Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Agent keeps coming back


  • Please log in to reply
13 replies to this topic

#1 Airym

Airym

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 07 March 2012 - 10:26 PM

Hi i am a first time poster here. My brother recommended i come here for help with this virus problem i have been having which drew me here.

I Am Running Windows 7 Home Premium service pack 1 64-bit operating system
now on to what i have done so far. I got this virus i think a month back not entirely sure when. I noticed something was up when my Google searches where getting hijacked. I noticed before every misdirect dbgame.info would pop up in the address bar. So i ran a Vipre anti virus scan first normal, then a safe mode scan nothing came up. so i tried changing antivirus over to Webroot Secure Anywhere Essentials still nothing turned up. I spent the next few days obsessing about dbgame.info trying to find out how to get rid of it but everything i found said i needed to go into the registry to remove it which i did not feel comfortable doing eventually my uncle recommended i try using the trial version of Malwarebytes which detected something called trojan.agent (2 instances) i assumed that was it so i removed it. I reconnected my computer to the internet and it seemed fixed for a few min but then it started redirecting again so i tried a safe mode scan it found trojan.agent again (2 instances) so i disconnnected from the internet and used a friends laptop to post here i am sorry if i forgot to post information needed

BC AdBot (Login to Remove)

 


#2 Celena

Celena

  • Banned Spammer
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 07 March 2012 - 10:50 PM

Trojan agent is what it means. It's a Trojan Virus. It's a very serious matter. Remove it with Malwarebytes and immediately run another virus scan such as Comodo free . After confirming you don't have any more traces of the virus I would then change all of your passwords for all of your websites. Start with the critical ones first such as banking and email. Good luck.

#3 Airym

Airym
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 08 March 2012 - 03:07 AM

k i used Comodo with malwarebytes like you said and it found 3 more called Huer.packed (1) and heur.corrupt.pe (2) and everything seems to be running smooth after finding those but i will wait awhile before using this comp to make sure it is really safe thank you a lot i pray it is fixed

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:54 PM

Posted 08 March 2012 - 05:54 AM

You may have rootkit..

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#5 Airym

Airym
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 08 March 2012 - 10:09 AM

okay i will do that as soon as i get off work i ran a scan last night before i went to sleep and malwarebytes found the same Trojan.agent in svchost seems they are still being reinstalled by something

#6 Airym

Airym
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 08 March 2012 - 04:23 PM

TDSS Log
10:58:29.0754 2464 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
10:58:29.0863 2464 ============================================================
10:58:29.0863 2464 Current date / time: 2012/03/08 10:58:29.0863
10:58:29.0863 2464 SystemInfo:
10:58:29.0863 2464
10:58:29.0863 2464 OS Version: 6.1.7601 ServicePack: 1.0
10:58:29.0863 2464 Product type: Workstation
10:58:29.0863 2464 ComputerName: SKY-PC
10:58:29.0863 2464 UserName: Sky
10:58:29.0863 2464 Windows directory: C:\Windows
10:58:29.0863 2464 System windows directory: C:\Windows
10:58:29.0863 2464 Running under WOW64
10:58:29.0863 2464 Processor architecture: Intel x64
10:58:29.0863 2464 Number of processors: 8
10:58:29.0863 2464 Page size: 0x1000
10:58:29.0863 2464 Boot type: Normal boot
10:58:29.0863 2464 ============================================================
10:58:31.0220 2464 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
10:58:31.0236 2464 Drive \Device\Harddisk1\DR1 - Size: 0x1D11B0000 (7.27 Gb), SectorSize: 0x200, Cylinders: 0x3B4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:58:31.0236 2464 \Device\Harddisk0\DR0:
10:58:31.0236 2464 MBR used
10:58:31.0236 2464 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:58:31.0236 2464 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
10:58:31.0236 2464 \Device\Harddisk1\DR1:
10:58:31.0236 2464 MBR used
10:58:31.0236 2464 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x1F80, BlocksNum 0xE86E00
10:58:31.0252 2464 Initialize success
10:58:31.0252 2464 ============================================================
10:58:34.0372 1624 ============================================================
10:58:34.0372 1624 Scan started
10:58:34.0372 1624 Mode: Manual;
10:58:34.0372 1624 ============================================================
10:58:35.0464 1624 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:58:35.0464 1624 1394ohci - ok
10:58:35.0495 1624 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:58:35.0495 1624 ACPI - ok
10:58:35.0510 1624 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:58:35.0510 1624 AcpiPmi - ok
10:58:35.0557 1624 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:58:35.0573 1624 adp94xx - ok
10:58:35.0635 1624 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:58:35.0651 1624 adpahci - ok
10:58:35.0666 1624 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:58:35.0682 1624 adpu320 - ok
10:58:35.0744 1624 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:58:35.0744 1624 AFD - ok
10:58:35.0822 1624 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:58:35.0822 1624 agp440 - ok
10:58:35.0869 1624 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:58:35.0869 1624 aliide - ok
10:58:35.0885 1624 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:58:35.0885 1624 amdide - ok
10:58:35.0947 1624 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:58:35.0947 1624 AmdK8 - ok
10:58:35.0994 1624 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:58:36.0010 1624 AmdPPM - ok
10:58:36.0025 1624 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:58:36.0025 1624 amdsata - ok
10:58:36.0041 1624 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:58:36.0056 1624 amdsbs - ok
10:58:36.0259 1624 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:58:36.0259 1624 amdxata - ok
10:58:36.0400 1624 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:58:36.0400 1624 AppID - ok
10:58:36.0478 1624 appliandMP (0eeff7103e4f3e783f3d2b870af67f1c) C:\Windows\system32\DRIVERS\appliand.sys
10:58:36.0478 1624 appliandMP - ok
10:58:36.0556 1624 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:58:36.0556 1624 arc - ok
10:58:36.0571 1624 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:58:36.0587 1624 arcsas - ok
10:58:36.0618 1624 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:58:36.0618 1624 AsyncMac - ok
10:58:36.0665 1624 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:58:36.0665 1624 atapi - ok
10:58:36.0790 1624 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:58:36.0805 1624 b06bdrv - ok
10:58:36.0836 1624 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:58:36.0836 1624 b57nd60a - ok
10:58:36.0961 1624 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:58:36.0961 1624 Beep - ok
10:58:36.0992 1624 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:58:36.0992 1624 blbdrive - ok
10:58:37.0024 1624 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:58:37.0039 1624 bowser - ok
10:58:37.0086 1624 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:58:37.0086 1624 BrFiltLo - ok
10:58:37.0102 1624 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:58:37.0102 1624 BrFiltUp - ok
10:58:37.0148 1624 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:58:37.0148 1624 Brserid - ok
10:58:37.0164 1624 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:58:37.0164 1624 BrSerWdm - ok
10:58:37.0211 1624 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:58:37.0211 1624 BrUsbMdm - ok
10:58:37.0226 1624 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:58:37.0226 1624 BrUsbSer - ok
10:58:37.0258 1624 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
10:58:37.0273 1624 BTCFilterService - ok
10:58:37.0289 1624 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:58:37.0304 1624 BTHMODEM - ok
10:58:37.0351 1624 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:58:37.0367 1624 cdfs - ok
10:58:37.0414 1624 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:58:37.0414 1624 cdrom - ok
10:58:37.0445 1624 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:58:37.0445 1624 circlass - ok
10:58:37.0476 1624 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:58:37.0476 1624 CLFS - ok
10:58:37.0570 1624 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:58:37.0570 1624 CmBatt - ok
10:58:37.0616 1624 cmderd (fa26df95bfbeccbd44c961834789c549) C:\Windows\system32\DRIVERS\cmderd.sys
10:58:37.0616 1624 cmderd - ok
10:58:37.0694 1624 cmdGuard (755f1e440b6c90d83fe3e50331e55298) C:\Windows\system32\DRIVERS\cmdguard.sys
10:58:37.0710 1624 cmdGuard - ok
10:58:37.0757 1624 cmdHlp (4b5b1688ab86ebced4bef8d337e9a722) C:\Windows\system32\DRIVERS\cmdhlp.sys
10:58:37.0757 1624 cmdHlp - ok
10:58:37.0788 1624 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:58:37.0788 1624 cmdide - ok
10:58:37.0882 1624 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:58:37.0882 1624 CNG - ok
10:58:37.0928 1624 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:58:37.0928 1624 Compbatt - ok
10:58:38.0006 1624 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:58:38.0006 1624 CompositeBus - ok
10:58:38.0053 1624 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:58:38.0053 1624 crcdisk - ok
10:58:38.0162 1624 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:58:38.0162 1624 DfsC - ok
10:58:38.0209 1624 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:58:38.0209 1624 discache - ok
10:58:38.0240 1624 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:58:38.0240 1624 Disk - ok
10:58:38.0303 1624 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:58:38.0303 1624 drmkaud - ok
10:58:38.0365 1624 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:58:38.0365 1624 DXGKrnl - ok
10:58:38.0428 1624 EagleX64 - ok
10:58:38.0506 1624 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:58:38.0568 1624 ebdrv - ok
10:58:38.0646 1624 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:58:38.0646 1624 elxstor - ok
10:58:38.0677 1624 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:58:38.0677 1624 ErrDev - ok
10:58:38.0708 1624 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:58:38.0724 1624 exfat - ok
10:58:38.0740 1624 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:58:38.0755 1624 fastfat - ok
10:58:38.0833 1624 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:58:38.0833 1624 fdc - ok
10:58:38.0880 1624 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:58:38.0896 1624 FileInfo - ok
10:58:39.0005 1624 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:58:39.0067 1624 Filetrace - ok
10:58:39.0192 1624 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:58:39.0208 1624 flpydisk - ok
10:58:39.0270 1624 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:58:39.0286 1624 FltMgr - ok
10:58:39.0301 1624 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:58:39.0301 1624 FsDepends - ok
10:58:39.0395 1624 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
10:58:39.0395 1624 fssfltr - ok
10:58:39.0442 1624 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:58:39.0442 1624 Fs_Rec - ok
10:58:39.0504 1624 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:58:39.0504 1624 fvevol - ok
10:58:39.0535 1624 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:58:39.0535 1624 gagp30kx - ok
10:58:39.0582 1624 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:58:39.0582 1624 GEARAspiWDM - ok
10:58:39.0691 1624 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:58:39.0691 1624 hcw85cir - ok
10:58:39.0722 1624 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:58:39.0722 1624 HdAudAddService - ok
10:58:39.0800 1624 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:58:39.0816 1624 HDAudBus - ok
10:58:39.0832 1624 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:58:39.0832 1624 HidBatt - ok
10:58:39.0863 1624 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:58:39.0863 1624 HidBth - ok
10:58:39.0894 1624 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:58:39.0894 1624 HidIr - ok
10:58:39.0972 1624 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:58:39.0972 1624 HidUsb - ok
10:58:40.0019 1624 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:58:40.0019 1624 HpSAMD - ok
10:58:40.0081 1624 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:58:40.0081 1624 HTTP - ok
10:58:40.0144 1624 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:58:40.0144 1624 hwpolicy - ok
10:58:40.0190 1624 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:58:40.0190 1624 i8042prt - ok
10:58:40.0237 1624 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:58:40.0237 1624 iaStorV - ok
10:58:40.0331 1624 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:58:40.0331 1624 iirsp - ok
10:58:40.0378 1624 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
10:58:40.0378 1624 inspect - ok
10:58:40.0456 1624 IntcAzAudAddService (42943bb3ab7a405b30eff7c8283cc129) C:\Windows\system32\drivers\RTKVHD64.sys
10:58:40.0487 1624 IntcAzAudAddService - ok
10:58:40.0502 1624 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:58:40.0518 1624 intelide - ok
10:58:40.0580 1624 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:58:40.0580 1624 intelppm - ok
10:58:40.0643 1624 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:58:40.0643 1624 IpFilterDriver - ok
10:58:40.0674 1624 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:58:40.0674 1624 IPMIDRV - ok
10:58:40.0705 1624 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:58:40.0705 1624 IPNAT - ok
10:58:40.0768 1624 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:58:40.0783 1624 IRENUM - ok
10:58:40.0814 1624 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:58:40.0814 1624 isapnp - ok
10:58:40.0846 1624 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:58:40.0846 1624 iScsiPrt - ok
10:58:40.0908 1624 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:58:40.0908 1624 kbdclass - ok
10:58:40.0924 1624 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
10:58:40.0924 1624 kbdhid - ok
10:58:40.0970 1624 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:58:40.0986 1624 KSecDD - ok
10:58:41.0002 1624 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:58:41.0002 1624 KSecPkg - ok
10:58:41.0033 1624 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:58:41.0033 1624 ksthunk - ok
10:58:41.0126 1624 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:58:41.0126 1624 LHidFilt - ok
10:58:41.0173 1624 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:58:41.0189 1624 lltdio - ok
10:58:41.0204 1624 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:58:41.0220 1624 LMouFilt - ok
10:58:41.0267 1624 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:58:41.0267 1624 LSI_FC - ok
10:58:41.0298 1624 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:58:41.0314 1624 LSI_SAS - ok
10:58:41.0329 1624 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:58:41.0329 1624 LSI_SAS2 - ok
10:58:41.0360 1624 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:58:41.0360 1624 LSI_SCSI - ok
10:58:41.0423 1624 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:58:41.0423 1624 luafv - ok
10:58:41.0470 1624 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
10:58:41.0470 1624 MBAMProtector - ok
10:58:41.0563 1624 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
10:58:41.0563 1624 mcdbus - ok
10:58:41.0626 1624 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:58:41.0626 1624 megasas - ok
10:58:41.0672 1624 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:58:41.0688 1624 MegaSR - ok
10:58:41.0704 1624 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:58:41.0704 1624 Modem - ok
10:58:41.0735 1624 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:58:41.0735 1624 monitor - ok
10:58:41.0797 1624 motccgp (c94a2ea3fdfa5d650884926b710b7db1) C:\Windows\system32\DRIVERS\motccgp.sys
10:58:41.0813 1624 motccgp - ok
10:58:41.0844 1624 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
10:58:41.0860 1624 motccgpfl - ok
10:58:41.0891 1624 motmodem (060f0ef84f430802df3788f3dcfd009c) C:\Windows\system32\DRIVERS\motmodem.sys
10:58:41.0906 1624 motmodem - ok
10:58:41.0922 1624 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
10:58:41.0922 1624 MotoSwitchService - ok
10:58:41.0938 1624 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
10:58:41.0938 1624 Motousbnet - ok
10:58:41.0984 1624 motusbdevice (4244e427cda5f6485e74461b5b48a7b6) C:\Windows\system32\DRIVERS\motusbdevice.sys
10:58:41.0984 1624 motusbdevice - ok
10:58:42.0047 1624 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
10:58:42.0047 1624 mouclass - ok
10:58:42.0078 1624 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:58:42.0078 1624 mouhid - ok
10:58:42.0343 1624 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:58:42.0343 1624 mountmgr - ok
10:58:42.0406 1624 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:58:42.0406 1624 mpio - ok
10:58:42.0437 1624 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:58:42.0437 1624 mpsdrv - ok
10:58:42.0468 1624 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:58:42.0468 1624 MRxDAV - ok
10:58:42.0530 1624 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:58:42.0530 1624 mrxsmb - ok
10:58:42.0624 1624 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:58:42.0686 1624 mrxsmb10 - ok
10:58:42.0764 1624 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:58:42.0764 1624 mrxsmb20 - ok
10:58:42.0842 1624 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:58:42.0858 1624 msahci - ok
10:58:42.0920 1624 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:58:42.0920 1624 msdsm - ok
10:58:42.0983 1624 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:58:42.0983 1624 Msfs - ok
10:58:43.0045 1624 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:58:43.0045 1624 mshidkmdf - ok
10:58:43.0061 1624 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:58:43.0061 1624 msisadrv - ok
10:58:43.0139 1624 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:58:43.0139 1624 MSKSSRV - ok
10:58:43.0248 1624 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:58:43.0264 1624 MSPCLOCK - ok
10:58:43.0310 1624 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:58:43.0326 1624 MSPQM - ok
