Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue Screens, Sluggishness and Google Programs Sporadic


  • Please log in to reply
24 replies to this topic

#1 Gamachii

Gamachii

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 30 March 2012 - 12:36 PM

Hello!

First, Thank you for your help. I'm usually pretty good at caring for these problems on my own, but this one has outdone me.

I appear to have some sort of infection on my laptop, which is running Windows 7.

It actually started as a much larger infection, or just multiple viruses/spyware that somehow manifested all at once... (I'm still at a loss as to how they even got on the machine to begin with, but oh well.)

I was able to clean out some of the issues, including system fix, some weird registry files and a few number letter things using Hijackthis, GKill, and MBAM mostly.

My day to day antivirus is Antivir, and it caught a fair number of things, and was what first alerted me that there was a problem.

However, I'm still having some troubling issues that lead me to believe that its not all over yet. I've been getting occasional blue screens ("IRQL_IS_NOT_LESS_OR_EQUAL" is one of them) and Google is working sporadically at best. Sometimes my Firefox/Google homepage will 404, Gmail sometimes fails to load/times out, Google docs aren't working, etc.

My laptop seems to run fine or at least better as long as its not connected to the internet.
The longer its been on or connected to the internet it seems to get slower.

So, I am here to get a second pair of eyes to look over some logs and see if you can spot what I missed.
Let me know what program you'd like to have me scan with first.

Thank you again for your help.

Edited by Gamachii, 30 March 2012 - 12:37 PM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:23 AM

Posted 30 March 2012 - 04:25 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Gamachii

Gamachii
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 30 March 2012 - 08:25 PM

Here are the first two logs, I'm working on the rest:

Security Check
Results of screen317's Security Check version 0.99.32
Windows 7 x86 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Avira AntiVir Personal - Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 31
Adobe Flash Player 11.2.202.228
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (3.6.27) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

#4 Gamachii

Gamachii
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 30 March 2012 - 08:34 PM

FSS log:

Farbar Service Scanner Version: 01-03-2012
Ran by L (administrator) on 30-03-2012 at 21:32:35
Running from "C:\Users\L\Desktop"
Microsoft Windows 7 Professional (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not

exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not

exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not

exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not

exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not

exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not

exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open WinDefend registry key. The service key does not

exist.
Checking ImagePath: Attention! Unable to open WinDefend registry key. The service key does not

exist.
Checking ServiceDll: Attention! Unable to open WinDefend registry key. The service key does not

exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-11-08 15:50] - [2011-09-29 11:43] - 1285488 ____A (Microsoft Corporation)

56C198AC82EFA622DD93E9E43575F79C

C:\Windows\system32\dnsrslvr.dll
[2011-04-14 16:26] - [2011-03-03 01:29] - 0132608 ____A (Microsoft Corporation)

B15BE77A2BACF9C3177D27518AFE26A9

C:\Windows\system32\mpssvc.dll
[2009-07-13 19:53] - [2009-07-13 21:15] - 0565760 ____A (Microsoft Corporation)

5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-13 19:54] - [2009-07-13 21:14] - 0493568 ____A (Microsoft Corporation)

85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-13 19:23] - [2009-07-13 21:16] - 0125952 ____A (Microsoft Corporation)

5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-13 19:24] - [2009-07-13 21:14] - 1025536 ____A (Microsoft Corporation)

7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll
[2011-02-09 20:31] - [2010-12-21 01:38] - 0073728 ____A (Microsoft Corporation)

A661A76333057B383A06E65F0073222F

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll
[2009-07-13 20:15] - [2009-07-13 21:16] - 1912832 ____A (Microsoft Corporation)

A33408CC036F9C08142B11BE5E93F0A1

C:\Windows\system32\qmgr.dll
[2009-07-13 19:30] - [2009-07-13 21:16] - 0589312 ____A (Microsoft Corporation)

53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#5 Gamachii

Gamachii
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 30 March 2012 - 08:51 PM

While running MiniToolBox I got this error message: nslookup.exe - Ordinal Not Found
The ordinal 1108 could not be located in the dynamic link library WSOCK32.dll

MiniToolBox Log:

MiniToolBox by Farbar Version: 18-01-2012
Ran by L (administrator) on 30-03-2012 at 21:35:45
Microsoft Windows 7 Professional (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Media disconnected)
Intel® Wireless WiFi Link 4965AGN = Wireless Network Connection (Media disconnected)
The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Aetherius
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : maine.rr.com
Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-13-E8-51-39-15
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : maine.rr.com
Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection
Physical Address. . . . . . . . . : 00-1B-24-27-A4-4F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.maine.rr.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Ping request could not find host google.com. Please check the name and try again.
Ping request could not find host yahoo.com. Please check the name and try again.

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 13 e8 51 39 15 ......Intel® Wireless WiFi Link 4965AGN
10...00 1b 24 27 a4 4f ......Intel® PRO/100 VE Network Connection
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
16...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.101 286
192.168.1.101 255.255.255.255 On-link 192.168.1.101 286
192.168.1.255 255.255.255.255 On-link 192.168.1.101 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.101 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.101 286
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 286 fe80::/64 On-link
11 286 fe80::4075:5534:88ee:677f/128
On-link
1 306 ff00::/8 On-link
11 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 mswsock.dll [File Not found] ()
Catalog5 03 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()
Catalog9 25 mswsock.dll [File Not found] ()
Catalog9 26 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/29/2012 07:21:13 PM) (Source: Application Error) (User: )
Description: Faulting application name: ping.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc964
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49caf
Exception code: 0xc0000374
Fault offset: 0x000c33bb
Faulting process id: 0xff4
Faulting application start time: 0xping.exe0
Faulting application path: ping.exe1
Faulting module path: ping.exe2
Report Id: ping.exe3

Error: (03/29/2012 04:26:59 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (03/24/2012 05:53:49 PM) (Source: Application Error) (User: )
Description: Faulting application name: gmer.exe, version: 1.0.15.15641, time stamp: 0x4e21f2b1
Faulting module name: gmer.exe, version: 1.0.15.15641, time stamp: 0x4e21f2b1
Exception code: 0xc0000005
Fault offset: 0x0000c676
Faulting process id: 0x10ac
Faulting application start time: 0xgmer.exe0
Faulting application path: gmer.exe1
Faulting module path: gmer.exe2
Report Id: gmer.exe3

Error: (03/23/2012 05:24:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 1.9.2.4429, time stamp: 0x4f3ce4d4
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49caf
Exception code: 0xc0000005
Fault offset: 0x00046850
Faulting process id: 0xf94
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (03/21/2012 11:04:03 PM) (Source: Application Hang) (User: )
Description: The program notepad++.exe version 5.8.2.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ea8

Start Time: 01cd07d84c72dc76

Termination Time: 93

Application Path: C:\Program Files\Notepad++\notepad++.exe

Report Id: 9d19bfe7-73cb-11e1-b8aa-001b2427a44f

Error: (03/21/2012 09:09:13 PM) (Source: Application Error) (User: )
Description: Faulting application name: 0.2591081110218907.exe, version: 0.0.0.0, time stamp: 0x4f69bfcb
Faulting module name: 0.2591081110218907.exe, version: 0.0.0.0, time stamp: 0x4f69bfcb
Exception code: 0x80000004
Fault offset: 0x000155ab
Faulting process id: 0x5b0
Faulting application start time: 0x0.2591081110218907.exe0
Faulting application path: 0.2591081110218907.exe1
Faulting module path: 0.2591081110218907.exe2
Report Id: 0.2591081110218907.exe3

Error: (03/21/2012 06:22:49 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: KERNELBASE.dll, version: 6.1.7600.16850, time stamp: 0x4e21132b
Exception code: 0xe06d7363
Fault offset: 0x00009673
Faulting process id: 0x398
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (03/21/2012 04:41:58 PM) (Source: Application Hang) (User: )
Description: The program Photoshop.exe version 8.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1634

Start Time: 01cd0799e67e2016

Termination Time: 6084

Application Path: C:\Program Files\Adobe\Photoshop CS\Photoshop.exe

Report Id: 26ab68ed-7396-11e1-a654-001b2427a44f

Error: (03/21/2012 03:13:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: WerFault.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc2d9
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49caf
Exception code: 0xc0000005
Fault offset: 0x0002f963
Faulting process id: 0xd58
Faulting application start time: 0xWerFault.exe0
Faulting application path: WerFault.exe1
Faulting module path: WerFault.exe2
Report Id: WerFault.exe3

Error: (03/21/2012 00:32:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: _ex-68.exe, version: 0.0.0.0, time stamp: 0x4f68948b
Faulting module name: _ex-68.exe, version: 0.0.0.0, time stamp: 0x4f68948b
Exception code: 0xc0000005
Fault offset: 0x00063a5d
Faulting process id: 0xf60
Faulting application start time: 0x_ex-68.exe0
Faulting application path: _ex-68.exe1
Faulting module path: _ex-68.exe2
Report Id: _ex-68.exe3


System errors:
=============
Error: (03/30/2012 09:30:26 PM) (Source: Service Control Manager) (User: )
Description: The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.

Error: (03/30/2012 09:30:26 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (03/30/2012 09:30:22 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (03/30/2012 09:30:05 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (03/30/2012 09:29:47 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:27:01 PM on ?3/?30/?2012 was unexpected.

Error: (03/30/2012 09:23:57 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (03/30/2012 09:15:19 PM) (Source: Service Control Manager) (User: )
Description: The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.

