Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google redirects , Olmarik.tdl4 and Sirefef.ch trojans


  • This topic is locked This topic is locked

#31
Psydream

Psydream

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ok dude i managed to make it , heres the log , thank you for your patience.Oh and somethink good , i can run tdsskiller.exe and i find 0 threats but i still dont have internet connectionAttached File  MBRCheck_11.22.11_17.09.39.txt   12.86KB   160 downloads

Edited by Psydream, 22 November 2011 - 09:23 AM.

  • 0

Advertisements


#32
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Very good! Please remove old version of Comboxif and download new version. Transfer it to infected PC and run it. Hopefully we will get log and your internet connection back.
  • 0

#33
Psydream

Psydream

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hello,


Well i run combofix scan completed successfully and i found the log the problem is that i cant open
anythink in my pc when i try to open the log or somethink else a msg come out saying

"Illegal operation attempted on a registry key that has been marked for deletion"
I restarted my pc and all works fine but i still dont have internet connection ,
Heres the log


ComboFix 11-11-22.01 - Alex 22/11/2011 18:37:16.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1253.30.1033.18.3031.2026 [GMT 2:00]
Running from: c:\users\Alex\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3\chrome.manifest
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3\components\iIDMMzCC.xpt
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper.js
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper2.js
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3\components2\idmmzcc.dll
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3\components2\idmmzcc64.dll
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper.xpt
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper2.xpt
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3\components2\iIDMMzCC.xpt
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3\install.js
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3\install.rdf
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3\META-INF\manifest.mf
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.sf
c:\windows\system32\ . . . . Failed to delete
.
---- Previous Run -------
.
c:\program files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\uninstall.exe
c:\programdata\hpe51E6.dll
c:\users\Alex\AppData\Local\10d53ccf\U\[email protected]
c:\users\Alex\AppData\Local\10d53ccf\U\[email protected]
c:\users\Alex\AppData\Local\10d53ccf\U\[email protected]
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3\chrome.manifest
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3\components\iIDMMzCC.xpt
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper.js
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper2.js
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3\components2\idmmzcc.dll
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3\components2\idmmzcc64.dll
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper.xpt
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper2.xpt
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3\components2\iIDMMzCC.xpt
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3\install.js
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3\install.rdf
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3\META-INF\manifest.mf
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\users\Alex\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.sf
c:\windows\Explorer\explorer.exe
c:\windows\Explorer\explorev4.bmp
c:\windows\wallpaper.jpg
c:\windows\system32\ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_COMSysApp
-------\Service_COMSysApp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-22 to 2011-11-22 )))))))))))))))))))))))))))))))
.
.
2011-11-23 00:37 . 2011-11-23 01:08 -------- d-----w- C:\Boot
2011-11-22 16:46 . 2011-11-22 16:48 -------- d-----w- c:\users\Alex\AppData\Local\temp
2011-11-22 16:46 . 2011-11-22 16:46 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-11-22 16:46 . 2011-11-22 16:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-20 13:05 . 2011-11-20 13:05 -------- d-----w- c:\users\Alex\AppData\Local\Opera
2011-11-20 13:05 . 2011-11-20 13:05 -------- d-----w- c:\program files\Opera
2011-11-19 19:58 . 2011-11-17 19:58 133208 ----a-w- c:\windows\system32\drivers\40774382.sys
2011-11-17 17:30 . 2011-11-17 17:30 -------- d-----w- c:\users\Alex\AppData\Roaming\SUPERAntiSpyware.com
2011-11-17 17:30 . 2011-11-17 17:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-17 17:30 . 2011-11-17 17:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-17 17:09 . 2011-11-17 17:09 -------- d-----w- C:\_OTM
2011-11-17 16:33 . 2011-11-17 20:49 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-17 16:33 . 2011-11-17 16:33 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-11-17 16:33 . 2011-11-17 16:39 -------- d-----w- c:\programdata\Hitman Pro
2011-11-17 16:03 . 2011-11-17 16:03 -------- d-----w- c:\users\Alex\AppData\Roaming\Malwarebytes
2011-11-17 16:02 . 2011-11-17 16:02 -------- d-----w- c:\programdata\Malwarebytes
2011-11-17 16:02 . 2011-11-17 16:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-17 12:30 . 2011-11-17 12:31 -------- d-----w- c:\program files\FixAuto
2011-11-17 12:30 . 2003-09-23 10:00 608448 ----a-w- c:\windows\system32\COMCTL32.OCX
2011-11-17 12:19 . 2011-11-17 12:19 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-11-17 11:55 . 2011-11-20 10:17 -------- d-sh--w- c:\users\Alex\AppData\Local\10d53ccf
2011-11-16 00:11 . 2011-11-16 00:11 -------- d-----w- c:\users\Default\AppData\Roaming\IObit
2011-11-15 22:54 . 2011-11-15 23:50 -------- d-----w- c:\program files\BrawlBusters(EN)
2011-11-15 22:54 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-11-15 22:54 . 2009-09-04 15:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2011-11-15 22:54 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-11-15 22:54 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-11-14 00:28 . 2011-11-14 00:28 -------- d-----w- c:\program files\Auto Combat Points
2011-11-09 21:51 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 21:51 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 21:51 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-03 01:01 . 2011-11-17 16:49 -------- d-----w- c:\users\Alex\AppData\Local\Akamai
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-29 16:41 . 2011-09-29 16:41 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-09-29 16:41 . 2011-09-29 16:41 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-09-28 09:13 . 2011-09-28 09:13 0 ----a-w- c:\users\Alex\AppData\Local\BIT7E24.tmp