10:58:43.0513 1624 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:58:43.0513 1624 MsRPC - ok
10:58:43.0591 1624 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:58:43.0591 1624 mssmbios - ok
10:58:43.0638 1624 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:58:43.0638 1624 MSTEE - ok
10:58:43.0716 1624 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:58:43.0716 1624 MTConfig - ok
10:58:43.0747 1624 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:58:43.0747 1624 Mup - ok
10:58:43.0810 1624 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:58:43.0810 1624 NativeWifiP - ok
10:58:43.0950 1624 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:58:43.0981 1624 NDIS - ok
10:58:44.0044 1624 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:58:44.0044 1624 NdisCap - ok
10:58:44.0200 1624 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:58:44.0200 1624 NdisTapi - ok
10:58:44.0246 1624 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:58:44.0246 1624 Ndisuio - ok
10:58:44.0309 1624 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:58:44.0309 1624 NdisWan - ok
10:58:44.0387 1624 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:58:44.0387 1624 NDProxy - ok
10:58:44.0434 1624 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:58:44.0434 1624 NetBIOS - ok
10:58:44.0465 1624 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:58:44.0465 1624 NetBT - ok
10:58:44.0558 1624 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:58:44.0574 1624 nfrd960 - ok
10:58:44.0605 1624 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:58:44.0605 1624 Npfs - ok
10:58:44.0621 1624 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:58:44.0621 1624 nsiproxy - ok
10:58:44.0699 1624 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:58:44.0714 1624 Ntfs - ok
10:58:44.0777 1624 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:58:44.0777 1624 Null - ok
10:58:44.0995 1624 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:58:45.0120 1624 nvlddmkm - ok
10:58:45.0198 1624 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:58:45.0214 1624 nvraid - ok
10:58:45.0229 1624 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:58:45.0245 1624 nvstor - ok
10:58:45.0292 1624 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:58:45.0307 1624 nv_agp - ok
10:58:45.0323 1624 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:58:45.0323 1624 ohci1394 - ok
10:58:45.0370 1624 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:58:45.0385 1624 Parport - ok
10:58:45.0448 1624 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:58:45.0448 1624 partmgr - ok
10:58:45.0479 1624 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:58:45.0494 1624 pci - ok
10:58:45.0510 1624 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:58:45.0510 1624 pciide - ok
10:58:45.0526 1624 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:58:45.0526 1624 pcmcia - ok
10:58:45.0557 1624 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:58:45.0557 1624 pcw - ok
10:58:45.0604 1624 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:58:45.0619 1624 PEAUTH - ok
10:58:45.0697 1624 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:58:45.0697 1624 PptpMiniport - ok
10:58:45.0760 1624 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:58:45.0760 1624 Processor - ok
10:58:45.0822 1624 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:58:45.0822 1624 Psched - ok
10:58:45.0916 1624 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
10:58:45.0916 1624 PxHlpa64 - ok
10:58:45.0994 1624 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:58:46.0025 1624 ql2300 - ok
10:58:46.0040 1624 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:58:46.0040 1624 ql40xx - ok
10:58:46.0056 1624 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:58:46.0056 1624 QWAVEdrv - ok
10:58:46.0087 1624 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:58:46.0103 1624 RasAcd - ok
10:58:46.0181 1624 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:58:46.0181 1624 RasAgileVpn - ok
10:58:46.0212 1624 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:58:46.0228 1624 Rasl2tp - ok
10:58:46.0274 1624 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:58:46.0274 1624 RasPppoe - ok
10:58:46.0352 1624 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:58:46.0352 1624 RasSstp - ok
10:58:46.0430 1624 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:58:46.0446 1624 rdbss - ok
10:58:46.0508 1624 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:58:46.0508 1624 rdpbus - ok
10:58:46.0540 1624 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:58:46.0540 1624 RDPCDD - ok
10:58:46.0555 1624 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:58:46.0555 1624 RDPENCDD - ok
10:58:46.0571 1624 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:58:46.0571 1624 RDPREFMP - ok
10:58:46.0618 1624 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
10:58:46.0618 1624 RDPWD - ok
10:58:46.0680 1624 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:58:46.0680 1624 rdyboost - ok
10:58:46.0758 1624 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:58:46.0758 1624 rspndr - ok
10:58:46.0805 1624 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:58:46.0805 1624 RTL8167 - ok
10:58:46.0852 1624 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:58:46.0852 1624 sbp2port - ok
10:58:46.0914 1624 SBRE - ok
10:58:46.0961 1624 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:58:46.0961 1624 scfilter - ok
10:58:47.0039 1624 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:58:47.0039 1624 secdrv - ok
10:58:47.0101 1624 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:58:47.0101 1624 Serenum - ok
10:58:47.0132 1624 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:58:47.0132 1624 Serial - ok
10:58:47.0164 1624 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:58:47.0179 1624 sermouse - ok
10:58:47.0226 1624 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:58:47.0226 1624 sffdisk - ok
10:58:47.0257 1624 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:58:47.0257 1624 sffp_mmc - ok
10:58:47.0273 1624 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:58:47.0273 1624 sffp_sd - ok
10:58:47.0304 1624 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:58:47.0320 1624 sfloppy - ok
10:58:47.0382 1624 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
10:58:47.0398 1624 Sftfs - ok
10:58:47.0460 1624 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
10:58:47.0460 1624 Sftplay - ok
10:58:47.0507 1624 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
10:58:47.0507 1624 Sftredir - ok
10:58:47.0522 1624 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
10:58:47.0522 1624 Sftvol - ok
10:58:47.0585 1624 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:58:47.0585 1624 SiSRaid2 - ok
10:58:47.0616 1624 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:58:47.0616 1624 SiSRaid4 - ok
10:58:47.0663 1624 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:58:47.0663 1624 Smb - ok
10:58:47.0710 1624 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:58:47.0725 1624 spldr - ok
10:58:47.0788 1624 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
10:58:47.0788 1624 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
10:58:47.0803 1624 sptd ( LockedFile.Multi.Generic ) - warning
10:58:47.0803 1624 sptd - detected LockedFile.Multi.Generic (1)
10:58:47.0866 1624 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:58:47.0881 1624 srv - ok
10:58:47.0912 1624 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:58:47.0912 1624 srv2 - ok
10:58:47.0944 1624 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:58:47.0944 1624 srvnet - ok
10:58:48.0053 1624 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:58:48.0053 1624 stexstor - ok
10:58:48.0178 1624 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:58:48.0193 1624 swenum - ok
10:58:48.0271 1624 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
10:58:48.0302 1624 Tcpip - ok
10:58:48.0380 1624 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
10:58:48.0396 1624 TCPIP6 - ok
10:58:48.0427 1624 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:58:48.0427 1624 tcpipreg - ok
10:58:48.0474 1624 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:58:48.0474 1624 TDPIPE - ok
10:58:48.0490 1624 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
10:58:48.0505 1624 TDTCP - ok
10:58:48.0536 1624 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:58:48.0536 1624 tdx - ok
10:58:48.0614 1624 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:58:48.0614 1624 TermDD - ok
10:58:48.0692 1624 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:58:48.0692 1624 tssecsrv - ok
10:58:48.0770 1624 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:58:48.0770 1624 TsUsbFlt - ok
10:58:48.0802 1624 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:58:48.0817 1624 tunnel - ok
10:58:48.0848 1624 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:58:48.0848 1624 uagp35 - ok
10:58:48.0942 1624 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:58:48.0958 1624 udfs - ok
10:58:49.0020 1624 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:58:49.0020 1624 uliagpkx - ok
10:58:49.0082 1624 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:58:49.0082 1624 umbus - ok
10:58:49.0114 1624 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:58:49.0114 1624 UmPass - ok
10:58:49.0285 1624 USB28xxBGA (1e1786e15f91183be26732e89adc1817) C:\Windows\system32\DRIVERS\emBDA64.sys
10:58:49.0394 1624 USB28xxBGA - ok
10:58:49.0426 1624 USB28xxOEM (e97f0e00adbc1bcef691c71dbee77041) C:\Windows\system32\DRIVERS\emOEM64.sys
10:58:49.0441 1624 USB28xxOEM - ok
10:58:49.0504 1624 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
10:58:49.0519 1624 USBAAPL64 - ok
10:58:49.0566 1624 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
10:58:49.0566 1624 usbaudio - ok
10:58:49.0613 1624 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:58:49.0613 1624 usbccgp - ok
10:58:49.0660 1624 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:58:49.0675 1624 usbcir - ok
10:58:49.0691 1624 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:58:49.0706 1624 usbehci - ok
10:58:49.0722 1624 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:58:49.0722 1624 usbhub - ok
10:58:49.0784 1624 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:58:49.0784 1624 usbohci - ok
10:58:49.0816 1624 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:58:49.0816 1624 usbprint - ok
10:58:49.0831 1624 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:58:49.0831 1624 USBSTOR - ok
10:58:49.0894 1624 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
10:58:49.0894 1624 usbuhci - ok
10:58:49.0940 1624 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:58:49.0940 1624 vdrvroot - ok
10:58:50.0003 1624 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:58:50.0003 1624 vga - ok
10:58:50.0034 1624 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:58:50.0034 1624 VgaSave - ok
10:58:50.0112 1624 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:58:50.0112 1624 vhdmp - ok
10:58:50.0143 1624 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:58:50.0159 1624 viaide - ok
10:58:50.0237 1624 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:58:50.0237 1624 volmgr - ok
10:58:50.0299 1624 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:58:50.0315 1624 volmgrx - ok
10:58:50.0362 1624 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:58:50.0362 1624 volsnap - ok
10:58:50.0424 1624 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:58:50.0424 1624 vsmraid - ok
10:58:50.0455 1624 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
10:58:50.0455 1624 vwifibus - ok
10:58:50.0518 1624 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:58:50.0518 1624 WacomPen - ok
10:58:50.0580 1624 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:58:50.0580 1624 WANARP - ok
10:58:50.0596 1624 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:58:50.0596 1624 Wanarpv6 - ok
10:58:50.0658 1624 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:58:50.0658 1624 Wd - ok
10:58:50.0720 1624 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:58:50.0720 1624 Wdf01000 - ok
10:58:50.0798 1624 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:58:50.0798 1624 WfpLwf - ok
10:58:50.0830 1624 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:58:50.0830 1624 WIMMount - ok
10:58:50.0923 1624 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:58:50.0923 1624 WinUsb - ok
10:58:50.0986 1624 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:58:50.0986 1624 WmiAcpi - ok
10:58:51.0079 1624 WRkrn (c8d8562afd74a53e6e1ef349e8445301) C:\Windows\system32\drivers\WRkrn.sys
10:58:51.0079 1624 WRkrn - ok
10:58:51.0126 1624 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:58:51.0126 1624 ws2ifsl - ok
10:58:51.0204 1624 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:58:51.0204 1624 WudfPf - ok
10:58:51.0235 1624 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:58:51.0251 1624 WUDFRd - ok
10:58:51.0298 1624 xwQyoeFL - ok
10:58:51.0344 1624 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
10:58:51.0360 1624 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
10:58:51.0360 1624 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
10:58:51.0360 1624 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
10:58:53.0029 1624 \Device\Harddisk1\DR1 - ok
10:58:53.0029 1624 Boot (0x1200) (f9f2e0abec5097243a7adbbeaa39e725) \Device\Harddisk0\DR0\Partition0
10:58:53.0029 1624 \Device\Harddisk0\DR0\Partition0 - ok
10:58:53.0045 1624 Boot (0x1200) (32259d440b45d92a25d9ecbfdd29b529) \Device\Harddisk0\DR0\Partition1
10:58:53.0045 1624 \Device\Harddisk0\DR0\Partition1 - ok
10:58:53.0045 1624 Boot (0x1200) (2d878c4419067c220fd734b33cd6afc1) \Device\Harddisk1\DR1\Partition0
10:58:53.0045 1624 \Device\Harddisk1\DR1\Partition0 - ok
10:58:53.0045 1624 ============================================================
10:58:53.0045 1624 Scan finished
10:58:53.0045 1624 ============================================================
10:58:53.0060 1132 Detected object count: 2
10:58:53.0060 1132 Actual detected object count: 2
10:59:11.0032 1132 sptd ( LockedFile.Multi.Generic ) - skipped by user
10:59:11.0032 1132 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
10:59:11.0203 1132 \Device\Harddisk0\DR0\# - copied to quarantine
10:59:11.0250 1132 \Device\Harddisk0\DR0 - copied to quarantine
10:59:11.0297 1132 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
10:59:11.0312 1132 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
10:59:11.0328 1132 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
10:59:11.0406 1132 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
10:59:11.0453 1132 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
10:59:11.0484 1132 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
10:59:11.0500 1132 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
10:59:11.0531 1132 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
10:59:11.0562 1132 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
10:59:11.0578 1132 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
10:59:11.0593 1132 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
10:59:11.0624 1132 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
10:59:11.0687 1132 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
10:59:11.0718 1132 \Device\Harddisk0\DR0 - ok
10:59:25.0212 1132 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
11:00:33.0540 3972 Deinitialize success