Error: (03/30/2012 09:15:19 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (03/30/2012 09:15:19 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (03/30/2012 09:15:16 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060


Microsoft Office Sessions:
=========================
Error: (03/29/2012 07:21:13 PM) (Source: Application Error)(User: )
Description: ping.exe6.1.7600.163854a5bc964ntdll.dll6.1.7600.169154ec49cafc0000374000c33bbff401cd0e01d2e3318aC:\Windows\System32\ping.exeC:\Windows\SYSTEM32\ntdll.dlldfcd38ba-79f5-11e1-93f7-001b2427a44f

Error: (03/29/2012 04:26:59 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (03/24/2012 05:53:49 PM) (Source: Application Error)(User: )
Description: gmer.exe1.0.15.156414e21f2b1gmer.exe1.0.15.156414e21f2b1c00000050000c67610ac01cd0a07833e0000C:\Users\L\Desktop\New folder\GMER\New folder\gmer.exeC:\Users\L\Desktop\New folder\GMER\New folder\gmer.exed5beea37-75fb-11e1-8ffc-001b2427a44f

Error: (03/23/2012 05:24:12 PM) (Source: Application Error)(User: )
Description: plugin-container.exe1.9.2.44294f3ce4d4ntdll.dll6.1.7600.169154ec49cafc000000500046850f9401cd093590bce485C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Windows\SYSTEM32\ntdll.dll8828b6dc-752e-11e1-b961-001b2427a44f

Error: (03/21/2012 11:04:03 PM) (Source: Application Hang)(User: )
Description: notepad++.exe5.8.2.0ea801cd07d84c72dc7693C:\Program Files\Notepad++\notepad++.exe9d19bfe7-73cb-11e1-b8aa-001b2427a44f

Error: (03/21/2012 09:09:13 PM) (Source: Application Error)(User: )
Description: 0.2591081110218907.exe0.0.0.04f69bfcb0.2591081110218907.exe0.0.0.04f69bfcb80000004000155ab5b001cd07c862af466cC:\Windows\TEMP\0.2591081110218907.exeC:\Windows\TEMP\0.2591081110218907.exea2a227ae-73bb-11e1-b9dd-001b2427a44f

Error: (03/21/2012 06:22:49 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100KERNELBASE.dll6.1.7600.168504e21132be06d73630000967339801cd07a37f8af271C:\Windows\system32\svchost.exeC:\Windows\system32\KERNELBASE.dll63fd8d90-73a4-11e1-b9dd-001b2427a44f

Error: (03/21/2012 04:41:58 PM) (Source: Application Hang)(User: )
Description: Photoshop.exe8.0.0.0163401cd0799e67e20166084C:\Program Files\Adobe\Photoshop CS\Photoshop.exe26ab68ed-7396-11e1-a654-001b2427a44f

Error: (03/21/2012 03:13:29 PM) (Source: Application Error)(User: )
Description: WerFault.exe6.1.7600.163854a5bc2d9ntdll.dll6.1.7600.169154ec49cafc00000050002f963d5801cd0796a7de23f9C:\Windows\system32\WerFault.exeC:\Windows\SYSTEM32\ntdll.dllf0e02433-7389-11e1-a654-001b2427a44f

Error: (03/21/2012 00:32:21 PM) (Source: Application Error)(User: )
Description: _ex-68.exe0.0.0.04f68948b_ex-68.exe0.0.0.04f68948bc000000500063a5df6001cd077ffd70c4f0C:\Windows\Temp\_ex-68.exeC:\Windows\Temp\_ex-68.exe6e59d0b7-7373-11e1-a6d2-001b2427a44f


=========================== Installed Programs ============================

Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.228)
Adobe Flash Player 11 Plugin (Version: 11.2.202.228)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe InDesign CS3 (Version: 5.0)
Adobe InDesign CS3 Icon Handler (Version: 5.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS (Version: CS)
Adobe Reader 9.5.0 (Version: 9.5.0)
Adobe Setup (Version: 1.0)
Adobe SING CS3 (Version: 0.1)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
Avira AntiVir Personal - Free Antivirus (Version: 10.2.0.707)
BitComet 1.29 (Version: 1.29)
Canon MP Navigator EX 4.0
Canon MP280 series MP Drivers
Canon MP280 series User Registration
Canon My Printer
Conexant HD Audio (Version: 4.36.7.60)
Dropbox (Version: 1.2.52)
FileZilla Client 3.5.1 (Version: 3.5.1)
Google Chrome (Version: 18.0.1025.142)
Heroes of Might and Magic
HiJackThis (Version: 1.0.0)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Katawa Shoujo
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (Version: 1.1.0324)
Microsoft Silverlight (Version: 4.0.50826.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox (3.6.27) (Version: 3.6.27 (en-US))
Notepad++ (Version: 5.8.2)
NVIDIA Drivers (Version: 1.3)
OpenOffice.org 3.3 (Version: 3.3.9567)
Pando Media Booster (Version: 2.3.4.1)
PDF Settings (Version: 1.0)
Pidgin (Version: 2.7.2)
Porta
Portal 2
Realm of the Mad God
Steam (Version: 1.0.0.0)
System Requirements Lab
Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 1.23.0000)
TIPCI (Version: 1.23.0000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Veoh Web Player (Version: 1.1.2.0000)
VLC media player 0.9.2 (Version: 0.9.2)
Winamp (Version: 5.581 )
Winamp Detector Plug-in (Version: 1.0.0.1)
WinRAR archiver

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 74%
Total physical RAM: 1022.16 MB
Available physical RAM: 260.24 MB
Total Pagefile: 2046.16 MB
Available Pagefile: 1032.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1941.67 MB

========================= Partitions: =====================================

1 Drive c: (SQ004369V02) (Fixed) (Total:110.32 GB) (Free:5.67 GB) NTFS
2 Drive d: (CANON_IJ) (CDROM) (Total:0.17 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\AETHERIUS

Administrator Guest L


**** End of log ****

#6 Gamachii

Gamachii
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 30 March 2012 - 09:20 PM

MBAM Log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.27.08

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
L :: AETHERIUS [administrator]

3/30/2012 10:05:22 PM
mbam-log-2012-03-30 (22-05-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 184484
Time elapsed: 8 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#7 Gamachii

Gamachii
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 30 March 2012 - 10:44 PM

And the last finished finally.
I saved a few times as my laptop bluescreened on previous runs.

aswMBR Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-30 22:21:52
-----------------------------
22:21:52.934 OS Version: Windows 6.1.7600
22:21:52.934 Number of processors: 2 586 0xF06
22:21:52.934 ComputerName: AETHERIUS UserName: L
22:22:04.697 Initialize success
22:28:56.641 AVAST engine defs: 12033001
22:29:31.120 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:29:31.124 Disk 0 Vendor: TOSHIBA_MK1234GSX AH001A Size: 114473MB BusType: 3
22:29:31.196 Disk 0 MBR read successfully
22:29:31.199 Disk 0 MBR scan
22:29:32.925 Disk 0 MBR:Alureon-M [Rtk]
22:29:32.929 Disk 0 TDL4@MBR code has been found
22:29:32.932 Disk 0 Windows 7 default MBR code found via API
22:29:32.936 Disk 0 MBR hidden
22:29:33.024 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
22:29:33.387 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 112971 MB offset 3074048
22:29:33.443 Disk 0 MBR [TDL4] **ROOTKIT**
22:29:33.448 Disk 0 trace - called modules:
22:29:33.454 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85d45fd0]<<
22:29:33.901 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858b54d8]
22:29:33.907 3 CLASSPNP.SYS[882cb59e] -> nt!IofCallDriver -> [0x85e10988]
22:29:33.914 \Driver\00002237[0x85cdc2a0] -> IRP_MJ_CREATE -> 0x85d45fd0
22:30:09.700 AVAST engine scan C:\Windows
22:30:20.657 Disk 0 MBR has been saved successfully to "C:\Users\L\Desktop\MBR.dat"
22:30:20.700 The log file has been saved successfully to "C:\Users\L\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-30 22:21:52
-----------------------------
22:21:52.934 OS Version: Windows 6.1.7600
22:21:52.934 Number of processors: 2 586 0xF06
22:21:52.934 ComputerName: AETHERIUS UserName: L
22:22:04.697 Initialize success
22:28:56.641 AVAST engine defs: 12033001
22:29:31.120 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:29:31.124 Disk 0 Vendor: TOSHIBA_MK1234GSX AH001A Size: 114473MB BusType: 3
22:29:31.196 Disk 0 MBR read successfully
22:29:31.199 Disk 0 MBR scan
22:29:32.925 Disk 0 MBR:Alureon-M [Rtk]
22:29:32.929 Disk 0 TDL4@MBR code has been found
22:29:32.932 Disk 0 Windows 7 default MBR code found via API
22:29:32.936 Disk 0 MBR hidden
22:29:33.024 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
22:29:33.387 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 112971 MB offset 3074048
22:29:33.443 Disk 0 MBR [TDL4] **ROOTKIT**
22:29:33.448 Disk 0 trace - called modules:
22:29:33.454 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85d45fd0]<<
22:29:33.901 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858b54d8]
22:29:33.907 3 CLASSPNP.SYS[882cb59e] -> nt!IofCallDriver -> [0x85e10988]
22:29:33.914 \Driver\00002237[0x85cdc2a0] -> IRP_MJ_CREATE -> 0x85d45fd0
22:30:09.700 AVAST engine scan C:\Windows
22:30:20.657 Disk 0 MBR has been saved successfully to "C:\Users\L\Desktop\MBR.dat"
22:30:20.700 The log file has been saved successfully to "C:\Users\L\Desktop\aswMBR.txt"
22:31:15.015 AVAST engine scan C:\Windows\system32
22:56:30.668 AVAST engine scan C:\Windows\system32\drivers
22:57:03.658 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Alureon-ASC [Rtk]
22:58:55.761 File: C:\Windows\system32\drivers\Wdf01000.sys TDL3 **ROOTKIT**
22:59:05.513 AVAST engine scan C:\Users\L
23:04:15.794 Disk 0 MBR has been saved successfully to "C:\Users\L\Desktop\MBR.dat"
23:04:15.965 The log file has been saved successfully to "C:\Users\L\Desktop\aswMBR2.txt"
23:35:51.774 AVAST engine scan C:\ProgramData
23:37:26.576 Scan finished successfully
23:38:36.823 Disk 0 MBR has been saved successfully to "C:\Users\L\Desktop\MBR.dat"
23:38:36.916 The log file has been saved successfully to "C:\Users\L\Desktop\aswMBR.txt"

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:23 AM

Posted 30 March 2012 - 10:55 PM

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 Gamachii

Gamachii
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 31 March 2012 - 11:25 AM

2012/03/31 12:02:02.0446 3612 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2012/03/31 12:02:03.0788 3612 ================================================================================
2012/03/31 12:02:03.0788 3612 SystemInfo:
2012/03/31 12:02:03.0788 3612
2012/03/31 12:02:03.0788 3612 OS Version: 6.1.7600 ServicePack: 0.0
2012/03/31 12:02:03.0788 3612 Product type: Workstation
2012/03/31 12:02:03.0788 3612 ComputerName: AETHERIUS
2012/03/31 12:02:03.0788 3612 UserName: L
2012/03/31 12:02:03.0788 3612 Windows directory: C:\Windows
2012/03/31 12:02:03.0788 3612 System windows directory: C:\Windows
2012/03/31 12:02:03.0788 3612 Processor architecture: Intel x86
2012/03/31 12:02:03.0788 3612 Number of processors: 2
2012/03/31 12:02:03.0788 3612 Page size: 0x1000
2012/03/31 12:02:03.0788 3612 Boot type: Normal boot
2012/03/31 12:02:03.0788 3612 ================================================================================
2012/03/31 12:02:11.0916 3612 Initialize success
2012/03/31 12:02:16.0440 1980 ================================================================================
2012/03/31 12:02:16.0440 1980 Scan started
2012/03/31 12:02:16.0440 1980 Mode: Manual;
2012/03/31 12:02:16.0440 1980 ================================================================================
2012/03/31 12:02:22.0416 1980 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2012/03/31 12:02:22.0540 1980 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2012/03/31 12:02:23.0055 1980 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2012/03/31 12:02:23.0757 1980 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2012/03/31 12:02:24.0225 1980 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2012/03/31 12:02:24.0506 1980 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2012/03/31 12:02:25.0068 1980 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
2012/03/31 12:02:25.0333 1980 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2012/03/31 12:02:25.0598 1980 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2012/03/31 12:02:26.0269 1980 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2012/03/31 12:02:26.0550 1980 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2012/03/31 12:02:26.0846 1980 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2012/03/31 12:02:27.0127 1980 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2012/03/31 12:02:27.0392 1980 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2012/03/31 12:02:27.0844 1980 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
2012/03/31 12:02:28.0188 1980 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2012/03/31 12:02:28.0468 1980 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
2012/03/31 12:02:29.0155 1980 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2012/03/31 12:02:29.0872 1980 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2012/03/31 12:02:30.0075 1980 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2012/03/31 12:02:30.0434 1980 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2012/03/31 12:02:30.0621 1980 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2012/03/31 12:02:31.0183 1980 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2012/03/31 12:02:31.0604 1980 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2012/03/31 12:02:32.0415 1980 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2012/03/31 12:02:33.0351 1980 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2012/03/31 12:02:33.0944 1980 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2012/03/31 12:02:34.0568 1980 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2012/03/31 12:02:35.0348 1980 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2012/03/31 12:02:35.0894 1980 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2012/03/31 12:02:36.0206 1980 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2012/03/31 12:02:36.0814 1980 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
2012/03/31 12:02:37.0657 1980 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2012/03/31 12:02:38.0452 1980 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2012/03/31 12:02:38.0842 1980 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2012/03/31 12:02:39.0061 1980 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2012/03/31 12:02:39.0264 1980 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2012/03/31 12:02:40.0044 1980 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2012/03/31 12:02:40.0574 1980 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2012/03/31 12:02:41.0104 1980 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2012/03/31 12:02:41.0713 1980 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2012/03/31 12:02:42.0462 1980 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2012/03/31 12:02:42.0758 1980 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2012/03/31 12:02:43.0335 1980 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
2012/03/31 12:02:43.0990 1980 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
2012/03/31 12:02:44.0989 1980 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2012/03/31 12:02:45.0738 1980 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2012/03/31 12:02:46.0128 1980 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2012/03/31 12:02:47.0064 1980 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2012/03/31 12:02:48.0156 1980 DfsC (f0da218475477d42699e5ef0d60d2215) C:\Windows\system32\Drivers\dfsc.sys
2012/03/31 12:02:49.0341 1980 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2012/03/31 12:02:50.0215 1980 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2012/03/31 12:02:50.0792 1980 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2012/03/31 12:02:51.0182 1980 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2012/03/31 12:02:51.0822 1980 E100B (20de769b84960606d8dbb2aec123021a) C:\Windows\system32\DRIVERS\e100b325.sys
2012/03/31 12:02:52.0742 1980 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2012/03/31 12:02:53.0491 1980 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2012/03/31 12:02:54.0115 1980 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2012/03/31 12:02:54.0349 1980 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2012/03/31 12:02:54.0723 1980 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2012/03/31 12:02:55.0269 1980 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2012/03/31 12:02:55.0862 1980 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2012/03/31 12:02:56.0424 1980 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2012/03/31 12:02:57.0126 1980 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2012/03/31 12:02:57.0765 1980 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2012/03/31 12:02:58.0280 1980 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2012/03/31 12:02:58.0608 1980 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2012/03/31 12:02:59.0247 1980 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2012/03/31 12:02:59.0762 1980 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2012/03/31 12:03:00.0277 1980 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2012/03/31 12:03:01.0088 1980 HdAudAddService (de4020f928a2f8a6327f5687f36d361b) C:\Windows\system32\drivers\CHDART.sys
2012/03/31 12:03:02.0352 1980 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2012/03/31 12:03:03.0225 1980 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2012/03/31 12:03:04.0598 1980 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2012/03/31 12:03:05.0596 1980 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2012/03/31 12:03:07.0328 1980 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2012/03/31 12:03:08.0451 1980 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2012/03/31 12:03:09.0403 1980 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2012/03/31 12:03:10.0432 1980 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2012/03/31 12:03:10.0994 1980 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2012/03/31 12:03:11.0493 1980 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
2012/03/31 12:03:12.0242 1980 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2012/03/31 12:03:12.0788 1980 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2012/03/31 12:03:13.0630 1980 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2012/03/31 12:03:14.0098 1980 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2012/03/31 12:03:14.0691 1980 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2012/03/31 12:03:15.0034 1980 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2012/03/31 12:03:15.0658 1980 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2012/03/31 12:03:16.0329 1980 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2012/03/31 12:03:16.0844 1980 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2012/03/31 12:03:17.0390 1980 ivusb (37412294ea4b70ed8b4a9338ebaeecaa) C:\Windows\system32\DRIVERS\ivusb.sys
2012/03/31 12:03:17.0967 1980 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2012/03/31 12:03:18.0747 1980 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2012/03/31 12:03:19.0480 1980 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
2012/03/31 12:03:19.0917 1980 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
2012/03/31 12:03:20.0432 1980 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2012/03/31 12:03:20.0978 1980 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2012/03/31 12:03:21.0415 1980 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2012/03/31 12:03:21.0883 1980 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2012/03/31 12:03:22.0054 1980 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2012/03/31 12:03:22.0538 1980 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2012/03/31 12:03:23.0068 1980 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2012/03/31 12:03:23.0630 1980 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2012/03/31 12:03:24.0129 1980 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2012/03/31 12:03:24.0613 1980 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2012/03/31 12:03:24.0862 1980 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2012/03/31 12:03:25.0377 1980 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2012/03/31 12:03:25.0611 1980 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2012/03/31 12:03:26.0017 1980 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2012/03/31 12:03:26.0500 1980 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2012/03/31 12:03:26.0984 1980 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2012/03/31 12:03:27.0312 1980 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
2012/03/31 12:03:27.0748 1980 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2012/03/31 12:03:28.0216 1980 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2012/03/31 12:03:28.0466 1980 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2012/03/31 12:03:28.0778 1980 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2012/03/31 12:03:28.0950 1980 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2012/03/31 12:03:29.0262 1980 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2012/03/31 12:03:29.0464 1980 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2012/03/31 12:03:29.0964 1980 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2012/03/31 12:03:30.0478 1980 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2012/03/31 12:03:30.0978 1980 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2012/03/31 12:03:31.0477 1980 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2012/03/31 12:03:31.0960 1980 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2012/03/31 12:03:32.0335 1980 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2012/03/31 12:03:32.0553 1980 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2012/03/31 12:03:33.0130 1980 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2012/03/31 12:03:33.0661 1980 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2012/03/31 12:03:34.0332 1980 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2012/03/31 12:03:34.0784 1980 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2012/03/31 12:03:35.0299 1980 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2012/03/31 12:03:35.0892 1980 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2012/03/31 12:03:36.0250 1980 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2012/03/31 12:03:36.0562 1980 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2012/03/31 12:03:37.0015 1980 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2012/03/31 12:03:37.0623 1980 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2012/03/31 12:03:39.0168 1980 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2012/03/31 12:03:40.0010 1980 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2012/03/31 12:03:40.0478 1980 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2012/03/31 12:03:40.0852 1980 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2012/03/31 12:03:41.0586 1980 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
2012/03/31 12:03:42.0178 1980 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2012/03/31 12:03:44.0284 1980 nvlddmkm (05b288b25c2ebd9a4e9e5114ae790876) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2012/03/31 12:03:45.0517 1980 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
2012/03/31 12:03:45.0704 1980 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
2012/03/31 12:03:46.0172 1980 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2012/03/31 12:03:46.0297 1980 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2012/03/31 12:03:46.0843 1980 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2012/03/31 12:03:46.0968 1980 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2012/03/31 12:03:47.0514 1980 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2012/03/31 12:03:47.0685 1980 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2012/03/31 12:03:48.0138 1980 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2012/03/31 12:03:48.0278 1980 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2012/03/31 12:03:48.0793 1980 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2012/03/31 12:03:49.0588 1980 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2012/03/31 12:03:50.0259 1980 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2012/03/31 12:03:50.0368 1980 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2012/03/31 12:03:50.0883 1980 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2012/03/31 12:03:51.0414 1980 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2012/03/31 12:03:52.0006 1980 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2012/03/31 12:03:52.0209 1980 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2012/03/31 12:03:52.0615 1980 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2012/03/31 12:03:53.0223 1980 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2012/03/31 12:03:53.0832 1980 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2012/03/31 12:03:54.0362 1980 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2012/03/31 12:03:54.0596 1980 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2012/03/31 12:03:55.0173 1980 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2012/03/31 12:03:55.0672 1980 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2012/03/31 12:03:55.0797 1980 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2012/03/31 12:03:56.0328 1980 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2012/03/31 12:03:56.0920 1980 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2012/03/31 12:03:57.0123 1980 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2012/03/31 12:03:57.0388 1980 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2012/03/31 12:03:57.0825 1980 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2012/03/31 12:03:58.0449 1980 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2012/03/31 12:03:59.0011 1980 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2012/03/31 12:03:59.0182 1980 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2012/03/31 12:03:59.0682 1980 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2012/03/31 12:03:59.0884 1980 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
2012/03/31 12:04:00.0025 1980 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2012/03/31 12:04:00.0212 1980 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2012/03/31 12:04:00.0602 1980 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2012/03/31 12:04:00.0696 1980 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2012/03/31 12:04:00.0914 1980 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2012/03/31 12:04:01.0382 1980 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2012/03/31 12:04:01.0554 1980 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2012/03/31 12:04:01.0897 1980 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2012/03/31 12:04:02.0068 1980 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2012/03/31 12:04:02.0427 1980 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2012/03/31 12:04:02.0614 1980 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2012/03/31 12:04:02.0739 1980 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2012/03/31 12:04:03.0114 1980 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2012/03/31 12:04:03.0722 1980 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2012/03/31 12:04:03.0722 1980 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2012/03/31 12:04:03.0753 1980 sptd - detected LockedFile.Multi.Generic (1)
2012/03/31 12:04:04.0159 1980 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
2012/03/31 12:04:04.0362 1980 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
2012/03/31 12:04:04.0720 1980 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2012/03/31 12:04:05.0220 1980 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2012/03/31 12:04:05.0828 1980 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2012/03/31 12:04:06.0140 1980 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
2012/03/31 12:04:06.0265 1980 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2012/03/31 12:04:06.0655 1980 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2012/03/31 12:04:07.0076 1980 StMp3Rec (833ac40f6e7be17951d6d9a956829547) C:\Windows\system32\Drivers\StMp3Rec.sys
2012/03/31 12:04:07.0185 1980 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2012/03/31 12:04:07.0279 1980 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2012/03/31 12:04:07.0809 1980 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2012/03/31 12:04:08.0324 1980 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
2012/03/31 12:04:09.0042 1980 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
2012/03/31 12:04:09.0447 1980 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2012/03/31 12:04:10.0087 1980 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2012/03/31 12:04:10.0337 1980 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2012/03/31 12:04:10.0711 1980 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2012/03/31 12:04:11.0085 1980 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2012/03/31 12:04:11.0273 1980 tifm21 (f779ba4cd37963ab4600c9871b7752a3) C:\Windows\system32\drivers\tifm21.sys
2012/03/31 12:04:11.0709 1980 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2012/03/31 12:04:11.0803 1980 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2012/03/31 12:04:12.0037 1980 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2012/03/31 12:04:12.0333 1980 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2012/03/31 12:04:12.0505 1980 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2012/03/31 12:04:12.0692 1980 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2012/03/31 12:04:12.0786 1980 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2012/03/31 12:04:13.0176 1980 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2012/03/31 12:04:13.0519 1980 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2012/03/31 12:04:13.0878 1980 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
2012/03/31 12:04:14.0221 1980 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2012/03/31 12:04:14.0361 1980 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
2012/03/31 12:04:14.0580 1980 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
2012/03/31 12:04:14.0829 1980 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
2012/03/31 12:04:15.0079 1980 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2012/03/31 12:04:15.0453 1980 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2012/03/31 12:04:15.0812 1980 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2012/03/31 12:04:16.0233 1980 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
2012/03/31 12:04:16.0405 1980 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2012/03/31 12:04:16.0811 1980 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2012/03/31 12:04:16.0904 1980 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2012/03/31 12:04:17.0076 1980 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2012/03/31 12:04:17.0357 1980 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2012/03/31 12:04:17.0466 1980 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2012/03/31 12:04:17.0513 1980 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2012/03/31 12:04:17.0606 1980 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2012/03/31 12:04:17.0856 1980 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2012/03/31 12:04:18.0074 1980 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2012/03/31 12:04:18.0355 1980 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2012/03/31 12:04:18.0651 1980 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2012/03/31 12:04:18.0807 1980 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2012/03/31 12:04:19.0026 1980 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2012/03/31 12:04:19.0088 1980 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2012/03/31 12:04:19.0260 1980 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2012/03/31 12:04:19.0291 1980 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2012/03/31 12:04:19.0587 1980 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2012/03/31 12:04:19.0806 1980 Wdf01000 (73c5809c82828e34232f9811cb51490e) C:\Windows\system32\drivers\Wdf01000.sys
2012/03/31 12:04:19.0884 1980 Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01000.sys. Real md5: 73c5809c82828e34232f9811cb51490e, Fake md5: 9950e3d0f08141c7e89e64456ae7dc73
2012/03/31 12:04:19.0884 1980 Wdf01000 - detected Virus.Win32.Rloader.a (0)
2012/03/31 12:04:20.0352 1980 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2012/03/31 12:04:20.0445 1980 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2012/03/31 12:04:20.0789 1980 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2012/03/31 12:04:20.0913 1980 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2012/03/31 12:04:21.0116 1980 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2012/03/31 12:04:21.0241 1980 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2012/03/31 12:04:21.0506 1980 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2012/03/31 12:04:21.0662 1980 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
2012/03/31 12:04:21.0725 1980 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1)
2012/03/31 12:04:21.0740 1980 Boot (0x1200) (b0a68faba98479f51a52cb4fa2e00d3c) \Device\Harddisk0\DR0\Partition0
2012/03/31 12:04:21.0740 1980 ================================================================================
2012/03/31 12:04:21.0740 1980 Scan finished
2012/03/31 12:04:21.0740 1980 ================================================================================
2012/03/31 12:04:21.0756 3192 Detected object count: 3
2012/03/31 12:04:21.0756 3192 Actual detected object count: 3
2012/03/31 12:05:05.0311 3192 LockedFile.Multi.Generic(sptd) - User select action: Skip
2012/03/31 12:05:05.0514 3192 Wdf01000 (73c5809c82828e34232f9811cb51490e) C:\Windows\system32\drivers\Wdf01000.sys
2012/03/31 12:05:05.0514 3192 Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01000.sys. Real md5: 73c5809c82828e34232f9811cb51490e, Fake md5: 9950e3d0f08141c7e89e64456ae7dc73
2012/03/31 12:05:13.0673 3192 Backup copy not found, trying to cure infected file..
2012/03/31 12:05:13.0673 3192 Cure success, using it..
2012/03/31 12:05:13.0766 3192 C:\Windows\system32\drivers\Wdf01000.sys - will be cured after reboot
2012/03/31 12:05:13.0766 3192 Virus.Win32.Rloader.a(Wdf01000) - User select action: Cure
2012/03/31 12:05:13.0782 3192 Rootkit.Win32.BackBoot.gen(\Device\Harddisk0\DR0) - User select action: Skip
2012/03/31 12:05:25.0903 1408 Deinitialize success

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:23 AM

Posted 31 March 2012 - 11:44 AM

Re-run TDSSKiller one more time.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 Gamachii

Gamachii
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 31 March 2012 - 12:07 PM

