Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

C:Windows\Sys32 "is been reformatted"

Started by SisypheanTask , Nov 20 2011 09:48 PM

  • Please log in to reply

#1
SisypheanTask
Posted 20 November 2011 - 09:48 PM

SisypheanTask

    Member

  • Member
  • PipPip
  • 21 posts
I was manually updating the online armor firewall because I had been receiving a 1.1.502 bad gateway error. To do this, the current version of the firewall had to be shut down. After I upgraded, I was asked to restart.
Upon restart, I received an error message from Advance System Care that I regretfully didn't think was relevant. I bypassed this and continued with restart. Upon restart, a dos-prompt style list began showing up with a bunch of C:\Windows folders in quotes followed by a line that said "is been reformatted".
Obviously, the terrible grammar coupled with the unusual process tipped me off and I manually shut down my computer before it could continue. When I started the computer again, I was treated to the repair windows dialogue, which I followed through to a final restart.
Anytime I try to run a ".exe" of any type from any one of my three hard drives I receive an error message that reads "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item" with the file path in the header.

I can't run OTL or any virus removal programs. I am posting this from a secondary computer. I believe that replacing or reinstalling the main OS files of C:\Windows might help, but I have no idea to go about doing this. I have access to my original Windows 7 install CD, just not immediate access.

A format of the C drive and complete reinstall of windows is not out of the question as I have my OS on a separate hard drive. I just hope it doesn't come to that.

Thank you for your time and consideration.

*Update* I performed a system image restore and everything is back to normal. I'm posting an OTL log below if anyone wants to look at it. Mods can scrap this thread if they choose, I won't miss it. If I ever figure out what happened I'll leave the answer here.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
OTL logfile created on: 11/20/2011 11:16:16 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Zeke\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 68.42% Memory free
6.50 Gb Paging File | 5.26 Gb Available in Paging File | 80.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 656.38 Gb Free Space | 93.95% Space Free | Partition Type: NTFS
Drive E: | 165.50 Gb Total Space | 92.59 Gb Free Space | 55.94% Space Free | Partition Type: NTFS
Drive K: | 298.09 Gb Total Space | 87.88 Gb Free Space | 29.48% Space Free | Partition Type: NTFS

Computer Name: ZEKE-PC | User Name: Zeke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/20 23:15:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Zeke\Downloads\OTL.exe
PRC - [2011/11/10 20:57:18 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/09 15:56:40 | 000,417,112 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/08/09 15:40:34 | 000,763,224 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/08/09 15:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/07/28 17:42:48 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011/07/28 17:12:54 | 000,409,600 | ---- | M] () -- C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe
PRC - [2011/07/28 16:35:52 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/07/28 16:35:24 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/06 12:01:06 | 004,326,472 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oasrv.exe
PRC - [2011/04/06 12:01:06 | 002,477,032 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oaui.exe
PRC - [2011/04/06 12:01:06 | 000,433,560 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\OAReg.exe
PRC - [2011/04/06 12:01:04 | 001,165,336 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oahlp.exe
PRC - [2011/04/06 12:01:04 | 000,381,512 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oacat.exe
PRC - [2011/03/29 12:13:16 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/18 17:48:16 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/10 20:57:17 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/14 16:19:21 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\273292e88c7b60ecbae9d85e94cd097e\WindowsFormsIntegration.ni.dll
MOD - [2011/10/14 15:50:13 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
MOD - [2011/10/14 15:50:10 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011/10/14 15:50:06 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/10/14 15:49:54 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/10/14 15:49:54 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll
MOD - [2011/10/14 15:49:46 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/14 15:49:40 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/14 15:49:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/14 15:49:08 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
MOD - [2011/10/14 15:48:57 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/14 15:48:52 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/14 15:48:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/14 15:48:40 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/14 15:48:22 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/07/28 17:55:02 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/07/28 17:42:54 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2011/07/28 17:12:54 | 000,409,600 | ---- | M] () -- C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/08/09 15:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/07/28 17:42:48 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011/07/28 16:35:24 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/06 12:01:06 | 004,326,472 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2011/04/06 12:01:04 | 000,381,512 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\OAcat.exe -- (OAcat)
SRV - [2010/06/07 02:00:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/11/20 23:12:31 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2732B90F-EF6D-4675-A30A-6D63ACEAD09B}\MpKsl2b2653e5.sys -- (MpKsl2b2653e5)
DRV - [2011/11/20 13:58:31 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2732B90F-EF6D-4675-A30A-6D63ACEAD09B}\MpKsl8b7b25fd.sys -- (MpKsl8b7b25fd)
DRV - [2011/07/28 17:22:04 | 008,396,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/07/28 17:22:04 | 008,396,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/07/28 15:53:46 | 000,247,296 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/06/24 06:25:26 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.01)
DRV - [2011/06/06 17:06:54 | 000,211,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/04/06 12:02:26 | 000,039,048 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2011/04/06 12:01:32 | 000,029,312 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OAnet.sys -- (OAnet)
DRV - [2011/04/06 12:01:30 | 000,205,864 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\OADriver.sys -- (OADevice)
DRV - [2011/04/06 12:01:30 | 000,025,192 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\System32\drivers\OAmon.sys -- (OAmon)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/10/19 18:17:35 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2008/04/28 08:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008/01/19 04:55:22 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2007/10/11 20:40:00 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdide.sys -- (amdide)
DRV - [2007/03/05 02:06:32 | 000,022,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAC607.sys -- (MAC607)
DRV - [2003/04/18 23:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tandpl.sys -- (tandpl)
DRV - [2003/03/02 16:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\enodpl.sys -- (enodpl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 E3 5B BC 22 43 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Zeke\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/05 19:44:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramDataMozilla\Extensions\[email protected] [2011/06/12 08:58:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 20:57:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/17 17:51:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/05 19:44:14 | 000,000,000 | ---D | M]

[2011/10/11 17:30:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zeke\AppData\Roaming\Mozilla\Extensions
[2011/10/11 17:30:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/10 20:57:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 20:57:18 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Zeke\AppData\Local\Google\Chrome\Application\12.0.742.122\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Users\Zeke\AppData\Local\Google\Chrome\Application\12.0.742.122\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Zeke\AppData\Local\Google\Chrome\Application\12.0.742.122\pdf.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Zeke\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Zeke\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/11/12 12:45:09 | 000,000,350 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 mp02.maniaplanet.com
O1 - Hosts: 127.0.0.1 mp01.maniaplanet.com
O1 - Hosts: 127.0.0.1 mp03.maniaplanet.com
O1 - Hosts: 127.0.0.1 game.maniaplanet.com
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\oaui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Grid] C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{991D7430-51B5-46BB-8807-3478EF538931}: DhcpNameServer = 68.105.28.11 68.105.29.11
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)
O28 - HKCU ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2cef4cf9-dbd7-11df-a001-00016c67bbaf}\Shell - "" = AutoRun
O33 - MountPoints2\{2cef4cf9-dbd7-11df-a001-00016c67bbaf}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{555dcad7-ce9b-11de-9333-0016e6598228}\Shell - "" = AutoRun
O33 - MountPoints2\{555dcad7-ce9b-11de-9333-0016e6598228}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{5cd35c1c-c785-11e0-9c03-00016c67bbaf}\Shell - "" = AutoRun
O33 - MountPoints2\{5cd35c1c-c785-11e0-9c03-00016c67bbaf}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{b9617cb7-2efd-11e0-a4a6-00016c67bbaf}\Shell - "" = AutoRun
O33 - MountPoints2\{b9617cb7-2efd-11e0-a4a6-00016c67bbaf}\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/18 21:18:59 | 000,000,000 | ---D | C] -- C:\Users\Zeke\AppData\Local\SKIDROW
[2011/11/18 21:15:36 | 000,000,000 | ---D | C] -- C:\Users\Zeke\AppData\Roaming\MusE
[2011/11/18 21:15:34 | 000,000,000 | ---D | C] -- C:\Users\Zeke\AppData\Local\MusE
[2011/11/18 21:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
[2011/11/18 20:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\Valve
[2011/11/18 20:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MuseScore
[2011/11/18 20:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\MuseScore
[2011/11/12 12:54:26 | 000,000,000 | ---D | C] -- C:\Users\Zeke\Documents\My Cheat Tables
[2011/11/10 20:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/11/10 20:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2011/11/10 20:49:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011/11/10 20:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/11/05 19:10:12 | 000,000,000 | ---D | C] -- C:\Users\Zeke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/11/05 15:26:06 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/20 23:19:45 | 000,011,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/20 23:19:45 | 000,011,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/20 23:18:05 | 000,626,040 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/20 23:18:05 | 000,107,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/20 23:12:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/20 23:12:17 | 2616,696,832 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/12 16:56:43 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/11/09 18:00:38 | 000,356,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/05 18:16:02 | 000,208,091 | ---- | M] () -- C:\Windows\hpoins43.dat
[2011/10/27 17:55:40 | 000,007,603 | ---- | M] () -- C:\Users\Zeke\AppData\Local\Resmon.ResmonCfg
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/20 23:12:17 | 2616,696,832 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/10 20:43:47 | 000,034,823 | ---- | C] () -- C:\Windows\atiogl.xml
[2011/11/10 20:43:44 | 000,185,088 | ---- | C] () -- C:\Windows\System32\atiapfxx.blb
[2011/11/05 18:15:26 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp
[2011/08/15 18:49:37 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\enodpl.sys
[2011/08/15 18:49:37 | 000,004,736 | ---- | C] () -- C:\Windows\System32\drivers\tandpl.sys
[2011/07/28 17:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/06/27 13:53:02 | 000,234,855 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/06/12 08:50:12 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/05/01 18:34:15 | 000,039,048 | ---- | C] () -- C:\Windows\System32\drivers\oahlp32.sys
[2011/05/01 18:34:14 | 000,205,864 | ---- | C] () -- C:\Windows\System32\drivers\OADriver.sys
[2011/05/01 16:19:23 | 000,192,512 | ---- | C] () -- C:\Windows\System32\a5555.dll
[2011/05/01 16:19:23 | 000,008,670 | -HS- | C] () -- C:\Users\Zeke\AppData\Local\gcv50onu1sl7cbx2yx06ni368lqw4y18h3u11tp
[2011/05/01 16:19:23 | 000,008,670 | -HS- | C] () -- C:\ProgramData\gcv50onu1sl7cbx2yx06ni368lqw4y18h3u11tp
[2011/04/20 00:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/02/03 13:16:36 | 000,022,528 | ---- | C] () -- C:\Windows\System32\drivers\Xbox.sys
[2011/02/03 13:16:36 | 000,022,144 | ---- | C] () -- C:\Windows\System32\drivers\MAC607.sys
[2011/02/03 13:15:39 | 000,057,344 | ---- | C] () -- C:\Windows\System32\Hidhlp.dll
[2011/02/03 13:15:39 | 000,049,152 | ---- | C] () -- C:\Windows\System32\iFT8D91.dll
[2011/01/26 09:26:55 | 000,007,603 | ---- | C] () -- C:\Users\Zeke\AppData\Local\Resmon.ResmonCfg
[2010/12/05 19:29:57 | 000,208,091 | ---- | C] () -- C:\Windows\hpoins43.dat
[2010/12/05 19:29:57 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2010/10/30 20:00:00 | 000,000,608 | -H-- | C] () -- C:\ProgramData\T2
[2010/10/30 20:00:00 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2010/08/30 17:30:59 | 000,000,059 | ---- | C] () -- C:\Windows\Lunarmedia Clock B..ini
[2010/08/14 20:39:49 | 000,000,600 | ---- | C] () -- C:\Users\Zeke\AppData\Local\PUTTY.RND
[2010/06/07 09:25:33 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/06/07 09:16:04 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/06/05 02:13:17 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/06/05 02:00:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/02/15 15:19:53 | 000,000,020 | ---- | C] () -- C:\Windows\entpack.ini
[2009/11/07 17:47:01 | 000,528,744 | ---- | C] () -- C:\Windows\System32\OGAVerify.exe
[2009/09/01 13:49:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/08/24 14:53:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/24 12:44:18 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/03 14:07:42 | 000,691,560 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll.bak
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,356,392 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,626,040 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,107,316 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/10/22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

========== LOP Check ==========

[2010/06/05 02:08:19 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\Auslogics
[2010/06/05 02:08:19 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/10/19 18:20:58 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\DAEMON Tools Lite
[2010/06/05 02:08:19 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\DAEMON Tools Pro
[2011/08/15 20:50:29 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\Easeware
[2010/08/23 18:16:37 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\fltk.org
[2010/12/30 21:53:42 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\GARMIN
[2011/10/20 20:18:58 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\gtk-2.0
[2011/05/09 19:01:42 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\inkscape
[2011/08/23 16:35:42 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\IObit
[2011/03/29 16:39:27 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\Loonies
[2011/11/18 21:15:36 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\MusE
[2011/05/01 18:36:56 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\OnlineArmor
[2010/06/05 02:08:34 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\OpenOffice.org
[2010/12/09 10:17:25 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\Stellarium
[2011/11/20 23:13:20 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\uTorrent
[2011/09/09 17:37:11 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:8C4DEFBA4052ED37

< End of report >
--------------------------------------------------------------------------------------------------------------------------------------

Edited by SisypheanTask, 20 November 2011 - 10:27 PM.

  • 0

Advertisements

#2
RKinner
Posted 21 November 2011 - 12:12 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
[2011/05/01 16:19:23 | 000,192,512 | ---- | C] () -- C:\Windows\System32\a5555.dll
[2011/05/01 16:19:23 | 000,008,670 | -HS- | C] () -- C:\Users\Zeke\AppData\Local\gcv50onu1sl7cbx2yx06ni368lqw4y18h3u11tp
[2011/05/01 16:19:23 | 000,008,670 | -HS- | C] () -- C:\ProgramData\gcv50onu1sl7cbx2yx06ni368lqw4y18h3u11tp
     
:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.


ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Ron
  • 0

#3
SisypheanTask
Posted 21 November 2011 - 05:39 PM

SisypheanTask

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
ComboFix Log

ComboFix 11-11-21.01 - Zeke 11/21/2011 18:14:53.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3327.2410 [GMT -5:00]
Running from: c:\users\Zeke\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\SDTFC.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))
.
.
2011-11-21 23:20 . 2011-11-21 23:20 -------- d-----w- c:\users\Zeke\AppData\Local\temp
2011-11-21 23:20 . 2011-11-21 23:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-21 23:20 . 2011-11-21 23:20 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-11-21 23:11 . 2011-11-21 23:11 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52FBE850-5BE1-4590-80C2-BAB8304BC3E9}\MpKsl5e36581f.sys
2011-11-21 23:11 . 2011-11-21 23:11 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52FBE850-5BE1-4590-80C2-BAB8304BC3E9}\MpKsl382e5f9c.sys
2011-11-21 23:10 . 2011-11-21 23:10 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52FBE850-5BE1-4590-80C2-BAB8304BC3E9}\MpKsld8c14a37.sys
2011-11-21 23:10 . 2011-11-21 23:11 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52FBE850-5BE1-4590-80C2-BAB8304BC3E9}\offreg.dll
2011-11-21 23:10 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52FBE850-5BE1-4590-80C2-BAB8304BC3E9}\mpengine.dll
2011-11-21 23:05 . 2011-11-21 23:05 -------- d-----w- C:\_OTL
2011-11-19 02:18 . 2011-11-19 02:18 -------- d-----w- c:\users\Zeke\AppData\Local\SKIDROW
2011-11-19 02:15 . 2011-11-19 02:15 -------- d-----w- c:\users\Zeke\AppData\Roaming\MusE
2011-11-19 02:15 . 2011-11-19 02:15 -------- d-----w- c:\users\Zeke\AppData\Local\MusE
2011-11-19 01:45 . 2011-11-19 01:45 -------- d-----w- c:\program files\Valve
2011-11-19 01:45 . 2011-11-19 01:45 -------- d-----w- c:\program files\MuseScore
2011-11-12 17:08 . 2010-06-02 09:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-11-12 17:08 . 2010-06-02 09:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-11-12 17:08 . 2010-06-02 09:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-11-12 17:08 . 2010-05-26 16:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-11-12 17:08 . 2010-05-26 16:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-11-12 17:08 . 2010-05-26 16:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-11-12 17:08 . 2010-05-26 16:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-11-12 17:08 . 2010-05-26 16:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-11-11 01:52 . 2011-11-11 01:52 -------- d-----w- c:\programdata\ATI
2011-11-11 01:49 . 2011-11-11 01:49 -------- d-----w- c:\program files\AMD APP
2011-11-11 01:45 . 2011-11-11 01:45 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-11-11 01:45 . 2011-06-06 22:06 211984 ----a-w- c:\windows\system32\drivers\AtihdW73.sys
2011-11-11 01:43 . 2011-07-28 21:36 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-11-09 00:17 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 00:17 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 00:17 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 20:26 . 2011-11-05 20:26 -------- d--h--w- c:\windows\PIF
2011-10-25 21:20 . 2011-08-13 04:18 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-18 22:48 . 2011-05-28 23:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 21:55 . 2011-10-11 21:55 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4ABF6142-907A-4866-A70E-542FB5062CD5}\gapaengine.dll
2011-10-07 03:48 . 2011-05-03 18:51 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-01 02:42 . 2011-10-14 02:34 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 22:54 . 2011-09-01 22:54 249856 ------w- c:\windows\Setup1.exe
2011-09-01 22:54 . 2011-09-01 22:54 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-08-31 21:00 . 2011-10-04 22:12 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-27 04:26 . 2011-10-14 02:35 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-14 02:35 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-11-11 01:57 . 2011-10-11 22:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-29 399736]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]
"Grid"="c:\program files\ATI Technologies\HydraVision\HydraGrd.exe" [2011-07-28 409600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-11 6703648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"@OnlineArmor GUI"="c:\program files\Online Armor\oaui.exe" [2011-04-06 2477032]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~1\oaevent.dll" [2011-04-06 354720]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 20:05 132392 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-11-18 21:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R1 MpKsl1b20c9a5;MpKsl1b20c9a5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5DF932F9-E214-467F-AE0F-7A55E7211E4F}\MpKsl1b20c9a5.sys [x]
R1 MpKsl382e5f9c;MpKsl382e5f9c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52FBE850-5BE1-4590-80C2-BAB8304BC3E9}\MpKsl382e5f9c.sys [2011-11-21 28752]
R1 MpKsl42a3ffcf;MpKsl42a3ffcf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFFF7A1F-4C6E-4446-99C3-C85DD58ECF49}\MpKsl42a3ffcf.sys [x]
R1 MpKsl8151ff43;MpKsl8151ff43;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBBD9636-2114-483E-834A-B2B52EBAE849}\MpKsl8151ff43.sys [x]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2011-04-06 39048]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\OAcat.exe [2011-04-06 381512]
R2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [2011-04-06 4326472]
R3 MAC607;MAC607 Filter;c:\windows\system32\DRIVERS\MAC607.sys [2007-03-05 22144]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-07 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-19 691696]
S1 MpKsl5e36581f;MpKsl5e36581f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52FBE850-5BE1-4590-80C2-BAB8304BC3E9}\MpKsl5e36581f.sys [2011-11-21 28752]
S1 MpKsl91dc8dea;MpKsl91dc8dea;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C553F83-5B4D-4971-91B7-3185C8A82D37}\MpKsl91dc8dea.sys [x]
S1 MpKsld8c14a37;MpKsld8c14a37;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52FBE850-5BE1-4590-80C2-BAB8304BC3E9}\MpKsld8c14a37.sys [2011-11-21 28752]
S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2011-04-06 205864]
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2011-04-06 25192]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-28 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 291840]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2011-06-24 39424]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-28 8396800]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-28 247296]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-06-06 211984]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2011-04-06 29312]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL5E36581F
*NewlyCreated* - MPKSLD8C14A37
*Deregistered* - AvgTdiX
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11
FF - ProfilePath - c:\users\Zeke\AppData\Roaming\Mozilla\Firefox\Profiles\1czubvv2.default\
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3415879968-3108055564-1101967249-1000\Software\SecuROM\License information*]
"datasecu"=hex:59,4c,bb,44,66,cf,ae,94,93,75,0f,bd,d5,38,07,a9,a2,fb,3c,7a,71,
a8,a0,08,91,72,f9,34,41,6d,cb,7e,be,25,da,30,84,8b,1e,09,cd,d1,aa,2e,2b,4c,\
"rkeysecu"=hex:5e,ae,8b,39,4d,e9,fe,b6,93,1f,88,d5,46,17,a5,ae
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-21 18:21:49
ComboFix-quarantined-files.txt 2011-11-21 23:21
.
Pre-Run: 704,014,389,248 bytes free
Post-Run: 703,942,041,600 bytes free
.
- - End Of File - - 71DF1C02500AEDF9C07EF8554C574240
----------------------------------------------------------------------------------------------------------------------------------------
TDSSKiller

18:22:20.0211 3136 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
18:22:20.0445 3136 ============================================================
18:22:20.0445 3136 Current date / time: 2011/11/21 18:22:20.0445
18:22:20.0445 3136 SystemInfo:
18:22:20.0445 3136
18:22:20.0445 3136 OS Version: 6.1.7601 ServicePack: 1.0
18:22:20.0445 3136 Product type: Workstation
18:22:20.0445 3136 ComputerName: ZEKE-PC
18:22:20.0445 3136 UserName: Zeke
18:22:20.0445 3136 Windows directory: C:\Windows
18:22:20.0445 3136 System windows directory: C:\Windows
18:22:20.0445 3136 Processor architecture: Intel x86
18:22:20.0445 3136 Number of processors: 4
18:22:20.0445 3136 Page size: 0x1000
18:22:20.0445 3136 Boot type: Normal boot
18:22:20.0445 3136 ============================================================
18:22:21.0428 3136 Initialize success
18:22:22.0816 2044 ============================================================
18:22:22.0816 2044 Scan started
18:22:22.0816 2044 Mode: Manual;
18:22:22.0816 2044 ============================================================
18:22:24.0330 2044 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:22:24.0345 2044 1394ohci - ok
18:22:24.0376 2044 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:22:24.0376 2044 ACPI - ok
18:22:24.0408 2044 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:22:24.0408 2044 AcpiPmi - ok
18:22:24.0439 2044 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:22:24.0454 2044 adp94xx - ok
18:22:24.0486 2044 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:22:24.0486 2044 adpahci - ok
18:22:24.0501 2044 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:22:24.0501 2044 adpu320 - ok
18:22:24.0595 2044 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:22:24.0595 2044 AFD - ok
18:22:24.0626 2044 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:22:24.0626 2044 agp440 - ok
18:22:24.0657 2044 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:22:24.0657 2044 aic78xx - ok
18:22:24.0673 2044 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:22:24.0673 2044 aliide - ok
18:22:24.0720 2044 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:22:24.0720 2044 amdagp - ok
18:22:24.0735 2044 amdide (f12456ad77b1c32d8c5ca51927872850) C:\Windows\system32\DRIVERS\amdide.sys
18:22:24.0735 2044 amdide - ok
18:22:24.0766 2044 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
18:22:24.0766 2044 amdiox86 - ok
18:22:24.0798 2044 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:22:24.0798 2044 AmdK8 - ok
18:22:25.0032 2044 amdkmdag (68d791d78454684340433e52059eb45e) C:\Windows\system32\DRIVERS\atikmdag.sys
18:22:25.0141 2044 amdkmdag - ok
18:22:25.0156 2044 amdkmdap (96cd7053a516c30e61a05df9757da7de) C:\Windows\system32\DRIVERS\atikmpag.sys
18:22:25.0156 2044 amdkmdap - ok
18:22:25.0188 2044 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:22:25.0188 2044 AmdPPM - ok
18:22:25.0203 2044 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
18:22:25.0203 2044 amdsata - ok
18:22:25.0234 2044 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:22:25.0234 2044 amdsbs - ok
18:22:25.0250 2044 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
18:22:25.0266 2044 amdxata - ok
18:22:25.0328 2044 AODDriver4.01 (62b03afe5cc83bacf064848daa295d9c) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
18:22:25.0328 2044 AODDriver4.01 - ok
18:22:25.0390 2044 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:22:25.0390 2044 AppID - ok
18:22:25.0422 2044 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:22:25.0437 2044 arc - ok
18:22:25.0453 2044 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:22:25.0453 2044 arcsas - ok
18:22:25.0484 2044 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:22:25.0484 2044 AsyncMac - ok
18:22:25.0531 2044 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:22:25.0531 2044 atapi - ok
18:22:25.0578 2044 AtiHDAudioService (84faf3d287d56d210f84db7c1349d43b) C:\Windows\system32\drivers\AtihdW73.sys
18:22:25.0578 2044 AtiHDAudioService - ok
18:22:25.0796 2044 atikmdag (68d791d78454684340433e52059eb45e) C:\Windows\system32\DRIVERS\atikmdag.sys
18:22:25.0921 2044 atikmdag - ok
18:22:25.0952 2044 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
18:22:25.0952 2044 AtiPcie - ok
18:22:25.0999 2044 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:22:25.0999 2044 b06bdrv - ok
18:22:26.0014 2044 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:22:26.0014 2044 b57nd60x - ok
18:22:26.0046 2044 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:22:26.0046 2044 Beep - ok
18:22:26.0061 2044 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:22:26.0061 2044 blbdrive - ok
18:22:26.0092 2044 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:22:26.0092 2044 bowser - ok
18:22:26.0108 2044 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:22:26.0124 2044 BrFiltLo - ok
18:22:26.0139 2044 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:22:26.0139 2044 BrFiltUp - ok
18:22:26.0170 2044 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:22:26.0170 2044 Brserid - ok
18:22:26.0202 2044 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:22:26.0202 2044 BrSerWdm - ok
18:22:26.0217 2044 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:22:26.0217 2044 BrUsbMdm - ok
18:22:26.0248 2044 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:22:26.0248 2044 BrUsbSer - ok
18:22:26.0264 2044 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:22:26.0264 2044 BTHMODEM - ok
18:22:26.0373 2044 catchme - ok
18:22:26.0389 2044 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:22:26.0404 2044 cdfs - ok
18:22:26.0436 2044 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
18:22:26.0436 2044 cdrom - ok
18:22:26.0467 2044 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:22:26.0467 2044 circlass - ok
18:22:26.0482 2044 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:22:26.0498 2044 CLFS - ok
18:22:26.0545 2044 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:22:26.0545 2044 CmBatt - ok
18:22:26.0560 2044 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:22:26.0560 2044 cmdide - ok
18:22:26.0592 2044 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
18:22:26.0607 2044 CNG - ok
18:22:26.0623 2044 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:22:26.0623 2044 Compbatt - ok
18:22:26.0638 2044 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:22:26.0638 2044 CompositeBus - ok
18:22:26.0670 2044 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:22:26.0670 2044 crcdisk - ok
18:22:26.0748 2044 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:22:26.0748 2044 DfsC - ok
18:22:26.0794 2044 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:22:26.0794 2044 discache - ok
18:22:26.0810 2044 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:22:26.0810 2044 Disk - ok
18:22:26.0872 2044 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
18:22:26.0872 2044 Dot4 - ok
18:22:26.0904 2044 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
18:22:26.0904 2044 Dot4Print - ok
18:22:26.0919 2044 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
18:22:26.0935 2044 dot4usb - ok
18:22:26.0966 2044 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:22:26.0966 2044 drmkaud - ok
18:22:27.0013 2044 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:22:27.0028 2044 DXGKrnl - ok
18:22:27.0122 2044 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:22:27.0169 2044 ebdrv - ok
18:22:27.0216 2044 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:22:27.0231 2044 elxstor - ok
18:22:27.0262 2044 enodpl (b4556f3d468c8dcb0b259d9d866cd4c4) C:\Windows\system32\drivers\enodpl.sys
18:22:27.0262 2044 enodpl - ok
18:22:27.0278 2044 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:22:27.0294 2044 ErrDev - ok
18:22:27.0325 2044 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:22:27.0325 2044 exfat - ok
18:22:27.0340 2044 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:22:27.0356 2044 fastfat - ok
18:22:27.0387 2044 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:22:27.0387 2044 fdc - ok
18:22:27.0418 2044 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:22:27.0418 2044 FileInfo - ok
18:22:27.0434 2044 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:22:27.0434 2044 Filetrace - ok
18:22:27.0450 2044 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:22:27.0450 2044 flpydisk - ok
18:22:27.0465 2044 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:22:27.0481 2044 FltMgr - ok
18:22:27.0496 2044 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:22:27.0496 2044 FsDepends - ok
18:22:27.0512 2044 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
18:22:27.0528 2044 Fs_Rec - ok
18:22:27.0559 2044 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:22:27.0574 2044 fvevol - ok
18:22:27.0590 2044 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:22:27.0590 2044 gagp30kx - ok
18:22:27.0621 2044 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:22:27.0621 2044 hcw85cir - ok
18:22:27.0652 2044 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:22:27.0668 2044 HdAudAddService - ok
18:22:27.0684 2044 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:22:27.0699 2044 HDAudBus - ok
18:22:27.0715 2044 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:22:27.0715 2044 HidBatt - ok
18:22:27.0730 2044 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:22:27.0730 2044 HidBth - ok
18:22:27.0777 2044 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:22:27.0777 2044 HidIr - ok
18:22:27.0808 2044 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
18:22:27.0808 2044 HidUsb - ok
18:22:27.0871 2044 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:22:27.0871 2044 HpSAMD - ok
18:22:27.0933 2044 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:22:27.0933 2044 HTTP - ok
18:22:27.0980 2044 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:22:27.0980 2044 hwpolicy - ok
18:22:27.0996 2044 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:22:27.0996 2044 i8042prt - ok
18:22:28.0042 2044 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
18:22:28.0042 2044 iaStorV - ok
18:22:28.0074 2044 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:22:28.0074 2044 iirsp - ok
18:22:28.0167 2044 IntcAzAudAddService (bdc429c7ebdac534a959bf179ff4c63e) C:\Windows\system32\drivers\RTKVHDA.sys
18:22:28.0198 2044 IntcAzAudAddService - ok
18:22:28.0214 2044 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:22:28.0214 2044 intelide - ok
18:22:28.0245 2044 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:22:28.0245 2044 intelppm - ok
18:22:28.0261 2044 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:22:28.0261 2044 IpFilterDriver - ok
18:22:28.0292 2044 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:22:28.0292 2044 IPMIDRV - ok
18:22:28.0323 2044 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:22:28.0323 2044 IPNAT - ok
18:22:28.0354 2044 irda (9f7e491fb0ba0f9e370163834fc1fe31) C:\Windows\system32\DRIVERS\irda.sys
18:22:28.0354 2044 irda - ok
18:22:28.0401 2044 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:22:28.0401 2044 IRENUM - ok
18:22:28.0432 2044 irsir (5896b5ff6332ab2be1582523e9656a67) C:\Windows\system32\DRIVERS\irsir.sys
18:22:28.0432 2044 irsir - ok
18:22:28.0448 2044 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:22:28.0448 2044 isapnp - ok
18:22:28.0479 2044 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:22:28.0479 2044 iScsiPrt - ok
18:22:28.0510 2044 k57nd60x (c4c95805b85bce1eb9d20f4a02fc5f9b) C:\Windows\system32\DRIVERS\k57nd60x.sys
18:22:28.0526 2044 k57nd60x - ok
18:22:28.0557 2044 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
18:22:28.0557 2044 kbdclass - ok
18:22:28.0588 2044 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
18:22:28.0588 2044 kbdhid - ok
18:22:28.0635 2044 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
18:22:28.0635 2044 KSecDD - ok
18:22:28.0666 2044 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
18:22:28.0666 2044 KSecPkg - ok
18:22:28.0729 2044 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:22:28.0729 2044 lltdio - ok
18:22:28.0776 2044 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:22:28.0776 2044 LSI_FC - ok
18:22:28.0807 2044 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:22:28.0807 2044 LSI_SAS - ok
18:22:28.0838 2044 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:22:28.0838 2044 LSI_SAS2 - ok
18:22:28.0869 2044 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:22:28.0869 2044 LSI_SCSI - ok
18:22:28.0885 2044 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:22:28.0885 2044 luafv - ok
18:22:28.0932 2044 MAC607 (04baa6aba9b42593035bf64997eb20a3) C:\Windows\system32\DRIVERS\MAC607.sys
18:22:28.0932 2044 MAC607 - ok
18:22:28.0963 2044 MBAMSwissArmy - ok
18:22:28.0994 2044 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:22:28.0994 2044 megasas - ok
18:22:29.0041 2044 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:22:29.0041 2044 MegaSR - ok
18:22:29.0072 2044 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:22:29.0072 2044 Modem - ok
18:22:29.0103 2044 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:22:29.0119 2044 monitor - ok
18:22:29.0134 2044 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
18:22:29.0150 2044 mouclass - ok
18:22:29.0150 2044 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:22:29.0150 2044 mouhid - ok
18:22:29.0212 2044 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:22:29.0212 2044 mountmgr - ok
18:22:29.0275 2044 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
18:22:29.0275 2044 MpFilter - ok
18:22:29.0368 2044 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:22:29.0368 2044 mpio - ok
18:22:29.0509 2044 MpKsl1b20c9a5 - ok
18:22:29.0587 2044 MpKsl382e5f9c (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{52FBE850-5BE1-4590-80C2-BAB8304BC3E9}\MpKsl382e5f9c.sys
18:22:29.0587 2044 MpKsl382e5f9c - ok
18:22:29.0587 2044 MpKsl42a3ffcf - ok
18:22:29.0618 2044 MpKsl5e36581f (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{52FBE850-5BE1-4590-80C2-BAB8304BC3E9}\MpKsl5e36581f.sys
18:22:29.0618 2044 MpKsl5e36581f - ok
18:22:29.0618 2044 MpKsl8151ff43 - ok
18:22:29.0634 2044 MpKsl91dc8dea - ok
18:22:29.0649 2044 MpKsld8c14a37 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{52FBE850-5BE1-4590-80C2-BAB8304BC3E9}\MpKsld8c14a37.sys
18:22:29.0649 2044 MpKsld8c14a37 - ok
18:22:29.0680 2044 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:22:29.0680 2044 MpNWMon - ok
18:22:29.0696 2044 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:22:29.0696 2044 mpsdrv - ok
18:22:29.0743 2044 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:22:29.0758 2044 MRxDAV - ok
18:22:29.0790 2044 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:22:29.0790 2044 mrxsmb - ok
18:22:29.0821 2044 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:22:29.0821 2044 mrxsmb10 - ok
18:22:29.0836 2044 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:22:29.0852 2044 mrxsmb20 - ok
18:22:29.0868 2044 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:22:29.0868 2044 msahci - ok
18:22:29.0899 2044 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:22:29.0914 2044 msdsm - ok
18:22:29.0946 2044 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:22:29.0946 2044 Msfs - ok
18:22:29.0977 2044 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:22:29.0977 2044 mshidkmdf - ok
18:22:29.0992 2044 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:22:30.0008 2044 msisadrv - ok
18:22:30.0039 2044 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:22:30.0039 2044 MSKSSRV - ok
18:22:30.0070 2044 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:22:30.0070 2044 MSPCLOCK - ok
18:22:30.0102 2044 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:22:30.0102 2044 MSPQM - ok
18:22:30.0133 2044 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:22:30.0133 2044 MsRPC - ok
18:22:30.0148 2044 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:22:30.0164 2044 mssmbios - ok
18:22:30.0164 2044 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:22:30.0164 2044 MSTEE - ok
18:22:30.0195 2044 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:22:30.0195 2044 MTConfig - ok
18:22:30.0211 2044 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:22:30.0226 2044 Mup - ok
18:22:30.0258 2044 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:22:30.0258 2044 NativeWifiP - ok
18:22:30.0320 2044 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:22:30.0336 2044 NDIS - ok
18:22:30.0367 2044 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:22:30.0367 2044 NdisCap - ok
18:22:30.0382 2044 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:22:30.0382 2044 NdisTapi - ok
18:22:30.0445 2044 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:22:30.0445 2044 Ndisuio - ok
18:22:30.0492 2044 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:22:30.0492 2044 NdisWan - ok
18:22:30.0554 2044 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:22:30.0554 2044 NDProxy - ok
18:22:30.0585 2044 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:22:30.0585 2044 NetBIOS - ok
18:22:30.0632 2044 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:22:30.0648 2044 NetBT - ok
18:22:30.0694 2044 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:22:30.0694 2044 nfrd960 - ok
18:22:30.0772 2044 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:22:30.0772 2044 NisDrv - ok
18:22:30.0835 2044 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:22:30.0835 2044 Npfs - ok
18:22:30.0850 2044 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:22:30.0850 2044 nsiproxy - ok
18:22:30.0913 2044 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
18:22:30.0928 2044 Ntfs - ok
18:22:30.0944 2044 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:22:30.0944 2044 Null - ok
18:22:30.0991 2044 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
18:22:31.0006 2044 nvraid - ok
18:22:31.0022 2044 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
18:22:31.0022 2044 nvstor - ok
18:22:31.0053 2044 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:22:31.0053 2044 nv_agp - ok
18:22:31.0100 2044 OADevice (131b33debe75acee4604fdad3e650ef7) C:\Windows\system32\drivers\OADriver.sys
18:22:31.0100 2044 OADevice - ok
18:22:31.0131 2044 oahlpXX (c040c3baf7e9d700d54bf93a125ae0db) C:\Windows\system32\drivers\oahlp32.sys
18:22:31.0131 2044 oahlpXX - ok
18:22:31.0147 2044 OAmon (135a8b08e46cb03fec9d9087da9031b5) C:\Windows\system32\drivers\OAmon.sys
18:22:31.0147 2044 OAmon - ok
18:22:31.0178 2044 OAnet (44603d050af7bcccdd43d4d9e0ba253d) C:\Windows\system32\DRIVERS\oanet.sys
18:22:31.0178 2044 OAnet - ok
18:22:31.0209 2044 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:22:31.0209 2044 ohci1394 - ok
18:22:31.0256 2044 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:22:31.0256 2044 Parport - ok
18:22:31.0303 2044 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
18:22:31.0303 2044 partmgr - ok
18:22:31.0318 2044 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:22:31.0318 2044 Parvdm - ok
18:22:31.0350 2044 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:22:31.0350 2044 pci - ok
18:22:31.0381 2044 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
18:22:31.0381 2044 pciide - ok
18:22:31.0396 2044 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:22:31.0396 2044 pcmcia - ok
18:22:31.0412 2044 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:22:31.0412 2044 pcw - ok
18:22:31.0459 2044 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:22:31.0459 2044 PEAUTH - ok
18:22:31.0584 2044 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:22:31.0584 2044 PptpMiniport - ok
18:22:31.0599 2044 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:22:31.0615 2044 Processor - ok
18:22:31.0646 2044 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:22:31.0646 2044 Psched - ok
18:22:31.0708 2044 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:22:31.0724 2044 ql2300 - ok
18:22:31.0755 2044 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:22:31.0755 2044 ql40xx - ok
18:22:31.0786 2044 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:22:31.0786 2044 QWAVEdrv - ok
18:22:31.0802 2044 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:22:31.0802 2044 RasAcd - ok
18:22:31.0833 2044 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:22:31.0833 2044 RasAgileVpn - ok
18:22:31.0864 2044 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:22:31.0864 2044 Rasl2tp - ok
18:22:31.0911 2044 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:22:31.0927 2044 RasPppoe - ok
18:22:31.0942 2044 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:22:31.0942 2044 RasSstp - ok
18:22:32.0005 2044 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:22:32.0005 2044 rdbss - ok
18:22:32.0036 2044 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:22:32.0036 2044 rdpbus - ok
18:22:32.0083 2044 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:22:32.0083 2044 RDPCDD - ok
18:22:32.0098 2044 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:22:32.0098 2044 RDPENCDD - ok
18:22:32.0130 2044 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:22:32.0130 2044 RDPREFMP - ok
18:22:32.0176 2044 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
18:22:32.0176 2044 RDPWD - ok
18:22:32.0239 2044 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:22:32.0239 2044 rdyboost - ok
18:22:32.0286 2044 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:22:32.0286 2044 rspndr - ok
18:22:32.0348 2044 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
18:22:32.0348 2044 sbp2port - ok
18:22:32.0379 2044 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:22:32.0379 2044 scfilter - ok
18:22:32.0426 2044 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:22:32.0426 2044 secdrv - ok
18:22:32.0457 2044 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:22:32.0457 2044 Serenum - ok
18:22:32.0488 2044 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:22:32.0488 2044 Serial - ok
18:22:32.0520 2044 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:22:32.0520 2044 sermouse - ok
18:22:32.0551 2044 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
18:22:32.0551 2044 sffdisk - ok
18:22:32.0582 2044 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:22:32.0582 2044 sffp_mmc - ok
18:22:32.0613 2044 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
18:22:32.0613 2044 sffp_sd - ok
18:22:32.0629 2044 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:22:32.0629 2044 sfloppy - ok
18:22:32.0676 2044 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:22:32.0676 2044 sisagp - ok
18:22:32.0691 2044 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:22:32.0707 2044 SiSRaid2 - ok
18:22:32.0722 2044 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:22:32.0738 2044 SiSRaid4 - ok
18:22:32.0769 2044 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:22:32.0769 2044 Smb - ok
18:22:32.0832 2044 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:22:32.0832 2044 spldr - ok
18:22:32.0910 2044 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
18:22:32.0910 2044 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
18:22:32.0925 2044 sptd ( LockedFile.Multi.Generic ) - warning
18:22:32.0925 2044 sptd - detected LockedFile.Multi.Generic (1)
18:22:32.0972 2044 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:22:32.0972 2044 srv - ok
18:22:33.0003 2044 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:22:33.0019 2044 srv2 - ok
18:22:33.0034 2044 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:22:33.0034 2044 srvnet - ok
18:22:33.0081 2044 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:22:33.0081 2044 stexstor - ok
18:22:33.0128 2044 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
18:22:33.0128 2044 swenum - ok
18:22:33.0190 2044 tandpl (126d7b3b4c7b724491c604060e1f4e14) C:\Windows\system32\drivers\tandpl.sys
18:22:33.0190 2044 tandpl - ok
18:22:33.0268 2044 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
18:22:33.0284 2044 Tcpip - ok
18:22:33.0346 2044 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
18:22:33.0362 2044 TCPIP6 - ok
18:22:33.0424 2044 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:22:33.0424 2044 tcpipreg - ok
18:22:33.0487 2044 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:22:33.0487 2044 TDPIPE - ok
18:22:33.0502 2044 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
18:22:33.0502 2044 TDTCP - ok
18:22:33.0565 2044 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
18:22:33.0565 2044 tdx - ok
18:22:33.0580 2044 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
18:22:33.0596 2044 TermDD - ok
18:22:33.0658 2044 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:22:33.0674 2044 tssecsrv - ok
18:22:33.0721 2044 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:22:33.0721 2044 TsUsbFlt - ok
18:22:33.0783 2044 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:22:33.0783 2044 tunnel - ok
18:22:33.0799 2044 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:22:33.0814 2044 uagp35 - ok
18:22:33.0877 2044 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:22:33.0877 2044 udfs - ok
18:22:33.0924 2044 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:22:33.0924 2044 uliagpkx - ok
18:22:33.0955 2044 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
18:22:33.0955 2044 umbus - ok
18:22:33.0986 2044 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:22:33.0986 2044 UmPass - ok
18:22:34.0033 2044 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
18:22:34.0048 2044 usbccgp - ok
18:22:34.0080 2044 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:22:34.0080 2044 usbcir - ok
18:22:34.0095 2044 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
18:22:34.0095 2044 usbehci - ok
18:22:34.0142 2044 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
18:22:34.0142 2044 usbhub - ok
18:22:34.0158 2044 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
18:22:34.0173 2044 usbohci - ok
18:22:34.0189 2044 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:22:34.0189 2044 usbprint - ok
18:22:34.0220 2044 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
18:22:34.0220 2044 usbscan - ok
18:22:34.0251 2044 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
18:22:34.0251 2044 USBSTOR - ok
18:22:34.0282 2044 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
18:22:34.0282 2044 usbuhci - ok
18:22:34.0314 2044 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:22:34.0314 2044 vdrvroot - ok
18:22:34.0345 2044 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:22:34.0345 2044 vga - ok
18:22:34.0376 2044 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:22:34.0376 2044 VgaSave - ok
18:22:34.0407 2044 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:22:34.0407 2044 vhdmp - ok
18:22:34.0438 2044 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:22:34.0438 2044 viaagp - ok
18:22:34.0470 2044 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:22:34.0470 2044 ViaC7 - ok
18:22:34.0563 2044 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:22:34.0563 2044 viaide - ok
18:22:34.0735 2044 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:22:34.0735 2044 volmgr - ok
18:22:34.0766 2044 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:22:34.0782 2044 volmgrx - ok
18:22:34.0813 2044 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:22:34.0813 2044 volsnap - ok
18:22:34.0828 2044 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:22:34.0828 2044 vsmraid - ok
18:22:34.0860 2044 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
18:22:34.0860 2044 vwifibus - ok
18:22:34.0906 2044 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:22:34.0906 2044 WacomPen - ok
18:22:34.0969 2044 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:22:34.0969 2044 WANARP - ok
18:22:34.0969 2044 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:22:34.0969 2044 Wanarpv6 - ok
18:22:35.0031 2044 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:22:35.0031 2044 Wd - ok
18:22:35.0062 2044 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:22:35.0078 2044 Wdf01000 - ok
18:22:35.0125 2044 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:22:35.0125 2044 WfpLwf - ok
18:22:35.0156 2044 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:22:35.0156 2044 WIMMount - ok
18:22:35.0218 2044 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
18:22:35.0218 2044 WinUsb - ok
18:22:35.0265 2044 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
18:22:35.0281 2044 WmiAcpi - ok
18:22:35.0328 2044 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:22:35.0328 2044 ws2ifsl - ok
18:22:35.0406 2044 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:22:35.0406 2044 WudfPf - ok
18:22:35.0452 2044 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:22:35.0452 2044 WUDFRd - ok
18:22:35.0499 2044 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
18:22:35.0515 2044 \Device\Harddisk2\DR2 - ok
18:22:35.0515 2044 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:22:35.0530 2044 \Device\Harddisk0\DR0 - ok
18:22:35.0530 2044 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
18:22:35.0842 2044 \Device\Harddisk1\DR1 - ok
18:22:35.0858 2044 Boot (0x1200) (f1a07c92652aab052ac3151aa4e41998) \Device\Harddisk2\DR2\Partition0
18:22:35.0858 2044 \Device\Harddisk2\DR2\Partition0 - ok
18:22:35.0858 2044 Boot (0x1200) (1368dec1bf3a31636abf331808c4ce9d) \Device\Harddisk0\DR0\Partition0
18:22:35.0858 2044 \Device\Harddisk0\DR0\Partition0 - ok
18:22:35.0858 2044 Boot (0x1200) (1a9dd9f0de553db3a0c47867b1427db5) \Device\Harddisk1\DR1\Partition0
18:22:35.0874 2044 \Device\Harddisk1\DR1\Partition0 - ok
18:22:35.0874 2044 ============================================================
18:22:35.0874 2044 Scan finished
18:22:35.0874 2044 ============================================================
18:22:35.0874 0188 Detected object count: 1
18:22:35.0874 0188 Actual detected object count: 1
18:24:27.0041 0188 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:24:27.0041 0188 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
----------------------------------------------------------------------------------------------------------------------------------------
aswMBR

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-21 18:25:10
-----------------------------
18:25:10.319 OS Version: Windows 6.1.7601 Service Pack 1
18:25:10.319 Number of processors: 4 586 0x403
18:25:10.334 ComputerName: ZEKE-PC UserName: Zeke
18:25:12.409 Initialize success
18:27:24.672 AVAST engine defs: 11112101
18:28:02.877 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-4
18:28:02.877 Disk 0 Vendor: Maxtor_6L200P0 BAJ41G20 Size: 194479MB BusType: 3
18:28:02.893 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-5
18:28:02.893 Disk 1 Vendor: WDC_WD3200AAJB-00TYA0 00.02C01 Size: 305245MB BusType: 3
18:28:02.908 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T0L0-0
18:28:02.908 Disk 2 Vendor: WDC_WD7500AADS-00L5B1 01.01A01 Size: 715403MB BusType: 3
18:28:04.952 Disk 2 MBR read successfully
18:28:04.952 Disk 2 MBR scan
18:28:04.968 Disk 2 Windows 7 default MBR code
18:28:04.983 Disk 2 scanning sectors +1465145344
18:28:05.092 Disk 2 scanning C:\Windows\system32\drivers
18:28:16.215 Service scanning
18:28:17.058 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
18:28:17.650 Modules scanning
18:28:27.385 AVAST engine scan C:\Windows
18:28:31.534 AVAST engine scan C:\Windows\system32
18:30:56.240 AVAST engine scan C:\Windows\system32\drivers
18:31:08.159 AVAST engine scan C:\Users\Zeke
18:32:27.859 AVAST engine scan C:\ProgramData
18:32:56.891 Scan finished successfully
18:33:36.624 Disk 2 MBR has been saved successfully to "C:\Users\Zeke\Desktop\MBR.dat"
18:33:36.640 The log file has been saved successfully to "C:\Users\Zeke\Desktop\aswMBR.txt"

"FixMBR was enabled. Fix was not"
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP