ec6838e4fb7c1c) C:\Windows\system32\drivers\RsvLock.sys
18:08:29.0819 3448 RsvLock - ok
18:08:29.0866 3448 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:08:29.0881 3448 RTL8167 - ok
18:08:29.0897 3448 rtsuvc (aff453e04f8acf26449d9b56ffb96bb1) C:\Windows\system32\DRIVERS\rtsuvc.sys
18:08:29.0897 3448 rtsuvc - ok
18:08:29.0944 3448 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
18:08:29.0944 3448 s3cap - ok
18:08:29.0990 3448 SafeBoot (317a99735c3a26c5cd60ab59e5e7e4e2) C:\Windows\system32\drivers\SafeBoot.sys
18:08:29.0990 3448 Suspicious file (NoAccess): C:\Windows\system32\drivers\SafeBoot.sys. md5: 317a99735c3a26c5cd60ab59e5e7e4e2
18:08:29.0990 3448 SafeBoot ( LockedFile.Multi.Generic ) - warning
18:08:29.0990 3448 SafeBoot - detected LockedFile.Multi.Generic (1)
18:08:30.0006 3448 SbAlg (fd8714a36c4646de22ddc7e36f6d09ef) C:\Windows\system32\drivers\SbAlg.sys
18:08:30.0022 3448 SbAlg - ok
18:08:30.0022 3448 SbFsLock (fcaa034231e58b0de64d0a7904015535) C:\Windows\system32\drivers\SbFsLock.sys
18:08:30.0037 3448 SbFsLock - ok
18:08:30.0069 3448 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:08:30.0069 3448 sbp2port - ok
18:08:30.0084 3448 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:08:30.0100 3448 scfilter - ok
18:08:30.0131 3448 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
18:08:30.0131 3448 sdbus - ok
18:08:30.0178 3448 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:08:30.0178 3448 secdrv - ok
18:08:30.0209 3448 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:08:30.0209 3448 Serenum - ok
18:08:30.0240 3448 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:08:30.0240 3448 Serial - ok
18:08:30.0287 3448 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:08:30.0287 3448 sermouse - ok
18:08:30.0334 3448 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:08:30.0334 3448 sffdisk - ok
18:08:30.0350 3448 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:08:30.0365 3448 sffp_mmc - ok
18:08:30.0365 3448 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:08:30.0365 3448 sffp_sd - ok
18:08:30.0412 3448 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:08:30.0412 3448 sfloppy - ok
18:08:30.0443 3448 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:08:30.0443 3448 SiSRaid2 - ok
18:08:30.0459 3448 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:08:30.0459 3448 SiSRaid4 - ok
18:08:30.0506 3448 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:08:30.0506 3448 Smb - ok
18:08:30.0537 3448 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:08:30.0537 3448 spldr - ok
18:08:30.0584 3448 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:08:30.0584 3448 srv - ok
18:08:30.0615 3448 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:08:30.0631 3448 srv2 - ok
18:08:30.0646 3448 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:08:30.0646 3448 srvnet - ok
18:08:30.0709 3448 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:08:30.0709 3448 stexstor - ok
18:08:30.0787 3448 STHDA (96df19a03d37f8568141612d31f0d035) C:\Windows\system32\DRIVERS\stwrt64.sys
18:08:30.0802 3448 STHDA - ok
18:08:30.0865 3448 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
18:08:30.0865 3448 storflt - ok
18:08:30.0896 3448 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
18:08:30.0896 3448 storvsc - ok
18:08:30.0927 3448 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:08:30.0927 3448 swenum - ok
18:08:30.0990 3448 SynTP (d268d2a0db2a2bbe963e688d0b039267) C:\Windows\system32\DRIVERS\SynTP.sys
18:08:31.0005 3448 SynTP - ok
18:08:31.0099 3448 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:08:31.0115 3448 Tcpip - ok
18:08:31.0208 3448 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:08:31.0208 3448 TCPIP6 - ok
18:08:31.0239 3448 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:08:31.0239 3448 tcpipreg - ok
18:08:31.0271 3448 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:08:31.0271 3448 TDPIPE - ok
18:08:31.0286 3448 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:08:31.0286 3448 TDTCP - ok
18:08:31.0333 3448 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:08:31.0333 3448 tdx - ok
18:08:31.0364 3448 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:08:31.0364 3448 TermDD - ok
18:08:31.0442 3448 tmactmon (ba4030f56aacecd0e6d413565b4aed75) C:\Windows\system32\DRIVERS\tmactmon.sys
18:08:31.0442 3448 tmactmon - ok
18:08:31.0474 3448 tmcomm (ed866799ca62626341632da9edecfd04) C:\Windows\system32\DRIVERS\tmcomm.sys
18:08:31.0474 3448 tmcomm - ok
18:08:31.0489 3448 tmevtmgr (84fb4b5c8dcd78163c440431fef3e096) C:\Windows\system32\DRIVERS\tmevtmgr.sys
18:08:31.0489 3448 tmevtmgr - ok
18:08:31.0520 3448 tmtdi (e5021a4a72204c15c52c546f9301baef) C:\Windows\system32\DRIVERS\tmtdi.sys
18:08:31.0536 3448 tmtdi - ok
18:08:31.0567 3448 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
18:08:31.0567 3448 TPM - ok
18:08:31.0677 3448 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:08:31.0677 3448 tssecsrv - ok
18:08:31.0723 3448 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:08:31.0723 3448 TsUsbFlt - ok
18:08:31.0755 3448 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:08:31.0755 3448 tunnel - ok
18:08:31.0786 3448 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:08:31.0786 3448 uagp35 - ok
18:08:31.0848 3448 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:08:31.0848 3448 udfs - ok
18:08:31.0911 3448 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:08:31.0911 3448 uliagpkx - ok
18:08:31.0958 3448 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:08:31.0958 3448 umbus - ok
18:08:31.0973 3448 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:08:31.0973 3448 UmPass - ok
18:08:32.0004 3448 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
18:08:32.0004 3448 usbccgp - ok
18:08:32.0036 3448 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:08:32.0036 3448 usbcir - ok
18:08:32.0082 3448 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
18:08:32.0082 3448 usbehci - ok
18:08:32.0145 3448 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
18:08:32.0160 3448 usbhub - ok
18:08:32.0176 3448 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
18:08:32.0176 3448 usbohci - ok
18:08:32.0192 3448 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:08:32.0192 3448 usbprint - ok
18:08:32.0239 3448 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:08:32.0239 3448 USBSTOR - ok
18:08:32.0254 3448 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:08:32.0254 3448 usbuhci - ok
18:08:32.0285 3448 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
18:08:32.0285 3448 usbvideo - ok
18:08:32.0348 3448 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:08:32.0348 3448 vdrvroot - ok
18:08:32.0426 3448 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:08:32.0426 3448 vga - ok
18:08:32.0441 3448 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:08:32.0441 3448 VgaSave - ok
18:08:32.0473 3448 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:08:32.0488 3448 vhdmp - ok
18:08:32.0520 3448 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:08:32.0520 3448 viaide - ok
18:08:32.0644 3448 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
18:08:32.0660 3448 vmbus - ok
18:08:32.0691 3448 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
18:08:32.0691 3448 VMBusHID - ok
18:08:32.0738 3448 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:08:32.0738 3448 volmgr - ok
18:08:32.0785 3448 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:08:32.0785 3448 volmgrx - ok
18:08:32.0832 3448 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:08:32.0832 3448 volsnap - ok
18:08:32.0879 3448 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
18:08:32.0879 3448 vpcbus - ok
18:08:32.0925 3448 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
18:08:32.0925 3448 vpcnfltr - ok
18:08:32.0972 3448 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
18:08:32.0972 3448 vpcusb - ok
18:08:33.0003 3448 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
18:08:33.0003 3448 vpcvmm - ok
18:08:33.0066 3448 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:08:33.0066 3448 vsmraid - ok
18:08:33.0097 3448 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:08:33.0097 3448 vwifibus - ok
18:08:33.0144 3448 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:08:33.0160 3448 vwififlt - ok
18:08:33.0206 3448 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:08:33.0206 3448 WacomPen - ok
18:08:33.0253 3448 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:08:33.0269 3448 WANARP - ok
18:08:33.0269 3448 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:08:33.0269 3448 Wanarpv6 - ok
18:08:33.0300 3448 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:08:33.0300 3448 Wd - ok
18:08:33.0347 3448 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:08:33.0347 3448 Wdf01000 - ok
18:08:33.0425 3448 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:08:33.0425 3448 WfpLwf - ok
18:08:33.0441 3448 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:08:33.0456 3448 WIMMount - ok
18:08:33.0534 3448 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:08:33.0534 3448 WmiAcpi - ok
18:08:33.0550 3448 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:08:33.0550 3448 ws2ifsl - ok
18:08:33.0597 3448 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:08:33.0612 3448 WudfPf - ok
18:08:33.0690 3448 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:08:33.0706 3448 WUDFRd - ok
18:08:33.0722 3448 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:08:33.0753 3448 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
18:08:33.0753 3448 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
18:08:34.0299 3448 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:08:34.0299 3448 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:08:34.0315 3448 Boot (0x1200) (8585cf3fe5f128a5318c8565caf955aa) \Device\Harddisk0\DR0\Partition0
18:08:34.0330 3448 \Device\Harddisk0\DR0\Partition0 - ok
18:08:34.0362 3448 Boot (0x1200) (0f44ac0a6f2cdc61f9658ed5470a022e) \Device\Harddisk0\DR0\Partition1
18:08:34.0393 3448 \Device\Harddisk0\DR0\Partition1 - ok
18:08:34.0393 3448 ============================================================
18:08:34.0393 3448 Scan finished
18:08:34.0393 3448 ============================================================
18:08:34.0409 4728 Detected object count: 3
18:08:34.0409 4728 Actual detected object count: 3
18:09:34.0809 4728 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
18:09:34.0809 4728 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip
18:09:34.0871 4728 \Device\Harddisk0\DR0\# - copied to quarantine
18:09:34.0887 4728 \Device\Harddisk0\DR0 - copied to quarantine
18:09:34.0996 4728 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
18:09:34.0996 4728 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
18:09:35.0012 4728 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
18:09:35.0012 4728 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
18:09:35.0012 4728 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
18:09:35.0028 4728 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
18:09:35.0074 4728 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
18:09:35.0106 4728 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
18:09:38.0259 4728 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
18:09:38.0337 4728 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
18:09:39.0727 4728 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
18:09:39.0773 4728 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
18:09:44.0035 4728 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
18:09:44.0082 4728 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
18:09:44.0098 4728 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
18:09:44.0098 4728 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
18:09:44.0129 4728 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
18:09:45.0596 4728 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
18:09:45.0690 4728 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
18:09:45.0799 4728 \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
18:09:45.0862 4728 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
18:09:45.0924 4728 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
18:09:45.0971 4728 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
18:09:46.0002 4728 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
18:09:46.0065 4728 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
18:09:46.0065 4728 \Device\Harddisk0\DR0 - ok
18:09:46.0221 4728 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
18:09:46.0221 4728 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:09:46.0221 4728 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
18:10:04.0767 3260 Deinitialize success


aswMBR:

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-29 18:20:12
-----------------------------
18:20:12.396 OS Version: Windows x64 6.1.7601 Service Pack 1
18:20:12.396 Number of processors: 4 586 0x2505
18:20:12.396 ComputerName: CPLT6 UserName:
18:20:13.581 Initialize success
18:30:02.104 AVAST engine defs: 12022901
18:31:14.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:31:14.500 Disk 0 Vendor: Hitachi_ PC3O Size: 305245MB BusType: 3
18:31:14.547 Disk 0 MBR read successfully
18:31:14.547 Disk 0 MBR scan
18:31:14.547 Disk 0 Windows 7 default MBR code
18:31:14.563 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 304932 MB offset 2048
18:31:14.594 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 624502784
18:31:14.641 Disk 0 scanning C:\Windows\system32\drivers
18:31:31.815 Service scanning
18:32:07.179 Modules scanning
18:32:07.179 Disk 0 trace - called modules:
18:32:07.210 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
18:32:07.226 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006a5d060]
18:32:07.226 3 CLASSPNP.SYS[fffff8800118b43f] -> nt!IofCallDriver -> [0xfffffa80068efb10]
18:32:07.241 5 hpdskflt.sys[fffff880027f3289] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a2a050]
18:32:08.146 AVAST engine scan C:\Windows
18:32:10.423 AVAST engine scan C:\Windows\system32
18:36:10.345 AVAST engine scan C:\Windows\system32\drivers
18:36:31.545 AVAST engine scan C:\Users\dstevens
18:37:31.417 Disk 0 MBR has been saved successfully to "\\IRIS\RedirectedFolders\dstevens\Desktop\MBR.dat"
18:37:31.464 The log file has been saved successfully to "\\IRIS\RedirectedFolders\dstevens\Desktop\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:09 AM

Posted 01 March 2012 - 02:09 AM

Restart the PC

Run TDSSkiller once again-Select-DELETE for TDSSfilesystem

Post the new TDSSkiller log

Run MALWAREBYTES once again-FULL SCAN

post the log

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#5 CPtechwish

CPtechwish
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 01 March 2012 - 02:38 PM

There was no option for Delete TDSSfilesystem in running the TCSSkiller again (I ran it with and without tne Select TDLFS file system box checked.)

Here is the log:

11:16:40.0761 4284 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24
11:16:41.0572 4284 ============================================================
11:16:41.0572 4284 Current date / time: 2012/03/01 11:16:41.0572
11:16:41.0572 4284 SystemInfo:
11:16:41.0572 4284
11:16:41.0572 4284 OS Version: 6.1.7601 ServicePack: 1.0
11:16:41.0572 4284 Product type: Workstation
11:16:41.0572 4284 ComputerName: CPLT6
11:16:41.0572 4284 UserName: dstevens
11:16:41.0572 4284 Windows directory: C:\Windows
11:16:41.0572 4284 System windows directory: C:\Windows
11:16:41.0572 4284 Running under WOW64
11:16:41.0572 4284 Processor architecture: Intel x64
11:16:41.0572 4284 Number of processors: 4
11:16:41.0572 4284 Page size: 0x1000
11:16:41.0572 4284 Boot type: Normal boot
11:16:41.0572 4284 ============================================================
11:16:43.0100 4284 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:16:43.0116 4284 \Device\Harddisk0\DR0:
11:16:43.0116 4284 MBR used
11:16:43.0116 4284 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x25392000
11:16:43.0116 4284 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x25392800, BlocksNum 0x96000
11:16:43.0131 4284 Initialize success
11:16:43.0131 4284 ============================================================
11:17:08.0822 0960 ============================================================
11:17:08.0822 0960 Scan started
11:17:08.0822 0960 Mode: Manual;
11:17:08.0822 0960 ============================================================
11:17:10.0039 0960 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:17:10.0039 0960 1394ohci - ok
11:17:10.0085 0960 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
11:17:10.0085 0960 Accelerometer - ok
11:17:10.0148 0960 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:17:10.0148 0960 ACPI - ok
11:17:10.0179 0960 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:17:10.0179 0960 AcpiPmi - ok
11:17:10.0304 0960 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:17:10.0319 0960 adp94xx - ok
11:17:10.0351 0960 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:17:10.0351 0960 adpahci - ok
11:17:10.0366 0960 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:17:10.0366 0960 adpu320 - ok
11:17:10.0382 0960 Afc - ok
11:17:10.0429 0960 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
11:17:10.0429 0960 AFD - ok
11:17:10.0538 0960 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
11:17:10.0553 0960 AgereSoftModem - ok
11:17:10.0616 0960 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:17:10.0631 0960 agp440 - ok
11:17:10.0694 0960 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:17:10.0694 0960 aliide - ok
11:17:10.0725 0960 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:17:10.0725 0960 amdide - ok
11:17:10.0772 0960 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:17:10.0772 0960 AmdK8 - ok
11:17:10.0803 0960 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:17:10.0803 0960 AmdPPM - ok
11:17:10.0834 0960 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
11:17:10.0850 0960 amdsata - ok
11:17:10.0865 0960 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:17:10.0865 0960 amdsbs - ok
11:17:10.0912 0960 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
11:17:10.0912 0960 amdxata - ok
11:17:10.0990 0960 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:17:10.0990 0960 AppID - ok
11:17:11.0099 0960 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:17:11.0099 0960 arc - ok
11:17:11.0115 0960 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:17:11.0115 0960 arcsas - ok
11:17:11.0146 0960 ARCVCAM (ce2168c926927ba926301baf172bc693) C:\Windows\system32\DRIVERS\ArcSoftVCapture.sys
11:17:11.0146 0960 ARCVCAM - ok
11:17:11.0193 0960 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:17:11.0193 0960 AsyncMac - ok
11:17:11.0240 0960 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:17:11.0240 0960 atapi - ok
11:17:11.0333 0960 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:17:11.0349 0960 b06bdrv - ok
11:17:11.0380 0960 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:17:11.0380 0960 b57nd60a - ok
11:17:11.0411 0960 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:17:11.0411 0960 Beep - ok
11:17:11.0442 0960 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:17:11.0442 0960 blbdrive - ok
11:17:11.0552 0960 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:17:11.0552 0960 bowser - ok
11:17:11.0598 0960 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:17:11.0598 0960 BrFiltLo - ok
11:17:11.0630 0960 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:17:11.0630 0960 BrFiltUp - ok
11:17:11.0676 0960 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:17:11.0676 0960 Brserid - ok
11:17:11.0692 0960 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:17:11.0692 0960 BrSerWdm - ok
11:17:11.0723 0960 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:17:11.0723 0960 BrUsbMdm - ok
11:17:11.0739 0960 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:17:11.0739 0960 BrUsbSer - ok
11:17:11.0817 0960 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
11:17:11.0817 0960 BthEnum - ok
11:17:11.0848 0960 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:17:11.0848 0960 BTHMODEM - ok
11:17:11.0864 0960 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
11:17:11.0864 0960 BthPan - ok
11:17:11.0910 0960 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
11:17:11.0910 0960 BTHPORT - ok
11:17:11.0942 0960 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
11:17:11.0942 0960 BTHUSB - ok
11:17:12.0020 0960 BTMCOM (e588420b950dac5ac397f76660bce520) C:\Windows\System32\Drivers\btmcom.sys
11:17:12.0020 0960 BTMCOM - ok
11:17:12.0066 0960 BTMHID (111160e8f47fafc0bd026293ebb95b70) C:\Windows\system32\DRIVERS\btmhid.sys
11:17:12.0066 0960 BTMHID - ok
11:17:12.0144 0960 BTMUSB (4eef6b894e05fc245640dcee9190a053) C:\Windows\system32\Drivers\btmusb.sys
11:17:12.0176 0960 BTMUSB - ok
11:17:12.0254 0960 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:17:12.0254 0960 cdfs - ok
11:17:12.0300 0960 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:17:12.0300 0960 cdrom - ok
11:17:12.0347 0960 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:17:12.0347 0960 circlass - ok
11:17:12.0363 0960 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:17:12.0378 0960 CLFS - ok
11:17:12.0456 0960 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:17:12.0456 0960 CmBatt - ok
11:17:12.0488 0960 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:17:12.0488 0960 cmdide - ok
11:17:12.0534 0960 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:17:12.0534 0960 CNG - ok
11:17:12.0566 0960 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:17:12.0566 0960 Compbatt - ok
11:17:12.0612 0960 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:17:12.0612 0960 CompositeBus - ok
11:17:12.0690 0960 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:17:12.0690 0960 crcdisk - ok
11:17:12.0737 0960 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
11:17:12.0753 0960 CSC - ok
11:17:12.0784 0960 DAMDrv (a8ba4da23ac20bda23ca15234d42a3fa) C:\Windows\system32\DRIVERS\DAMDrv64.sys
11:17:12.0784 0960 DAMDrv - ok
11:17:12.0877 0960 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:17:12.0877 0960 DfsC - ok
11:17:12.0909 0960 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:17:12.0909 0960 discache - ok
11:17:12.0940 0960 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:17:12.0955 0960 Disk - ok
11:17:12.0987 0960 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:17:12.0987 0960 drmkaud - ok
11:17:13.0018 0960 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:17:13.0033 0960 DXGKrnl - ok
11:17:13.0158 0960 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:17:13.0189 0960 ebdrv - ok
11:17:13.0236 0960 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:17:13.0252 0960 elxstor - ok
11:17:13.0314 0960 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:17:13.0314 0960 ErrDev - ok
11:17:13.0361 0960 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:17:13.0377 0960 exfat - ok
11:17:13.0392 0960 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:17:13.0392 0960 fastfat - ok
11:17:13.0439 0960 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:17:13.0439 0960 fdc - ok
11:17:13.0470 0960 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:17:13.0470 0960 FileInfo - ok
11:17:13.0486 0960 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:17:13.0486 0960 Filetrace - ok
11:17:13.0595 0960 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:17:13.0595 0960 flpydisk - ok
11:17:13.0626 0960 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:17:13.0626 0960 FltMgr - ok
11:17:13.0704 0960 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:17:13.0704 0960 FsDepends - ok
11:17:13.0735 0960 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:17:13.0735 0960 Fs_Rec - ok
11:17:13.0782 0960 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:17:13.0782 0960 fvevol - ok
11:17:13.0829 0960 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:17:13.0829 0960 gagp30kx - ok
11:17:13.0891 0960 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:17:13.0891 0960 GEARAspiWDM - ok
11:17:13.0938 0960 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:17:13.0938 0960 hcw85cir - ok
11:17:13.0985 0960 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:17:13.0985 0960 HdAudAddService - ok
11:17:14.0047 0960 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:17:14.0047 0960 HDAudBus - ok
11:17:14.0110 0960 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
11:17:14.0125 0960 HECIx64 - ok
11:17:14.0157 0960 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:17:14.0157 0960 HidBatt - ok
11:17:14.0188 0960 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:17:14.0188 0960 HidBth - ok
11:17:14.0219 0960 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:17:14.0219 0960 HidIr - ok
11:17:14.0281 0960 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:17:14.0297 0960 HidUsb - ok
11:17:14.0390 0960 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
11:17:14.0406 0960 hpdskflt - ok
11:17:14.0437 0960 HpqKbFiltr (b98ee5d4535a685634b90f7e04de0df7) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
11:17:14.0453 0960 HpqKbFiltr - ok
11:17:14.0468 0960 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:17:14.0468 0960 HpSAMD - ok
11:17:14.0515 0960 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:17:14.0515 0960 HTTP - ok
11:17:14.0609 0960 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:17:14.0609 0960 hwpolicy - ok
11:17:14.0656 0960 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:17:14.0656 0960 i8042prt - ok
11:17:14.0702 0960 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
11:17:14.0702 0960 iaStor - ok
11:17:14.0796 0960 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
11:17:14.0796 0960 iaStorV - ok
11:17:15.0030 0960 igfx (1be8d9ca4f2363b8e8015621878e0043) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:17:15.0186 0960 igfx - ok
11:17:15.0264 0960 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:17:15.0264 0960 iirsp - ok
11:17:15.0311 0960 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
11:17:15.0311 0960 Impcd - ok
11:17:15.0342 0960 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
11:17:15.0358 0960 IntcDAud - ok
11:17:15.0373 0960 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:17:15.0389 0960 intelide - ok
11:17:15.0404 0960 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:17:15.0404 0960 intelppm - ok
11:17:15.0482 0960 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:17:15.0482 0960 IpFilterDriver - ok
11:17:15.0529 0960 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:17:15.0529 0960 IPMIDRV - ok
11:17:15.0576 0960 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:17:15.0576 0960 IPNAT - ok
11:17:15.0638 0960 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:17:15.0638 0960 IRENUM - ok
11:17:15.0685 0960 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:17:15.0685 0960 isapnp - ok
11:17:15.0763 0960 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:17:15.0763 0960 iScsiPrt - ok
11:17:15.0794 0960 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:17:15.0794 0960 kbdclass - ok
11:17:15.0841 0960 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:17:15.0841 0960 kbdhid - ok
11:17:15.0872 0960 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:17:15.0888 0960 KSecDD - ok
11:17:15.0919 0960 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:17:15.0919 0960 KSecPkg - ok
11:17:15.0981 0960 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:17:15.0981 0960 ksthunk - ok
11:17:16.0044 0960 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:17:16.0044 0960 lltdio - ok
11:17:16.0075 0960 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:17:16.0075 0960 LSI_FC - ok
11:17:16.0091 0960 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:17:16.0091 0960 LSI_SAS - ok
11:17:16.0106 0960 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:17:16.0106 0960 LSI_SAS2 - ok
11:17:16.0122 0960 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:17:16.0122 0960 LSI_SCSI - ok
11:17:16.0137 0960 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:17:16.0137 0960 luafv - ok
11:17:16.0215 0960 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:17:16.0215 0960 megasas - ok
11:17:16.0247 0960 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:17:16.0247 0960 MegaSR - ok
11:17:16.0262 0960 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:17:16.0278 0960 Modem - ok
11:17:16.0293 0960 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:17:16.0293 0960 monitor - ok
11:17:16.0325 0960 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:17:16.0325 0960 mouclass - ok
11:17:16.0356 0960 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:17:16.0356 0960 mouhid - ok
11:17:16.0387 0960 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:17:16.0387 0960 mountmgr - ok
11:17:16.0465 0960 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:17:16.0465 0960 mpio - ok
11:17:16.0496 0960 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:17:16.0512 0960 mpsdrv - ok
11:17:16.0543 0960 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:17:16.0543 0960 MRxDAV - ok
11:17:16.0574 0960 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:17:16.0574 0960 mrxsmb - ok
11:17:16.0605 0960 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:17:16.0605 0960 mrxsmb10 - ok
11:17:16.0621 0960 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:17:16.0621 0960 mrxsmb20 - ok
11:17:16.0668 0960 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:17:16.0668 0960 msahci - ok
11:17:16.0715 0960 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:17:16.0730 0960 msdsm - ok
11:17:16.0761 0960 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:17:16.0761 0960 Msfs - ok
11:17:16.0777 0960 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:17:16.0777 0960 mshidkmdf - ok
11:17:16.0808 0960 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:17:16.0808 0960 msisadrv - ok
11:17:16.0839 0960 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:17:16.0839 0960 MSKSSRV - ok
11:17:16.0855 0960 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:17:16.0855 0960 MSPCLOCK - ok
11:17:16.0871 0960 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:17:16.0871 0960 MSPQM - ok
11:17:16.0949 0960 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:17:16.0949 0960 MsRPC - ok
11:17:16.0980 0960 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:17:16.0980 0960 mssmbios - ok
11:17:16.0996 0960 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:17:16.0996 0960 MSTEE - ok
11:17:17.0028 0960 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:17:17.0028 0960 MTConfig - ok
11:17:17.0043 0960 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:17:17.0043 0960 Mup - ok
11:17:17.0090 0960 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:17:17.0105 0960 NativeWifiP - ok
11:17:17.0183 0960 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:17:17.0199 0960 NDIS - ok
11:17:17.0230 0960 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:17:17.0230 0960 NdisCap - ok
11:17:17.0261 0960 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:17:17.0261 0960 NdisTapi - ok
11:17:17.0355 0960 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:17:17.0355 0960 Ndisuio - ok
11:17:17.0371 0960 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:17:17.0371 0960 NdisWan - ok
11:17:17.0402 0960 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:17:17.0402 0960 NDProxy - ok
11:17:17.0433 0960 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:17:17.0449 0960 NetBIOS - ok
11:17:17.0464 0960 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:17:17.0480 0960 NetBT - ok
11:17:17.0605 0960 netr28x (24cf1304d899124336f67f88f3c15e21) C:\Windows\system32\DRIVERS\netr28x.sys
11:17:17.0620 0960 netr28x - ok
11:17:17.0667 0960 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:17:17.0667 0960 nfrd960 - ok
11:17:17.0714 0960 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:17:17.0714 0960 Npfs - ok
11:17:17.0792 0960 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:17:17.0792 0960 nsiproxy - ok
11:17:17.0839 0960 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
11:17:17.0870 0960 Ntfs - ok
11:17:17.0885 0960 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:17:17.0885 0960 Null - ok
11:17:17.0979 0960 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
11:17:17.0979 0960 nvraid - ok
11:17:17.0995 0960 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
11:17:18.0010 0960 nvstor - ok
11:17:18.0041 0960 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:17:18.0041 0960 nv_agp - ok
11:17:18.0057 0960 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:17:18.0057 0960 ohci1394 - ok
11:17:18.0119 0960 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:17:18.0135 0960 Parport - ok
11:17:18.0166 0960 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:17:18.0166 0960 partmgr - ok
11:17:18.0244 0960 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:17:18.0260 0960 pci - ok
11:17:18.0275 0960 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:17:18.0275 0960 pciide - ok
11:17:18.0307 0960 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:17:18.0307 0960 pcmcia - ok
11:17:18.0322 0960 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:17:18.0322 0960 pcw - ok
11:17:18.0353 0960 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:17:18.0353 0960 PEAUTH - ok
11:17:18.0494 0960 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:17:18.0494 0960 PptpMiniport - ok
11:17:18.0525 0960 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:17:18.0525 0960 Processor - ok
11:17:18.0572 0960 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:17:18.0587 0960 Psched - ok
11:17:18.0634 0960 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:17:18.0650 0960 ql2300 - ok
11:17:18.0728 0960 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:17:18.0728 0960 ql40xx - ok
11:17:18.0759 0960 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:17:18.0759 0960 QWAVEdrv - ok
11:17:18.0774 0960 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:17:18.0774 0960 RasAcd - ok
11:17:18.0806 0960 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:17:18.0821 0960 RasAgileVpn - ok
11:17:18.0852 0960 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:17:18.0852 0960 Rasl2tp - ok
11:17:18.0884 0960 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:17:18.0884 0960 RasPppoe - ok
11:17:18.0946 0960 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:17:18.0946 0960 RasSstp - ok
11:17:18.0977 0960 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:17:18.0977 0960 rdbss - ok
11:17:18.0993 0960 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:17:18.0993 0960 rdpbus - ok
11:17:19.0024 0960 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:17:19.0024 0960 RDPCDD - ok
11:17:19.0055 0960 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
11:17:19.0055 0960 RDPDR - ok
11:17:19.0071 0960 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:17:19.0086 0960 RDPENCDD - ok
11:17:19.0102 0960 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:17:19.0102 0960 RDPREFMP - ok
11:17:19.0133 0960 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:17:19.0133 0960 RDPWD - ok
11:17:19.0211 0960 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:17:19.0211 0960 rdyboost - ok
11:17:19.0274 0960 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
11:17:19.0274 0960 RFCOMM - ok
11:17:19.0305 0960 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:17:19.0305 0960 rspndr - ok
11:17:19.0367 0960 RSUSBSTOR (30f463768d5143bfd7b2df822b53cf4d) C:\Windows\system32\Drivers\RtsUStor.sys
11:17:19.0383 0960 RSUSBSTOR - ok
11:17:19.0461 0960 RsvLock (ecbab4cd65cbedbe26ec6838e4fb7c1c) C:\Windows\system32\drivers\RsvLock.sys
11:17:19.0476 0960 RsvLock - ok
11:17:19.0508 0960 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:17:19.0523 0960 RTL8167 - ok
11:17:19.0554 0960 rtsuvc (aff453e04f8acf26449d9b56ffb96bb1) C:\Windows\system32\DRIVERS\rtsuvc.sys
11:17:19.0554 0960 rtsuvc - ok
11:17:19.0586 0960 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
11:17:19.0586 0960 s3cap - ok
11:17:19.0601 0960 SafeBoot (317a99735c3a26c5cd60ab59e5e7e4e2) C:\Windows\system32\drivers\SafeBoot.sys
11:17:19.0601 0960 Suspicious file (NoAccess): C:\Windows\system32\drivers\SafeBoot.sys. md5: 317a99735c3a26c5cd60ab59e5e7e4e2
11:17:19.0601 0960 SafeBoot ( LockedFile.Multi.Generic ) - warning
11:17:19.0601 0960 SafeBoot - detected LockedFile.Multi.Generic (1)
11:17:19.0632 0960 SbAlg (fd8714a36c4646de22ddc7e36f6d09ef) C:\Windows\system32\drivers\SbAlg.sys
11:17:19.0632 0960 SbAlg - ok
11:17:19.0710 0960 SbFsLock (fcaa034231e58b0de64d0a7904015535) C:\Windows\system32\drivers\SbFsLock.sys
11:17:19.0726 0960 SbFsLock - ok
11:17:19.0742 0960 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:17:19.0742 0960 sbp2port - ok
11:17:19.0773 0960 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:17:19.0773 0960 scfilter - ok
11:17:19.0820 0960 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
11:17:19.0820 0960 sdbus - ok
11:17:19.0851 0960 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:17:19.0851 0960 secdrv - ok
11:17:19.0882 0960 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:17:19.0882 0960 Serenum - ok
11:17:19.0897 0960 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:17:19.0913 0960 Serial - ok
11:17:19.0991 0960 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:17:19.0991 0960 sermouse - ok
11:17:20.0038 0960 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:17:20.0038 0960 sffdisk - ok
11:17:20.0053 0960 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:17:20.0053 0960 sffp_mmc - ok
11:17:20.0069 0960 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:17:20.0069 0960 sffp_sd - ok
11:17:20.0085 0960 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:17:20.0085 0960 sfloppy - ok
11:17:20.0116 0960 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:17:20.0116 0960 SiSRaid2 - ok
11:17:20.0131 0960 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:17:20.0131 0960 SiSRaid4 - ok
11:17:20.0163 0960 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:17:20.0163 0960 Smb - ok
11:17:20.0241 0960 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:17:20.0241 0960 spldr - ok
11:17:20.0272 0960 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:17:20.0287 0960 srv - ok
11:17:20.0319 0960 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:17:20.0319 0960 srv2 - ok
11:17:20.0365 0960 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:17:20.0365 0960 srvnet - ok
11:17:20.0443 0960 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:17:20.0459 0960 stexstor - ok
11:17:20.0506 0960 STHDA (96df19a03d37f8568141612d31f0d035) C:\Windows\system32\DRIVERS\stwrt64.sys
11:17:20.0521 0960 STHDA - ok
11:17:20.0584 0960 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
11:17:20.0584 0960 storflt - ok
11:17:20.0631 0960 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
11:17:20.0631 0960 storvsc - ok
11:17:20.0662 0960 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:17:20.0662 0960 swenum - ok
11:17:20.0724 0960 SynTP (d268d2a0db2a2bbe963e688d0b039267) C:\Windows\system32\DRIVERS\SynTP.sys
11:17:20.0740 0960 SynTP - ok
11:17:20.0865 0960 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:17:20.0896 0960 Tcpip - ok
11:17:20.0927 0960 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:17:20.0927 0960 TCPIP6 - ok
11:17:20.0958 0960 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:17:20.0958 0960 tcpipreg - ok
11:17:20.0989 0960 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:17:21.0005 0960 TDPIPE - ok
11:17:21.0067 0960 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:17:21.0067 0960 TDTCP - ok
11:17:21.0099 0960 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:17:21.0099 0960 tdx - ok
11:17:21.0130 0960 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:17:21.0130 0960 TermDD - ok
11:17:21.0177 0960 tmactmon (ba4030f56aacecd0e6d413565b4aed75) C:\Windows\system32\DRIVERS\tmactmon.sys
11:17:21.0177 0960 tmactmon - ok
11:17:21.0192 0960 tmcomm (ed866799ca62626341632da9edecfd04) C:\Windows\system32\DRIVERS\tmcomm.sys
11:17:21.0192 0960 tmcomm - ok
11:17:21.0223 0960 tmevtmgr (84fb4b5c8dcd78163c440431fef3e096) C:\Windows\system32\DRIVERS\tmevtmgr.sys
11:17:21.0223 0960 tmevtmgr - ok
11:17:21.0301 0960 tmtdi (e5021a4a72204c15c52c546f9301baef) C:\Windows\system32\DRIVERS\tmtdi.sys
11:17:21.0301 0960 tmtdi - ok
11:17:21.0348 0960 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
11:17:21.0348 0960 TPM - ok
11:17:21.0379 0960 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:17:21.0379 0960 tssecsrv - ok
11:17:21.0426 0960 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:17:21.0426 0960 TsUsbFlt - ok
11:17:21.0457 0960 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:17:21.0457 0960 tunnel - ok
11:17:21.0520 0960 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:17:21.0520 0960 uagp35 - ok
11:17:21.0566 0960 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:17:21.0566 0960 udfs - ok
11:17:21.0613 0960 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:17:21.0613 0960 uliagpkx - ok
11:17:21.0644 0960 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:17:21.0644 0960 umbus - ok
11:17:21.0676 0960 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:17:21.0691 0960 UmPass - ok
11:17:21.0707 0960 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
11:17:21.0707 0960 usbccgp - ok
11:17:21.0738 0960 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:17:21.0738 0960 usbcir - ok
11:17:21.0800 0960 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
11:17:21.0800 0960 usbehci - ok
11:17:21.0832 0960 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
11:17:21.0832 0960 usbhub - ok
11:17:21.0847 0960 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
11:17:21.0847 0960 usbohci - ok
11:17:21.0863 0960 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:17:21.0878 0960 usbprint - ok
11:17:21.0910 0960 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:17:21.0910 0960 USBSTOR - ok
11:17:21.0941 0960 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
11:17:21.0941 0960 usbuhci - ok
11:17:21.0956 0960 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
11:17:21.0956 0960 usbvideo - ok
11:17:22.0050 0960 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:17:22.0050 0960 vdrvroot - ok
11:17:22.0081 0960 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:17:22.0081 0960 vga - ok
11:17:22.0097 0960 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:17:22.0112 0960 VgaSave - ok
11:17:22.0128 0960 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:17:22.0128 0960 vhdmp - ok
11:17:22.0175 0960 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:17:22.0175 0960 viaide - ok
11:17:22.0206 0960 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
11:17:22.0206 0960 vmbus - ok
11:17:22.0268 0960 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
11:17:22.0268 0960 VMBusHID - ok
11:17:22.0284 0960 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:17:22.0284 0960 volmgr - ok
11:17:22.0315 0960 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:17:22.0331 0960 volmgrx - ok
11:17:22.0378 0960 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:17:22.0378 0960 volsnap - ok
11:17:22.0409 0960 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
11:17:22.0409 0960 vpcbus - ok
11:17:22.0456 0960 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
11:17:22.0456 0960 vpcnfltr - ok
11:17:22.0534 0960 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
11:17:22.0534 0960 vpcusb - ok
11:17:22.0580 0960 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
11:17:22.0580 0960 vpcvmm - ok
11:17:22.0612 0960 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:17:22.0612 0960 vsmraid - ok
11:17:22.0627 0960 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:17:22.0627 0960 vwifibus - ok
11:17:22.0658 0960 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:17:22.0658 0960 vwififlt - ok
11:17:22.0705 0960 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:17:22.0705 0960 WacomPen - ok
11:17:22.0799 0960 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:17:22.0799 0960 WANARP - ok
11:17:22.0814 0960 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:17:22.0814 0960 Wanarpv6 - ok
11:17:22.0845 0960 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:17:22.0845 0960 Wd - ok
11:17:22.0877 0960 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:17:22.0877 0960 Wdf01000 - ok
11:17:22.0908 0960 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:17:22.0908 0960 WfpLwf - ok
11:17:22.0970 0960 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:17:22.0970 0960 WIMMount - ok
11:17:23.0048 0960 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:17:23.0048 0960 WmiAcpi - ok
11:17:23.0111 0960 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:17:23.0111 0960 ws2ifsl - ok
11:17:23.0142 0960 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:17:23.0142 0960 WudfPf - ok
11:17:23.0173 0960 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:17:23.0189 0960 WUDFRd - ok
11:17:23.0204 0960 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:17:23.0251 0960 \Device\Harddisk0\DR0 - ok
11:17:23.0282 0960 Boot (0x1200) (8585cf3fe5f128a5318c8565caf955aa) \Device\Harddisk0\DR0\Partition0
11:17:23.0282 0960 \Device\Harddisk0\DR0\Partition0 - ok
11:17:23.0282 0960 Boot (0x1200) (0f44ac0a6f2cdc61f9658ed5470a022e) \Device\Harddisk0\DR0\Partition1
11:17:23.0282 0960 \Device\Harddisk0\DR0\Partition1 - ok
11:17:23.0282 0960 ============================================================
11:17:23.0282 0960 Scan finished
11:17:23.0282 0960 ============================================================
11:17:23.0298 5252 Detected object count: 1
11:17:23.0298 5252 Actual detected object count: 1
11:17:31.0861 5252 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
11:17:31.0861 5252 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip
11:17:49.0798 5920 Deinitialize success

Here is the Malwarebytes log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 912022402

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

3/1/2012 11:11:39 AM
mbam-log-2012-03-01 (11-08-55).txt

Scan type: Full scan (C:\|)
Objects scanned: 415430
Time elapsed: 55 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\tdsskiller_quarantine\29.02.2012_18.07.54\mbr0000\tdlfs0000\tsk0006.dta (Rootkit.TDSS) -> No action taken.
c:\tdsskiller_quarantine\29.02.2012_18.07.54\mbr0000\tdlfs0000\tsk0007.dta (Rootkit.TDSS.64) -> No action taken.
c:\tdsskiller_quarantine\29.02.2012_18.07.54\mbr0000\tdlfs0000\tsk0008.dta (Rootkit.TDSS) -> No action taken.
c:\tdsskiller_quarantine\29.02.2012_18.07.54\mbr0000\tdlfs0000\tsk0009.dta (Rootkit.TDSS.64) -> No action taken.


I actually hit "Remove" on these items before closing MalwareBytes

Here is the ESET log:

C:\TDSSKiller_Quarantine\29.02.2012_18.07.54\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Olmasco.O trojan cleaned by deleting - quarantined


And the mini toolbox result:

MiniToolBox by Farbar Version: 18-01-2012
Ran by dstevens (administrator) on 01-03-2012 at 12:26:25
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Ralink RT3090 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 09 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/01/2012 11:18:27 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/29/2012 07:03:47 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "1, 2, 0, 17" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (02/29/2012 11:30:35 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4165819

Error: (02/29/2012 11:30:35 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4165819

Error: (02/29/2012 11:30:35 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/29/2012 11:30:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4150219

Error: (02/29/2012 11:30:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4150219

Error: (02/29/2012 11:30:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/29/2012 11:30:04 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4134619

Error: (02/29/2012 11:30:04 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4134619


System errors:
=============
Error: (03/01/2012 11:13:05 AM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain CHILDSPLAY due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (03/01/2012 03:00:46 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB2668562).

Error: (02/29/2012 06:11:15 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain CHILDSPLAY due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (02/29/2012 10:23:16 AM) (Source: NETLOGON) (User: )
Description: The session setup to the Windows NT or Windows 2000 Domain Controller \\IRIS.childsplay.local for the domain CHILDSPLAY
is not responsive. The current RPC call from Netlogon on \\CPLT6 to \\IRIS.childsplay.local has been cancelled.

Error: (02/29/2012 10:22:12 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB2668562).

Error: (02/28/2012 09:19:27 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error:
%%1056

Error: (02/28/2012 09:14:27 AM) (Source: Service Control Manager) (User: )
Description: The Remote Desktop Services service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/28/2012 09:14:27 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

Error: (02/28/2012 09:14:27 AM) (Source: Service Control Manager) (User: )
Description: The Workstation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (02/28/2012 09:14:27 AM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (03/01/2012 11:18:27 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\dstevens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6WJY5NK\esetsmartinstaller_enu[1].exe

Error: (02/29/2012 07:03:47 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversion1, 2, 0, 17c:\Program Files (x86)\Arcsoft\TotalMedia Suite\TotalMedia Studio MV\CaptureModule.exe.Manifestc:\Program Files (x86)\Arcsoft\TotalMedia Suite\TotalMedia Studio MV\CaptureModule.exe.Manifest3

Error: (02/29/2012 11:30:35 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4165819

Error: (02/29/2012 11:30:35 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4165819

Error: (02/29/2012 11:30:35 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/29/2012 11:30:20 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4150219

Error: (02/29/2012 11:30:20 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4150219

Error: (02/29/2012 11:30:20 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/29/2012 11:30:04 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4134619

Error: (02/29/2012 11:30:04 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4134619


=========================== Installed Programs ============================


========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 3887.43 MB
Available physical RAM: 1958.8 MB
Total Pagefile: 7773.05 MB
Available Pagefile: 5333.79 MB
Total Virtual: 4095.88 MB
Available Virtual: 3958.94 MB

========================= Partitions: =====================================

1 Drive c: (OSDisk) (Fixed) (Total:297.79 GB) (Free:244.04 GB) NTFS
3 Drive h: (User Volume) (Network) (Total:244.14 GB) (Free:43.04 GB) NTFS
4 Drive s: (User Volume) (Network) (Total:244.14 GB) (Free:43.04 GB) NTFS

========================= Users: ========================================

User accounts for \\CPLT6

Administrator BCS Guest


**** End of log ****


Thanks.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:09 AM

Posted 02 March 2012 - 02:28 AM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#7 CPtechwish

CPtechwish
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 02 March 2012 - 12:15 PM

When I try to launch the TFC TrendMicro blocks the site.

Just to be sure this isn't part of the redirection thing....the whole URL is http://oldtimer.geekstogo.com/TFC.exe
(Is that what you intended?)

If so, how crucial is it?

Can I just reset the restore points and go forward?

The computer seems to be behaving fine now.

Thanks.

#8 CPtechwish

CPtechwish
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 02 March 2012 - 12:37 PM

Hello, again...I googled the TFC program and it gets mixed reviews. I see that it's a temporary file cleaner, so I looked in the C: directory. The only file in the temp folder is this one:


24022012_NSC_TmProxy

Although I also see this quarantine file.

C:\TDSSKiller_Quarantine\29.02.2012_18.07.54

If I don't run the TFC, should I delete these files?

Thanks for your help!

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:09 AM

Posted 03 March 2012 - 03:48 AM

TFC is a genuine software,you can try running it in safemode

If you're not interested in running TFC ,then use

http://majorgeeks.com/ATF_Cleaner_d4949.html

Remove all the junk files,TDSSkiller quarantine folder can be manually deleted

good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users