2012/03/31 12:59:53.0767 2844 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2012/03/31 12:59:55.0077 2844 ================================================================================
2012/03/31 12:59:55.0077 2844 SystemInfo:
2012/03/31 12:59:55.0077 2844
2012/03/31 12:59:55.0077 2844 OS Version: 6.1.7600 ServicePack: 0.0
2012/03/31 12:59:55.0077 2844 Product type: Workstation
2012/03/31 12:59:55.0077 2844 ComputerName: AETHERIUS
2012/03/31 12:59:55.0077 2844 UserName: L
2012/03/31 12:59:55.0077 2844 Windows directory: C:\Windows
2012/03/31 12:59:55.0077 2844 System windows directory: C:\Windows
2012/03/31 12:59:55.0077 2844 Processor architecture: Intel x86
2012/03/31 12:59:55.0077 2844 Number of processors: 2
2012/03/31 12:59:55.0077 2844 Page size: 0x1000
2012/03/31 12:59:55.0077 2844 Boot type: Normal boot
2012/03/31 12:59:55.0077 2844 ================================================================================
2012/03/31 13:00:32.0050 2844 Initialize success
2012/03/31 13:01:20.0604 1572 ================================================================================
2012/03/31 13:01:20.0604 1572 Scan started
2012/03/31 13:01:20.0604 1572 Mode: Manual;
2012/03/31 13:01:20.0604 1572 ================================================================================
2012/03/31 13:01:37.0524 1572 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2012/03/31 13:01:38.0632 1572 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2012/03/31 13:01:42.0206 1572 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2012/03/31 13:01:43.0662 1572 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2012/03/31 13:01:44.0792 1572 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2012/03/31 13:01:45.0812 1572 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2012/03/31 13:01:47.0343 1572 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
2012/03/31 13:01:51.0754 1572 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2012/03/31 13:01:53.0231 1572 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2012/03/31 13:01:56.0024 1572 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2012/03/31 13:01:58.0036 1572 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2012/03/31 13:01:58.0957 1572 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2012/03/31 13:02:02.0599 1572 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2012/03/31 13:02:04.0260 1572 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2012/03/31 13:02:05.0770 1572 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
2012/03/31 13:02:07.0260 1572 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2012/03/31 13:02:09.0920 1572 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
2012/03/31 13:02:11.0700 1572 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2012/03/31 13:02:13.0770 1572 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2012/03/31 13:02:14.0590 1572 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2012/03/31 13:02:15.0360 1572 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2012/03/31 13:02:16.0090 1572 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2012/03/31 13:02:19.0042 1572 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2012/03/31 13:02:20.0658 1572 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2012/03/31 13:02:22.0208 1572 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2012/03/31 13:02:23.0188 1572 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2012/03/31 13:02:24.0148 1572 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2012/03/31 13:02:27.0829 1572 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2012/03/31 13:02:30.0199 1572 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2012/03/31 13:02:31.0889 1572 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2012/03/31 13:02:33.0339 1572 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2012/03/31 13:02:34.0662 1572 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
2012/03/31 13:02:35.0526 1572 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2012/03/31 13:02:36.0406 1572 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2012/03/31 13:02:37.0050 1572 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2012/03/31 13:02:37.0706 1572 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2012/03/31 13:02:38.0454 1572 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2012/03/31 13:02:39.0578 1572 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2012/03/31 13:02:40.0498 1572 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2012/03/31 13:02:41.0385 1572 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2012/03/31 13:02:42.0175 1572 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2012/03/31 13:02:43.0156 1572 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2012/03/31 13:02:43.0983 1572 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2012/03/31 13:02:45.0219 1572 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
2012/03/31 13:02:46.0319 1572 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
2012/03/31 13:02:46.0979 1572 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2012/03/31 13:02:47.0494 1572 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2012/03/31 13:02:47.0759 1572 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2012/03/31 13:02:48.0368 1572 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2012/03/31 13:02:48.0976 1572 DfsC (f0da218475477d42699e5ef0d60d2215) C:\Windows\system32\Drivers\dfsc.sys
2012/03/31 13:02:49.0538 1572 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2012/03/31 13:02:50.0271 1572 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2012/03/31 13:02:50.0957 1572 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2012/03/31 13:02:51.0394 1572 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2012/03/31 13:02:52.0049 1572 E100B (20de769b84960606d8dbb2aec123021a) C:\Windows\system32\DRIVERS\e100b325.sys
2012/03/31 13:02:53.0250 1572 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2012/03/31 13:02:54.0171 1572 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2012/03/31 13:02:54.0701 1572 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2012/03/31 13:02:55.0294 1572 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2012/03/31 13:02:56.0640 1572 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2012/03/31 13:02:58.0115 1572 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2012/03/31 13:02:59.0301 1572 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2012/03/31 13:03:00.0785 1572 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2012/03/31 13:03:01.0705 1572 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2012/03/31 13:03:02.0552 1572 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2012/03/31 13:03:03.0706 1572 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2012/03/31 13:03:04.0908 1572 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2012/03/31 13:03:06.0140 1572 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2012/03/31 13:03:07.0451 1572 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2012/03/31 13:03:08.0418 1572 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2012/03/31 13:03:09.0026 1572 HdAudAddService (de4020f928a2f8a6327f5687f36d361b) C:\Windows\system32\drivers\CHDART.sys
2012/03/31 13:03:09.0884 1572 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2012/03/31 13:03:10.0305 1572 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2012/03/31 13:03:10.0477 1572 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2012/03/31 13:03:11.0179 1572 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2012/03/31 13:03:11.0959 1572 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2012/03/31 13:03:12.0240 1572 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2012/03/31 13:03:13.0051 1572 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2012/03/31 13:03:14.0003 1572 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2012/03/31 13:03:14.0455 1572 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2012/03/31 13:03:14.0932 1572 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
2012/03/31 13:03:16.0282 1572 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2012/03/31 13:03:17.0457 1572 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2012/03/31 13:03:18.0439 1572 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2012/03/31 13:03:18.0783 1572 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2012/03/31 13:03:19.0407 1572 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2012/03/31 13:03:19.0765 1572 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2012/03/31 13:03:20.0280 1572 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2012/03/31 13:03:20.0655 1572 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2012/03/31 13:03:21.0325 1572 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2012/03/31 13:03:22.0339 1572 ivusb (37412294ea4b70ed8b4a9338ebaeecaa) C:\Windows\system32\DRIVERS\ivusb.sys
2012/03/31 13:03:23.0338 1572 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2012/03/31 13:03:24.0274 1572 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2012/03/31 13:03:25.0147 1572 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
2012/03/31 13:03:26.0271 1572 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
2012/03/31 13:03:27.0207 1572 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2012/03/31 13:03:28.0611 1572 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2012/03/31 13:03:29.0796 1572 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2012/03/31 13:03:30.0451 1572 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2012/03/31 13:03:31.0091 1572 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2012/03/31 13:03:31.0980 1572 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2012/03/31 13:03:32.0799 1572 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2012/03/31 13:03:33.0899 1572 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2012/03/31 13:03:34.0469 1572 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2012/03/31 13:03:35.0492 1572 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2012/03/31 13:03:36.0444 1572 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2012/03/31 13:03:37.0255 1572 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2012/03/31 13:03:37.0879 1572 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2012/03/31 13:03:38.0519 1572 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2012/03/31 13:03:39.0548 1572 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2012/03/31 13:03:40.0391 1572 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2012/03/31 13:03:41.0405 1572 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
2012/03/31 13:03:42.0341 1572 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2012/03/31 13:03:43.0277 1572 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2012/03/31 13:03:44.0072 1572 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2012/03/31 13:03:45.0227 1572 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2012/03/31 13:03:45.0788 1572 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2012/03/31 13:03:46.0147 1572 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2012/03/31 13:03:46.0521 1572 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2012/03/31 13:03:46.0842 1572 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2012/03/31 13:03:47.0472 1572 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2012/03/31 13:03:47.0752 1572 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2012/03/31 13:03:48.0142 1572 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2012/03/31 13:03:48.0582 1572 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2012/03/31 13:03:48.0754 1572 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2012/03/31 13:03:49.0706 1572 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2012/03/31 13:03:49.0940 1572 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2012/03/31 13:03:50.0517 1572 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2012/03/31 13:03:51.0469 1572 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2012/03/31 13:03:51.0921 1572 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2012/03/31 13:03:52.0420 1572 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2012/03/31 13:03:52.0670 1572 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2012/03/31 13:03:53.0434 1572 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2012/03/31 13:03:53.0887 1572 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2012/03/31 13:03:54.0214 1572 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2012/03/31 13:03:54.0682 1572 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2012/03/31 13:03:56.0788 1572 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2012/03/31 13:03:57.0646 1572 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2012/03/31 13:03:58.0036 1572 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2012/03/31 13:03:58.0676 1572 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2012/03/31 13:03:59.0846 1572 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
2012/03/31 13:04:00.0454 1572 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2012/03/31 13:04:02.0077 1572 nvlddmkm (05b288b25c2ebd9a4e9e5114ae790876) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2012/03/31 13:04:03.0091 1572 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
2012/03/31 13:04:03.0652 1572 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
2012/03/31 13:04:03.0933 1572 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2012/03/31 13:04:04.0401 1572 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2012/03/31 13:04:04.0713 1572 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2012/03/31 13:04:05.0321 1572 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2012/03/31 13:04:06.0023 1572 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2012/03/31 13:04:06.0242 1572 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2012/03/31 13:04:07.0037 1572 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2012/03/31 13:04:07.0817 1572 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2012/03/31 13:04:08.0379 1572 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2012/03/31 13:04:08.0894 1572 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2012/03/31 13:04:09.0487 1572 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2012/03/31 13:04:09.0970 1572 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2012/03/31 13:04:10.0267 1572 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2012/03/31 13:04:10.0922 1572 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2012/03/31 13:04:11.0530 1572 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2012/03/31 13:04:11.0983 1572 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2012/03/31 13:04:12.0154 1572 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2012/03/31 13:04:12.0622 1572 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2012/03/31 13:04:13.0059 1572 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2012/03/31 13:04:13.0792 1572 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2012/03/31 13:04:14.0213 1572 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2012/03/31 13:04:14.0479 1572 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2012/03/31 13:04:15.0009 1572 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2012/03/31 13:04:15.0383 1572 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2012/03/31 13:04:15.0633 1572 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2012/03/31 13:04:16.0132 1572 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2012/03/31 13:04:16.0569 1572 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2012/03/31 13:04:17.0271 1572 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2012/03/31 13:04:17.0723 1572 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2012/03/31 13:04:18.0301 1572 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2012/03/31 13:04:18.0519 1572 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2012/03/31 13:04:19.0143 1572 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2012/03/31 13:04:19.0549 1572 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2012/03/31 13:04:19.0845 1572 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
2012/03/31 13:04:20.0344 1572 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2012/03/31 13:04:20.0750 1572 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2012/03/31 13:04:21.0779 1572 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2012/03/31 13:04:22.0497 1572 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2012/03/31 13:04:23.0355 1572 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2012/03/31 13:04:23.0963 1572 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2012/03/31 13:04:24.0431 1572 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2012/03/31 13:04:25.0227 1572 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2012/03/31 13:04:25.0664 1572 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2012/03/31 13:04:26.0085 1572 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2012/03/31 13:04:26.0444 1572 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2012/03/31 13:04:27.0380 1572 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2012/03/31 13:04:27.0785 1572 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2012/03/31 13:04:28.0300 1572 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2012/03/31 13:04:28.0316 1572 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2012/03/31 13:04:28.0331 1572 sptd - detected LockedFile.Multi.Generic (1)
2012/03/31 13:04:28.0768 1572 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
2012/03/31 13:04:29.0735 1572 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
2012/03/31 13:04:30.0375 1572 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2012/03/31 13:04:31.0264 1572 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2012/03/31 13:04:32.0231 1572 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2012/03/31 13:04:32.0933 1572 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
2012/03/31 13:04:33.0433 1572 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2012/03/31 13:04:33.0932 1572 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2012/03/31 13:04:34.0228 1572 StMp3Rec (833ac40f6e7be17951d6d9a956829547) C:\Windows\system32\Drivers\StMp3Rec.sys
2012/03/31 13:04:34.0509 1572 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2012/03/31 13:04:34.0759 1572 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2012/03/31 13:04:35.0351 1572 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2012/03/31 13:04:35.0710 1572 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
2012/03/31 13:04:36.0506 1572 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
2012/03/31 13:04:37.0067 1572 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2012/03/31 13:04:37.0660 1572 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2012/03/31 13:04:38.0300 1572 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2012/03/31 13:04:38.0596 1572 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2012/03/31 13:04:38.0955 1572 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2012/03/31 13:04:39.0439 1572 tifm21 (f779ba4cd37963ab4600c9871b7752a3) C:\Windows\system32\drivers\tifm21.sys
2012/03/31 13:04:39.0922 1572 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2012/03/31 13:04:40.0265 1572 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2012/03/31 13:04:40.0593 1572 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2012/03/31 13:04:41.0077 1572 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2012/03/31 13:04:41.0311 1572 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2012/03/31 13:04:41.0763 1572 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2012/03/31 13:04:42.0200 1572 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2012/03/31 13:04:42.0418 1572 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2012/03/31 13:04:42.0793 1572 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2012/03/31 13:04:43.0245 1572 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
2012/03/31 13:04:43.0666 1572 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2012/03/31 13:04:43.0869 1572 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
2012/03/31 13:04:44.0259 1572 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
2012/03/31 13:04:44.0883 1572 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
2012/03/31 13:04:45.0523 1572 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2012/03/31 13:04:46.0084 1572 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2012/03/31 13:04:46.0630 1572 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2012/03/31 13:04:47.0535 1572 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
2012/03/31 13:04:47.0987 1572 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2012/03/31 13:04:48.0393 1572 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2012/03/31 13:04:48.0736 1572 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2012/03/31 13:04:49.0126 1572 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2012/03/31 13:04:49.0485 1572 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2012/03/31 13:04:49.0828 1572 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2012/03/31 13:04:50.0234 1572 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2012/03/31 13:04:50.0702 1572 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2012/03/31 13:04:51.0295 1572 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2012/03/31 13:04:51.0419 1572 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2012/03/31 13:04:51.0841 1572 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2012/03/31 13:04:52.0324 1572 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2012/03/31 13:04:52.0792 1572 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2012/03/31 13:04:53.0323 1572 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2012/03/31 13:04:53.0791 1572 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2012/03/31 13:04:54.0025 1572 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2012/03/31 13:04:54.0118 1572 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2012/03/31 13:04:54.0477 1572 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2012/03/31 13:04:54.0914 1572 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2012/03/31 13:04:56.0053 1572 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2012/03/31 13:04:56.0255 1572 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2012/03/31 13:04:56.0786 1572 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2012/03/31 13:04:57.0316 1572 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2012/03/31 13:04:57.0628 1572 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2012/03/31 13:04:57.0862 1572 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2012/03/31 13:04:58.0081 1572 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2012/03/31 13:04:58.0486 1572 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
2012/03/31 13:04:58.0627 1572 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1)
2012/03/31 13:04:58.0658 1572 Boot (0x1200) (b0a68faba98479f51a52cb4fa2e00d3c) \Device\Harddisk0\DR0\Partition0
2012/03/31 13:04:58.0658 1572 ================================================================================
2012/03/31 13:04:58.0658 1572 Scan finished
2012/03/31 13:04:58.0658 1572 ================================================================================
2012/03/31 13:04:58.0673 3764 Detected object count: 2
2012/03/31 13:04:58.0673 3764 Actual detected object count: 2
2012/03/31 13:05:28.0360 3764 LockedFile.Multi.Generic(sptd) - User select action: Skip
2012/03/31 13:05:28.0360 3764 Rootkit.Win32.BackBoot.gen(\Device\Harddisk0\DR0) - User select action: Skip

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:23 AM

Posted 31 March 2012 - 12:11 PM

2012/03/31 13:05:28.0360 3764 Rootkit.Win32.BackBoot.gen(\Device\Harddisk0\DR0) - User select action: Skip

You should fix the above instead of skipping it.

Redo one more time.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 Gamachii

Gamachii
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 31 March 2012 - 12:59 PM

Alright, here's the log from that last run. I did "restore" because "fix" wasn't in the list, hope that's ok.

2012/03/31 13:45:10.0742 3548 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2012/03/31 13:45:10.0757 3548 ================================================================================
2012/03/31 13:45:10.0757 3548 SystemInfo:
2012/03/31 13:45:10.0757 3548
2012/03/31 13:45:10.0757 3548 OS Version: 6.1.7600 ServicePack: 0.0
2012/03/31 13:45:10.0757 3548 Product type: Workstation
2012/03/31 13:45:10.0757 3548 ComputerName: AETHERIUS
2012/03/31 13:45:10.0773 3548 UserName: L
2012/03/31 13:45:10.0773 3548 Windows directory: C:\Windows
2012/03/31 13:45:10.0773 3548 System windows directory: C:\Windows
2012/03/31 13:45:10.0773 3548 Processor architecture: Intel x86
2012/03/31 13:45:10.0773 3548 Number of processors: 2
2012/03/31 13:45:10.0773 3548 Page size: 0x1000
2012/03/31 13:45:10.0773 3548 Boot type: Normal boot
2012/03/31 13:45:10.0773 3548 ================================================================================
2012/03/31 13:45:14.0439 3548 Initialize success
2012/03/31 13:45:19.0852 3592 ================================================================================
2012/03/31 13:45:19.0852 3592 Scan started
2012/03/31 13:45:19.0852 3592 Mode: Manual;
2012/03/31 13:45:19.0852 3592 ================================================================================
2012/03/31 13:45:21.0724 3592 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2012/03/31 13:45:21.0802 3592 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2012/03/31 13:45:21.0911 3592 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2012/03/31 13:45:22.0176 3592 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2012/03/31 13:45:22.0223 3592 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2012/03/31 13:45:22.0286 3592 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2012/03/31 13:45:22.0379 3592 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
2012/03/31 13:45:22.0629 3592 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2012/03/31 13:45:22.0691 3592 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2012/03/31 13:45:22.0785 3592 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2012/03/31 13:45:22.0956 3592 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2012/03/31 13:45:23.0066 3592 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2012/03/31 13:45:23.0112 3592 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2012/03/31 13:45:23.0144 3592 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2012/03/31 13:45:23.0237 3592 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
2012/03/31 13:45:23.0331 3592 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2012/03/31 13:45:23.0518 3592 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
2012/03/31 13:45:23.0627 3592 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2012/03/31 13:45:23.0861 3592 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2012/03/31 13:45:23.0939 3592 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2012/03/31 13:45:24.0033 3592 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2012/03/31 13:45:24.0064 3592 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2012/03/31 13:45:24.0111 3592 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2012/03/31 13:45:24.0267 3592 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2012/03/31 13:45:24.0392 3592 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2012/03/31 13:45:24.0485 3592 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2012/03/31 13:45:24.0657 3592 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2012/03/31 13:45:24.0875 3592 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2012/03/31 13:45:25.0047 3592 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2012/03/31 13:45:25.0125 3592 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2012/03/31 13:45:25.0156 3592 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2012/03/31 13:45:25.0281 3592 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
2012/03/31 13:45:25.0452 3592 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2012/03/31 13:45:25.0530 3592 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2012/03/31 13:45:25.0577 3592 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2012/03/31 13:45:25.0608 3592 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2012/03/31 13:45:25.0655 3592 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2012/03/31 13:45:25.0983 3592 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2012/03/31 13:45:26.0123 3592 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2012/03/31 13:45:26.0232 3592 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2012/03/31 13:45:26.0404 3592 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2012/03/31 13:45:26.0529 3592 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2012/03/31 13:45:26.0560 3592 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2012/03/31 13:45:26.0669 3592 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
2012/03/31 13:45:26.0934 3592 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
2012/03/31 13:45:27.0075 3592 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2012/03/31 13:45:27.0153 3592 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2012/03/31 13:45:27.0200 3592 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2012/03/31 13:45:27.0402 3592 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2012/03/31 13:45:27.0512 3592 DfsC (f0da218475477d42699e5ef0d60d2215) C:\Windows\system32\Drivers\dfsc.sys
2012/03/31 13:45:27.0590 3592 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2012/03/31 13:45:27.0792 3592 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2012/03/31 13:45:27.0995 3592 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2012/03/31 13:45:28.0104 3592 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2012/03/31 13:45:28.0260 3592 E100B (20de769b84960606d8dbb2aec123021a) C:\Windows\system32\DRIVERS\e100b325.sys
2012/03/31 13:45:28.0463 3592 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2012/03/31 13:45:28.0869 3592 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2012/03/31 13:45:28.0931 3592 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2012/03/31 13:45:28.0978 3592 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2012/03/31 13:45:29.0040 3592 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2012/03/31 13:45:29.0087 3592 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2012/03/31 13:45:29.0259 3592 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2012/03/31 13:45:29.0337 3592 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2012/03/31 13:45:29.0415 3592 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2012/03/31 13:45:29.0446 3592 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2012/03/31 13:45:29.0555 3592 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2012/03/31 13:45:29.0758 3592 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2012/03/31 13:45:29.0898 3592 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2012/03/31 13:45:29.0992 3592 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2012/03/31 13:45:30.0039 3592 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2012/03/31 13:45:30.0117 3592 HdAudAddService (de4020f928a2f8a6327f5687f36d361b) C:\Windows\system32\drivers\CHDART.sys
2012/03/31 13:45:30.0304 3592 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2012/03/31 13:45:30.0351 3592 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2012/03/31 13:45:30.0398 3592 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2012/03/31 13:45:30.0476 3592 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2012/03/31 13:45:30.0585 3592 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2012/03/31 13:45:30.0881 3592 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2012/03/31 13:45:30.0990 3592 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2012/03/31 13:45:31.0037 3592 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2012/03/31 13:45:31.0115 3592 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2012/03/31 13:45:31.0209 3592 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
2012/03/31 13:45:31.0443 3592 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2012/03/31 13:45:31.0505 3592 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2012/03/31 13:45:31.0552 3592 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2012/03/31 13:45:31.0599 3592 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2012/03/31 13:45:31.0630 3592 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2012/03/31 13:45:31.0677 3592 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2012/03/31 13:45:31.0942 3592 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2012/03/31 13:45:32.0004 3592 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2012/03/31 13:45:32.0098 3592 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2012/03/31 13:45:32.0176 3592 ivusb (37412294ea4b70ed8b4a9338ebaeecaa) C:\Windows\system32\DRIVERS\ivusb.sys
2012/03/31 13:45:32.0316 3592 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2012/03/31 13:45:32.0410 3592 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2012/03/31 13:45:32.0488 3592 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
2012/03/31 13:45:32.0535 3592 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
2012/03/31 13:45:32.0644 3592 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2012/03/31 13:45:32.0831 3592 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2012/03/31 13:45:32.0972 3592 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2012/03/31 13:45:33.0018 3592 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2012/03/31 13:45:33.0065 3592 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2012/03/31 13:45:33.0159 3592 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2012/03/31 13:45:33.0299 3592 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2012/03/31 13:45:33.0393 3592 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2012/03/31 13:45:33.0440 3592 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2012/03/31 13:45:33.0486 3592 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2012/03/31 13:45:33.0580 3592 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2012/03/31 13:45:33.0767 3592 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2012/03/31 13:45:33.0908 3592 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2012/03/31 13:45:33.0954 3592 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2012/03/31 13:45:34.0048 3592 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2012/03/31 13:45:34.0095 3592 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2012/03/31 13:45:34.0220 3592 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
2012/03/31 13:45:34.0376 3592 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2012/03/31 13:45:34.0422 3592 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2012/03/31 13:45:34.0516 3592 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2012/03/31 13:45:34.0547 3592 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2012/03/31 13:45:34.0610 3592 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2012/03/31 13:45:34.0656 3592 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2012/03/31 13:45:34.0734 3592 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2012/03/31 13:45:34.0922 3592 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2012/03/31 13:45:35.0062 3592 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2012/03/31 13:45:35.0093 3592 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2012/03/31 13:45:35.0140 3592 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2012/03/31 13:45:35.0234 3592 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2012/03/31 13:45:35.0280 3592 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2012/03/31 13:45:35.0530 3592 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2012/03/31 13:45:36.0014 3592 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2012/03/31 13:45:36.0497 3592 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2012/03/31 13:45:36.0762 3592 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2012/03/31 13:45:36.0996 3592 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2012/03/31 13:45:37.0433 3592 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2012/03/31 13:45:37.0574 3592 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2012/03/31 13:45:37.0901 3592 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2012/03/31 13:45:38.0104 3592 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2012/03/31 13:45:38.0541 3592 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2012/03/31 13:45:38.0993 3592 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2012/03/31 13:45:39.0929 3592 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2012/03/31 13:45:40.0444 3592 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2012/03/31 13:45:40.0538 3592 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2012/03/31 13:45:40.0647 3592 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2012/03/31 13:45:40.0772 3592 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
2012/03/31 13:45:41.0037 3592 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2012/03/31 13:45:41.0427 3592 nvlddmkm (05b288b25c2ebd9a4e9e5114ae790876) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2012/03/31 13:45:42.0020 3592 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
2012/03/31 13:45:42.0082 3592 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
2012/03/31 13:45:42.0160 3592 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2012/03/31 13:45:42.0207 3592 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2012/03/31 13:45:42.0269 3592 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2012/03/31 13:45:42.0332 3592 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2012/03/31 13:45:42.0472 3592 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2012/03/31 13:45:42.0519 3592 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2012/03/31 13:45:42.0581 3592 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2012/03/31 13:45:42.0628 3592 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2012/03/31 13:45:42.0675 3592 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2012/03/31 13:45:42.0737 3592 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2012/03/31 13:45:43.0002 3592 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2012/03/31 13:45:43.0049 3592 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2012/03/31 13:45:43.0143 3592 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2012/03/31 13:45:43.0268 3592 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2012/03/31 13:45:43.0517 3592 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2012/03/31 13:45:43.0626 3592 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2012/03/31 13:45:43.0954 3592 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2012/03/31 13:45:44.0048 3592 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2012/03/31 13:45:44.0110 3592 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2012/03/31 13:45:44.0235 3592 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2012/03/31 13:45:44.0328 3592 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2012/03/31 13:45:44.0547 3592 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2012/03/31 13:45:44.0625 3592 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2012/03/31 13:45:44.0656 3592 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2012/03/31 13:45:44.0750 3592 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2012/03/31 13:45:44.0921 3592 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2012/03/31 13:45:45.0077 3592 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2012/03/31 13:45:45.0155 3592 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2012/03/31 13:45:45.0249 3592 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2012/03/31 13:45:45.0358 3592 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2012/03/31 13:45:45.0576 3592 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2012/03/31 13:45:45.0639 3592 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2012/03/31 13:45:45.0701 3592 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2012/03/31 13:45:45.0795 3592 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
2012/03/31 13:45:45.0998 3592 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2012/03/31 13:45:46.0091 3592 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2012/03/31 13:45:46.0169 3592 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2012/03/31 13:45:46.0232 3592 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2012/03/31 13:45:46.0310 3592 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2012/03/31 13:45:46.0341 3592 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2012/03/31 13:45:46.0403 3592 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2012/03/31 13:45:46.0606 3592 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2012/03/31 13:45:46.0762 3592 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2012/03/31 13:45:47.0386 3592 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2012/03/31 13:45:47.0667 3592 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2012/03/31 13:45:47.0729 3592 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2012/03/31 13:45:47.0901 3592 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2012/03/31 13:45:48.0041 3592 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2012/03/31 13:45:48.0041 3592 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2012/03/31 13:45:48.0041 3592 sptd - detected LockedFile.Multi.Generic (1)
2012/03/31 13:45:48.0322 3592 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
2012/03/31 13:45:48.0462 3592 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
2012/03/31 13:45:48.0634 3592 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2012/03/31 13:45:48.0852 3592 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2012/03/31 13:45:49.0040 3592 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2012/03/31 13:45:49.0227 3592 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
2012/03/31 13:45:49.0289 3592 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2012/03/31 13:45:49.0461 3592 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2012/03/31 13:45:49.0866 3592 StMp3Rec (833ac40f6e7be17951d6d9a956829547) C:\Windows\system32\Drivers\StMp3Rec.sys
2012/03/31 13:45:50.0069 3592 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2012/03/31 13:45:50.0147 3592 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2012/03/31 13:45:50.0288 3592 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2012/03/31 13:45:50.0428 3592 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
2012/03/31 13:45:50.0662 3592 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
2012/03/31 13:45:50.0756 3592 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2012/03/31 13:45:51.0021 3592 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2012/03/31 13:45:51.0239 3592 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2012/03/31 13:45:51.0333 3592 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2012/03/31 13:45:51.0364 3592 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2012/03/31 13:45:51.0489 3592 tifm21 (f779ba4cd37963ab4600c9871b7752a3) C:\Windows\system32\drivers\tifm21.sys
2012/03/31 13:45:51.0754 3592 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2012/03/31 13:45:51.0863 3592 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2012/03/31 13:45:51.0972 3592 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2012/03/31 13:45:52.0004 3592 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2012/03/31 13:45:52.0066 3592 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2012/03/31 13:45:52.0300 3592 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2012/03/31 13:45:52.0362 3592 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2012/03/31 13:45:52.0394 3592 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2012/03/31 13:45:52.0503 3592 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2012/03/31 13:45:52.0581 3592 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
2012/03/31 13:45:52.0784 3592 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2012/03/31 13:45:52.0893 3592 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
2012/03/31 13:45:52.0986 3592 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
2012/03/31 13:45:53.0033 3592 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
2012/03/31 13:45:53.0080 3592 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2012/03/31 13:45:53.0314 3592 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2012/03/31 13:45:53.0376 3592 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2012/03/31 13:45:53.0470 3592 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
2012/03/31 13:45:53.0564 3592 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2012/03/31 13:45:53.0938 3592 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2012/03/31 13:45:54.0156 3592 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2012/03/31 13:45:54.0266 3592 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2012/03/31 13:45:54.0390 3592 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2012/03/31 13:45:54.0453 3592 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2012/03/31 13:45:54.0500 3592 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2012/03/31 13:45:54.0656 3592 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2012/03/31 13:45:54.0780 3592 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2012/03/31 13:45:54.0874 3592 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2012/03/31 13:45:54.0952 3592 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2012/03/31 13:45:55.0046 3592 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2012/03/31 13:45:55.0170 3592 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2012/03/31 13:45:55.0233 3592 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2012/03/31 13:45:55.0358 3592 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2012/03/31 13:45:55.0451 3592 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2012/03/31 13:45:55.0467 3592 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2012/03/31 13:45:55.0529 3592 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2012/03/31 13:45:55.0638 3592 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2012/03/31 13:45:55.0810 3592 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2012/03/31 13:45:55.0919 3592 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2012/03/31 13:45:56.0060 3592 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2012/03/31 13:45:56.0169 3592 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2012/03/31 13:45:56.0231 3592 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2012/03/31 13:45:56.0294 3592 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2012/03/31 13:45:56.0434 3592 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2012/03/31 13:45:56.0512 3592 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
2012/03/31 13:45:56.0574 3592 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1)
2012/03/31 13:45:56.0574 3592 Boot (0x1200) (b0a68faba98479f51a52cb4fa2e00d3c) \Device\Harddisk0\DR0\Partition0
2012/03/31 13:45:56.0590 3592 ================================================================================
2012/03/31 13:45:56.0590 3592 Scan finished
2012/03/31 13:45:56.0590 3592 ================================================================================
2012/03/31 13:45:56.0606 3584 Detected object count: 2
2012/03/31 13:45:56.0606 3584 Actual detected object count: 2
2012/03/31 13:48:41.0366 3584 LockedFile.Multi.Generic(sptd) - User select action: Skip
2012/03/31 13:48:41.0366 3584 \Device\Harddisk0\DR0 - will be restored after reboot
2012/03/31 13:48:41.0366 3584 Rootkit.Win32.BackBoot.gen(\Device\Harddisk0\DR0) - User select action: Restore
2012/03/31 13:48:46.0608 3528 Deinitialize success