aswMBR Log
aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-08 11:03:55
-----------------------------
11:03:55.776 OS Version: Windows x64 6.1.7601 Service Pack 1
11:03:55.776 Number of processors: 8 586 0x1E05
11:03:55.776 ComputerName: SKY-PC UserName: Sky
11:04:00.113 Initialize success
11:15:34.471 AVAST engine defs: 12030800
11:15:56.326 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-7
11:15:56.342 Disk 0 Vendor: Hitachi_HDS721010CLA332 JP4OA3EA Size: 953869MB BusType: 3
11:15:56.358 Disk 0 MBR read successfully
11:15:56.358 Disk 0 MBR scan
11:15:56.358 Disk 0 Windows 7 default MBR code
11:15:56.373 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:15:56.404 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
11:15:56.436 Disk 0 scanning C:\Windows\system32\drivers
11:16:10.164 Service scanning
11:16:33.205 Modules scanning
11:16:33.205 Disk 0 trace - called modules:
11:16:33.798 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80067c52c0]<<spcl.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
11:16:33.813 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800780b790]
11:16:33.813 3 CLASSPNP.SYS[fffff88001bbe43f] -> nt!IofCallDriver -> [0xfffffa80075ee520]
11:16:33.829 5 ACPI.sys[fffff880011a67a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-7[0xfffffa80075e9680]
11:16:33.829 \Driver\atapi[0xfffffa80075b14b0] -> IRP_MJ_CREATE -> 0xfffffa80067c52c0
11:16:36.013 AVAST engine scan C:\Windows
11:16:41.957 AVAST engine scan C:\Windows\system32
11:19:12.715 AVAST engine scan C:\Windows\system32\drivers
11:19:24.353 AVAST engine scan C:\Users\Sky
11:25:18.661 Disk 0 MBR has been saved successfully to ""
11:25:18.661 The log file has been saved successfully to ""

