Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

blue screen then black screen


  • This topic is locked This topic is locked
33 replies to this topic

#1 jbjdharris

jbjdharris

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 14 March 2012 - 10:58 PM

after logging in to windows, i will either get a black screen, or the pc will start to log, and after i attempt to give the pc any commands like opening internet explorer or task manager, the pc crashes and goes to the blue screen. it only flashes for a few seconds so I never get to see what it says. I have run malware bytes, spybot search and destroy, and a system mechanic registry repair. none of these have helped. while doing the prep for this post, i was not able to download the gmer zip file. it downloaded as a word doc.

THANKS SO MUCH FOR ANY HELP YOU CAN PROVIDE!!

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.7601.17514
Run by John at 23:27:54 on 2012-03-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3033.2231 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://lenovo.live.com
uStart Page = hxxp://smallmiraclesacademy.org/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WorkForce 610(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_SE59F.tmp" /EF "HKCU"
uRun: [PMSpeed] c:\program files\newsoft\presto! pagemanager 8 for ep\PMSpeed.EXE
uRun: [WorkForce 610(Network) (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_S12C5.tmp" /EF "HKCU"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Fitbit Service Monitor] c:\program files\fitbit\fitbit-tray.exe
uRunServices: [SoftWareInstallShield12.0.58855] c:\users\john\appdata\local\temp\0.9898807986066338.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWlIcon] c:\program files\thinkpad\connectutilities\ACWlIcon.exe
mRun: [IdeaNotesUser] c:\program files\ddni\lenovo idea notes\DDNIMSGUser.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [SmartAudio] c:\program files\conexant\smartaudio\SMAUDIO.EXE /c
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TPWAUDAP] c:\program files\lenovo\hotkey\TpWAudAp.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [PMHandler] c:\progra~1\lenovo\pmdriver\PMHAND~1.EXE
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [EnergyUtility] c:\program files\lenovo\energycut\utilty.exe
mRun: [EnergyCut] c:\program files\lenovo\energycut\EnergyCut.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"
mRunOnce: [SMRequiresRestart]
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
StartupFolder: c:\users\john\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\displa~1.lnk - c:\program files\ge security supra\SyncInfoApp.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://ak.imgag.com/imgag/cp/install/Crusher.cab
DPF: {C269D811-8511-44CF-B310-28CDDFFB1B74} - hxxp://www.ntreisinnovia.net/ntr/valid/osi_valid9m.ocx
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9A68046A-FF3A-4B40-9E19-1F2D59350592} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9A68046A-FF3A-4B40-9E19-1F2D59350592}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = scecli ACGina
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\john\appdata\roaming\mozilla\firefox\profiles\6t7lo5e0.default\
FF - prefs.js: browser.startup.homepage - hxxp://smallmiraclesacademy.org/
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\john\appdata\roaming\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\users\john\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-9-25 56336]
S1 funfrm;funfrm;c:\windows\system32\drivers\funfrm.sys [2009-8-12 49472]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-19 13480]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
S1 MpKsldc0ab258;MpKsldc0ab258;c:\programdata\microsoft\microsoft antimalware\definition updates\{37ba8526-5404-4960-80a7-76e17cc62c8b}\MpKsldc0ab258.sys [2012-3-14 28752]
S1 MpKslef864bb5;MpKslef864bb5;c:\programdata\microsoft\microsoft antimalware\definition updates\{37ba8526-5404-4960-80a7-76e17cc62c8b}\MpKslef864bb5.sys [2012-3-14 28752]
S1 MpKslf1e76905;MpKslf1e76905;c:\programdata\microsoft\microsoft antimalware\definition updates\{37ba8526-5404-4960-80a7-76e17cc62c8b}\MpKslf1e76905.sys [2012-3-14 28752]
S1 RapportCerberus_32029;RapportCerberus_32029;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\32029\RapportCerberus32_32029.sys [2011-10-18 227312]
S1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-9-25 70416]
S1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-9-25 161936]
S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DDNIMSGService;DDNIMSGService;c:\program files\ddni\lenovo idea notes\DDNIMSGService.exe [2010-7-20 172720]
S2 DDNIService;DDNIService;c:\program files\ddni\dibs\DDNIService.exe [2010-7-23 160432]
S2 Fitbit;Fitbit Data Uploader;c:\program files\fitbit\fitbit.exe [2012-1-7 788000]
S2 FNF5SVC;Fn+F5 Service;c:\program files\lenovo\hotkey\FnF5svc.exe [2008-9-11 54560]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-12 136176]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-9-25 919352]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2008-4-25 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-4-25 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-4-25 166384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-10-15 1153368]
S2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-9-11 53325]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-24 520192]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-24 360448]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2011-8-12 11776]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-21 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-12 136176]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-8-12 112128]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-8-12 97536]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-8 21520]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2008-4-25 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2012-1-7 19744]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-7 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-25 1343400]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-03-15 03:00:50 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{37ba8526-5404-4960-80a7-76e17cc62c8b}\MpKslc81352da.sys
2012-03-15 02:13:13 -------- d-----w- c:\program files\PC Tools
2012-03-15 02:11:12 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-03-15 02:11:12 -------- d-----w- c:\program files\common files\PC Tools
2012-03-15 02:09:46 -------- d-----w- c:\users\john\appdata\roaming\TestApp
2012-03-15 02:09:46 -------- d-----w- c:\programdata\PC Tools
2012-03-14 23:18:44 20392 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys
2012-03-14 23:18:27 511328 ----a-w- c:\program files\common files\microsoft shared\capicom\CAPICOM.DLL
2012-03-14 23:18:26 2083464 ----a-w- c:\windows\system32\Incinerator32.dll
2012-03-14 23:18:24 56200 ----a-w- c:\windows\system32\offreg.dll
2012-03-14 23:18:24 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2012-03-14 23:18:24 11776 ----a-w- c:\windows\system32\smrgdf.exe
2012-03-14 23:18:23 -------- d-----w- c:\program files\iolo
2012-03-14 23:15:26 74703 ----a-w- c:\windows\system32\mfc45.dll
2012-03-14 23:15:25 -------- d-----w- c:\users\john\appdata\roaming\iolo
2012-03-14 23:15:25 -------- d-----w- c:\programdata\iolo
2012-03-14 21:42:00 -------- d-----w- c:\program files\Magical Jelly Bean
2012-03-14 21:14:53 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{37ba8526-5404-4960-80a7-76e17cc62c8b}\MpKsl3c83eb73.sys
2012-03-14 21:07:48 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{37ba8526-5404-4960-80a7-76e17cc62c8b}\MpKslc1967554.sys
2012-03-14 21:00:33 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{37ba8526-5404-4960-80a7-76e17cc62c8b}\MpKslcba9de02.sys
2012-03-14 15:26:37 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{37ba8526-5404-4960-80a7-76e17cc62c8b}\MpKsldc0ab258.sys
2012-03-14 15:26:30 6881616 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{37ba8526-5404-4960-80a7-76e17cc62c8b}\mpengine.dll
2012-03-09 21:47:30 151552 ----a-w- c:\programdata\microsoft\windows\drm\65D.tmp
2012-02-23 16:38:06 -------- d-----w- C:\Senior Care
2012-02-16 01:30:39 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-16 01:30:34 2343424 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2012-02-07 16:21:38 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-01-31 12:44:05 237072 ----a-w- c:\windows\system32\MpSigStub.exe
2012-01-24 17:35:39 60304 ----a-w- c:\users\john\g2mdlhlpx.exe
.
============= FINISH: 23:31:01.34 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:32 AM

Posted 17 March 2012 - 01:50 PM

Hi,

My name is Casey and I will be helping you with your malware problems.

Whilst we work on the problems in your logs, it is very important that you do not make any changes to this PC. Specifically, do not run any further malware removal tools or try to remove anything yourself.

You may wish to "Watch Topic" so that you are immediately informed of any replies I make. I also ask that you reply to my posts within 5 days else your topic will be closed as stale.

Throughout the removal process, if you have any questions then you should ask them. If you are unsure of my instructions or something does not go as planned - then please tell me. Conversely, it is also important that you answer any questions I have and that you keep me updated on the state of the PC.


:step1: Out of curiosity, how did you get DDS to run?

:step2: Download and run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you are prompted to install the Recovery Console, then please do so.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you have trouble running ComboFix, then please rename ComboFix.exe to Caseyboy.com and re-run.

Regards,

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 jbjdharris

jbjdharris
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 18 March 2012 - 12:43 PM

Hi Casey, thanks for taking my case. In reply to your questions:
1) I was able to run the DDS by working in safe mode

2) I successfully downloaded the combo fix. I attempted to run it, but it is now stuck on the auto scan. There have been now stages displayed.

Please advise of the next steps I should take. Thanks in advance for your help!

#4 jbjdharris

jbjdharris
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 18 March 2012 - 12:44 PM

i meant to say "no stages" displayed instead of now stages.

#5 jbjdharris

jbjdharris
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 18 March 2012 - 12:47 PM

i am going to try and rename and rerun it now...

#6 jbjdharris

jbjdharris
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 18 March 2012 - 12:54 PM

i changed the name of the file to casey.com, however combo fix keeps telling me the microsoft security essestials is still running even though i disabled the real time protection. it is currently stuck on the autoscan screen.

#7 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:32 AM

Posted 18 March 2012 - 12:59 PM

Hi,

Could you try running ComboFix in Safe Mode for me please? It may take some time to run, so be sure to leave it for a little while.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#8 jbjdharris

jbjdharris
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 18 March 2012 - 01:08 PM

hi casey,
it is currently running in safe mode. the pc is not functioning in normal mode. i will leave it for a while and report back in about an hour.

#9 jbjdharris

jbjdharris
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 18 March 2012 - 01:57 PM

hi casey,
screen is still stuck on autoscan. no stages displayed.

#10 jbjdharris

jbjdharris
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 18 March 2012 - 11:03 PM

The combofix gave me a message saying that a rootkit had been detected and it asked me to restart. I restarted and now it is running combofix again, and the stages are showing up.

#11 jbjdharris

jbjdharris
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 18 March 2012 - 11:41 PM

hi Casey, here is the combo fix log:

ComboFix 12-03-17.01 - John 03/19/2012 0:02.1.2 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3033.2616 [GMT -5:00]
Running from: c:\users\John\Desktop\casey.com.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\John\AppData\Local\assembly\tmp
c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool
c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool\System Tool 2011.lnk
c:\users\John\g2mdlhlpx.exe
c:\users\Public\Desktop\Internet Security.lnk
c:\users\Public\Documents\~WRL3988.tmp
c:\windows\$NtUninstallKB60345$
c:\windows\$NtUninstallKB60345$\2649519701\@
c:\windows\$NtUninstallKB60345$\2649519701\bckfg.tmp
c:\windows\$NtUninstallKB60345$\2649519701\cfg.ini
c:\windows\$NtUninstallKB60345$\2649519701\Desktop.ini
c:\windows\$NtUninstallKB60345$\2649519701\keywords
c:\windows\$NtUninstallKB60345$\2649519701\kwrd.dll
c:\windows\$NtUninstallKB60345$\2649519701\L\opauikiq
c:\windows\$NtUninstallKB60345$\2649519701\lsflt7.ver
c:\windows\$NtUninstallKB60345$\2649519701\U\00000001.@
c:\windows\$NtUninstallKB60345$\2649519701\U\00000002.@
c:\windows\$NtUninstallKB60345$\2649519701\U\00000004.@
c:\windows\$NtUninstallKB60345$\2649519701\U\80000000.@
c:\windows\$NtUninstallKB60345$\2649519701\U\80000004.@
c:\windows\$NtUninstallKB60345$\2649519701\U\80000032.@
c:\windows\$NtUninstallKB60345$\347705681
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\Thumbs.db
Q:\AUTORUN.INF
S:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2012-02-19 to 2012-03-19 )))))))))))))))))))))))))))))))
.
.
2012-03-19 05:23 . 2012-03-19 05:30 -------- d-----w- c:\users\John\AppData\Local\temp
2012-03-16 15:05 . 2012-02-09 18:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F004A77C-0311-4F21-8BFD-0CE947342CD5}\gapaengine.dll
2012-03-16 15:05 . 2012-03-01 19:34 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2A684E0-337C-4690-AF77-584542AEF99E}\mpengine.dll
2012-03-15 02:13 . 2012-03-15 02:13 -------- d-----w- c:\program files\PC Tools
2012-03-15 02:11 . 2012-03-15 03:00 -------- d-----w- c:\program files\Common Files\PC Tools
2012-03-15 02:11 . 2012-02-24 15:36 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-03-15 02:09 . 2012-03-15 02:34 -------- d-----w- c:\programdata\PC Tools
2012-03-15 02:09 . 2012-03-15 02:09 -------- d-----w- c:\users\John\AppData\Roaming\TestApp
2012-03-14 23:18 . 2008-12-09 14:59 20392 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys
2012-03-14 23:18 . 2010-09-23 17:29 511328 ----a-w- c:\program files\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL
2012-03-14 23:18 . 2012-01-06 16:29 2083464 ----a-w- c:\windows\system32\Incinerator32.dll
2012-03-14 23:18 . 2012-01-06 16:51 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2012-03-14 23:18 . 2012-01-06 16:51 11776 ----a-w- c:\windows\system32\smrgdf.exe
2012-03-14 23:18 . 2010-02-09 02:59 56200 ----a-w- c:\windows\system32\offreg.dll
2012-03-14 23:18 . 2012-03-14 23:18 -------- d-----w- c:\program files\iolo
2012-03-14 23:15 . 2012-03-14 23:15 74703 ----a-w- c:\windows\system32\mfc45.dll
2012-03-14 23:15 . 2012-03-15 01:01 -------- d-----w- c:\programdata\iolo
2012-03-14 23:15 . 2012-03-14 23:24 -------- d-----w- c:\users\John\AppData\Roaming\iolo
2012-03-14 21:42 . 2012-03-14 21:42 -------- d-----w- c:\program files\Magical Jelly Bean
2012-03-13 02:39 . 2012-03-13 02:39 -------- d-----w- c:\windows\Sun
2012-03-09 21:47 . 2012-03-09 21:47 151552 ----a-w- c:\programdata\Microsoft\Windows\DRM\65D.tmp
2012-02-23 16:38 . 2012-03-05 22:16 -------- d-----w- C:\Senior Care
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-07 16:21 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-01-31 12:44 . 2009-10-02 18:10 237072 ----a-w- c:\windows\system32\MpSigStub.exe
2012-01-14 03:35 . 2012-02-16 01:30 2343424 ----a-w- c:\windows\system32\win32k.sys
2011-12-06 15:01 . 2011-06-23 22:19 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"PMSpeed"="c:\program files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE" [2008-12-09 55120]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Fitbit Service Monitor"="c:\program files\Fitbit\fitbit-tray.exe" [2011-10-27 2164256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-26 163840]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-08-07 431392]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2008-08-07 148768]
"IdeaNotesUser"="c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe" [2009-08-24 221872]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-04-25 244208]
"SmartAudio"="c:\program files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2008-07-21 2701880]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-30 60192]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2008-03-11 54560]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-02-06 843776]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2008-05-24 26448]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"EnergyUtility"="c:\program files\Lenovo\EnergyCut\utilty.exe" [2007-04-28 1581056]
"EnergyCut"="c:\program files\Lenovo\EnergyCut\EnergyCut.exe" [2007-03-10 1167360]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2012-01-06 606904]
.
c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DisplayKEY eSYNC Info.lnk - c:\program files\GE Security Supra\SyncInfoApp.exe [2011-7-11 102400]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LPManager"=c:\progra~1\Lenovo\LENOVO~1\LPMGR.EXE
.
R0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-09-26 56336]
R1 funfrm;funfrm; [x]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
R1 MpKsl000ebba3;MpKsl000ebba3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43CA3B52-CD31-4A4A-883E-D5717C53D554}\MpKsl000ebba3.sys [x]
R1 MpKsl027b42ad;MpKsl027b42ad;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C5251CBE-54CE-4661-AE0F-DD597402F392}\MpKsl027b42ad.sys [x]
R1 MpKsl0fc33ca5;MpKsl0fc33ca5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C06E4089-A1B6-4640-884F-681F08EC47E6}\MpKsl0fc33ca5.sys [x]
R1 MpKsl13bafeac;MpKsl13bafeac;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51167B4D-37B8-4271-BE0F-1D034648453E}\MpKsl13bafeac.sys [x]
R1 MpKsl1f3f926d;MpKsl1f3f926d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6645571-C275-411B-B335-E336956596F9}\MpKsl1f3f926d.sys [x]
R1 MpKsl2c3d9d97;MpKsl2c3d9d97;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73DC7B4B-4A6A-4998-B24A-C595EF51662B}\MpKsl2c3d9d97.sys [x]
R1 MpKsl38ce8969;MpKsl38ce8969;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C06E4089-A1B6-4640-884F-681F08EC47E6}\MpKsl38ce8969.sys [x]
R1 MpKsl3b9a4e86;MpKsl3b9a4e86;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44529708-64C9-4593-A639-2BE1A4A8E2EB}\MpKsl3b9a4e86.sys [x]
R1 MpKsl3b9de3a1;MpKsl3b9de3a1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8ACBCA1-588E-49AD-933C-A8C4FA793E01}\MpKsl3b9de3a1.sys [x]
R1 MpKsl407057f8;MpKsl407057f8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7BB9427A-4945-4AB1-9843-8A5FCBE17D36}\MpKsl407057f8.sys [x]
R1 MpKsl46d6d94a;MpKsl46d6d94a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76555D83-9A38-4F35-83D9-95341270F65A}\MpKsl46d6d94a.sys [x]
R1 MpKsl4a535cf1;MpKsl4a535cf1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C06E4089-A1B6-4640-884F-681F08EC47E6}\MpKsl4a535cf1.sys [x]
R1 MpKsl5a58c89d;MpKsl5a58c89d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C5251CBE-54CE-4661-AE0F-DD597402F392}\MpKsl5a58c89d.sys [x]
R1 MpKsl5b18281a;MpKsl5b18281a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5934AC51-6E76-46C6-91E6-84CE523285E7}\MpKsl5b18281a.sys [x]
R1 MpKsl5bb22303;MpKsl5bb22303;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{37BA8526-5404-4960-80A7-76E17CC62C8B}\MpKsl5bb22303.sys [x]
R1 MpKsl5bdea28b;MpKsl5bdea28b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2146B4A7-CCCF-4CD3-9FAA-EBEDC306885E}\MpKsl5bdea28b.sys [x]
R1 MpKsl5d28f9db;MpKsl5d28f9db;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{508AC662-DE50-4430-B414-2CAA628008A9}\MpKsl5d28f9db.sys [x]
R1 MpKsl60e181d9;MpKsl60e181d9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2146B4A7-CCCF-4CD3-9FAA-EBEDC306885E}\MpKsl60e181d9.sys [x]
R1 MpKsl6a49b7a2;MpKsl6a49b7a2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73DC7B4B-4A6A-4998-B24A-C595EF51662B}\MpKsl6a49b7a2.sys [x]
R1 MpKsl6b880620;MpKsl6b880620;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DC5EEFB1-010F-4C9E-BF18-4C7E6AB217C9}\MpKsl6b880620.sys [x]
R1 MpKsl70d3c2ba;MpKsl70d3c2ba;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BF5060B-B7AB-4492-99C4-86F75FB03905}\MpKsl70d3c2ba.sys [x]
R1 MpKsl745d9921;MpKsl745d9921;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76555D83-9A38-4F35-83D9-95341270F65A}\MpKsl745d9921.sys [x]
R1 MpKsl772693ce;MpKsl772693ce;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB7E76AE-527A-4138-9E09-478601D75135}\MpKsl772693ce.sys [x]
R1 MpKsl7aecdd4b;MpKsl7aecdd4b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{86E0C1C0-F5DB-4367-8BD2-3F5ADED1589A}\MpKsl7aecdd4b.sys [x]
R1 MpKsl7d1c3715;MpKsl7d1c3715;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{508AC662-DE50-4430-B414-2CAA628008A9}\MpKsl7d1c3715.sys [x]
R1 MpKsl7d86e28a;MpKsl7d86e28a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{27CEB4DF-EE17-49A5-B5CC-923B6079E08B}\MpKsl7d86e28a.sys [x]
R1 MpKsl8112d4c5;MpKsl8112d4c5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9905104F-CDA2-4921-973F-BBD065E7C54C}\MpKsl8112d4c5.sys [x]
R1 MpKsl8125e39f;MpKsl8125e39f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55B21FCB-C09F-4444-A864-834BF5F239D5}\MpKsl8125e39f.sys [x]
R1 MpKsl840d0e03;MpKsl840d0e03;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4FCFE371-0441-4C0A-8CF8-83360ADAF915}\MpKsl840d0e03.sys [x]
R1 MpKsl8c539b94;MpKsl8c539b94;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73DC7B4B-4A6A-4998-B24A-C595EF51662B}\MpKsl8c539b94.sys [x]
R1 MpKsl90401118;MpKsl90401118;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7B2EA09A-E51B-4DB4-8A50-8AFC7BEC6C45}\MpKsl90401118.sys [x]
R1 MpKsl92e3c017;MpKsl92e3c017;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8527CF78-6717-4AF0-98B2-2208A91E1B46}\MpKsl92e3c017.sys [x]
R1 MpKsl98479ddc;MpKsl98479ddc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA059E75-CE0D-4681-88CF-849EC8E4B427}\MpKsl98479ddc.sys [x]
R1 MpKsl99a301ce;MpKsl99a301ce;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7BB9427A-4945-4AB1-9843-8A5FCBE17D36}\MpKsl99a301ce.sys [x]
R1 MpKsl9c0bfd39;MpKsl9c0bfd39;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8ACBCA1-588E-49AD-933C-A8C4FA793E01}\MpKsl9c0bfd39.sys [x]
R1 MpKsl9d734d46;MpKsl9d734d46;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C06E4089-A1B6-4640-884F-681F08EC47E6}\MpKsl9d734d46.sys [x]
R1 MpKsla46335cb;MpKsla46335cb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76532E0D-935C-4EC8-B483-795562DB7656}\MpKsla46335cb.sys [x]
R1 MpKsla67172ed;MpKsla67172ed;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DD93BA93-15A5-4410-BD6D-DDAB22693FD8}\MpKsla67172ed.sys [x]
R1 MpKsla8c9fc03;MpKsla8c9fc03;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51167B4D-37B8-4271-BE0F-1D034648453E}\MpKsla8c9fc03.sys [x]
R1 MpKsla9f57525;MpKsla9f57525;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{913EE69B-18A3-49BB-8D68-0A4CCC816323}\MpKsla9f57525.sys [x]
R1 MpKslabc1017a;MpKslabc1017a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7457B046-3DDE-40EA-83E9-C59D74F2653D}\MpKslabc1017a.sys [x]
R1 MpKslbb41309e;MpKslbb41309e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43CA3B52-CD31-4A4A-883E-D5717C53D554}\MpKslbb41309e.sys [x]
R1 MpKslbc5b3f74;MpKslbc5b3f74;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4FCFE371-0441-4C0A-8CF8-83360ADAF915}\MpKslbc5b3f74.sys [x]
R1 MpKslbd3b669c;MpKslbd3b669c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73DC7B4B-4A6A-4998-B24A-C595EF51662B}\MpKslbd3b669c.sys [x]
R1 MpKslbe5189ec;MpKslbe5189ec;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C06E4089-A1B6-4640-884F-681F08EC47E6}\MpKslbe5189ec.sys [x]
R1 MpKslc19b75c5;MpKslc19b75c5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A58DB5D-F513-44A2-9965-369C22820B0B}\MpKslc19b75c5.sys [x]
R1 MpKslc1be90a6;MpKslc1be90a6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{28D0C468-1758-48CA-8D8B-DDF11042401D}\MpKslc1be90a6.sys [x]
R1 MpKslcd538bcb;MpKslcd538bcb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2146B4A7-CCCF-4CD3-9FAA-EBEDC306885E}\MpKslcd538bcb.sys [x]
R1 MpKsld1f0ceef;MpKsld1f0ceef;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51167B4D-37B8-4271-BE0F-1D034648453E}\MpKsld1f0ceef.sys [x]
R1 MpKsld333bfe5;MpKsld333bfe5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2146B4A7-CCCF-4CD3-9FAA-EBEDC306885E}\MpKsld333bfe5.sys [x]
R1 MpKsle11f80c2;MpKsle11f80c2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{504FCDE7-3C82-4AC1-8BC2-DA54ADB925F4}\MpKsle11f80c2.sys [x]
R1 MpKsle3f30af6;MpKsle3f30af6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA6BE20C-57D9-46F3-9122-6E30398D79C4}\MpKsle3f30af6.sys [x]
R1 MpKsle62f0026;MpKsle62f0026;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76555D83-9A38-4F35-83D9-95341270F65A}\MpKsle62f0026.sys [x]
R1 MpKslef864bb5;MpKslef864bb5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{37BA8526-5404-4960-80A7-76E17CC62C8B}\MpKslef864bb5.sys [x]
R1 MpKslf1e76905;MpKslf1e76905;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{37BA8526-5404-4960-80A7-76E17CC62C8B}\MpKslf1e76905.sys [x]
R1 MpKslf22726ce;MpKslf22726ce;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7457B046-3DDE-40EA-83E9-C59D74F2653D}\MpKslf22726ce.sys [x]
R1 MpKslf3e80297;MpKslf3e80297;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA78AFAE-1821-479C-A0F7-827FDF56055F}\MpKslf3e80297.sys [x]
R1 MpKslf5c4380a;MpKslf5c4380a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{69A33DA3-27DE-4BBE-96DD-FF7FA5394A7B}\MpKslf5c4380a.sys [x]
R1 MpKslf7403479;MpKslf7403479;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{11EBB1BB-0C0B-4FF0-9F27-CF31430FA174}\MpKslf7403479.sys [x]
R1 MpKslfe8e086d;MpKslfe8e086d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DD93BA93-15A5-4410-BD6D-DDAB22693FD8}\MpKslfe8e086d.sys [x]
R1 RapportCerberus_32029;RapportCerberus_32029;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys [2011-10-18 227312]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-09-26 70416]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-09-26 161936]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DDNIMSGService;DDNIMSGService;c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [2009-08-24 172720]
R2 DDNIService;DDNIService;c:\program files\DDNI\DIBS\DDNIService.exe [2009-09-11 160432]
R2 Fitbit;Fitbit Data Uploader;c:\program files\Fitbit\fitbit.exe [2011-10-27 788000]
R2 FNF5SVC;Fn+F5 Service;c:\program files\LENOVO\HOTKEY\FNF5SVC.exe [2008-03-14 54560]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-12 136176]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-09-25 919352]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2008-04-25 362992]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-04-25 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-04-25 166384]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2008-08-08 53325]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-24 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-10-09 360448]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2007-04-10 11776]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-12 136176]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-08-07 97536]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys [2011-08-08 21520]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2008-04-25 313840]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-25 1120752]
R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2011-10-27 19744]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-25 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - eeCtrl
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - IDSVix86
*Deregistered* - SymEFA
*Deregistered* - SymEvent
*Deregistered* - SYMFW
*Deregistered* - SYMNDISV
*Deregistered* - SYMTDI
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-12 21:16]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-12 21:16]
.
2011-12-03 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32]
.
2012-03-14 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2011-07-08 12:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://smallmiraclesacademy.org/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {C269D811-8511-44CF-B310-28CDDFFB1B74} - hxxp://www.ntreisinnovia.net/ntr/valid/osi_valid9m.ocx
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\6t7lo5e0.default\
FF - prefs.js: browser.startup.homepage - hxxp://smallmiraclesacademy.org/
FF - prefs.js: network.proxy.type - 2
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-RunServices-SoftWareInstallShield12.0.58855 - c:\users\john\appdata\local\temp\0.9898807986066338.exe
HKLM-RunOnce-SMRequiresRestart - (no file)
HKLM-RunOnce-Malwarebytes Anti-Malware (cleanup) - c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll
AddRemove-FITBIT&10C4&84C4 - c:\program files\Fitbit\Base Station\DriverUninstaller.exe USBXpress\FITBIT&10C4&84C4
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1500)
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\conhost.exe
c:\windows\System32\WerFault.exe
c:\windows\helppane.exe
.
**************************************************************************
.
Completion time: 2012-03-19 00:37:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-19 05:37
.
Pre-Run: 135,128,199,168 bytes free
Post-Run: 134,565,994,496 bytes free
.
- - End Of File - - BA66D80801DE98A14447A6F397E25EDE

#12 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:32 AM

Posted 19 March 2012 - 03:30 PM

Hi,

That looks like ComboFix has removed the ZeroAccess rootkit from your PC. You should have noticed some serious improvement now?

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#13 jbjdharris

jbjdharris
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 19 March 2012 - 05:04 PM

Hi Casey,
Unfortunately the pc still reverts to the blue screen after I log in using normal mode. No improvement.

#14 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:32 AM

Posted 20 March 2012 - 05:02 PM

So if you click on anything after booting up normally your PC crashes and blue screens? But if you boot into Safe Mode, you're OK?

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#15 jbjdharris

jbjdharris
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 20 March 2012 - 07:38 PM

Hi Casey, thanks for your reply. After running tdss, my machine rebooted in normal mode, after logging in to windows, the screen just went black. no blue screen at all this time, and the desktop never even showed up. Loggin in using safe mode is still ok.

Here is the tdss log:



20:18:35.0281 2068 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
20:18:35.0749 2068 ============================================================
20:18:35.0749 2068 Current date / time: 2012/03/20 20:18:35.0749
20:18:35.0749 2068 SystemInfo:
20:18:35.0749 2068
20:18:35.0749 2068 OS Version: 6.1.7601 ServicePack: 1.0
20:18:35.0749 2068 Product type: Workstation
20:18:35.0749 2068 ComputerName: JOHN-PC
20:18:35.0749 2068 UserName: John
20:18:35.0749 2068 Windows directory: C:\Windows
20:18:35.0749 2068 System windows directory: C:\Windows
20:18:35.0749 2068 Processor architecture: Intel x86
20:18:35.0749 2068 Number of processors: 2
20:18:35.0749 2068 Page size: 0x1000
20:18:35.0749 2068 Boot type: Safe boot with network
20:18:35.0749 2068 ============================================================
20:18:37.0106 2068 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:18:37.0106 2068 \Device\Harddisk0\DR0:
20:18:37.0106 2068 MBR used
20:18:37.0106 2068 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
20:18:37.0106 2068 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BB4E7F8
20:18:37.0106 2068 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BE3D000, BlocksNum 0x1388000
20:18:37.0215 2068 Initialize success
20:18:37.0215 2068 ============================================================
20:19:48.0648 1536 ============================================================
20:19:48.0648 1536 Scan started
20:19:48.0648 1536 Mode: Manual;
20:19:48.0648 1536 ============================================================
20:19:49.0552 1536 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
20:19:49.0552 1536 1394ohci - ok
20:19:49.0662 1536 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
20:19:49.0662 1536 ACPI - ok
20:19:49.0708 1536 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
20:19:49.0708 1536 AcpiPmi - ok
20:19:49.0771 1536 ACPIVPC (c460349e4c6cd6c12e93476c3923a1b0) C:\Windows\system32\DRIVERS\AcpiVpc.sys
20:19:49.0771 1536 ACPIVPC - ok
20:19:49.0880 1536 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
20:19:49.0880 1536 adp94xx - ok
20:19:49.0911 1536 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
20:19:49.0911 1536 adpahci - ok
20:19:49.0942 1536 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
20:19:49.0942 1536 adpu320 - ok
20:19:50.0036 1536 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
20:19:50.0052 1536 AFD - ok
20:19:50.0098 1536 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
20:19:50.0098 1536 agp440 - ok
20:19:50.0130 1536 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
20:19:50.0130 1536 aic78xx - ok
20:19:50.0161 1536 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
20:19:50.0161 1536 aliide - ok
20:19:50.0176 1536 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
20:19:50.0192 1536 amdagp - ok
20:19:50.0208 1536 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
20:19:50.0208 1536 amdide - ok
20:19:50.0239 1536 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
20:19:50.0239 1536 AmdK8 - ok
20:19:50.0270 1536 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
20:19:50.0270 1536 AmdPPM - ok
20:19:50.0317 1536 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
20:19:50.0317 1536 amdsata - ok
20:19:50.0348 1536 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
20:19:50.0348 1536 amdsbs - ok
20:19:50.0395 1536 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
20:19:50.0395 1536 amdxata - ok
20:19:50.0473 1536 ApfiltrService (0f83cb9bcb247869bcad28026b8f134b) C:\Windows\system32\DRIVERS\Apfiltr.sys
20:19:50.0473 1536 ApfiltrService - ok
20:19:50.0520 1536 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
20:19:50.0520 1536 AppID - ok
20:19:50.0629 1536 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
20:19:50.0629 1536 arc - ok
20:19:50.0644 1536 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
20:19:50.0644 1536 arcsas - ok
20:19:50.0832 1536 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
20:19:50.0847 1536 AsyncMac - ok
20:19:50.0910 1536 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
20:19:50.0910 1536 atapi - ok
20:19:50.0956 1536 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
20:19:50.0972 1536 b06bdrv - ok
20:19:51.0034 1536 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:19:51.0050 1536 b57nd60x - ok
20:19:51.0144 1536 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) C:\Windows\system32\DRIVERS\bcmwl6.sys
20:19:51.0175 1536 BCM43XX - ok
20:19:51.0268 1536 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
20:19:51.0268 1536 Beep - ok
20:19:51.0362 1536 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
20:19:51.0362 1536 blbdrive - ok
20:19:51.0440 1536 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
20:19:51.0440 1536 bowser - ok
20:19:51.0471 1536 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:19:51.0471 1536 BrFiltLo - ok
20:19:51.0502 1536 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:19:51.0502 1536 BrFiltUp - ok
20:19:51.0549 1536 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
20:19:51.0549 1536 BridgeMP - ok
20:19:51.0627 1536 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\system32\DRIVERS\BrSerId.sys
20:19:51.0627 1536 Brserid - ok
20:19:51.0658 1536 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
20:19:51.0658 1536 BrSerWdm - ok
20:19:51.0674 1536 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:19:51.0674 1536 BrUsbMdm - ok
20:19:51.0705 1536 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\DRIVERS\BrUsbSer.sys
20:19:51.0705 1536 BrUsbSer - ok
20:19:51.0752 1536 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
20:19:51.0752 1536 BTHMODEM - ok
20:19:51.0846 1536 catchme - ok
20:19:51.0924 1536 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
20:19:51.0924 1536 cdfs - ok
20:19:51.0970 1536 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
20:19:51.0986 1536 cdrom - ok
20:19:52.0002 1536 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
20:19:52.0017 1536 circlass - ok
20:19:52.0080 1536 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
20:19:52.0095 1536 CLFS - ok
20:19:52.0173 1536 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
20:19:52.0173 1536 CmBatt - ok
20:19:52.0236 1536 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
20:19:52.0236 1536 cmdide - ok
20:19:52.0298 1536 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
20:19:52.0314 1536 CNG - ok
20:19:52.0392 1536 CnxtHdAudService (8b7a0ce6613f991359ff95212900396c) C:\Windows\system32\drivers\CHDRT32.sys
20:19:52.0392 1536 CnxtHdAudService - ok
20:19:52.0594 1536 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
20:19:52.0594 1536 Compbatt - ok
20:19:52.0657 1536 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
20:19:52.0657 1536 CompositeBus - ok
20:19:52.0688 1536 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
20:19:52.0704 1536 crcdisk - ok
20:19:52.0797 1536 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
20:19:52.0797 1536 DfsC - ok
20:19:52.0875 1536 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
20:19:52.0875 1536 discache - ok
20:19:52.0891 1536 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
20:19:52.0891 1536 Disk - ok
20:19:53.0047 1536 DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\Windows\system32\DLA\DLABMFSM.SYS
20:19:53.0047 1536 DLABMFSM - ok
20:19:53.0078 1536 DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\Windows\system32\DLA\DLABOIOM.SYS
20:19:53.0094 1536 DLABOIOM - ok
20:19:53.0156 1536 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
20:19:53.0156 1536 DLACDBHM - ok
20:19:53.0203 1536 DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\Windows\system32\DLA\DLADResM.SYS
20:19:53.0203 1536 DLADResM - ok
20:19:53.0250 1536 DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\Windows\system32\DLA\DLAIFS_M.SYS
20:19:53.0250 1536 DLAIFS_M - ok
20:19:53.0296 1536 DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\Windows\system32\DLA\DLAOPIOM.SYS
20:19:53.0296 1536 DLAOPIOM - ok
20:19:53.0359 1536 DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\Windows\system32\DLA\DLAPoolM.SYS
20:19:53.0359 1536 DLAPoolM - ok
20:19:53.0390 1536 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
20:19:53.0390 1536 DLARTL_M - ok
20:19:53.0437 1536 DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\Windows\system32\DLA\DLAUDFAM.SYS
20:19:53.0437 1536 DLAUDFAM - ok
20:19:53.0484 1536 DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\Windows\system32\DLA\DLAUDF_M.SYS
20:19:53.0484 1536 DLAUDF_M - ok
20:19:53.0577 1536 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
20:19:53.0577 1536 drmkaud - ok
20:19:53.0640 1536 DRVMCDB (83106585494d5eb96f59187200c144bd) C:\Windows\system32\Drivers\DRVMCDB.SYS
20:19:53.0640 1536 DRVMCDB - ok
20:19:53.0686 1536 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
20:19:53.0686 1536 DRVNDDM - ok
20:19:53.0749 1536 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
20:19:53.0764 1536 DXGKrnl - ok
20:19:53.0889 1536 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
20:19:53.0983 1536 ebdrv - ok
20:19:54.0030 1536 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
20:19:54.0045 1536 elxstor - ok
20:19:54.0092 1536 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
20:19:54.0092 1536 ErrDev - ok
20:19:54.0170 1536 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
20:19:54.0186 1536 exfat - ok
20:19:54.0201 1536 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
20:19:54.0217 1536 fastfat - ok
20:19:54.0248 1536 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
20:19:54.0248 1536 fdc - ok
20:19:54.0310 1536 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
20:19:54.0310 1536 FileInfo - ok
20:19:54.0326 1536 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
20:19:54.0326 1536 Filetrace - ok
20:19:54.0373 1536 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
20:19:54.0388 1536 flpydisk - ok
20:19:54.0451 1536 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
20:19:54.0466 1536 FltMgr - ok
20:19:54.0560 1536 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
20:19:54.0560 1536 FsDepends - ok
20:19:54.0638 1536 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
20:19:54.0638 1536 fssfltr - ok
20:19:54.0685 1536 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
20:19:54.0685 1536 Fs_Rec - ok
20:19:54.0763 1536 funfrm (000b97efe617d05f197420e4112dc8a8) C:\Windows\system32\drivers\funfrm.sys
20:19:54.0763 1536 funfrm - ok
20:19:54.0841 1536 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
20:19:54.0841 1536 fvevol - ok
20:19:54.0872 1536 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:19:54.0872 1536 gagp30kx - ok
20:19:54.0919 1536 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:19:54.0919 1536 GEARAspiWDM - ok
20:19:54.0981 1536 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
20:19:54.0981 1536 hcw85cir - ok
20:19:55.0059 1536 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
20:19:55.0059 1536 HDAudBus - ok
20:19:55.0090 1536 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
20:19:55.0090 1536 HidBatt - ok
20:19:55.0122 1536 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
20:19:55.0122 1536 HidBth - ok
20:19:55.0137 1536 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
20:19:55.0153 1536 HidIr - ok
20:19:55.0184 1536 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
20:19:55.0184 1536 HidUsb - ok
20:19:55.0246 1536 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
20:19:55.0246 1536 HpSAMD - ok
20:19:55.0309 1536 HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:19:55.0356 1536 HSF_DPV - ok
20:19:55.0402 1536 HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
20:19:55.0402 1536 HSXHWAZL - ok
20:19:55.0449 1536 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
20:19:55.0480 1536 HTTP - ok
20:19:55.0527 1536 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
20:19:55.0527 1536 hwpolicy - ok
20:19:55.0590 1536 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
20:19:55.0590 1536 i8042prt - ok
20:19:55.0636 1536 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
20:19:55.0652 1536 iaStorV - ok
20:19:55.0902 1536 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:19:56.0104 1536 igfx - ok
20:19:56.0151 1536 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
20:19:56.0151 1536 iirsp - ok
20:19:56.0229 1536 IntcHdmiAddService (c7e7e43cbd34d3b0a0156b51b917dfcc) C:\Windows\system32\drivers\IntcHdmi.sys
20:19:56.0229 1536 IntcHdmiAddService - ok
20:19:56.0276 1536 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
20:19:56.0276 1536 intelide - ok
20:19:56.0323 1536 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
20:19:56.0323 1536 intelppm - ok
20:19:56.0354 1536 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:19:56.0354 1536 IpFilterDriver - ok
20:19:56.0416 1536 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
20:19:56.0416 1536 IPMIDRV - ok
20:19:56.0448 1536 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
20:19:56.0448 1536 IPNAT - ok
20:19:56.0526 1536 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
20:19:56.0526 1536 IRENUM - ok
20:19:56.0588 1536 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
20:19:56.0588 1536 isapnp - ok
20:19:56.0635 1536 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
20:19:56.0635 1536 iScsiPrt - ok
20:19:56.0713 1536 JMCR (a69a1b991824b98f744913555f665893) C:\Windows\system32\DRIVERS\jmcr.sys
20:19:56.0728 1536 JMCR - ok
20:19:56.0775 1536 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
20:19:56.0775 1536 kbdclass - ok
20:19:56.0806 1536 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
20:19:56.0806 1536 kbdhid - ok
20:19:56.0869 1536 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
20:19:56.0884 1536 KSecDD - ok
20:19:56.0900 1536 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
20:19:56.0900 1536 KSecPkg - ok
20:19:56.0994 1536 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows\system32\DRIVERS\smiif32.sys
20:19:56.0994 1536 lenovo.smi - ok
20:19:57.0040 1536 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
20:19:57.0040 1536 lltdio - ok
20:19:57.0103 1536 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:19:57.0103 1536 LSI_FC - ok
20:19:57.0118 1536 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:19:57.0118 1536 LSI_SAS - ok
20:19:57.0150 1536 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:19:57.0150 1536 LSI_SAS2 - ok
20:19:57.0181 1536 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:19:57.0181 1536 LSI_SCSI - ok
20:19:57.0243 1536 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
20:19:57.0243 1536 luafv - ok
20:19:57.0274 1536 MBAMSwissArmy - ok
20:19:57.0352 1536 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:19:57.0352 1536 mdmxsdk - ok
20:19:57.0384 1536 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
20:19:57.0384 1536 megasas - ok
20:19:57.0415 1536 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
20:19:57.0430 1536 MegaSR - ok
20:19:57.0477 1536 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
20:19:57.0477 1536 Modem - ok
20:19:57.0540 1536 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
20:19:57.0540 1536 monitor - ok
20:19:57.0602 1536 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
20:19:57.0602 1536 mouclass - ok
20:19:57.0618 1536 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
20:19:57.0618 1536 mouhid - ok
20:19:57.0664 1536 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
20:19:57.0664 1536 mountmgr - ok
20:19:57.0727 1536 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
20:19:57.0727 1536 MpFilter - ok
20:19:57.0774 1536 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
20:19:57.0774 1536 mpio - ok
20:19:57.0898 1536 MpKsl000ebba3 - ok
20:19:57.0930 1536 MpKsl027b42ad - ok
20:19:57.0930 1536 MpKsl0fc33ca5 - ok
20:19:57.0945 1536 MpKsl13bafeac - ok
20:19:57.0945 1536 MpKsl1f3f926d - ok
20:19:57.0976 1536 MpKsl2c3d9d97 - ok
20:19:57.0976 1536 MpKsl38ce8969 - ok
20:19:57.0992 1536 MpKsl3b9a4e86 - ok
20:19:57.0992 1536 MpKsl3b9de3a1 - ok
20:19:58.0008 1536 MpKsl407057f8 - ok
20:19:58.0023 1536 MpKsl46d6d94a - ok
20:19:58.0023 1536 MpKsl4a535cf1 - ok
20:19:58.0039 1536 MpKsl5a58c89d - ok
20:19:58.0054 1536 MpKsl5b18281a - ok
20:19:58.0054 1536 MpKsl5bb22303 - ok
20:19:58.0070 1536 MpKsl5bdea28b - ok
20:19:58.0086 1536 MpKsl5d28f9db - ok
20:19:58.0101 1536 MpKsl60e181d9 - ok
20:19:58.0101 1536 MpKsl6a49b7a2 - ok
20:19:58.0117 1536 MpKsl6b880620 - ok
20:19:58.0117 1536 MpKsl70d3c2ba - ok
20:19:58.0132 1536 MpKsl745d9921 - ok
20:19:58.0148 1536 MpKsl772693ce - ok
20:19:58.0164 1536 MpKsl7aecdd4b - ok
20:19:58.0179 1536 MpKsl7d1c3715 - ok
20:19:58.0179 1536 MpKsl7d86e28a - ok
20:19:58.0195 1536 MpKsl8112d4c5 - ok
20:19:58.0210 1536 MpKsl8125e39f - ok
20:19:58.0210 1536 MpKsl840d0e03 - ok
20:19:58.0226 1536 MpKsl8c539b94 - ok
20:19:58.0226 1536 MpKsl90401118 - ok
20:19:58.0242 1536 MpKsl92e3c017 - ok
20:19:58.0242 1536 MpKsl98479ddc - ok
20:19:58.0257 1536 MpKsl99a301ce - ok
20:19:58.0257 1536 MpKsl9c0bfd39 - ok
20:19:58.0273 1536 MpKsl9d734d46 - ok
20:19:58.0273 1536 MpKsla46335cb - ok
20:19:58.0288 1536 MpKsla67172ed - ok
20:19:58.0288 1536 MpKsla8c9fc03 - ok
20:19:58.0304 1536 MpKsla9f57525 - ok
20:19:58.0304 1536 MpKslabc1017a - ok
20:19:58.0320 1536 MpKslbb41309e - ok
20:19:58.0320 1536 MpKslbc5b3f74 - ok
20:19:58.0335 1536 MpKslbd3b669c - ok
20:19:58.0335 1536 MpKslbe5189ec - ok
20:19:58.0351 1536 MpKslc19b75c5 - ok
20:19:58.0351 1536 MpKslc1be90a6 - ok
20:19:58.0366 1536 MpKslcd538bcb - ok
20:19:58.0366 1536 MpKsld1f0ceef - ok
20:19:58.0382 1536 MpKsld333bfe5 - ok
20:19:58.0382 1536 MpKsle11f80c2 - ok
20:19:58.0398 1536 MpKsle3f30af6 - ok
20:19:58.0398 1536 MpKsle62f0026 - ok
20:19:58.0429 1536 MpKslef864bb5 - ok
20:19:58.0429 1536 MpKslf1e76905 - ok
20:19:58.0444 1536 MpKslf22726ce - ok
20:19:58.0460 1536 MpKslf3e80297 - ok
20:19:58.0476 1536 MpKslf5c4380a - ok
20:19:58.0476 1536 MpKslf7403479 - ok
20:19:58.0491 1536 MpKslfe8e086d - ok
20:19:58.0600 1536 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
20:19:58.0600 1536 MpNWMon - ok
20:19:58.0663 1536 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
20:19:58.0663 1536 mpsdrv - ok
20:19:58.0725 1536 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
20:19:58.0725 1536 MRxDAV - ok
20:19:58.0803 1536 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:19:58.0803 1536 mrxsmb - ok
20:19:58.0866 1536 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:19:58.0866 1536 mrxsmb10 - ok
20:19:58.0897 1536 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:19:58.0897 1536 mrxsmb20 - ok
20:19:58.0944 1536 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
20:19:58.0944 1536 msahci - ok
20:19:58.0990 1536 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
20:19:58.0990 1536 msdsm - ok
20:19:59.0068 1536 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
20:19:59.0084 1536 Msfs - ok
20:19:59.0131 1536 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
20:19:59.0131 1536 mshidkmdf - ok
20:19:59.0193 1536 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
20:19:59.0193 1536 msisadrv - ok
20:19:59.0256 1536 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
20:19:59.0256 1536 MSKSSRV - ok
20:19:59.0318 1536 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
20:19:59.0318 1536 MSPCLOCK - ok
20:19:59.0349 1536 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
20:19:59.0349 1536 MSPQM - ok
20:19:59.0380 1536 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
20:19:59.0380 1536 MsRPC - ok
20:19:59.0443 1536 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
20:19:59.0443 1536 mssmbios - ok
20:19:59.0490 1536 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
20:19:59.0505 1536 MSTEE - ok
20:19:59.0521 1536 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
20:19:59.0521 1536 MTConfig - ok
20:19:59.0536 1536 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
20:19:59.0552 1536 Mup - ok
20:19:59.0599 1536 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
20:19:59.0599 1536 NativeWifiP - ok
20:19:59.0677 1536 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
20:19:59.0692 1536 NDIS - ok
20:19:59.0724 1536 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
20:19:59.0724 1536 NdisCap - ok
20:19:59.0770 1536 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
20:19:59.0770 1536 NdisTapi - ok
20:19:59.0817 1536 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
20:19:59.0817 1536 Ndisuio - ok
20:19:59.0864 1536 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
20:19:59.0864 1536 NdisWan - ok
20:19:59.0926 1536 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
20:19:59.0926 1536 NDProxy - ok
20:19:59.0973 1536 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
20:19:59.0973 1536 NetBIOS - ok
20:20:00.0020 1536 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
20:20:00.0036 1536 NetBT - ok
20:20:00.0082 1536 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
20:20:00.0082 1536 nfrd960 - ok
20:20:00.0160 1536 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:20:00.0160 1536 NisDrv - ok
20:20:00.0223 1536 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
20:20:00.0223 1536 Npfs - ok
20:20:00.0254 1536 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
20:20:00.0254 1536 nsiproxy - ok
20:20:00.0332 1536 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
20:20:00.0363 1536 Ntfs - ok
20:20:00.0410 1536 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
20:20:00.0410 1536 Null - ok
20:20:00.0488 1536 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
20:20:00.0488 1536 nvraid - ok
20:20:00.0519 1536 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
20:20:00.0519 1536 nvstor - ok
20:20:00.0566 1536 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
20:20:00.0566 1536 nv_agp - ok
20:20:00.0613 1536 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
20:20:00.0613 1536 ohci1394 - ok
20:20:00.0722 1536 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
20:20:00.0722 1536 Parport - ok
20:20:00.0769 1536 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
20:20:00.0769 1536 partmgr - ok
20:20:00.0800 1536 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
20:20:00.0800 1536 Parvdm - ok
20:20:00.0831 1536 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
20:20:00.0831 1536 pci - ok
20:20:00.0878 1536 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
20:20:00.0878 1536 pciide - ok
20:20:00.0909 1536 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
20:20:00.0909 1536 pcmcia - ok
20:20:00.0956 1536 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
20:20:00.0956 1536 pcw - ok
20:20:00.0987 1536 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
20:20:01.0003 1536 PEAUTH - ok
20:20:01.0128 1536 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
20:20:01.0128 1536 PptpMiniport - ok
20:20:01.0143 1536 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
20:20:01.0143 1536 Processor - ok
20:20:01.0206 1536 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
20:20:01.0206 1536 Psched - ok
20:20:01.0252 1536 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
20:20:01.0252 1536 PxHelp20 - ok
20:20:01.0315 1536 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
20:20:01.0346 1536 ql2300 - ok
20:20:01.0362 1536 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
20:20:01.0362 1536 ql40xx - ok
20:20:01.0393 1536 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
20:20:01.0408 1536 QWAVEdrv - ok
20:20:01.0580 1536 RapportCerberus_32029 (9919c63e9150af648c42d28b5d72a32f) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys
20:20:01.0580 1536 RapportCerberus_32029 - ok
20:20:01.0689 1536 RapportEI (90bc0b9ef6106b8f5f762bdf4f0ad723) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
20:20:01.0689 1536 RapportEI - ok
20:20:01.0830 1536 RapportKELL (8cc04334a2fda2b6d79631dbe62f5cd0) C:\Windows\system32\Drivers\RapportKELL.sys
20:20:01.0830 1536 RapportKELL - ok
20:20:01.0876 1536 RapportPG (a16ba67cf3f448bd163246dd725b7ffc) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
20:20:01.0892 1536 RapportPG - ok
20:20:01.0939 1536 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
20:20:01.0939 1536 RasAcd - ok
20:20:02.0001 1536 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:20:02.0001 1536 RasAgileVpn - ok
20:20:02.0048 1536 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:20:02.0064 1536 Rasl2tp - ok
20:20:02.0095 1536 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
20:20:02.0110 1536 RasPppoe - ok
20:20:02.0126 1536 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
20:20:02.0126 1536 RasSstp - ok
20:20:02.0173 1536 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
20:20:02.0188 1536 rdbss - ok
20:20:02.0204 1536 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
20:20:02.0204 1536 rdpbus - ok
20:20:02.0266 1536 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:20:02.0266 1536 RDPCDD - ok
20:20:02.0282 1536 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
20:20:02.0282 1536 RDPENCDD - ok
20:20:02.0313 1536 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
20:20:02.0313 1536 RDPREFMP - ok
20:20:02.0360 1536 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
20:20:02.0360 1536 RDPWD - ok
20:20:02.0422 1536 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
20:20:02.0422 1536 rdyboost - ok
20:20:02.0516 1536 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
20:20:02.0516 1536 rspndr - ok
20:20:02.0594 1536 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
20:20:02.0594 1536 sbp2port - ok
20:20:02.0688 1536 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
20:20:02.0688 1536 scfilter - ok
20:20:02.0750 1536 SDBus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
20:20:02.0750 1536 SDBus - ok
20:20:02.0797 1536 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:20:02.0797 1536 secdrv - ok
20:20:02.0844 1536 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
20:20:02.0844 1536 Serenum - ok
20:20:02.0859 1536 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
20:20:02.0859 1536 Serial - ok
20:20:02.0906 1536 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
20:20:02.0906 1536 sermouse - ok
20:20:02.0953 1536 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
20:20:02.0953 1536 sffdisk - ok
20:20:03.0000 1536 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
20:20:03.0000 1536 sffp_mmc - ok
20:20:03.0031 1536 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
20:20:03.0031 1536 sffp_sd - ok
20:20:03.0046 1536 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
20:20:03.0046 1536 sfloppy - ok
20:20:03.0124 1536 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
20:20:03.0124 1536 sisagp - ok
20:20:03.0156 1536 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:20:03.0156 1536 SiSRaid2 - ok
20:20:03.0187 1536 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
20:20:03.0187 1536 SiSRaid4 - ok
20:20:03.0265 1536 SIUSBXP (c9db3179f232131dad78c5a37a34e83a) C:\Windows\system32\drivers\SiUSBXp.sys
20:20:03.0265 1536 SIUSBXP - ok
20:20:03.0312 1536 slabbus (444186c720885429a2354095c1938143) C:\Windows\system32\DRIVERS\slabbus.sys
20:20:03.0312 1536 slabbus - ok
20:20:03.0374 1536 slabser (ed71f8c82ef11c0da1c57be021a2fdc9) C:\Windows\system32\DRIVERS\slabser.sys
20:20:03.0374 1536 slabser - ok
20:20:03.0405 1536 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
20:20:03.0405 1536 Smb - ok
20:20:03.0452 1536 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
20:20:03.0468 1536 spldr - ok
20:20:03.0546 1536 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
20:20:03.0546 1536 srv - ok
20:20:03.0608 1536 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
20:20:03.0608 1536 srv2 - ok
20:20:03.0702 1536 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
20:20:03.0702 1536 srvnet - ok
20:20:03.0764 1536 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
20:20:03.0764 1536 stexstor - ok
20:20:03.0826 1536 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
20:20:03.0826 1536 swenum - ok
20:20:03.0936 1536 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
20:20:03.0967 1536 Tcpip - ok
20:20:04.0014 1536 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
20:20:04.0029 1536 TCPIP6 - ok
20:20:04.0107 1536 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
20:20:04.0107 1536 tcpipreg - ok
20:20:04.0154 1536 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
20:20:04.0154 1536 TDPIPE - ok
20:20:04.0185 1536 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
20:20:04.0185 1536 TDTCP - ok
20:20:04.0248 1536 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
20:20:04.0248 1536 tdx - ok
20:20:04.0341 1536 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
20:20:04.0341 1536 TermDD - ok
20:20:04.0435 1536 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:20:04.0435 1536 tssecsrv - ok
20:20:04.0497 1536 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
20:20:04.0497 1536 TsUsbFlt - ok
20:20:04.0560 1536 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
20:20:04.0560 1536 tunnel - ok
20:20:04.0622 1536 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\Windows\system32\DRIVERS\tvtfilter.sys
20:20:04.0622 1536 tvtfilter - ok
20:20:04.0669 1536 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
20:20:04.0669 1536 uagp35 - ok
20:20:04.0716 1536 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
20:20:04.0731 1536 udfs - ok
20:20:04.0778 1536 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
20:20:04.0778 1536 uliagpkx - ok
20:20:04.0825 1536 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
20:20:04.0825 1536 umbus - ok
20:20:04.0856 1536 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
20:20:04.0856 1536 UmPass - ok
20:20:04.0903 1536 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
20:20:04.0903 1536 USBAAPL - ok
20:20:04.0934 1536 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
20:20:04.0934 1536 usbccgp - ok
20:20:04.0965 1536 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
20:20:04.0981 1536 usbcir - ok
20:20:05.0028 1536 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
20:20:05.0043 1536 usbehci - ok
20:20:05.0106 1536 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
20:20:05.0106 1536 usbhub - ok
20:20:05.0152 1536 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
20:20:05.0168 1536 usbohci - ok
20:20:05.0215 1536 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
20:20:05.0215 1536 usbprint - ok
20:20:05.0262 1536 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
20:20:05.0262 1536 usbscan - ok
20:20:05.0308 1536 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
20:20:05.0308 1536 USBSTOR - ok
20:20:05.0386 1536 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
20:20:05.0386 1536 usbuhci - ok
20:20:05.0433 1536 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
20:20:05.0449 1536 usbvideo - ok
20:20:05.0511 1536 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
20:20:05.0511 1536 vdrvroot - ok
20:20:05.0558 1536 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
20:20:05.0558 1536 vga - ok
20:20:05.0620 1536 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
20:20:05.0620 1536 VgaSave - ok
20:20:05.0667 1536 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
20:20:05.0667 1536 vhdmp - ok
20:20:05.0683 1536 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
20:20:05.0698 1536 viaagp - ok
20:20:05.0730 1536 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
20:20:05.0730 1536 ViaC7 - ok
20:20:05.0761 1536 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
20:20:05.0761 1536 viaide - ok
20:20:05.0792 1536 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
20:20:05.0792 1536 volmgr - ok
20:20:05.0854 1536 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
20:20:05.0854 1536 volmgrx - ok
20:20:05.0901 1536 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
20:20:05.0917 1536 volsnap - ok
20:20:05.0948 1536 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
20:20:05.0948 1536 vsmraid - ok
20:20:05.0995 1536 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
20:20:05.0995 1536 vwifibus - ok
20:20:06.0042 1536 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
20:20:06.0042 1536 vwififlt - ok
20:20:06.0073 1536 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
20:20:06.0073 1536 WacomPen - ok
20:20:06.0120 1536 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
20:20:06.0120 1536 WANARP - ok
20:20:06.0120 1536 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
20:20:06.0135 1536 Wanarpv6 - ok
20:20:06.0198 1536 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
20:20:06.0198 1536 Wd - ok
20:20:06.0229 1536 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:20:06.0229 1536 Wdf01000 - ok
20:20:06.0307 1536 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
20:20:06.0307 1536 WfpLwf - ok
20:20:06.0338 1536 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
20:20:06.0354 1536 WimFltr - ok
20:20:06.0369 1536 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
20:20:06.0369 1536 WIMMount - ok
20:20:06.0447 1536 winachsf (bb9cbaf6ac20452b245c324f1f50ee81) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:20:06.0463 1536 winachsf - ok
20:20:06.0510 1536 WinDriver6 (447bea80e28068e68d0414298a34d60e) C:\Windows\system32\drivers\windrvr6.sys
20:20:06.0510 1536 WinDriver6 - ok
20:20:06.0588 1536 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\drivers\WinUsb.sys
20:20:06.0588 1536 WinUsb - ok
20:20:06.0634 1536 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
20:20:06.0634 1536 WmiAcpi - ok
20:20:06.0712 1536 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
20:20:06.0712 1536 ws2ifsl - ok
20:20:06.0806 1536 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
20:20:06.0806 1536 WudfPf - ok
20:20:06.0837 1536 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\drivers\WUDFRd.sys
20:20:06.0837 1536 WUDFRd - ok
20:20:06.0915 1536 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
20:20:06.0915 1536 XAudio - ok
20:20:06.0946 1536 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
20:20:06.0962 1536 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
20:20:06.0962 1536 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
20:20:06.0993 1536 Boot (0x1200) (f6708c4b9e5b5026ab54f8e7c28122b2) \Device\Harddisk0\DR0\Partition0
20:20:06.0993 1536 \Device\Harddisk0\DR0\Partition0 - ok
20:20:07.0024 1536 Boot (0x1200) (292c8d1462bcf0a130ca21810335e89e) \Device\Harddisk0\DR0\Partition1
20:20:07.0024 1536 \Device\Harddisk0\DR0\Partition1 - ok
20:20:07.0056 1536 Boot (0x1200) (29c664109a0adcb2e4013270456f5c20) \Device\Harddisk0\DR0\Partition2
20:20:07.0056 1536 \Device\Harddisk0\DR0\Partition2 - ok
20:20:07.0056 1536 ============================================================
20:20:07.0056 1536 Scan finished
20:20:07.0056 1536 ============================================================
20:20:07.0071 3708 Detected object count: 1
20:20:07.0071 3708 Actual detected object count: 1
20:21:24.0697 3708 \Device\Harddisk0\DR0\# - copied to quarantine
20:21:24.0697 3708 \Device\Harddisk0\DR0 - copied to quarantine
20:21:24.0728 3708 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
20:21:24.0744 3708 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
20:21:24.0744 3708 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
20:21:24.0759 3708 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
20:21:24.0759 3708 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
20:21:24.0775 3708 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
20:21:24.0775 3708 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
20:21:24.0791 3708 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
20:21:24.0791 3708 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
20:21:24.0791 3708 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
20:21:24.0791 3708 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
20:21:24.0791 3708 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
20:21:24.0806 3708 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
20:21:24.0806 3708 \Device\Harddisk0\DR0 - ok
20:21:24.0806 3708 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users