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:23 AM

Posted 31 March 2012 - 01:02 PM

Good.

Post new aswMBR log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 Gamachii

Gamachii
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 31 March 2012 - 01:54 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-30 22:21:52
-----------------------------
22:21:52.934 OS Version: Windows 6.1.7600
22:21:52.934 Number of processors: 2 586 0xF06
22:21:52.934 ComputerName: AETHERIUS UserName: L
22:22:04.697 Initialize success
22:28:56.641 AVAST engine defs: 12033001
22:29:31.120 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:29:31.124 Disk 0 Vendor: TOSHIBA_MK1234GSX AH001A Size: 114473MB BusType: 3
22:29:31.196 Disk 0 MBR read successfully
22:29:31.199 Disk 0 MBR scan
22:29:32.925 Disk 0 MBR:Alureon-M [Rtk]
22:29:32.929 Disk 0 TDL4@MBR code has been found
22:29:32.932 Disk 0 Windows 7 default MBR code found via API
22:29:32.936 Disk 0 MBR hidden
22:29:33.024 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
22:29:33.387 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 112971 MB offset 3074048
22:29:33.443 Disk 0 MBR [TDL4] **ROOTKIT**
22:29:33.448 Disk 0 trace - called modules:
22:29:33.454 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85d45fd0]<<
22:29:33.901 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858b54d8]
22:29:33.907 3 CLASSPNP.SYS[882cb59e] -> nt!IofCallDriver -> [0x85e10988]
22:29:33.914 \Driver\00002237[0x85cdc2a0] -> IRP_MJ_CREATE -> 0x85d45fd0
22:30:09.700 AVAST engine scan C:\Windows
22:30:20.657 Disk 0 MBR has been saved successfully to "C:\Users\L\Desktop\MBR.dat"
22:30:20.700 The log file has been saved successfully to "C:\Users\L\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-30 22:21:52
-----------------------------
22:21:52.934 OS Version: Windows 6.1.7600
22:21:52.934 Number of processors: 2 586 0xF06
22:21:52.934 ComputerName: AETHERIUS UserName: L
22:22:04.697 Initialize success
22:28:56.641 AVAST engine defs: 12033001
22:29:31.120 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:29:31.124 Disk 0 Vendor: TOSHIBA_MK1234GSX AH001A Size: 114473MB BusType: 3
22:29:31.196 Disk 0 MBR read successfully
22:29:31.199 Disk 0 MBR scan
22:29:32.925 Disk 0 MBR:Alureon-M [Rtk]
22:29:32.929 Disk 0 TDL4@MBR code has been found
22:29:32.932 Disk 0 Windows 7 default MBR code found via API
22:29:32.936 Disk 0 MBR hidden
22:29:33.024 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
22:29:33.387 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 112971 MB offset 3074048
22:29:33.443 Disk 0 MBR [TDL4] **ROOTKIT**
22:29:33.448 Disk 0 trace - called modules:
22:29:33.454 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85d45fd0]<<
22:29:33.901 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858b54d8]
22:29:33.907 3 CLASSPNP.SYS[882cb59e] -> nt!IofCallDriver -> [0x85e10988]
22:29:33.914 \Driver\00002237[0x85cdc2a0] -> IRP_MJ_CREATE -> 0x85d45fd0
22:30:09.700 AVAST engine scan C:\Windows
22:30:20.657 Disk 0 MBR has been saved successfully to "C:\Users\L\Desktop\MBR.dat"
22:30:20.700 The log file has been saved successfully to "C:\Users\L\Desktop\aswMBR.txt"
22:31:15.015 AVAST engine scan C:\Windows\system32
22:56:30.668 AVAST engine scan C:\Windows\system32\drivers
22:57:03.658 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Alureon-ASC [Rtk]
22:58:55.761 File: C:\Windows\system32\drivers\Wdf01000.sys TDL3 **ROOTKIT**
22:59:05.513 AVAST engine scan C:\Users\L
23:04:15.794 Disk 0 MBR has been saved successfully to "C:\Users\L\Desktop\MBR.dat"
23:04:15.965 The log file has been saved successfully to "C:\Users\L\Desktop\aswMBR2.txt"
23:35:51.774 AVAST engine scan C:\ProgramData
23:37:26.576 Scan finished successfully
23:38:36.823 Disk 0 MBR has been saved successfully to "C:\Users\L\Desktop\MBR.dat"
23:38:36.916 The log file has been saved successfully to "C:\Users\L\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-31 14:04:31
-----------------------------
14:04:31.014 OS Version: Windows 6.1.7600
14:04:31.014 Number of processors: 2 586 0xF06
14:04:31.014 ComputerName: AETHERIUS UserName: L
14:05:16.761 Initialize success
14:05:28.331 AVAST engine defs: 12033001
14:16:46.510 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:16:46.510 Disk 0 Vendor: TOSHIBA_MK1234GSX AH001A Size: 114473MB BusType: 3
14:16:46.541 Disk 0 MBR read successfully
14:16:46.541 Disk 0 MBR scan
14:16:46.806 Disk 0 Windows XP default MBR code
14:16:46.837 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
14:16:46.884 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 112971 MB offset 3074048
14:16:46.900 Disk 0 scanning sectors +234438656
14:16:47.056 Disk 0 scanning C:\Windows\system32\drivers
14:16:51.970 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Alureon-ASC [Rtk]
14:17:10.737 Disk 0 trace - called modules:
14:17:10.768 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x857a2fd0]<<
14:17:10.783 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854b3030]
14:17:11.314 3 CLASSPNP.SYS[882e859e] -> nt!IofCallDriver -> [0x8576fae8]
14:17:11.314 \Driver\00000765[0x857dfca0] -> IRP_MJ_CREATE -> 0x857a2fd0
14:17:12.905 AVAST engine scan C:\Windows
14:17:21.610 AVAST engine scan C:\Windows\system32
14:32:22.489 AVAST engine scan C:\Windows\system32\drivers
14:32:32.060 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Alureon-ASC [Rtk]
14:33:26.538 AVAST engine scan C:\Users\L
14:48:11.957 AVAST engine scan C:\ProgramData
14:48:46.698 Scan finished successfully
14:52:52.274 Disk 0 MBR has been saved successfully to "C:\Users\L\Desktop\MBR.dat"
14:52:52.399 The log file has been saved successfully to "C:\Users\L\Desktop\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users