#7 Airym

Airym
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 08 March 2012 - 04:57 PM

TDSS Log (sorry i forgot to change parameters in the first one)
15:51:03.0498 1492 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
15:51:05.0511 1492 ============================================================
15:51:05.0511 1492 Current date / time: 2012/03/08 15:51:05.0511
15:51:05.0511 1492 SystemInfo:
15:51:05.0511 1492
15:51:05.0511 1492 OS Version: 6.1.7601 ServicePack: 1.0
15:51:05.0511 1492 Product type: Workstation
15:51:05.0511 1492 ComputerName: SKY-PC
15:51:05.0511 1492 UserName: Sky
15:51:05.0511 1492 Windows directory: C:\Windows
15:51:05.0511 1492 System windows directory: C:\Windows
15:51:05.0511 1492 Running under WOW64
15:51:05.0511 1492 Processor architecture: Intel x64
15:51:05.0511 1492 Number of processors: 8
15:51:05.0511 1492 Page size: 0x1000
15:51:05.0511 1492 Boot type: Normal boot
15:51:05.0511 1492 ============================================================
15:51:11.0049 1492 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
15:51:11.0111 1492 \Device\Harddisk0\DR0:
15:51:11.0111 1492 MBR used
15:51:11.0111 1492 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:51:11.0111 1492 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
15:51:11.0283 1492 Initialize success
15:51:11.0283 1492 ============================================================
15:51:47.0132 4144 ============================================================
15:51:47.0132 4144 Scan started
15:51:47.0132 4144 Mode: Manual; TDLFS;
15:51:47.0132 4144 ============================================================
15:51:49.0113 4144 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:51:49.0113 4144 1394ohci - ok
15:51:49.0799 4144 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:51:49.0799 4144 ACPI - ok
15:51:50.0158 4144 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:51:50.0158 4144 AcpiPmi - ok
15:51:50.0611 4144 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:51:50.0611 4144 adp94xx - ok
15:51:51.0609 4144 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:51:51.0609 4144 adpahci - ok
15:51:51.0874 4144 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:51:51.0890 4144 adpu320 - ok
15:51:52.0779 4144 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:51:52.0779 4144 AFD - ok
15:51:53.0309 4144 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:51:53.0325 4144 agp440 - ok
15:51:54.0292 4144 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:51:54.0292 4144 aliide - ok
15:51:54.0573 4144 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:51:54.0573 4144 amdide - ok
15:51:55.0166 4144 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:51:55.0166 4144 AmdK8 - ok
15:51:55.0493 4144 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:51:55.0509 4144 AmdPPM - ok
15:51:55.0665 4144 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:51:55.0665 4144 amdsata - ok
15:51:56.0258 4144 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:51:56.0258 4144 amdsbs - ok
15:51:56.0601 4144 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:51:56.0601 4144 amdxata - ok
15:51:57.0584 4144 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:51:57.0584 4144 AppID - ok
15:51:58.0130 4144 appliandMP (0eeff7103e4f3e783f3d2b870af67f1c) C:\Windows\system32\DRIVERS\appliand.sys
15:51:58.0130 4144 appliandMP - ok
15:51:58.0395 4144 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:51:58.0395 4144 arc - ok
15:51:59.0331 4144 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:51:59.0347 4144 arcsas - ok
15:51:59.0503 4144 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:51:59.0503 4144 AsyncMac - ok
15:51:59.0721 4144 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:51:59.0721 4144 atapi - ok
15:52:00.0501 4144 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:52:00.0501 4144 b06bdrv - ok
15:52:01.0125 4144 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:52:01.0125 4144 b57nd60a - ok
15:52:01.0936 4144 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:52:01.0936 4144 Beep - ok
15:52:02.0155 4144 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:52:02.0155 4144 blbdrive - ok
15:52:02.0701 4144 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:52:02.0701 4144 bowser - ok
15:52:03.0059 4144 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:52:03.0059 4144 BrFiltLo - ok
15:52:03.0231 4144 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:52:03.0231 4144 BrFiltUp - ok
15:52:04.0089 4144 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:52:04.0089 4144 Brserid - ok
15:52:04.0666 4144 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:52:04.0666 4144 BrSerWdm - ok
15:52:04.0978 4144 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:52:04.0978 4144 BrUsbMdm - ok
15:52:05.0446 4144 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:52:05.0446 4144 BrUsbSer - ok
15:52:05.0727 4144 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
15:52:05.0727 4144 BTCFilterService - ok
15:52:05.0899 4144 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:52:05.0914 4144 BTHMODEM - ok
15:52:06.0164 4144 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:52:06.0164 4144 cdfs - ok
15:52:06.0850 4144 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:52:06.0850 4144 cdrom - ok
15:52:07.0412 4144 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:52:07.0427 4144 circlass - ok
15:52:08.0395 4144 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:52:08.0441 4144 CLFS - ok
15:52:09.0611 4144 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:52:09.0611 4144 CmBatt - ok
15:52:10.0376 4144 cmderd (fa26df95bfbeccbd44c961834789c549) C:\Windows\system32\DRIVERS\cmderd.sys
15:52:10.0376 4144 cmderd - ok
15:52:11.0359 4144 cmdGuard (755f1e440b6c90d83fe3e50331e55298) C:\Windows\system32\DRIVERS\cmdguard.sys
15:52:11.0374 4144 cmdGuard - ok
15:52:11.0920 4144 cmdHlp (4b5b1688ab86ebced4bef8d337e9a722) C:\Windows\system32\DRIVERS\cmdhlp.sys
15:52:11.0920 4144 cmdHlp - ok
15:52:13.0090 4144 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:52:13.0090 4144 cmdide - ok
15:52:13.0964 4144 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:52:13.0964 4144 CNG - ok
15:52:14.0276 4144 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:52:14.0276 4144 Compbatt - ok
15:52:14.0666 4144 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:52:14.0666 4144 CompositeBus - ok
15:52:15.0040 4144 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:52:15.0040 4144 crcdisk - ok
15:52:15.0883 4144 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:52:15.0883 4144 DfsC - ok
15:52:16.0475 4144 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:52:16.0475 4144 discache - ok
15:52:16.0990 4144 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:52:16.0990 4144 Disk - ok
15:52:17.0536 4144 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:52:17.0536 4144 drmkaud - ok
15:52:18.0129 4144 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:52:18.0129 4144 DXGKrnl - ok
15:52:18.0800 4144 EagleX64 - ok
15:52:20.0266 4144 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:52:20.0344 4144 ebdrv - ok
15:52:20.0953 4144 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:52:20.0968 4144 elxstor - ok
15:52:21.0608 4144 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:52:21.0608 4144 ErrDev - ok
15:52:22.0357 4144 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:52:22.0357 4144 exfat - ok
15:52:23.0090 4144 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:52:23.0090 4144 fastfat - ok
15:52:23.0511 4144 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:52:23.0511 4144 fdc - ok
15:52:24.0307 4144 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:52:24.0307 4144 FileInfo - ok
15:52:25.0133 4144 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:52:25.0133 4144 Filetrace - ok
15:52:26.0319 4144 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:52:26.0319 4144 flpydisk - ok
15:52:26.0990 4144 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:52:26.0990 4144 FltMgr - ok
15:52:27.0583 4144 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:52:27.0583 4144 FsDepends - ok
15:52:28.0331 4144 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
15:52:28.0331 4144 fssfltr - ok
15:52:28.0909 4144 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:52:28.0909 4144 Fs_Rec - ok
15:52:30.0079 4144 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:52:30.0079 4144 fvevol - ok
15:52:30.0734 4144 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:52:30.0734 4144 gagp30kx - ok
15:52:31.0155 4144 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:52:31.0155 4144 GEARAspiWDM - ok
15:52:31.0701 4144 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:52:31.0701 4144 hcw85cir - ok
15:52:32.0231 4144 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:52:32.0231 4144 HdAudAddService - ok
15:52:32.0731 4144 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:52:32.0731 4144 HDAudBus - ok
15:52:33.0245 4144 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:52:33.0245 4144 HidBatt - ok
15:52:33.0573 4144 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:52:33.0573 4144 HidBth - ok
15:52:33.0838 4144 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:52:33.0838 4144 HidIr - ok
15:52:34.0587 4144 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:52:34.0587 4144 HidUsb - ok
15:52:35.0008 4144 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:52:35.0008 4144 HpSAMD - ok
15:52:35.0383 4144 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:52:35.0383 4144 HTTP - ok
15:52:35.0601 4144 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:52:35.0601 4144 hwpolicy - ok
15:52:35.0851 4144 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:52:35.0851 4144 i8042prt - ok
15:52:36.0147 4144 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:52:36.0163 4144 iaStorV - ok
15:52:36.0599 4144 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:52:36.0599 4144 iirsp - ok
15:52:36.0771 4144 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
15:52:36.0771 4144 inspect - ok
15:52:37.0348 4144 IntcAzAudAddService (42943bb3ab7a405b30eff7c8283cc129) C:\Windows\system32\drivers\RTKVHD64.sys
15:52:37.0364 4144 IntcAzAudAddService - ok
15:52:37.0567 4144 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:52:37.0567 4144 intelide - ok
15:52:38.0362 4144 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:52:38.0362 4144 intelppm - ok
15:52:39.0267 4144 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:52:39.0267 4144 IpFilterDriver - ok
15:52:39.0517 4144 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:52:39.0517 4144 IPMIDRV - ok
15:52:40.0203 4144 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:52:40.0234 4144 IPNAT - ok
15:52:40.0671 4144 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:52:40.0671 4144 IRENUM - ok
15:52:41.0529 4144 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:52:41.0529 4144 isapnp - ok
15:52:41.0872 4144 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:52:41.0872 4144 iScsiPrt - ok
15:52:42.0465 4144 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:52:42.0465 4144 kbdclass - ok
15:52:42.0761 4144 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:52:42.0761 4144 kbdhid - ok
15:52:43.0183 4144 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:52:43.0183 4144 KSecDD - ok
15:52:43.0370 4144 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:52:43.0370 4144 KSecPkg - ok
15:52:43.0573 4144 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:52:43.0573 4144 ksthunk - ok
15:52:44.0056 4144 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:52:44.0056 4144 LHidFilt - ok
15:52:44.0368 4144 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:52:44.0368 4144 lltdio - ok
15:52:44.0665 4144 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:52:44.0665 4144 LMouFilt - ok
15:52:45.0070 4144 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:52:45.0070 4144 LSI_FC - ok
15:52:45.0398 4144 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:52:45.0398 4144 LSI_SAS - ok
15:52:45.0632 4144 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:52:45.0632 4144 LSI_SAS2 - ok
15:52:45.0881 4144 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:52:45.0881 4144 LSI_SCSI - ok
15:52:46.0193 4144 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:52:46.0225 4144 luafv - ok
15:52:46.0927 4144 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
15:52:46.0942 4144 MBAMProtector - ok
15:52:47.0488 4144 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
15:52:47.0488 4144 mcdbus - ok
15:52:47.0878 4144 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:52:47.0878 4144 megasas - ok
15:52:48.0034 4144 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:52:48.0034 4144 MegaSR - ok
15:52:48.0299 4144 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:52:48.0299 4144 Modem - ok
15:52:48.0721 4144 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:52:48.0721 4144 monitor - ok
15:52:49.0329 4144 motccgp (c94a2ea3fdfa5d650884926b710b7db1) C:\Windows\system32\DRIVERS\motccgp.sys
15:52:49.0329 4144 motccgp - ok
15:52:49.0797 4144 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
15:52:49.0797 4144 motccgpfl - ok
15:52:50.0218 4144 motmodem (060f0ef84f430802df3788f3dcfd009c) C:\Windows\system32\DRIVERS\motmodem.sys
15:52:50.0218 4144 motmodem - ok
15:52:50.0421 4144 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
15:52:50.0421 4144 MotoSwitchService - ok
15:52:50.0546 4144 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
15:52:50.0546 4144 Motousbnet - ok
15:52:50.0905 4144 motusbdevice (4244e427cda5f6485e74461b5b48a7b6) C:\Windows\system32\DRIVERS\motusbdevice.sys
15:52:50.0905 4144 motusbdevice - ok
15:52:51.0029 4144 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
15:52:51.0029 4144 mouclass - ok
15:52:51.0419 4144 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:52:51.0435 4144 mouhid - ok
15:52:51.0653 4144 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:52:51.0653 4144 mountmgr - ok
15:52:51.0778 4144 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:52:51.0778 4144 mpio - ok
15:52:52.0090 4144 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:52:52.0090 4144 mpsdrv - ok
15:52:52.0402 4144 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:52:52.0402 4144 MRxDAV - ok
15:52:52.0605 4144 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:52:52.0605 4144 mrxsmb - ok
15:52:52.0964 4144 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:52:52.0964 4144 mrxsmb10 - ok
15:52:53.0229 4144 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:52:53.0229 4144 mrxsmb20 - ok
15:52:53.0806 4144 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:52:53.0806 4144 msahci - ok
15:52:54.0134 4144 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:52:54.0134 4144 msdsm - ok
15:52:54.0430 4144 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:52:54.0446 4144 Msfs - ok
15:52:54.0727 4144 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:52:54.0727 4144 mshidkmdf - ok
15:52:54.0867 4144 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:52:54.0883 4144 msisadrv - ok
15:52:55.0366 4144 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:52:55.0366 4144 MSKSSRV - ok
15:52:55.0928 4144 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:52:55.0928 4144 MSPCLOCK - ok
15:52:56.0333 4144 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:52:56.0333 4144 MSPQM - ok
15:52:56.0708 4144 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:52:56.0708 4144 MsRPC - ok
15:52:57.0020 4144 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:52:57.0020 4144 mssmbios - ok
15:52:57.0425 4144 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:52:57.0425 4144 MSTEE - ok
15:52:57.0706 4144 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:52:57.0706 4144 MTConfig - ok
15:52:57.0987 4144 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:52:57.0987 4144 Mup - ok
15:52:58.0627 4144 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:52:58.0627 4144 NativeWifiP - ok
15:52:59.0375 4144 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:52:59.0391 4144 NDIS - ok
15:52:59.0828 4144 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:52:59.0828 4144 NdisCap - ok
15:53:00.0187 4144 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:53:00.0187 4144 NdisTapi - ok
15:53:00.0452 4144 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:53:00.0452 4144 Ndisuio - ok
15:53:00.0811 4144 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:53:00.0811 4144 NdisWan - ok
15:53:01.0185 4144 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:53:01.0201 4144 NDProxy - ok
15:53:01.0637 4144 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:53:01.0637 4144 NetBIOS - ok
15:53:02.0090 4144 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:53:02.0090 4144 NetBT - ok
15:53:02.0729 4144 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:53:02.0729 4144 nfrd960 - ok
15:53:03.0197 4144 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:53:03.0197 4144 Npfs - ok
15:53:03.0665 4144 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:53:03.0665 4144 nsiproxy - ok
15:53:04.0898 4144 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:53:04.0960 4144 Ntfs - ok
15:53:05.0366 4144 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:53:05.0381 4144 Null - ok
15:53:08.0314 4144 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:53:08.0548 4144 nvlddmkm - ok
15:53:09.0001 4144 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:53:09.0016 4144 nvraid - ok
15:53:09.0313 4144 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:53:09.0313 4144 nvstor - ok
15:53:09.0937 4144 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:53:09.0937 4144 nv_agp - ok
15:53:10.0966 4144 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:53:10.0966 4144 ohci1394 - ok
15:53:11.0887 4144 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:53:11.0887 4144 Parport - ok
15:53:12.0308 4144 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:53:12.0308 4144 partmgr - ok
15:53:12.0526 4144 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:53:12.0526 4144 pci - ok
15:53:12.0776 4144 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:53:12.0776 4144 pciide - ok
15:53:13.0135 4144 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:53:13.0135 4144 pcmcia - ok
15:53:13.0462 4144 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:53:13.0462 4144 pcw - ok
15:53:13.0883 4144 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:53:13.0899 4144 PEAUTH - ok
15:53:14.0695 4144 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:53:14.0695 4144 PptpMiniport - ok
15:53:15.0194 4144 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:53:15.0194 4144 Processor - ok
15:53:15.0787 4144 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:53:15.0787 4144 Psched - ok
15:53:16.0301 4144 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
15:53:16.0301 4144 PxHlpa64 - ok
15:53:16.0754 4144 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:53:16.0801 4144 ql2300 - ok
15:53:17.0284 4144 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:53:17.0284 4144 ql40xx - ok
15:53:17.0674 4144 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:53:17.0674 4144 QWAVEdrv - ok
15:53:18.0173 4144 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:53:18.0173 4144 RasAcd - ok
15:53:18.0938 4144 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:53:18.0938 4144 RasAgileVpn - ok
15:53:19.0421 4144 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:53:19.0437 4144 Rasl2tp - ok
15:53:20.0030 4144 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:53:20.0030 4144 RasPppoe - ok
15:53:20.0638 4144 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:53:20.0638 4144 RasSstp - ok
15:53:21.0325 4144 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:53:21.0325 4144 rdbss - ok
15:53:21.0761 4144 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:53:21.0761 4144 rdpbus - ok
15:53:21.0995 4144 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:53:21.0995 4144 RDPCDD - ok
15:53:22.0385 4144 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:53:22.0385 4144 RDPENCDD - ok
15:53:22.0541 4144 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:53:22.0541 4144 RDPREFMP - ok
15:53:23.0025 4144 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:53:23.0025 4144 RDPWD - ok
15:53:23.0852 4144 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:53:23.0852 4144 rdyboost - ok
15:53:24.0538 4144 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:53:24.0538 4144 rspndr - ok
15:53:25.0069 4144 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:53:25.0084 4144 RTL8167 - ok
15:53:25.0303 4144 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:53:25.0303 4144 sbp2port - ok
15:53:25.0786 4144 SBRE - ok
15:53:26.0145 4144 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:53:26.0145 4144 scfilter - ok
15:53:27.0003 4144 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:53:27.0003 4144 secdrv - ok
15:53:27.0549 4144 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:53:27.0549 4144 Serenum - ok
15:53:27.0752 4144 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:53:27.0752 4144 Serial - ok
15:53:28.0157 4144 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:53:28.0157 4144 sermouse - ok
15:53:28.0407 4144 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:53:28.0407 4144 sffdisk - ok
15:53:28.0813 4144 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:53:28.0813 4144 sffp_mmc - ok
15:53:29.0343 4144 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:53:29.0343 4144 sffp_sd - ok
15:53:29.0530 4144 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:53:29.0530 4144 sfloppy - ok
15:53:30.0092 4144 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
15:53:30.0107 4144 Sftfs - ok
15:53:30.0419 4144 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
15:53:30.0419 4144 Sftplay - ok
15:53:30.0544 4144 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
15:53:30.0560 4144 Sftredir - ok
15:53:30.0841 4144 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
15:53:30.0841 4144 Sftvol - ok
15:53:31.0137 4144 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:53:31.0137 4144 SiSRaid2 - ok
15:53:31.0324 4144 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:53:31.0324 4144 SiSRaid4 - ok
15:53:31.0636 4144 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:53:31.0636 4144 Smb - ok
15:53:32.0089 4144 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:53:32.0089 4144 spldr - ok
15:53:32.0572 4144 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
15:53:32.0572 4144 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
15:53:32.0588 4144 sptd ( LockedFile.Multi.Generic ) - warning
15:53:32.0588 4144 sptd - detected LockedFile.Multi.Generic (1)
15:53:32.0853 4144 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:53:32.0853 4144 srv - ok
15:53:33.0134 4144 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:53:33.0134 4144 srv2 - ok
15:53:33.0508 4144 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:53:33.0508 4144 srvnet - ok
15:53:33.0851 4144 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:53:33.0851 4144 stexstor - ok
15:53:34.0600 4144 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:53:34.0600 4144 swenum - ok
15:53:35.0536 4144 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:53:35.0583 4144 Tcpip - ok
15:53:37.0018 4144 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:53:37.0049 4144 TCPIP6 - ok
15:53:37.0502 4144 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:53:37.0502 4144 tcpipreg - ok
15:53:38.0001 4144 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:53:38.0001 4144 TDPIPE - ok
15:53:38.0563 4144 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:53:38.0563 4144 TDTCP - ok
15:53:38.0968 4144 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:53:38.0968 4144 tdx - ok
15:53:39.0312 4144 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:53:39.0312 4144 TermDD - ok
15:53:39.0514 4144 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:53:39.0514 4144 tssecsrv - ok
15:53:39.0951 4144 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:53:39.0951 4144 TsUsbFlt - ok
15:53:40.0279 4144 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:53:40.0279 4144 tunnel - ok
15:53:40.0560 4144 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:53:40.0560 4144 uagp35 - ok
15:53:40.0856 4144 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:53:40.0856 4144 udfs - ok
15:53:41.0137 4144 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:53:41.0152 4144 uliagpkx - ok
15:53:41.0418 4144 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:53:41.0418 4144 umbus - ok
15:53:41.0698 4144 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:53:41.0698 4144 UmPass - ok
15:53:42.0104 4144 USB28xxBGA (1e1786e15f91183be26732e89adc1817) C:\Windows\system32\DRIVERS\emBDA64.sys
15:53:42.0104 4144 USB28xxBGA - ok
15:53:42.0853 4144 USB28xxOEM (e97f0e00adbc1bcef691c71dbee77041) C:\Windows\system32\DRIVERS\emOEM64.sys
15:53:42.0868 4144 USB28xxOEM - ok
15:53:43.0165 4144 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
15:53:43.0165 4144 USBAAPL64 - ok
15:53:43.0399 4144 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:53:43.0399 4144 usbaudio - ok
15:53:44.0054 4144 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:53:44.0054 4144 usbccgp - ok
15:53:44.0428 4144 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:53:44.0428 4144 usbcir - ok
15:53:44.0756 4144 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:53:44.0756 4144 usbehci - ok
15:53:45.0115 4144 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:53:45.0115 4144 usbhub - ok
15:53:45.0474 4144 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:53:45.0474 4144 usbohci - ok
15:53:45.0692 4144 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:53:45.0692 4144 usbprint - ok
15:53:46.0004 4144 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:53:46.0004 4144 USBSTOR - ok
15:53:46.0441 4144 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
15:53:46.0441 4144 usbuhci - ok
15:53:46.0815 4144 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:53:46.0815 4144 vdrvroot - ok
15:53:47.0002 4144 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:53:47.0002 4144 vga - ok
15:53:47.0346 4144 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:53:47.0346 4144 VgaSave - ok
15:53:47.0611 4144 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:53:47.0611 4144 vhdmp - ok
15:53:47.0845 4144 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:53:47.0845 4144 viaide - ok
15:53:48.0126 4144 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:53:48.0126 4144 volmgr - ok
15:53:48.0453 4144 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:53:48.0453 4144 volmgrx - ok
15:53:49.0077 4144 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:53:49.0077 4144 volsnap - ok
15:53:49.0467 4144 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:53:49.0467 4144 vsmraid - ok
15:53:49.0623 4144 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:53:49.0623 4144 vwifibus - ok
15:53:50.0013 4144 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:53:50.0029 4144 WacomPen - ok
15:53:50.0528 4144 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:53:50.0528 4144 WANARP - ok
15:53:50.0653 4144 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:53:50.0653 4144 Wanarpv6 - ok
15:53:50.0980 4144 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:53:50.0980 4144 Wd - ok
15:53:51.0729 4144 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:53:51.0729 4144 Wdf01000 - ok
15:53:52.0135 4144 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:53:52.0135 4144 WfpLwf - ok
15:53:52.0728 4144 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:53:52.0728 4144 WIMMount - ok
15:53:53.0305 4144 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:53:53.0305 4144 WinUsb - ok
15:53:53.0866 4144 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:53:53.0866 4144 WmiAcpi - ok
15:53:54.0522 4144 WRkrn (c8d8562afd74a53e6e1ef349e8445301) C:\Windows\system32\drivers\WRkrn.sys
15:53:54.0522 4144 WRkrn - ok
15:53:54.0849 4144 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:53:54.0849 4144 ws2ifsl - ok
15:53:55.0114 4144 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:53:55.0130 4144 WudfPf - ok
15:53:55.0380 4144 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:53:55.0380 4144 WUDFRd - ok
15:53:55.0551 4144 xwQyoeFL - ok
15:53:55.0692 4144 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:53:57.0330 4144 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:53:57.0330 4144 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:53:57.0361 4144 Boot (0x1200) (f9f2e0abec5097243a7adbbeaa39e725) \Device\Harddisk0\DR0\Partition0
15:53:57.0408 4144 \Device\Harddisk0\DR0\Partition0 - ok
15:53:57.0454 4144 Boot (0x1200) (32259d440b45d92a25d9ecbfdd29b529) \Device\Harddisk0\DR0\Partition1
15:53:57.0501 4144 \Device\Harddisk0\DR0\Partition1 - ok
15:53:57.0517 4144 ============================================================
15:53:57.0517 4144 Scan finished
15:53:57.0517 4144 ============================================================
15:53:57.0517 3660 Detected object count: 2
15:53:57.0517 3660 Actual detected object count: 2
15:54:08.0718 3660 sptd ( LockedFile.Multi.Generic ) - skipped by user
15:54:08.0718 3660 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
15:54:08.0718 3660 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:54:08.0718 3660 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:54 PM

Posted 08 March 2012 - 07:17 PM

15:54:08.0718 3660 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Run TDSSkiller once again and make sure to DELETE,if you get TDSSfile system again


please update your malwarebytes,run a FULL SCAN and post the log

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#9 Airym

Airym
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 08 March 2012 - 10:04 PM

just letting you know i am still here i am doing as you asked the scans are just taking awhile i deleted the tdss file i was unsure if i needed to or not cause i heard that tdss killer can have false positives that when deleted can harm your system and left it to be safe

#10 Airym

Airym
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 09 March 2012 - 01:10 AM

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.08.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Sky :: SKY-PC [administrator]

Protection: Enabled

3/8/2012 6:40:36 PM
mbam-log-2012-03-08 (18-40-36).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 547156
Time elapsed: 4 hour(s), 36 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Eset Log
C:\TDSSKiller_Quarantine\08.03.2012_10.58.29\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.03.2012_10.58.29\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AC trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.03.2012_10.58.29\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.Z trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.03.2012_10.58.29\mbr0000\tdlfs0000\tsk0010.dta a variant of Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.03.2012_18.45.12\tdlfs0000\tsk0004.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.03.2012_18.45.12\tdlfs0000\tsk0006.dta Win64/Olmarik.AC trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.03.2012_18.45.12\tdlfs0000\tsk0008.dta Win64/Olmarik.Z trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.03.2012_18.45.12\tdlfs0000\tsk0010.dta a variant of Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\Users\Sky\Emulator Stuff\DAEMON Tools Lite\uninst.exe probably a variant of Win32/Adware.ICGOCMF application cleaned by deleting - quarantined

MiniToolBox by Farbar Version: 18-01-2012
Ran by Sky (administrator) on 08-03-2012 at 18:43:01
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Sky-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 6C-F0-49-08-FB-59
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a404:19e4:8a77:a%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, March 08, 2012 11:04:23 AM
Lease Expires . . . . . . . . . . : Monday, April 15, 2148 1:11:53 AM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 242020425
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-C6-65-E9-6C-F0-49-08-FB-59
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.Belkin:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:2c89:3a0f:5246:9d06(Preferred)
Link-local IPv6 Address . . . . . : fe80::2c89:3a0f:5246:9d06%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.2.1


Pinging google.com [74.125.227.97] with 32 bytes of data:
Reply from 74.125.227.97: bytes=32 time=64ms TTL=57
Reply from 74.125.227.97: bytes=32 time=100ms TTL=57

Ping statistics for 74.125.227.97:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 64ms, Maximum = 100ms, Average = 82ms
Server: UnKnown
Address: 192.168.2.1


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=147ms TTL=45
Reply from 98.139.183.24: bytes=32 time=245ms TTL=45

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 147ms, Maximum = 245ms, Average = 196ms
Server: UnKnown
Address: 192.168.2.1


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 3ms, Average = 3ms
===========================================================================
Interface List
10...6c f0 49 08 fb 59 ......Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.5 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.5 276
192.168.2.5 255.255.255.255 On-link 192.168.2.5 276
192.168.2.255 255.255.255.255 On-link 192.168.2.5 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.5 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.5 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 58 ::/0 On-link
1 306 ::1/128 On-link
11 58 2001::/32 On-link
11 306 2001:0:5ef5:79fb:2c89:3a0f:5246:9d06/128
On-link
10 276 fe80::/64 On-link
11 306 fe80::/64 On-link
11 306 fe80::2c89:3a0f:5246:9d06/128
On-link
10 276 fe80::a404:19e4:8a77:a/128
On-link
1 306 ff00::/8 On-link
11 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog5 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 09 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog5 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/08/2012 06:43:39 PM) (Source: Application Error) (User: )
Description: Faulting application name: ipconfig.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc96a
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc00000fd
Fault offset: 0x00033de7
Faulting process id: 0x6c0
Faulting application start time: 0xipconfig.exe0
Faulting application path: ipconfig.exe1
Faulting module path: ipconfig.exe2
Report Id: ipconfig.exe3

Error: (03/08/2012 06:43:10 PM) (Source: Application Error) (User: )
Description: Faulting application name: ipconfig.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc96a
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc00000fd
Fault offset: 0x00033de7
Faulting process id: 0xad8
Faulting application start time: 0xipconfig.exe0
Faulting application path: ipconfig.exe1
Faulting module path: ipconfig.exe2
Report Id: ipconfig.exe3

Error: (03/08/2012 06:41:00 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/08/2012 06:40:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/08/2012 06:40:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: aswMBR.exe, version: 0.9.9.1649, time stamp: 0x4f43d3d5
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc00000fd
Fault offset: 0x0002dee0
Faulting process id: 0xac0
Faulting application start time: 0xaswMBR.exe0
Faulting application path: aswMBR.exe1
Faulting module path: aswMBR.exe2
Report Id: aswMBR.exe3

Error: (03/08/2012 08:29:14 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (03/08/2012 02:07:28 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (03/07/2012 10:57:24 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (03/07/2012 10:44:15 PM) (Source: Application Error) (User: )
Description: Faulting application name: HiJackThis.exe, version: 2.0.0.4, time stamp: 0x4bac0c48
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc00000fd
Fault offset: 0x0002dede
Faulting process id: 0x1f78
Faulting application start time: 0xHiJackThis.exe0
Faulting application path: HiJackThis.exe1
Faulting module path: HiJackThis.exe2
Report Id: HiJackThis.exe3

Error: (03/07/2012 08:12:27 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.


System errors:
=============
Error: (03/08/2012 03:51:08 PM) (Source: Service Control Manager) (User: )
Description: The WSearch service failed to start due to the following error:
%%2

Error: (03/08/2012 03:24:26 PM) (Source: Service Control Manager) (User: )
Description: The WSearch service failed to start due to the following error:
%%2

Error: (03/08/2012 03:22:39 PM) (Source: Service Control Manager) (User: )
Description: The WSearch service failed to start due to the following error:
%%2

Error: (03/08/2012 03:21:55 PM) (Source: Service Control Manager) (User: )
Description: The WSearch service failed to start due to the following error:
%%2

Error: (03/08/2012 03:21:17 PM) (Source: Service Control Manager) (User: )
Description: The WSearch service failed to start due to the following error:
%%2

Error: (03/08/2012 03:21:02 PM) (Source: Service Control Manager) (User: )
Description: The WSearch service failed to start due to the following error:
%%2

Error: (03/08/2012 11:08:01 AM) (Source: Service Control Manager) (User: )
Description: The WSearch service failed to start due to the following error:
%%2

Error: (03/08/2012 11:07:59 AM) (Source: Service Control Manager) (User: )
Description: The WSearch service failed to start due to the following error:
%%2

Error: (03/08/2012 11:07:59 AM) (Source: Service Control Manager) (User: )
Description: The WSearch service failed to start due to the following error:
%%2

Error: (03/08/2012 11:07:56 AM) (Source: Service Control Manager) (User: )
Description: The WSearch service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (03/08/2012 06:43:39 PM) (Source: Application Error)(User: )
Description: ipconfig.exe6.1.7600.163854a5bc96antdll.dll6.1.7601.177254ec49b8fc00000fd00033de76c001ccfd8daac4061dC:\Windows\SysWOW64\ipconfig.exeC:\Windows\SysWOW64\ntdll.dlle8d22968-6980-11e1-b434-6cf04908fb59

Error: (03/08/2012 06:43:10 PM) (Source: Application Error)(User: )
Description: ipconfig.exe6.1.7600.163854a5bc96antdll.dll6.1.7601.177254ec49b8fc00000fd00033de7ad801ccfd8d98bedb4aC:\Windows\SysWOW64\ipconfig.exeC:\Windows\SysWOW64\ntdll.dlld7dc5b74-6980-11e1-b434-6cf04908fb59

Error: (03/08/2012 06:41:00 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Sky\Downloads\esetsmartinstaller_enu.exe

Error: (03/08/2012 06:40:52 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Sky\Downloads\esetsmartinstaller_enu.exe

Error: (03/08/2012 06:40:12 PM) (Source: Application Error)(User: )
Description: aswMBR.exe0.9.9.16494f43d3d5ntdll.dll6.1.7601.177254ec49b8fc00000fd0002dee0ac001ccfd4d72293788C:\Users\Sky\Anime\aswMBR.exeC:\Windows\SysWOW64\ntdll.dll6dc6a7de-6980-11e1-b434-6cf04908fb59

Error: (03/08/2012 08:29:14 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (03/08/2012 02:07:28 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (03/07/2012 10:57:24 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (03/07/2012 10:44:15 PM) (Source: Application Error)(User: )
Description: HiJackThis.exe2.0.0.44bac0c48ntdll.dll6.1.7601.177254ec49b8fc00000fd0002dede1f7801ccfce5d6c99aeaC:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exeC:\Windows\SysWOW64\ntdll.dll5b4c8e8e-68d9-11e1-bcd4-6cf04908fb59

Error: (03/07/2012 08:12:27 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.


=========================== Installed Programs ============================

@Home Mate (Version: 1.0)
7-Zip 4.65 (x64 edition) (Version: 4.65.00.0)
Adobe AIR (Version: 2.0.2.12610)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.63)
Adobe Reader 9.5.0 (Version: 9.5.0)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Age of Empires III - The Asian Dynasties (Version: 1.00.0000)
Age of Empires III - The WarChiefs (Version: 1.00.0000)
Age of Empires III (Version: 1.00.0000)
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.1.0.62)
Apple Software Update (Version: 2.1.2.120)
Applian Director (Version: 1.1)
Applian Director (Version: 2.0)
Applian Director (Version: 4)
Artificial Girl 3 (Version: 1.50)
Bad Apple
BattleMoonWars銀 第四部
Bing Bar (Version: 7.0.609.0)
BitTorrent (Version: 7.2.1)
Bonjour (Version: 2.0.2.0)
Caesar 3
calibre (Version: 0.7.35)
CLANNAD Full Voice 1.5
Comical 0.8
Command & Conquer 3 (Version: 1.00.0000)
Command & Conquer The First Decade (Version: 1.00.0000)
Command & Conquer? 3: Kane's Wrath (Version: 1.00.0000)
Comodo Dragon (Version: 15.0)
COMODO GeekBuddy (Version: 3.3.217083.59)
COMODO Internet Security (Version: 5.9.23255.2196)
Company of Heroes: Opposing Fronts
Company of Heroes: Tales of Valor
Consolas Font Family (Version: 1.00.0000)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Toolbar (Version: 1.1.2.0185)
Dawn of War - Dark Crusade (Version: 1.00.0000)
Dawn of War - Soulstorm (Version: 1.00.0000)
DirectX 9 Runtime (Version: 1.00.0000)
DivX Setup (Version: 2.5.0.8)
Dropbox (Version: 1.2.52)
Dungeon Keeper 2
erLT (Version: 1.20.0137)
ESET Online Scanner v3
Evil Genius
Farland Symphony English v1.1
Fatal Hearts version 1.5
Fate/hollow ataraxia (Version: 1.00)
Fate/stay night English v3.2
fresh prince
Google Chrome (Version: 17.0.963.66)
Google Update Helper (Version: 1.3.21.99)
Heroes of Might & Magic V: Hammers of Fate
Heroes of Might and Magic 3 Complete
Heroes of Might and Magic V
Heroes of Might and Magic V - Tribes of the East
HiJackThis (Version: 1.0.0)
ILLUSION ジンコウガクエン (Version: 1.00.0000)
ILLUSION ジンコウガクエン きゃらめいく (Version: 1.00.0000)
ILLUSION すくぅ~るメイト2 (Version: 1.00.0000)
ILLUSION ワケあり! (Version: 1.00.0000)
Impulse (Version: 1.0)
InstantStorm 2.0 (Version: 2.0.0)
IsoBuster 2.8 (Version: 2.8)
iTunes (Version: 9.2.0.61)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
Junk Mail filter update (Version: 15.4.3502.0922)
Katawa Shoujo
King’s Bounty Platinum Edition (Remove Only) (Version: 1.0.0.0)
Logitech SetPoint 5.20 (Version: 5.20)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
MapleStory
Master of Orion 1 and 2
Melty Blood Act Cadenza Collection 2009 (Version: 1.00.0000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Compatibility Toolkit 5.6 (Version: 5.6.7320.0)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Rise Of Nations
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual J# .NET Redistributable Package 1.1 (Version: 1.1.4322)
MotoHelper 2.0.53 Driver 5.2.0 (Version: 2.0.53)
MotoHelper MergeModules (Version: 1.2.0)
MOTOROLA MEDIA LINK (Version: 1.5.2091.0)
Motorola Mobile Drivers Installation 5.2.0 (Version: 5.2.0)
Mozilla Firefox 10.0.2 (x86 en-US) (Version: 10.0.2)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML4 Parser (Version: 1.0.0)
Nexon Game Manager
NVIDIA 3D Vision Controller Driver (Version: 275.33)
NVIDIA 3D Vision Controller Driver 275.33 (Version: 275.33)
NVIDIA 3D Vision Driver 275.33 (Version: 275.33)
NVIDIA Control Panel 275.33 (Version: 275.33)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Graphics Driver 275.33 (Version: 275.33)
NVIDIA Install Application (Version: 2.275.80.0)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.7533)
NVIDIA Update 1.3.5 (Version: 1.3.5)
NVIDIA Update Components (Version: 1.3.5)
Pando Media Booster (Version: 2.3.6.0)
Plants vs. Zombies
PlayStation®Network Downloader (Version: 2.03.00126)
PlayStation®Store (Version: 3.2.11.09227)
PowerMPQ 1.3 (Version: 1.3)
PVSonyDll (Version: 1.00.0001)
QuickTime (Version: 7.69.80.9)
Realtek High Definition Audio Driver (Version: 6.0.1.5969)
Replay AV 8 (Version: 8.77)
Replay Converter 3 (Version: 3.60)
Replay Converter 4 (Version: 4.10)
Replay Media Catcher 4 (4.2.8) (Version: 4.2.8)
Replay Media Catcher 4 (Version: 4.2.1)
Replay Media Splitter 1.7.911 (Version: 1.7.911)
Replay Music (Version: 3.95)
Replay Video Capture (Version: 4.2)
RGSS-RTP Standard (Version: 1.0.0)
Rise of Nations Thrones and Patriots
Roxio Activation Module (Version: 1.0)
Roxio Burn (Version: 1.0.0)
Roxio CinePlayer (Version: 5.3)
Roxio CinePlayer Decoder Pack (Version: 4.3.0)
Roxio Creator 2009 Special Edition (Version: 1.2.193)
Roxio Creator 2010 Content (Version: 12.0.013)
Roxio Creator 2010 Special Edition (Version: 12.0)
Roxio Creator 2010 Special Edition (Version: 5.0.0)
Roxio PhotoShow (Version: 6.0)
Roxio Video Capture USB (Version: 1.22.0000)
RPGXP (Version: 1.0.0)
Sengoku Rance English v1.01
Sid Meier's Civilization V
Sins of a Solar Empire - Trinity
Sins of a Solar Empire - Trinity (Version: 1.00)
SmartSound Quicktracks Plugin (Version: 3.0.8.0)
Star Control 3
Star Wars: The Old Republic (Version: 1.00)
StarCraft
StarCraft II (Version: 1.4.2.20141)
Steam (Version: 1.0.0.0)
SuperSpiceBros
System Requirements Lab
System Requirements Lab (Version: 4.1.72.0)
System Requirements Lab CYRI (Version: 4.4.21.0)
TeamSpeak 3 Client
The Battle for Middle-earth ™ II
The Guild Gold
The Lord of the Rings, The Rise of the Witch-king
The Movies™ (Version: 1.0)
The Movies™ Stunts & Effects (Version: 1.0)
The Movies™ Stunts & Effects (Version: 1.2)
The Ur-Quan Masters 0.6.2 (Version: 0.6.2)
TortoiseSVN 1.6.11.20210 (64 bit) (Version: 1.6.20210)
Total War: SHOGUN 2
Umineko no Naku Koro ni English v4.4
Universal Extractor 1.6.1 (Version: 1.6.1)
Unknown File Assistant
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
User's Guides (Version: 1.20.0000)
Utawarerumono English v1.1
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VD64Inst (Version: 1.00.0000)
Ventrilo Client for Windows x64 (Version: 3.0.5.0)
Video Padlock (Version: 1.12)
Warhammer 40,000: Dawn Of War - Gold Edition (Version: 1.40)
WarhammerR 40,000R: Dawn of WarR II ? Retribution?
Warhammerツョ 40,000邃「: Dawn of Warツョ II
Warhammerツョ 40,000邃「: Dawn of Warツョ II 窶・Chaos Rising邃「
Webroot SecureAnywhere (Version: 8.0.1.146)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Xuse 永遠のアセリア - この大地の果てで - (Remove Only)
うたわれるものDVD版
キャッスルファンタジア聖魔大戦
ギャラクシーエンジェル Eternal Lovers(DVD版)
ギャラクシーエンジェル Moonlit Lovers
メンアットワーク!2 ハンターアカデミーへようこそ (Version: 1.51.0000)

========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 8187.49 MB
Available physical RAM: 5052.08 MB
Total Pagefile: 16373.18 MB
Available Pagefile: 13223.7 MB
Total Virtual: 4095.88 MB
Available Virtual: 3965.94 MB

========================= Partitions: =====================================

2 Drive c: (Windows) (Fixed) (Total:931.41 GB) (Free:193.19 GB) NTFS
4 Drive e: (IRON_STORM) (CDROM) (Total:0.29 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\SKY-PC

Administrator ASPNET Guest
Mcx1-SKY-PC Sky UpdatusUser


**** End of log ****

here are all the logs sorry it took so long scans took awhile to finish

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:54 PM

Posted 09 March 2012 - 07:15 AM

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp


Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#12 Airym

Airym
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 09 March 2012 - 10:59 AM

k i did not remove
15:54:08.0718 3660 sptd ( LockedFile.Multi.Generic )
with tdss killer cause of what i mentioned earlier about tdss killer possibly removing system files should i remove that one to
i removed
15:54:08.0718 3660 \Device\Harddisk0\DR0 ( TDSS File System ) like you said
also i had an external terabyte hard drive that i kept on that computer should i assume that it is still infected and scan it with all the programs you had me use on my comp (well except the tdss killer and other rootkit detectors i assume those need an operating system to latch on to)

#13 Airym

Airym
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 09 March 2012 - 05:16 PM

okay i have done everything you have said my computer is running great thanks a bunch you were a huge help :thumbsup: i thought i was gonna have to format/reinstall for sure

Edited by Airym, 09 March 2012 - 05:16 PM.


#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:54 PM

Posted 09 March 2012 - 07:28 PM

you're most welcome :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users