2011-09-28 09:10 . 2011-09-28 09:10 0 ----a-w- c:\users\Alex\AppData\Local\BIT40C7.tmp
2011-09-28 09:08 . 2011-09-28 09:08 0 ----a-w- c:\users\Alex\AppData\Local\BIT7A6C.tmp
2011-09-16 09:06 . 2011-09-16 09:06 235 ----a-w- c:\windows\system32\nxEuUninstall.bat
2011-09-16 09:06 . 2011-09-16 09:06 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2011-09-01 02:35 . 2011-10-13 00:04 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-13 00:04 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-13 00:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-27 04:26 . 2011-10-12 21:57 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26 . 2011-10-12 21:57 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-11-05 07:09 . 2011-05-01 10:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 10:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 10:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-10-11 14:12 1244040 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-12-21 16:29 66656 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-07-07 3270040]
.
c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
_uninst_85456694.lnk - c:\users\Alex\AppData\Local\Temp\_uninst_85456694.bat [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A70001000000}\SC_Reader.exe [2009-10-21 25214]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 4]
2011-04-22 12:08 402832 ----a-w- c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-01-21 15:22 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2011-07-07 12:49 3270040 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-26 22:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2011-05-13 13:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-03-26 07:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2010-01-16 07:54 717696 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-07-25 09:41 433360 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2011-06-17 06:17 466944 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 09:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-03-30 20:19 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-22 350720]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 124416]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-17 130560]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 484864]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
R3 63891297;63891297; [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 GarenaPEngine;GarenaPEngine;c:\users\Alex\AppData\Local\Temp\SMODB33.tmp [x]
R3 gupdatem;Υπηρεσία Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-17 130560]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-11-17 23624]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-14 1343400]
R3 XDva341;XDva341;c:\windows\system32\XDva341.sys [x]
R3 XDva343;XDva343;c:\windows\system32\XDva343.sys [x]
R3 XDva346;XDva346;c:\windows\system32\XDva346.sys [x]
R3 XDva347;XDva347;c:\windows\system32\XDva347.sys [x]
R3 XDva349;XDva349;c:\windows\system32\XDva349.sys [x]
R3 XDva351;XDva351;c:\windows\system32\XDva351.sys [x]
R3 XDva352;XDva352;c:\windows\system32\XDva352.sys [x]
R3 XDva358;XDva358;c:\windows\system32\XDva358.sys [x]
R3 XDva359;XDva359;c:\windows\system32\XDva359.sys [x]
R3 XDva362;XDva362;c:\windows\system32\XDva362.sys [x]
R3 XDva370;XDva370;c:\windows\system32\XDva370.sys [2010-12-09 75592]
R3 XDva375;XDva375;c:\windows\system32\XDva375.sys [x]
R3 XDva380;XDva380;c:\windows\system32\XDva380.sys [x]
R3 XDva383;XDva383;c:\windows\system32\XDva383.sys [x]
R3 XDva387;XDva387;c:\windows\system32\XDva387.sys [x]
R3 XDva391;XDva391;c:\windows\system32\XDva391.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
S0 40774382;40774382;c:\windows\system32\DRIVERS\40774382.sys [2011-11-17 133208]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 113664]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2010-12-21 85232]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [2011-06-21 192512]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 372736]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 166912]
S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0001.sys [2010-06-26 22000]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-10-21 1102848]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 08:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-17 10:58]
.
2011-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-17 10:58]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
LSP: %SystemRoot%\system32\PrxerDrv.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7577AB96-1782-4EDB-9289-C12941860942}: NameServer = 195.170.0.1,195.170.2.2
DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} - hxxp://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\xrt4sz3e.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-1 - c:\users\Alex\AppData\Local\Temp\wmplog05.sqv
MSConfigStartUp-DumpRuUploader - c:\program files\Dump.Ru\DumpRuUploader.exe
MSConfigStartUp-jsafesurf - c:\windows\Help32\safesurf.exe
MSConfigStartUp-pikbonrgjcctpp - c:\windows\system32\wkwkleeucqdrfjpf.dll
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.11\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\c:\users\Alex\AppData\Local\Temp\SMODB33.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1680917705-3916782407-3916281415-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1680917705-3916782407-3916281415-1001\Software\SecuROM\License information*]
"datasecu"=hex:74,42,e9,1f,5a,d1,49,b9,90,2b,b4,f4,87,48,bd,bb,98,bc,e4,dc,6b,
82,96,fe,45,e1,10,a3,10,f1,3a,3f,d7,3d,b5,f3,59,60,0d,95,ca,c5,67,1f,c3,71,\
"rkeysecu"=hex:bb,48,d0,9f,2e,ff,c4,b9,37,18,14,34,cd,87,7b,29
.
[HKEY_USERS\S-1-5-21-1680917705-3916782407-3916281415-1001_Classes\CLSID\{66c2cc67-167c-4dad-a7f2-05d222b4ab10}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000099
"Therad"=dword:0000000f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-1680917705-3916782407-3916281415-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):e6,35,24,4a,d0,a4,55,c6,63,e3,92,e8,55,59,04,c7,24,eb,a5,c6,6a,
84,81,27,0c,dc,da,cd,4e,f1,4e,88,b2,00,b6,81,7b,c8,58,c2,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AUDIODG.EXE
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe
c:\windows\system32\conhost.exe
c:\program files\Hitman Pro 3.5\HitmanPro35.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
.
**************************************************************************
.
Completion time: 2011-11-22 18:51:11 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-22 16:51
.
Pre-Run: 832.207.507.456 bytes free
Post-Run: 832.073.289.728 bytes free
.
- - End Of File - - 22C73E158E66AF3F1D1CE68551C2A6A5

Edited by Psydream, 22 November 2011 - 11:18 AM.

  • 0

#34
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. At least we can run our tools.

Please remove old version of TDSSKiller from infected PC. Do the same with aswMBR.

Step 1

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.


Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 3

After first two please run Combofix one more time and post log here for me.

Step 4

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#35
Psydream

Psydream

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
hello,


I came to an idea to check my antivirus eset smart security if its unistalled correctly well i realised that it was the reason that my internet connection is gone , i searched in google a topic and find out how fix it and now i have internet connection back i just did that , do i have to make combofix scan again?
  • 0

#36
Psydream

Psydream

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
TDSSkiller.exe LOG :
20:21:14.0714 2660 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
20:21:14.0952 2660 ============================================================
20:21:14.0952 2660 Current date / time: 2011/11/22 20:21:14.0952
20:21:14.0952 2660 SystemInfo:
20:21:14.0952 2660
20:21:14.0952 2660 OS Version: 6.1.7600 ServicePack: 0.0
20:21:14.0952 2660 Product type: Workstation
20:21:14.0952 2660 ComputerName: PC-PSYDREAM
20:21:14.0953 2660 UserName: Alex
20:21:14.0953 2660 Windows directory: C:\Windows
20:21:14.0953 2660 System windows directory: C:\Windows
20:21:14.0953 2660 Processor architecture: Intel x86
20:21:14.0953 2660 Number of processors: 4
20:21:14.0953 2660 Page size: 0x1000
20:21:14.0953 2660 Boot type: Normal boot
20:21:14.0953 2660 ============================================================
20:21:16.0052 2660 Initialize success
20:21:17.0873 4196 ============================================================
20:21:17.0874 4196 Scan started
20:21:17.0874 4196 Mode: Manual;
20:21:17.0874 4196 ============================================================
20:21:19.0070 4196 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
20:21:19.0073 4196 1394ohci - ok
20:21:19.0138 4196 40774382 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\40774382.sys
20:21:19.0141 4196 40774382 - ok
20:21:19.0167 4196 63891297 - ok
20:21:19.0210 4196 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
20:21:19.0213 4196 ACPI - ok
20:21:19.0253 4196 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
20:21:19.0253 4196 AcpiPmi - ok
20:21:19.0300 4196 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
20:21:19.0306 4196 adp94xx - ok
20:21:19.0342 4196 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
20:21:19.0347 4196 adpahci - ok
20:21:19.0375 4196 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
20:21:19.0378 4196 adpu320 - ok
20:21:19.0434 4196 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
20:21:19.0438 4196 AFD - ok
20:21:19.0480 4196 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
20:21:19.0483 4196 agp440 - ok
20:21:19.0508 4196 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
20:21:19.0508 4196 aic78xx - ok
20:21:19.0534 4196 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
20:21:19.0536 4196 aliide - ok
20:21:19.0555 4196 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
20:21:19.0558 4196 amdagp - ok
20:21:19.0593 4196 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
20:21:19.0595 4196 amdide - ok
20:21:19.0606 4196 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
20:21:19.0609 4196 AmdK8 - ok
20:21:19.0621 4196 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
20:21:19.0622 4196 AmdPPM - ok
20:21:19.0653 4196 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
20:21:19.0654 4196 amdsata - ok
20:21:19.0674 4196 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
20:21:19.0676 4196 amdsbs - ok
20:21:19.0705 4196 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
20:21:19.0706 4196 amdxata - ok
20:21:19.0745 4196 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
20:21:19.0748 4196 AppID - ok
20:21:20.0037 4196 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
20:21:20.0042 4196 arc - ok
20:21:20.0060 4196 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
20:21:20.0063 4196 arcsas - ok
20:21:20.0083 4196 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
20:21:20.0085 4196 AsyncMac - ok
20:21:20.0100 4196 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
20:21:20.0100 4196 atapi - ok
20:21:20.0143 4196 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
20:21:20.0148 4196 b06bdrv - ok
20:21:20.0161 4196 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:21:20.0163 4196 b57nd60x - ok
20:21:20.0176 4196 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
20:21:20.0178 4196 Beep - ok
20:21:20.0197 4196 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
20:21:20.0199 4196 blbdrive - ok
20:21:20.0234 4196 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
20:21:20.0237 4196 bowser - ok
20:21:20.0263 4196 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:21:20.0263 4196 BrFiltLo - ok
20:21:20.0282 4196 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:21:20.0290 4196 BrFiltUp - ok
20:21:20.0304 4196 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
20:21:20.0308 4196 Brserid - ok
20:21:20.0318 4196 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
20:21:20.0319 4196 BrSerWdm - ok
20:21:20.0339 4196 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:21:20.0340 4196 BrUsbMdm - ok
20:21:20.0364 4196 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
20:21:20.0367 4196 BrUsbSer - ok
20:21:20.0382 4196 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
20:21:20.0384 4196 BTHMODEM - ok
20:21:20.0458 4196 catchme - ok
20:21:20.0484 4196 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
20:21:20.0487 4196 cdfs - ok
20:21:20.0526 4196 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
20:21:20.0529 4196 cdrom - ok
20:21:20.0550 4196 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
20:21:20.0551 4196 circlass - ok
20:21:20.0570 4196 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
20:21:20.0572 4196 CLFS - ok
20:21:20.0609 4196 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
20:21:20.0611 4196 CmBatt - ok
20:21:20.0641 4196 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
20:21:20.0643 4196 cmdide - ok
20:21:20.0661 4196 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
20:21:20.0667 4196 CNG - ok
20:21:20.0684 4196 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
20:21:20.0685 4196 Compbatt - ok
20:21:20.0715 4196 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
20:21:20.0717 4196 CompositeBus - ok
20:21:20.0729 4196 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
20:21:20.0731 4196 crcdisk - ok
20:21:20.0784 4196 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
20:21:20.0787 4196 DfsC - ok
20:21:20.0799 4196 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
20:21:20.0801 4196 discache - ok
20:21:20.0816 4196 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
20:21:20.0819 4196 Disk - ok
20:21:20.0849 4196 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
20:21:20.0851 4196 drmkaud - ok
20:21:20.0888 4196 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
20:21:20.0898 4196 DXGKrnl - ok
20:21:20.0958 4196 EagleNT - ok
20:21:20.0992 4196 EagleXNt - ok
20:21:21.0022 4196 eamonm (bf14fbabd52e9522456d3a2f6e7e76e4) C:\Windows\system32\DRIVERS\eamonm.sys
20:21:21.0023 4196 eamonm - ok
20:21:21.0081 4196 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
20:21:21.0141 4196 ebdrv - ok
20:21:21.0190 4196 ehdrv (7d300a43a7bd8769e0f901bf9e1ae367) C:\Windows\system32\DRIVERS\ehdrv.sys
20:21:21.0191 4196 ehdrv - ok
20:21:21.0251 4196 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\Windows\system32\Drivers\ElbyCDFL.sys
20:21:21.0254 4196 ElbyCDFL - ok
20:21:21.0289 4196 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
20:21:21.0291 4196 ElbyCDIO - ok
20:21:21.0340 4196 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
20:21:21.0347 4196 elxstor - ok
20:21:21.0365 4196 epfw (15bfe00f030ea20955117bb0677e9668) C:\Windows\system32\DRIVERS\epfw.sys
20:21:21.0365 4196 epfw - ok
20:21:21.0406 4196 Epfwndis (52310e0e603d7da79ecca7d764937a91) C:\Windows\system32\DRIVERS\Epfwndis.sys
20:21:21.0406 4196 Epfwndis - ok
20:21:21.0433 4196 epfwwfp (235250a79cf1e16a5a42407cfe3f6a4c) C:\Windows\system32\DRIVERS\epfwwfp.sys
20:21:21.0433 4196 epfwwfp - ok
20:21:21.0465 4196 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
20:21:21.0467 4196 ErrDev - ok
20:21:21.0493 4196 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
20:21:21.0496 4196 exfat - ok
20:21:21.0522 4196 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
20:21:21.0525 4196 fastfat - ok
20:21:21.0562 4196 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
20:21:21.0563 4196 fdc - ok
20:21:21.0581 4196 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
20:21:21.0584 4196 FileInfo - ok
20:21:21.0595 4196 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
20:21:21.0597 4196 Filetrace - ok
20:21:21.0624 4196 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
20:21:21.0626 4196 flpydisk - ok
20:21:21.0644 4196 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
20:21:21.0648 4196 FltMgr - ok
20:21:21.0662 4196 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
20:21:21.0664 4196 FsDepends - ok
20:21:21.0711 4196 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
20:21:21.0715 4196 fssfltr - ok
20:21:21.0749 4196 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
20:21:21.0752 4196 Fs_Rec - ok
20:21:21.0804 4196 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
20:21:21.0808 4196 fvevol - ok
20:21:21.0838 4196 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:21:21.0838 4196 gagp30kx - ok
20:21:21.0899 4196 GarenaPEngine - ok
20:21:21.0945 4196 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:21:21.0948 4196 GEARAspiWDM - ok
20:21:22.0008 4196 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
20:21:22.0011 4196 hamachi - ok
20:21:22.0022 4196 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
20:21:22.0023 4196 hcw85cir - ok
20:21:22.0070 4196 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
20:21:22.0074 4196 HdAudAddService - ok
20:21:22.0092 4196 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
20:21:22.0094 4196 HDAudBus - ok
20:21:22.0105 4196 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
20:21:22.0106 4196 HidBatt - ok
20:21:22.0131 4196 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
20:21:22.0132 4196 HidBth - ok
20:21:22.0164 4196 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
20:21:22.0164 4196 HidIr - ok
20:21:22.0181 4196 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
20:21:22.0183 4196 HidUsb - ok
20:21:22.0225 4196 hitmanpro35 (72472b9ce5d02e443cff49a40355455d) C:\Windows\system32\drivers\hitmanpro35.sys
20:21:22.0225 4196 hitmanpro35 - ok
20:21:22.0249 4196 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
20:21:22.0252 4196 HpSAMD - ok
20:21:22.0303 4196 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
20:21:22.0309 4196 HTTP - ok
20:21:22.0349 4196 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
20:21:22.0351 4196 hwpolicy - ok
20:21:22.0372 4196 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
20:21:22.0379 4196 i8042prt - ok
20:21:22.0430 4196 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
20:21:22.0436 4196 iaStorV - ok
20:21:22.0495 4196 IDMWFP (0cf892a47867cc378ecdd663955187a7) C:\Windows\system32\DRIVERS\idmwfp.sys
20:21:22.0498 4196 IDMWFP - ok
20:21:22.0530 4196 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
20:21:22.0530 4196 iirsp - ok
20:21:22.0546 4196 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
20:21:22.0548 4196 intelide - ok
20:21:22.0589 4196 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
20:21:22.0590 4196 intelppm - ok
20:21:22.0622 4196 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:21:22.0625 4196 IpFilterDriver - ok
20:21:22.0643 4196 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
20:21:22.0646 4196 IPMIDRV - ok
20:21:22.0657 4196 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
20:21:22.0659 4196 IPNAT - ok
20:21:22.0692 4196 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
20:21:22.0694 4196 IRENUM - ok
20:21:22.0705 4196 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
20:21:22.0707 4196 isapnp - ok
20:21:22.0734 4196 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
20:21:22.0738 4196 iScsiPrt - ok
20:21:22.0758 4196 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
20:21:22.0761 4196 kbdclass - ok
20:21:22.0772 4196 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
20:21:22.0775 4196 kbdhid - ok
20:21:22.0811 4196 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
20:21:22.0814 4196 KSecDD - ok
20:21:22.0835 4196 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
20:21:22.0838 4196 KSecPkg - ok
20:21:22.0861 4196 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
20:21:22.0864 4196 lltdio - ok
20:21:22.0897 4196 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:21:22.0900 4196 LSI_FC - ok
20:21:22.0928 4196 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:21:22.0930 4196 LSI_SAS - ok
20:21:22.0961 4196 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:21:22.0961 4196 LSI_SAS2 - ok
20:21:22.0982 4196 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:21:22.0983 4196 LSI_SCSI - ok
20:21:23.0007 4196 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
20:21:23.0010 4196 luafv - ok
20:21:23.0043 4196 MBAMProtector - ok
20:21:23.0092 4196 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
20:21:23.0095 4196 megasas - ok
20:21:23.0117 4196 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
20:21:23.0122 4196 MegaSR - ok
20:21:23.0153 4196 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
20:21:23.0156 4196 Modem - ok
20:21:23.0182 4196 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
20:21:23.0182 4196 monitor - ok
20:21:23.0219 4196 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
20:21:23.0222 4196 mouclass - ok
20:21:23.0250 4196 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
20:21:23.0252 4196 mouhid - ok
20:21:23.0285 4196 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
20:21:23.0287 4196 mountmgr - ok
20:21:23.0321 4196 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
20:21:23.0324 4196 mpio - ok
20:21:23.0352 4196 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
20:21:23.0355 4196 mpsdrv - ok
20:21:23.0390 4196 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
20:21:23.0393 4196 MRxDAV - ok
20:21:23.0425 4196 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:21:23.0428 4196 mrxsmb - ok
20:21:23.0469 4196 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:21:23.0473 4196 mrxsmb10 - ok
20:21:23.0495 4196 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:21:23.0498 4196 mrxsmb20 - ok
20:21:23.0520 4196 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
20:21:23.0523 4196 msahci - ok
20:21:23.0545 4196 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
20:21:23.0548 4196 msdsm - ok
20:21:23.0580 4196 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
20:21:23.0582 4196 Msfs - ok
20:21:23.0593 4196 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
20:21:23.0595 4196 mshidkmdf - ok
20:21:23.0630 4196 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
20:21:23.0633 4196 msisadrv - ok
20:21:23.0666 4196 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
20:21:23.0671 4196 MSKSSRV - ok
20:21:23.0698 4196 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
20:21:23.0701 4196 MSPCLOCK - ok
20:21:23.0717 4196 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
20:21:23.0719 4196 MSPQM - ok
20:21:23.0738 4196 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
20:21:23.0743 4196 MsRPC - ok
20:21:23.0762 4196 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
20:21:23.0763 4196 mssmbios - ok
20:21:23.0777 4196 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
20:21:23.0779 4196 MSTEE - ok
20:21:23.0804 4196 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
20:21:23.0806 4196 MTConfig - ok
20:21:23.0842 4196 MTsensor (cbe71c122434805cb73ffb6619f60598) C:\Windows\system32\DRIVERS\ASACPI.sys
20:21:23.0844 4196 MTsensor - ok
20:21:23.0864 4196 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
20:21:23.0867 4196 Mup - ok
20:21:23.0936 4196 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
20:21:23.0940 4196 NativeWifiP - ok
20:21:23.0979 4196 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
20:21:23.0985 4196 NDIS - ok
20:21:24.0003 4196 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
20:21:24.0005 4196 NdisCap - ok
20:21:24.0028 4196 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
20:21:24.0029 4196 NdisTapi - ok
20:21:24.0080 4196 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
20:21:24.0082 4196 Ndisuio - ok
20:21:24.0099 4196 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
20:21:24.0102 4196 NdisWan - ok
20:21:24.0140 4196 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
20:21:24.0143 4196 NDProxy - ok
20:21:24.0199 4196 Neo_VPN (78a1eacf8da011715f7e0b3536f9845c) C:\Windows\system32\DRIVERS\Neo_0001.sys
20:21:24.0200 4196 Neo_VPN - ok
20:21:24.0218 4196 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
20:21:24.0221 4196 NetBIOS - ok
20:21:24.0259 4196 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
20:21:24.0263 4196 NetBT - ok
20:21:24.0318 4196 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
20:21:24.0320 4196 nfrd960 - ok
20:21:24.0405 4196 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
20:21:24.0405 4196 NPF - ok
20:21:24.0428 4196 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
20:21:24.0431 4196 Npfs - ok
20:21:24.0453 4196 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
20:21:24.0455 4196 nsiproxy - ok
20:21:24.0513 4196 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
20:21:24.0530 4196 Ntfs - ok
20:21:24.0551 4196 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
20:21:24.0553 4196 Null - ok
20:21:24.0707 4196 nvlddmkm (4152708c0c24e30dae7fa87d5afe1d7b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:21:24.0842 4196 nvlddmkm - ok
20:21:24.0887 4196 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
20:21:24.0889 4196 nvraid - ok
20:21:24.0903 4196 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
20:21:24.0904 4196 nvstor - ok
20:21:24.0959 4196 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
20:21:24.0963 4196 nv_agp - ok
20:21:25.0004 4196 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
20:21:25.0007 4196 ohci1394 - ok
20:21:25.0068 4196 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
20:21:25.0094 4196 Parport - ok
20:21:25.0123 4196 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
20:21:25.0125 4196 partmgr - ok
20:21:25.0157 4196 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
20:21:25.0159 4196 Parvdm - ok
20:21:25.0200 4196 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
20:21:25.0204 4196 pci - ok
20:21:25.0236 4196 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
20:21:25.0239 4196 pciide - ok
20:21:25.0265 4196 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
20:21:25.0267 4196 pcmcia - ok
20:21:25.0290 4196 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
20:21:25.0292 4196 pcw - ok
20:21:25.0333 4196 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
20:21:25.0340 4196 PEAUTH - ok
20:21:25.0409 4196 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
20:21:25.0413 4196 PptpMiniport - ok
20:21:25.0432 4196 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
20:21:25.0434 4196 Processor - ok
20:21:25.0455 4196 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
20:21:25.0457 4196 Psched - ok
20:21:25.0493 4196 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
20:21:25.0519 4196 ql2300 - ok
20:21:25.0539 4196 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
20:21:25.0540 4196 ql40xx - ok
20:21:25.0553 4196 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
20:21:25.0555 4196 QWAVEdrv - ok
20:21:25.0571 4196 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
20:21:25.0573 4196 RasAcd - ok
20:21:25.0589 4196 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:21:25.0592 4196 RasAgileVpn - ok
20:21:25.0613 4196 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:21:25.0620 4196 Rasl2tp - ok
20:21:25.0645 4196 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
20:21:25.0648 4196 RasPppoe - ok
20:21:25.0694 4196 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
20:21:25.0697 4196 RasSstp - ok
20:21:25.0730 4196 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
20:21:25.0735 4196 rdbss - ok
20:21:25.0755 4196 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
20:21:25.0755 4196 rdpbus - ok
20:21:25.0789 4196 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:21:25.0792 4196 RDPCDD - ok
20:21:25.0811 4196 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
20:21:25.0813 4196 RDPENCDD - ok
20:21:25.0830 4196 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
20:21:25.0833 4196 RDPREFMP - ok
20:21:25.0865 4196 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
20:21:25.0869 4196 RDPWD - ok
20:21:25.0915 4196 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
20:21:25.0920 4196 rdyboost - ok
20:21:25.0970 4196 RMCAST (906dcfc5ebf4ec0433f8d4fffb0ba334) C:\Windows\system32\DRIVERS\RMCAST.sys
20:21:25.0973 4196 RMCAST - ok
20:21:26.0022 4196 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
20:21:26.0025 4196 rspndr - ok
20:21:26.0067 4196 RTL8167 (5283b9a27ff230f2ff70d92451ff409a) C:\Windows\system32\DRIVERS\Rt86win7.sys
20:21:26.0073 4196 RTL8167 - ok
20:21:26.0127 4196 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\Windows\system32\DRIVERS\s1018bus.sys
20:21:26.0130 4196 s1018bus - ok
20:21:26.0190 4196 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\Windows\system32\DRIVERS\s1018mdfl.sys
20:21:26.0191 4196 s1018mdfl - ok
20:21:26.0208 4196 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\Windows\system32\DRIVERS\s1018mdm.sys
20:21:26.0212 4196 s1018mdm - ok
20:21:26.0224 4196 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\Windows\system32\DRIVERS\s1018mgmt.sys
20:21:26.0227 4196 s1018mgmt - ok
20:21:26.0244 4196 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\Windows\system32\DRIVERS\s1018nd5.sys
20:21:26.0247 4196 s1018nd5 - ok
20:21:26.0270 4196 s1018obex (49431efda842b474531c29ffae9f5d09) C:\Windows\system32\DRIVERS\s1018obex.sys
20:21:26.0274 4196 s1018obex - ok
20:21:26.0292 4196 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\Windows\system32\DRIVERS\s1018unic.sys
20:21:26.0295 4196 s1018unic - ok
20:21:26.0329 4196 s115bus (e1ab463b36a7ef31d8a73a97a9b57afa) C:\Windows\system32\DRIVERS\s115bus.sys
20:21:26.0332 4196 s115bus - ok
20:21:26.0349 4196 s115mdfl (e24113fc13b8737c94cf4e3415488c76) C:\Windows\system32\DRIVERS\s115mdfl.sys
20:21:26.0351 4196 s115mdfl - ok
20:21:26.0373 4196 s115mdm (4029e49e7c673aa0670bd206b0af1b5b) C:\Windows\system32\DRIVERS\s115mdm.sys
20:21:26.0374 4196 s115mdm - ok
20:21:26.0408 4196 s115mgmt (eb02ab4ca8bccecfde236cad8fc6e135) C:\Windows\system32\DRIVERS\s115mgmt.sys
20:21:26.0412 4196 s115mgmt - ok
20:21:26.0441 4196 s115obex (089869db9ffd2ac807fa87fe82ac7761) C:\Windows\system32\DRIVERS\s115obex.sys
20:21:26.0441 4196 s115obex - ok
20:21:26.0483 4196 s116bus (815445f4676cc96bc9aeec303c727e19) C:\Windows\system32\DRIVERS\s116bus.sys
20:21:26.0486 4196 s116bus - ok
20:21:26.0523 4196 s125bus (06847aa6f3a9bf7c44134d00a2e578c0) C:\Windows\system32\DRIVERS\s125bus.sys
20:21:26.0523 4196 s125bus - ok
20:21:26.0599 4196 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:21:26.0602 4196 SASDIFSV - ok
20:21:26.0633 4196 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:21:26.0636 4196 SASKUTIL - ok
20:21:26.0678 4196 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
20:21:26.0682 4196 sbp2port - ok
20:21:26.0720 4196 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
20:21:26.0723 4196 scfilter - ok
20:21:26.0774 4196 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:21:26.0777 4196 secdrv - ok
20:21:26.0808 4196 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
20:21:26.0810 4196 Serenum - ok
20:21:26.0825 4196 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
20:21:26.0828 4196 Serial - ok
20:21:26.0862 4196 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
20:21:26.0865 4196 sermouse - ok
20:21:26.0913 4196 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
20:21:26.0915 4196 sffdisk - ok
20:21:26.0931 4196 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
20:21:26.0933 4196 sffp_mmc - ok
20:21:26.0950 4196 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
20:21:26.0953 4196 sffp_sd - ok
20:21:26.0966 4196 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
20:21:26.0969 4196 sfloppy - ok
20:21:26.0990 4196 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
20:21:26.0991 4196 sisagp - ok
20:21:27.0011 4196 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:21:27.0014 4196 SiSRaid2 - ok
20:21:27.0042 4196 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
20:21:27.0046 4196 SiSRaid4 - ok
20:21:27.0082 4196 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
20:21:27.0085 4196 Smb - ok
20:21:27.0128 4196 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
20:21:27.0130 4196 spldr - ok
20:21:27.0172 4196 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
20:21:27.0177 4196 srv - ok
20:21:27.0194 4196 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
20:21:27.0198 4196 srv2 - ok
20:21:27.0220 4196 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
20:21:27.0224 4196 srvnet - ok
20:21:27.0286 4196 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
20:21:27.0289 4196 stexstor - ok
20:21:27.0305 4196 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
20:21:27.0307 4196 swenum - ok
20:21:27.0361 4196 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
20:21:27.0387 4196 Tcpip - ok
20:21:27.0428 4196 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
20:21:27.0433 4196 TCPIP6 - ok
20:21:27.0484 4196 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
20:21:27.0487 4196 tcpipreg - ok
20:21:27.0528 4196 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
20:21:27.0530 4196 TDPIPE - ok
20:21:27.0541 4196 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
20:21:27.0544 4196 TDTCP - ok
20:21:27.0574 4196 tdx (17e5e3e77ee6c222545ad57831951bc9) C:\Windows\system32\DRIVERS\tdx.sys
20:21:27.0575 4196 tdx ( Rootkit.Win32.ZAccess.g ) - infected
20:21:27.0576 4196 tdx - detected Rootkit.Win32.ZAccess.g (0)
20:21:27.0611 4196 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
20:21:27.0618 4196 TermDD - ok
20:21:27.0659 4196 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:21:27.0662 4196 tssecsrv - ok
20:21:27.0715 4196 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
20:21:27.0718 4196 TsUsbFlt - ok
20:21:27.0751 4196 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
20:21:27.0754 4196 tunnel - ok
20:21:27.0780 4196 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
20:21:27.0783 4196 uagp35 - ok
20:21:27.0819 4196 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
20:21:27.0823 4196 udfs - ok
20:21:27.0865 4196 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
20:21:27.0868 4196 uliagpkx - ok
20:21:27.0885 4196 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
20:21:27.0888 4196 umbus - ok
20:21:27.0916 4196 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
20:21:27.0916 4196 UmPass - ok
20:21:27.0953 4196 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
20:21:27.0956 4196 usbccgp - ok
20:21:27.0991 4196 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
20:21:27.0994 4196 usbcir - ok
20:21:28.0033 4196 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
20:21:28.0036 4196 usbehci - ok
20:21:28.0109 4196 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
20:21:28.0113 4196 usbhub - ok
20:21:28.0146 4196 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
20:21:28.0149 4196 usbohci - ok
20:21:28.0174 4196 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
20:21:28.0175 4196 usbprint - ok
20:21:28.0211 4196 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
20:21:28.0211 4196 USBSTOR - ok
20:21:28.0248 4196 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
20:21:28.0250 4196 usbuhci - ok
20:21:28.0267 4196 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
20:21:28.0269 4196 vdrvroot - ok
20:21:28.0297 4196 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
20:21:28.0300 4196 vga - ok
20:21:28.0316 4196 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
20:21:28.0318 4196 VgaSave - ok
20:21:28.0333 4196 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
20:21:28.0337 4196 vhdmp - ok
20:21:28.0361 4196 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
20:21:28.0364 4196 viaagp - ok
20:21:28.0389 4196 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
20:21:28.0392 4196 ViaC7 - ok
20:21:28.0449 4196 VIAHdAudAddService (dc56a867a2d92e1c51cb6d3f9c540548) C:\Windows\system32\drivers\viahduaa.sys
20:21:28.0467 4196 VIAHdAudAddService - ok
20:21:28.0487 4196 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
20:21:28.0487 4196 viaide - ok
20:21:28.0507 4196 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
20:21:28.0513 4196 volmgr - ok
20:21:28.0538 4196 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
20:21:28.0544 4196 volmgrx - ok
20:21:28.0563 4196 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
20:21:28.0568 4196 volsnap - ok
20:21:28.0599 4196 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
20:21:28.0600 4196 vsmraid - ok
20:21:28.0622 4196 vtany - ok
20:21:28.0641 4196 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
20:21:28.0644 4196 vwifibus - ok
20:21:28.0676 4196 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
20:21:28.0679 4196 WacomPen - ok
20:21:28.0724 4196 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
20:21:28.0727 4196 WANARP - ok
20:21:28.0729 4196 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
20:21:28.0730 4196 Wanarpv6 - ok
20:21:28.0764 4196 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
20:21:28.0768 4196 Wd - ok
20:21:28.0793 4196 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:21:28.0801 4196 Wdf01000 - ok
20:21:28.0822 4196 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
20:21:28.0824 4196 WfpLwf - ok
20:21:28.0842 4196 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
20:21:28.0845 4196 WIMMount - ok
20:21:28.0895 4196 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
20:21:28.0897 4196 WinUsb - ok
20:21:28.0931 4196 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
20:21:28.0934 4196 WmiAcpi - ok
20:21:29.0007 4196 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
20:21:29.0010 4196 ws2ifsl - ok
20:21:29.0031 4196 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
20:21:29.0034 4196 WudfPf - ok
20:21:29.0078 4196 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:21:29.0082 4196 WUDFRd - ok
20:21:29.0099 4196 XDva341 - ok
20:21:29.0120 4196 XDva343 - ok
20:21:29.0130 4196 XDva346 - ok
20:21:29.0174 4196 XDva347 - ok
20:21:29.0194 4196 XDva349 - ok
20:21:29.0204 4196 XDva351 - ok
20:21:29.0213 4196 XDva352 - ok
20:21:29.0233 4196 XDva358 - ok
20:21:29.0241 4196 XDva359 - ok
20:21:29.0251 4196 XDva362 - ok
20:21:29.0292 4196 XDva370 (a6f91455c134194e473d5b201ea47e56) C:\Windows\system32\XDva370.sys
20:21:29.0297 4196 XDva370 - ok
20:21:29.0304 4196 XDva375 - ok
20:21:29.0322 4196 XDva380 - ok
20:21:29.0337 4196 XDva383 - ok
20:21:29.0353 4196 XDva387 - ok
20:21:29.0363 4196 XDva391 - ok
20:21:29.0367 4196 xhunter1 - ok
20:21:29.0388 4196 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:21:29.0403 4196 \Device\Harddisk0\DR0 - ok
20:21:29.0406 4196 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR1
20:21:36.0711 4196 \Device\Harddisk1\DR1 - ok
20:21:36.0713 4196 Boot (0x1200) (8464af4eac0f136c1786d37f33fb7bdf) \Device\Harddisk0\DR0\Partition0
20:21:36.0714 4196 \Device\Harddisk0\DR0\Partition0 - ok
20:21:36.0719 4196 Boot (0x1200) (da60c4fcbfddf5a6b7ca7367e17f0c26) \Device\Harddisk0\DR0\Partition1
20:21:36.0721 4196 \Device\Harddisk0\DR0\Partition1 - ok
20:21:36.0723 4196 Boot (0x1200) (d378e917b697d020523763af219f20db) \Device\Harddisk1\DR1\Partition0
20:21:36.0724 4196 \Device\Harddisk1\DR1\Partition0 - ok
20:21:36.0724 4196 ============================================================
20:21:36.0724 4196 Scan finished
20:21:36.0724 4196 ============================================================
20:21:36.0730 3792 Detected object count: 1
20:21:36.0730 3792 Actual detected object count: 1
20:21:42.0534 3792 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\tdx.sys) error 1813
20:21:43.0751 3792 Backup copy found, using it..
20:21:43.0782 3792 C:\Windows\system32\DRIVERS\tdx.sys - will be cured on reboot
20:21:45.0623 3792 tdx ( Rootkit.Win32.ZAccess.g ) - User select action: Cure
20:22:29.0153 0584 Deinitialize success

  • 0

#37
Psydream

Psydream

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
aswMBR LOG ;

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-22 20:30:26
-----------------------------
20:30:26.800 OS Version: Windows 6.1.7601 Service Pack 1
20:30:26.800 Number of processors: 4 586 0x1E05
20:30:26.801 ComputerName: PC-PSYDREAM UserName: Alex
20:30:29.082 Initialize success
20:30:42.459 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
20:30:42.460 Disk 0 Vendor: ST31000528AS CC38 Size: 953869MB BusType: 3
20:30:44.473 Disk 0 MBR read successfully
20:30:44.474 Disk 0 MBR scan
20:30:44.476 Disk 0 Windows 7 default MBR code
20:30:44.482 Disk 0 scanning sectors +1953520065
20:30:44.546 Disk 0 scanning C:\Windows\system32\drivers
20:30:54.735 Service scanning
20:30:58.155 Modules scanning
20:31:04.729 Disk 0 trace - called modules:
20:31:04.743 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
20:31:04.745 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x867ed030]
20:31:04.747 3 CLASSPNP.SYS[8b80459e] -> nt!IofCallDriver -> [0x8666d918]
20:31:04.749 5 ACPI.sys[8b68d3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0x8669e908]
20:31:04.752 Scan finished successfully
20:31:18.753 Disk 0 MBR has been saved successfully to "C:\Users\Alex\Desktop\MBR.dat"
20:31:18.814 The log file has been saved successfully to "C:\Users\Alex\Desktop\aswMBR.txt"



  • 0

#38
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
For now you don't have to run Combofix. TDSSKiller removed infected driver and things look brighter now :).

How is your system now? Do you have any problems?
  • 0

#39
Psydream

Psydream

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
no not really all works perfect thank you for your assistanse ! And btw i always liked this it was a chalenge for me and u helped me a lot thank you , i learned lot of new thinks with that! and i want more so i may reg here ! but i guess i cant cuz of my english ;s
  • 0

#40
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
How can you tell if you don't try ;). I dare you :cool:

If you are happy, I'm happy too! Glad to work with you.

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

Advertisements


#41
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP