Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pesky Malware fake Vista AV [Closed]


  • This topic is locked This topic is locked

#1
wholeteam

wholeteam

    Member

  • Member
  • PipPip
  • 25 posts
Greetings forum and techs,

I am a kinda experienced tech but have run into a snag on this one, I have attempted to clean a virus off with Combofix, spybot and Malwarebytes, they clean off what it finds but after a reboot and windows saying it is running an update on shutdown it comes back reinfected, the first sign is that all the EXE's are no longer functional, after the cleanup they are functional again, the workaround is i have to run the app as administrator to do anything. I have even turned off windows updates and thought I was thoroughly cleaned went back into the machine and bam problem again anyway enough rambling here is my OTL log:


OTL logfile created on: 12/1/2011 11:29:51 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 55.90% Memory free
5.73 Gb Paging File | 4.48 Gb Available in Paging File | 78.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.19 Gb Total Space | 95.87 Gb Free Space | 68.88% Space Free | Partition Type: NTFS
Drive D: | 9.85 Gb Total Space | 1.64 Gb Free Space | 16.68% Space Free | Partition Type: NTFS

Computer Name: TISHA | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/01 11:29:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
PRC - [2011/11/27 22:27:00 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/18 06:14:54 | 001,229,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2009/04/11 01:28:04 | 000,275,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SnippingTool.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/04/26 03:15:26 | 000,361,808 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/27 22:27:00 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/01/09 22:25:49 | 005,971,408 | ---- | M] () -- C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/04/26 03:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/12 15:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 15:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009/07/24 00:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/03 06:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/05/09 14:17:32 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/04/27 14:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/24 17:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1865
FF - prefs.js..keyword.URL: "http://www.tepela.co...ls=3YzQmUJb&q="
FF - prefs.js..network.proxy.type: 0

FF - user.js..keyword.URL: "http://www.tepela.co...ls=3YzQmUJb&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/08/04 13:35:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/29 18:00:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/27 22:27:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/27 22:27:02 | 000,000,000 | ---D | M]

[2011/01/09 22:22:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2011/11/30 14:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y61qhshs.default\extensions
[2011/01/09 22:25:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y61qhshs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/18 19:58:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y61qhshs.default\extensions\staged
[2011/10/27 00:17:51 | 000,003,849 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y61qhshs.default\searchplugins\avg-secure-search.xml
[2011/03/16 17:54:36 | 000,002,198 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y61qhshs.default\searchplugins\google-search.xml
[2011/09/24 16:46:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/29 18:00:06 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011/01/13 12:41:17 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/04/05 03:38:20 | 000,053,355 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\NPJinit13122.dll
[2011/09/21 11:10:06 | 000,002,223 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\websearch.xml

O1 HOSTS File: ([2011/11/29 10:17:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5....DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 11.224.26.124 11.223.26.124
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E26629E-011B-4720-B771-16155A3F4DE5}: DhcpNameServer = 11.224.26.124 11.223.26.124
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E5553DA-D433-499B-A3D5-F14A955D5998}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/04 13:03:40 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- Reg Error: Value error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/11/30 17:08:24 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/11/30 16:25:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/30 14:32:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2011/11/30 14:31:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/30 14:31:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/30 14:31:53 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/30 14:31:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/30 13:04:13 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/11/30 12:57:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2011/11/30 12:46:48 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/11/29 18:00:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/11/29 17:59:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/11/28 16:22:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/28 16:22:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/28 16:22:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/28 16:22:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/28 16:21:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/28 16:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/11/28 16:08:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/11/28 16:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/11/28 00:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/11/28 00:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/11/26 18:28:38 | 000,000,000 | ---D | C] -- C:\Program Files\AddThis Toolbar
[2011/11/08 20:22:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\uXBzPNycADbpsd8
[2011/11/08 20:22:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\mBpJEK8gR9
[2011/11/08 19:56:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TVrlONtxPuSiDoG
[2011/11/08 19:56:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\pQH6sWK7fLgZjCk
[2011/11/08 19:51:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\ZIIIBBtzPNyAuv2
[2011/11/08 19:51:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\GFF44pmmG5QJ6
[2011/11/08 19:49:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security 2012
[2011/11/08 19:49:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\ZIrONtxAuSib
[2011/11/08 19:49:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\xSibbFpn56W7fLg
[2011/11/08 19:49:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\UJJJ6ddWK8fR9hX
[2011/11/08 19:49:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\zhYYXwjUVelBzPy
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/01 11:25:36 | 111,175,485 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/12/01 10:54:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/01 10:54:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/30 17:08:24 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/11/30 17:06:09 | 000,047,999 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/11/30 17:06:09 | 000,047,999 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/11/30 17:06:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/30 16:54:04 | 2951,090,176 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/30 16:44:10 | 000,000,246 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/11/30 14:31:58 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/29 18:00:08 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/29 17:09:01 | 299,264,008 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/29 15:36:26 | 000,004,608 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/29 11:16:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/11/29 11:16:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/11/29 11:10:01 | 000,000,102 | ---- | M] () -- C:\Windows\wininit.ini
[2011/11/29 10:17:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/28 16:09:00 | 000,001,079 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/11/28 16:09:00 | 000,001,055 | ---- | M] () -- C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/11/28 16:00:39 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/28 16:00:39 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/28 00:44:57 | 000,512,992 | ---- | M] () -- C:\Users\Owner\Desktop\sdasetup_revwire207.exe
[2011/11/27 23:53:32 | 000,392,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/27 22:17:29 | 000,000,842 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG 2012.lnk
[2011/11/27 21:25:26 | 000,002,619 | ---- | M] () -- C:\Users\Owner\Desktop\Microsoft Outlook 2010.lnk
[2011/11/19 22:28:04 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/01 11:25:36 | 111,175,485 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/11/30 14:31:58 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/29 18:00:08 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/29 13:06:32 | 2951,090,176 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/29 11:16:35 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/11/29 11:16:35 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/11/29 11:10:01 | 000,000,102 | ---- | C] () -- C:\Windows\wininit.ini
[2011/11/28 16:22:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/28 16:22:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/28 16:22:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/28 16:22:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/28 16:22:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/28 16:09:00 | 000,001,079 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/11/28 16:09:00 | 000,001,055 | ---- | C] () -- C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/11/28 00:45:05 | 000,512,992 | ---- | C] () -- C:\Users\Owner\Desktop\sdasetup_revwire207.exe
[2011/11/27 22:17:29 | 000,000,842 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG 2012.lnk
[2011/10/27 00:18:12 | 000,036,962 | ---- | C] () -- C:\Windows\System32\ActPanel.dll
[2011/04/11 20:33:18 | 000,024,206 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2011/03/30 19:43:36 | 000,004,608 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/27 19:27:41 | 000,010,704 | ---- | C] () -- C:\Windows\hpwscr19.dat
[2011/01/27 19:26:19 | 000,176,636 | ---- | C] () -- C:\Windows\hpwins19.dat
[2011/01/27 19:26:18 | 000,000,997 | ---- | C] () -- C:\Windows\hpwmdl19.dat
[2011/01/10 20:10:44 | 000,122,880 | ---- | C] () -- C:\Windows\UnGins.exe
[2010/12/19 15:32:46 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2010/12/02 20:09:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/12/02 20:09:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/11/29 12:16:44 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/11/29 11:43:50 | 000,047,999 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/11/29 11:43:22 | 000,047,999 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/11/19 13:10:00 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010/11/16 16:52:31 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/08/04 13:19:17 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/01/14 20:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,392,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,607,406 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,105,014 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/08/26 18:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
[2005/08/26 18:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe
[2005/08/26 18:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe

========== LOP Check ==========

[2011/09/25 20:30:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG2012
[2011/11/08 19:51:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GFF44pmmG5QJ6
[2011/11/08 20:22:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mBpJEK8gR9
[2011/04/11 20:33:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PeerNetworking
[2011/11/08 19:56:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\pQH6sWK7fLgZjCk
[2010/12/20 22:02:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Registry Mechanic
[2011/02/14 19:51:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SoftGrid Client
[2010/12/18 00:02:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TP
[2011/11/08 19:56:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TVrlONtxPuSiDoG
[2011/11/08 20:23:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\UJJJ6ddWK8fR9hX
[2011/11/08 20:22:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uXBzPNycADbpsd8
[2011/11/08 19:49:53 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\xSibbFpn56W7fLg
[2011/11/08 19:49:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\zhYYXwjUVelBzPy
[2011/11/08 19:51:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ZIIIBBtzPNyAuv2
[2011/11/08 19:49:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ZIrONtxAuSib
[2011/11/30 16:53:06 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:502D809E
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

Advertisements


#2
wholeteam

wholeteam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
also each cleanup is now showing a different type of infection this go round on MBAM it shows an opendoor trojan which i just attached to this reply. sometimes it is identified as the Vista AV, ran a few cleanups but comes back. Also did a combofix which restored the executables back, not sure if the executables breaking and the infections come back on reboot or when the windows updates try to install on shutdown. but it reinfects!

Attached Files


Edited by wholeteam, 01 December 2011 - 01:03 PM.

  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if we can squash this once and for all

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/11/08 20:22:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\uXBzPNycADbpsd8
    [2011/11/08 20:22:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\mBpJEK8gR9
    [2011/11/08 19:56:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TVrlONtxPuSiDoG
    [2011/11/08 19:56:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\pQH6sWK7fLgZjCk
    [2011/11/08 19:51:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\ZIIIBBtzPNyAuv2
    [2011/11/08 19:51:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\GFF44pmmG5QJ6
    [2011/11/08 19:49:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security 2012
    [2011/11/08 19:49:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\ZIrONtxAuSib
    [2011/11/08 19:49:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\xSibbFpn56W7fLg
    [2011/11/08 19:49:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\UJJJ6ddWK8fR9hX
    [2011/11/08 19:49:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\zhYYXwjUVelBzPy

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

FINALLY

Please download GetPartitions from the link below on your desktop

getpartitions.exe

Double click to run it
It will produce C:\DiskReport.txt log please post results from that log here to me.
  • 0

#4
wholeteam

wholeteam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
As of right now after running the OTL custom fix and then the asmMBR.exe it has found stuff that is in the log, but now i still can run executables without elevated permissions. I ran the getpartitions.exe now too

and while waiting i did another Malwarebytes and it came up with the broken open command virus which i now have attached too

Attached Files


Edited by wholeteam, 01 December 2011 - 04:30 PM.

  • 0

#5
wholeteam

wholeteam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
lastly while waiting i ran AVG 2012 rootkit scan and it found an issue in the MBR and its hidden i am scared to do repair in fear it will mess up my master boot record so i'll wait on your instructions on this one

Attached Files


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Aye AVG confirmed aswMBR analysis of an MBR infection

we will kill that next and then proceed from there - the getpartition failed so after the TDSSKiller run there is a small task for you

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

THEN

Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot
  • 0

#7
wholeteam

wholeteam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
when opening the disk mgr i get unable to connect to virtual disk service and no drives appear on right pane

the contents of TDSS killer is below:

17:57:53.0849 3444 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
17:57:54.0130 3444 ============================================================
17:57:54.0130 3444 Current date / time: 2011/12/01 17:57:54.0130
17:57:54.0130 3444 SystemInfo:
17:57:54.0130 3444
17:57:54.0130 3444 OS Version: 6.0.6002 ServicePack: 2.0
17:57:54.0130 3444 Product type: Workstation
17:57:54.0130 3444 ComputerName: TISHA
17:57:54.0130 3444 UserName: Owner
17:57:54.0130 3444 Windows directory: C:\Windows
17:57:54.0130 3444 System windows directory: C:\Windows
17:57:54.0130 3444 Processor architecture: Intel x86
17:57:54.0130 3444 Number of processors: 2
17:57:54.0130 3444 Page size: 0x1000
17:57:54.0130 3444 Boot type: Normal boot
17:57:54.0130 3444 ============================================================
17:57:55.0487 3444 Initialize success
17:58:10.0026 3620 ============================================================
17:58:10.0026 3620 Scan started
17:58:10.0026 3620 Mode: Manual;
17:58:10.0026 3620 ============================================================
17:58:21.0240 3620 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:58:21.0255 3620 ACPI - ok
17:58:21.0552 3620 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
17:58:21.0583 3620 adp94xx - ok
17:58:21.0801 3620 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
17:58:21.0801 3620 adpahci - ok
17:58:22.0051 3620 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
17:58:22.0051 3620 adpu160m - ok
17:58:22.0269 3620 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
17:58:22.0269 3620 adpu320 - ok
17:58:23.0673 3620 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:58:23.0814 3620 AFD - ok
17:58:23.0970 3620 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
17:58:23.0970 3620 agp440 - ok
17:58:24.0032 3620 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:58:24.0048 3620 aic78xx - ok
17:58:24.0204 3620 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
17:58:24.0204 3620 aliide - ok
17:58:24.0298 3620 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
17:58:24.0298 3620 amdagp - ok
17:58:24.0392 3620 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
17:58:24.0392 3620 amdide - ok
17:58:24.0454 3620 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
17:58:24.0454 3620 AmdK7 - ok
17:58:24.0610 3620 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
17:58:24.0626 3620 AmdK8 - ok
17:58:24.0844 3620 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
17:58:24.0860 3620 arc - ok
17:58:25.0359 3620 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
17:58:25.0406 3620 arcsas - ok
17:58:25.0718 3620 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:58:25.0718 3620 AsyncMac - ok
17:58:25.0796 3620 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:58:25.0796 3620 atapi - ok
17:58:25.0905 3620 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
17:58:25.0921 3620 athr - ok
17:58:26.0061 3620 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
17:58:26.0061 3620 AVGIDSDriver - ok
17:58:26.0108 3620 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
17:58:26.0108 3620 AVGIDSEH - ok
17:58:26.0155 3620 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
17:58:26.0155 3620 AVGIDSFilter - ok
17:58:26.0201 3620 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
17:58:26.0201 3620 AVGIDSShim - ok
17:58:26.0326 3620 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
17:58:26.0326 3620 Avgldx86 - ok
17:58:26.0357 3620 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
17:58:26.0357 3620 Avgmfx86 - ok
17:58:26.0420 3620 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
17:58:26.0420 3620 Avgrkx86 - ok
17:58:26.0654 3620 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
17:58:26.0654 3620 Avgtdix - ok
17:58:27.0028 3620 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
17:58:27.0044 3620 BCM43XV - ok
17:58:27.0200 3620 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:58:27.0200 3620 Beep - ok
17:58:27.0262 3620 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
17:58:27.0262 3620 blbdrive - ok
17:58:27.0371 3620 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:58:27.0371 3620 bowser - ok
17:58:27.0481 3620 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:58:27.0481 3620 BrFiltLo - ok
17:58:27.0527 3620 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:58:27.0527 3620 BrFiltUp - ok
17:58:27.0605 3620 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:58:27.0605 3620 Brserid - ok
17:58:27.0683 3620 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:58:27.0683 3620 BrSerWdm - ok
17:58:27.0730 3620 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:58:27.0730 3620 BrUsbMdm - ok
17:58:27.0839 3620 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:58:27.0839 3620 BrUsbSer - ok
17:58:27.0902 3620 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:58:27.0917 3620 BTHMODEM - ok
17:58:27.0980 3620 catchme - ok
17:58:28.0073 3620 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:58:28.0089 3620 cdfs - ok
17:58:28.0105 3620 cdrom - ok
17:58:28.0167 3620 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
17:58:28.0167 3620 circlass - ok
17:58:28.0245 3620 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:58:28.0245 3620 CLFS - ok
17:58:28.0370 3620 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
17:58:28.0370 3620 CmBatt - ok
17:58:28.0401 3620 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
17:58:28.0401 3620 cmdide - ok
17:58:28.0495 3620 CnxtHdAudService (dda0cb141150fef87419926790cd26c8) C:\Windows\system32\drivers\CHDRT32.sys
17:58:28.0495 3620 CnxtHdAudService - ok
17:58:28.0635 3620 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
17:58:28.0635 3620 Compbatt - ok
17:58:28.0682 3620 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
17:58:28.0682 3620 crcdisk - ok
17:58:28.0729 3620 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
17:58:28.0744 3620 Crusoe - ok
17:58:28.0807 3620 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:58:28.0807 3620 DfsC - ok
17:58:29.0228 3620 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:58:29.0243 3620 disk - ok
17:58:29.0462 3620 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
17:58:29.0462 3620 Dot4 - ok
17:58:29.0602 3620 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:58:29.0602 3620 Dot4Print - ok
17:58:29.0649 3620 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
17:58:29.0649 3620 dot4usb - ok
17:58:29.0883 3620 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:58:29.0883 3620 drmkaud - ok
17:58:29.0961 3620 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:58:29.0961 3620 DXGKrnl - ok
17:58:30.0226 3620 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:58:30.0226 3620 E1G60 - ok
17:58:30.0367 3620 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:58:30.0367 3620 Ecache - ok
17:58:30.0772 3620 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
17:58:30.0772 3620 elxstor - ok
17:58:30.0991 3620 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
17:58:30.0991 3620 ErrDev - ok
17:58:31.0178 3620 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:58:31.0178 3620 exfat - ok
17:58:31.0412 3620 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:58:31.0412 3620 fastfat - ok
17:58:31.0521 3620 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
17:58:31.0521 3620 fdc - ok
17:58:31.0583 3620 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:58:31.0583 3620 FileInfo - ok
17:58:31.0630 3620 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:58:31.0630 3620 Filetrace - ok
17:58:31.0817 3620 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:58:31.0817 3620 flpydisk - ok
17:58:31.0864 3620 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:58:31.0864 3620 FltMgr - ok
17:58:32.0005 3620 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
17:58:32.0005 3620 Fs_Rec - ok
17:58:32.0207 3620 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
17:58:32.0207 3620 gagp30kx - ok
17:58:32.0395 3620 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
17:58:32.0395 3620 HdAudAddService - ok
17:58:32.0535 3620 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:58:32.0535 3620 HDAudBus - ok
17:58:32.0644 3620 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:58:32.0660 3620 HidBth - ok
17:58:32.0847 3620 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:58:32.0847 3620 HidIr - ok
17:58:33.0081 3620 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
17:58:33.0081 3620 HidUsb - ok
17:58:33.0221 3620 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
17:58:33.0221 3620 HpCISSs - ok
17:58:33.0518 3620 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
17:58:33.0518 3620 HpqKbFiltr - ok
17:58:33.0752 3620 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
17:58:33.0752 3620 HSFHWAZL - ok
17:58:34.0017 3620 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
17:58:34.0017 3620 HSF_DPV - ok
17:58:34.0251 3620 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
17:58:34.0251 3620 HSXHWAZL - ok
17:58:34.0501 3620 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
17:58:34.0501 3620 HTTP - ok
17:58:34.0781 3620 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
17:58:34.0781 3620 i2omp - ok
17:58:35.0093 3620 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:58:35.0093 3620 i8042prt - ok
17:58:35.0203 3620 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
17:58:35.0234 3620 iaStorV - ok
17:58:35.0468 3620 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:58:35.0483 3620 iirsp - ok
17:58:35.0951 3620 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
17:58:35.0951 3620 intelide - ok
17:58:36.0295 3620 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
17:58:36.0326 3620 intelppm - ok
17:58:36.0513 3620 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:58:36.0513 3620 IpFilterDriver - ok
17:58:36.0638 3620 IpInIp - ok
17:58:36.0685 3620 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
17:58:36.0700 3620 IPMIDRV - ok
17:58:36.0731 3620 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:58:36.0731 3620 IPNAT - ok
17:58:36.0763 3620 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:58:36.0763 3620 IRENUM - ok
17:58:36.0950 3620 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
17:58:36.0950 3620 isapnp - ok
17:58:37.0184 3620 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:58:37.0199 3620 iScsiPrt - ok
17:58:37.0371 3620 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:58:37.0387 3620 iteatapi - ok
17:58:37.0574 3620 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:58:37.0574 3620 iteraid - ok
17:58:37.0605 3620 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:58:37.0605 3620 kbdclass - ok
17:58:37.0840 3620 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
17:58:37.0840 3620 kbdhid - ok
17:58:38.0043 3620 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
17:58:38.0058 3620 KSecDD - ok
17:58:38.0292 3620 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:58:38.0292 3620 lltdio - ok
17:58:38.0542 3620 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
17:58:38.0558 3620 LSI_FC - ok
17:58:38.0776 3620 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
17:58:38.0776 3620 LSI_SAS - ok
17:58:38.0994 3620 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
17:58:39.0010 3620 LSI_SCSI - ok
17:58:39.0244 3620 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:58:39.0244 3620 luafv - ok
17:58:39.0494 3620 MBAMSwissArmy - ok
17:58:39.0650 3620 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:58:39.0650 3620 mdmxsdk - ok
17:58:39.0760 3620 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
17:58:39.0760 3620 megasas - ok
17:58:39.0916 3620 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
17:58:39.0916 3620 MegaSR - ok
17:58:40.0150 3620 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:58:40.0150 3620 Modem - ok
17:58:40.0399 3620 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:58:40.0399 3620 monitor - ok
17:58:40.0665 3620 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:58:40.0665 3620 mouclass - ok
17:58:41.0008 3620 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:58:41.0008 3620 mouhid - ok
17:58:41.0086 3620 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:58:41.0086 3620 MountMgr - ok
17:58:41.0304 3620 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
17:58:41.0304 3620 mpio - ok
17:58:41.0710 3620 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:58:41.0757 3620 mpsdrv - ok
17:58:42.0006 3620 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:58:42.0006 3620 Mraid35x - ok
17:58:42.0100 3620 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:58:42.0115 3620 MRxDAV - ok
17:58:42.0287 3620 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:58:42.0287 3620 mrxsmb - ok
17:58:42.0474 3620 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:58:42.0474 3620 mrxsmb10 - ok
17:58:42.0661 3620 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:58:42.0661 3620 mrxsmb20 - ok
17:58:42.0864 3620 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
17:58:42.0864 3620 msahci - ok
17:58:42.0911 3620 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
17:58:42.0927 3620 msdsm - ok
17:58:43.0083 3620 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:58:43.0083 3620 Msfs - ok
17:58:43.0317 3620 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:58:43.0317 3620 msisadrv - ok
17:58:43.0426 3620 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:58:43.0426 3620 MSKSSRV - ok
17:58:43.0613 3620 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:58:43.0613 3620 MSPCLOCK - ok
17:58:43.0660 3620 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:58:43.0660 3620 MSPQM - ok
17:58:43.0785 3620 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:58:43.0785 3620 MsRPC - ok
17:58:43.0972 3620 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:58:43.0972 3620 mssmbios - ok
17:58:44.0065 3620 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:58:44.0065 3620 MSTEE - ok
17:58:44.0268 3620 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:58:44.0268 3620 Mup - ok
17:58:44.0487 3620 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:58:44.0487 3620 NativeWifiP - ok
17:58:44.0627 3620 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:58:44.0643 3620 NDIS - ok
17:58:44.0799 3620 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:58:44.0799 3620 NdisTapi - ok
17:58:44.0939 3620 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:58:44.0939 3620 Ndisuio - ok
17:58:45.0064 3620 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:58:45.0079 3620 NdisWan - ok
17:58:45.0142 3620 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:58:45.0142 3620 NDProxy - ok
17:58:45.0235 3620 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:58:45.0251 3620 NetBIOS - ok
17:58:45.0345 3620 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
17:58:45.0345 3620 netbt - ok
17:58:45.0547 3620 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:58:45.0547 3620 nfrd960 - ok
17:58:45.0781 3620 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:58:45.0781 3620 Npfs - ok
17:58:45.0828 3620 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:58:45.0844 3620 nsiproxy - ok
17:58:45.0984 3620 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:58:46.0000 3620 Ntfs - ok
17:58:46.0140 3620 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:58:46.0140 3620 ntrigdigi - ok
17:58:46.0281 3620 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:58:46.0296 3620 Null - ok
17:58:46.0561 3620 NVENETFD (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
17:58:46.0561 3620 NVENETFD - ok
17:58:46.0764 3620 NVHDA (b0dd52428bf564f5fc5ee331060be2a6) C:\Windows\system32\drivers\nvhda32v.sys
17:58:46.0764 3620 NVHDA - ok
17:58:47.0607 3620 nvlddmkm (9dac05d828e56801fd6ce5fdfced64af) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:58:47.0685 3620 nvlddmkm - ok
17:58:47.0887 3620 NVNET (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
17:58:47.0887 3620 NVNET - ok
17:58:48.0059 3620 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
17:58:48.0059 3620 nvraid - ok
17:58:48.0168 3620 nvsmu (0fb6bf3ab170fc5bd403d25e134eafde) C:\Windows\system32\DRIVERS\nvsmu.sys
17:58:48.0184 3620 nvsmu - ok
17:58:48.0340 3620 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
17:58:48.0340 3620 nvstor - ok
17:58:48.0402 3620 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
17:58:48.0402 3620 nv_agp - ok
17:58:48.0496 3620 NwlnkFlt - ok
17:58:48.0558 3620 NwlnkFwd - ok
17:58:48.0730 3620 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
17:58:48.0745 3620 ohci1394 - ok
17:58:48.0934 3620 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:58:48.0934 3620 Parport - ok
17:58:49.0058 3620 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
17:58:49.0058 3620 partmgr - ok
17:58:49.0168 3620 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:58:49.0168 3620 Parvdm - ok
17:58:49.0292 3620 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:58:49.0292 3620 pci - ok
17:58:49.0417 3620 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
17:58:49.0433 3620 pciide - ok
17:58:49.0495 3620 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:58:49.0511 3620 pcmcia - ok
17:58:49.0760 3620 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:58:49.0776 3620 PEAUTH - ok
17:58:49.0979 3620 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:58:49.0979 3620 PptpMiniport - ok
17:58:50.0041 3620 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
17:58:50.0041 3620 Processor - ok
17:58:50.0228 3620 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:58:50.0244 3620 PSched - ok
17:58:50.0447 3620 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
17:58:50.0447 3620 ql2300 - ok
17:58:50.0681 3620 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:58:50.0696 3620 ql40xx - ok
17:58:50.0884 3620 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:58:50.0884 3620 QWAVEdrv - ok
17:58:51.0086 3620 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:58:51.0086 3620 RasAcd - ok
17:58:51.0305 3620 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:58:51.0305 3620 Rasl2tp - ok
17:58:51.0430 3620 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:58:51.0430 3620 RasPppoe - ok
17:58:51.0492 3620 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:58:51.0492 3620 RasSstp - ok
17:58:51.0710 3620 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:58:51.0726 3620 rdbss - ok
17:58:51.0913 3620 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:58:51.0913 3620 RDPCDD - ok
17:58:52.0100 3620 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
17:58:52.0100 3620 rdpdr - ok
17:58:52.0178 3620 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:58:52.0210 3620 RDPENCDD - ok
17:58:52.0303 3620 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
17:58:52.0319 3620 RDPWD - ok
17:58:52.0709 3620 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:58:52.0709 3620 rspndr - ok
17:58:52.0802 3620 RTSTOR (b0538dea03e088b80482ca939f4e8740) C:\Windows\system32\drivers\RTSTOR.SYS
17:58:52.0818 3620 RTSTOR - ok
17:58:53.0021 3620 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:58:53.0021 3620 sbp2port - ok
17:58:53.0208 3620 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:58:53.0208 3620 secdrv - ok
17:58:53.0426 3620 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
17:58:53.0426 3620 Serenum - ok
17:58:53.0614 3620 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:58:53.0614 3620 Serial - ok
17:58:53.0738 3620 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:58:53.0738 3620 sermouse - ok
17:58:53.0863 3620 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
17:58:53.0863 3620 sffdisk - ok
17:58:54.0082 3620 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
17:58:54.0082 3620 sffp_mmc - ok
17:58:54.0097 3620 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
17:58:54.0097 3620 sffp_sd - ok
17:58:54.0160 3620 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:58:54.0175 3620 sfloppy - ok
17:58:54.0362 3620 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
17:58:54.0362 3620 sisagp - ok
17:58:54.0518 3620 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
17:58:54.0518 3620 SiSRaid2 - ok
17:58:54.0737 3620 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
17:58:54.0752 3620 SiSRaid4 - ok
17:58:54.0877 3620 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:58:54.0893 3620 Smb - ok
17:58:54.0940 3620 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:58:54.0940 3620 spldr - ok
17:58:55.0111 3620 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:58:55.0111 3620 srv - ok
17:58:55.0236 3620 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:58:55.0252 3620 srv2 - ok
17:58:55.0298 3620 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:58:55.0314 3620 srvnet - ok
17:58:55.0470 3620 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:58:55.0470 3620 swenum - ok
17:58:55.0564 3620 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:58:55.0564 3620 Symc8xx - ok
17:58:55.0688 3620 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:58:55.0688 3620 Sym_hi - ok
17:58:55.0829 3620 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:58:55.0829 3620 Sym_u3 - ok
17:58:56.0047 3620 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
17:58:56.0047 3620 SynTP - ok
17:58:56.0266 3620 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
17:58:56.0266 3620 Tcpip - ok
17:58:56.0500 3620 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
17:58:56.0515 3620 Tcpip6 - ok
17:58:56.0671 3620 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
17:58:56.0671 3620 tcpipreg - ok
17:58:56.0890 3620 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:58:56.0890 3620 TDPIPE - ok
17:58:57.0108 3620 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:58:57.0124 3620 TDTCP - ok
17:58:57.0280 3620 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:58:57.0280 3620 tdx - ok
17:58:57.0498 3620 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:58:57.0498 3620 TermDD - ok
17:58:57.0716 3620 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:58:57.0716 3620 tssecsrv - ok
17:58:58.0060 3620 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:58:58.0060 3620 tunmp - ok
17:58:58.0278 3620 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
17:58:58.0278 3620 tunnel - ok
17:58:58.0465 3620 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
17:58:58.0465 3620 uagp35 - ok
17:58:58.0637 3620 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:58:58.0637 3620 udfs - ok
17:58:58.0886 3620 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
17:58:58.0902 3620 uliagpkx - ok
17:58:59.0058 3620 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
17:58:59.0058 3620 uliahci - ok
17:58:59.0230 3620 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:58:59.0230 3620 UlSata - ok
17:58:59.0432 3620 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:58:59.0432 3620 ulsata2 - ok
17:58:59.0526 3620 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:58:59.0526 3620 umbus - ok
17:58:59.0651 3620 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:58:59.0651 3620 usbccgp - ok
17:58:59.0822 3620 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:58:59.0822 3620 usbcir - ok
17:59:00.0011 3620 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:59:00.0011 3620 usbehci - ok
17:59:00.0026 3620 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:59:00.0026 3620 usbhub - ok
17:59:00.0042 3620 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
17:59:00.0042 3620 usbohci - ok
17:59:00.0182 3620 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:59:00.0182 3620 usbprint - ok
17:59:00.0245 3620 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
17:59:00.0245 3620 usbscan - ok
17:59:00.0494 3620 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:59:00.0494 3620 USBSTOR - ok
17:59:00.0650 3620 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
17:59:00.0650 3620 usbuhci - ok
17:59:00.0869 3620 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
17:59:00.0869 3620 usbvideo - ok
17:59:01.0087 3620 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
17:59:01.0087 3620 vga - ok
17:59:01.0196 3620 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:59:01.0196 3620 VgaSave - ok
17:59:01.0368 3620 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
17:59:01.0368 3620 viaagp - ok
17:59:01.0524 3620 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
17:59:01.0524 3620 ViaC7 - ok
17:59:01.0586 3620 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
17:59:01.0586 3620 viaide - ok
17:59:01.0805 3620 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:59:01.0805 3620 volmgr - ok
17:59:02.0054 3620 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:59:02.0054 3620 volmgrx - ok
17:59:02.0335 3620 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:59:02.0335 3620 volsnap - ok
17:59:02.0507 3620 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
17:59:02.0507 3620 vsmraid - ok
17:59:02.0585 3620 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:59:02.0585 3620 WacomPen - ok
17:59:02.0741 3620 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:59:02.0741 3620 Wanarp - ok
17:59:02.0787 3620 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:59:02.0787 3620 Wanarpv6 - ok
17:59:03.0037 3620 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
17:59:03.0037 3620 Wd - ok
17:59:03.0349 3620 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:59:03.0349 3620 Wdf01000 - ok
17:59:03.0614 3620 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
17:59:03.0614 3620 winachsf - ok
17:59:03.0848 3620 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:59:03.0848 3620 WmiAcpi - ok
17:59:04.0067 3620 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
17:59:04.0067 3620 WpdUsb - ok
17:59:04.0269 3620 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:59:04.0269 3620 ws2ifsl - ok
17:59:04.0363 3620 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:59:04.0379 3620 WUDFRd - ok
17:59:04.0441 3620 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
17:59:04.0441 3620 XAudio - ok
17:59:04.0472 3620 MBR (0x1B8) (85d751f0e41b8e520aee8c07a8da777b) \Device\Harddisk0\DR0
17:59:04.0503 3620 \Device\Harddisk0\DR0 - ok
17:59:04.0519 3620 Boot (0x1200) (92cb384172fc1c1a747f11c01837425f) \Device\Harddisk0\DR0\Partition0
17:59:04.0535 3620 \Device\Harddisk0\DR0\Partition0 - ok
17:59:04.0550 3620 Boot (0x1200) (dffb1487c0855251abe230550f50ce6e) \Device\Harddisk0\DR0\Partition1
17:59:04.0550 3620 \Device\Harddisk0\DR0\Partition1 - ok
17:59:04.0550 3620 ============================================================
17:59:04.0550 3620 Scan finished
17:59:04.0550 3620 ============================================================
17:59:04.0566 3604 Detected object count: 0
17:59:04.0566 3604 Actual detected object count: 0
18:01:31.0471 6120 ============================================================
18:01:31.0471 6120 Scan started
18:01:31.0471 6120 Mode: Manual; SigCheck; TDLFS;
18:01:31.0471 6120 ============================================================
18:01:32.0111 6120 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:01:32.0235 6120 ACPI - ok
18:01:32.0516 6120 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:01:32.0532 6120 adp94xx - ok
18:01:32.0703 6120 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:01:32.0735 6120 adpahci - ok
18:01:32.0984 6120 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:01:33.0000 6120 adpu160m - ok
18:01:33.0281 6120 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:01:33.0281 6120 adpu320 - ok
18:01:33.0577 6120 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:01:33.0671 6120 AFD - ok
18:01:33.0873 6120 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:01:33.0889 6120 agp440 - ok
18:01:34.0232 6120 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:01:34.0232 6120 aic78xx - ok
18:01:34.0622 6120 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
18:01:34.0638 6120 aliide - ok
18:01:35.0059 6120 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:01:35.0075 6120 amdagp - ok
18:01:35.0496 6120 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
18:01:35.0496 6120 amdide - ok
18:01:35.0917 6120 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:01:36.0057 6120 AmdK7 - ok
18:01:36.0463 6120 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
18:01:36.0541 6120 AmdK8 - ok
18:01:36.0806 6120 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:01:36.0822 6120 arc - ok
18:01:37.0290 6120 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:01:37.0305 6120 arcsas - ok
18:01:37.0602 6120 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:01:37.0680 6120 AsyncMac - ok
18:01:37.0945 6120 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:01:37.0961 6120 atapi - ok
18:01:38.0475 6120 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
18:01:38.0553 6120 athr - ok
18:01:38.0897 6120 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
18:01:38.0928 6120 AVGIDSDriver - ok
18:01:39.0365 6120 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
18:01:39.0380 6120 AVGIDSEH - ok
18:01:39.0521 6120 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
18:01:39.0521 6120 AVGIDSFilter - ok
18:01:39.0708 6120 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
18:01:39.0723 6120 AVGIDSShim - ok
18:01:40.0067 6120 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
18:01:40.0082 6120 Avgldx86 - ok
18:01:40.0503 6120 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
18:01:40.0503 6120 Avgmfx86 - ok
18:01:40.0581 6120 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
18:01:40.0597 6120 Avgrkx86 - ok
18:01:40.0940 6120 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
18:01:40.0956 6120 Avgtdix - ok
18:01:41.0268 6120 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
18:01:41.0549 6120 BCM43XV - ok
18:01:41.0845 6120 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:01:41.0923 6120 Beep - ok
18:01:42.0235 6120 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:01:42.0313 6120 blbdrive - ok
18:01:42.0594 6120 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:01:42.0656 6120 bowser - ok
18:01:42.0906 6120 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:01:43.0031 6120 BrFiltLo - ok
18:01:43.0296 6120 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:01:43.0358 6120 BrFiltUp - ok
18:01:43.0592 6120 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:01:43.0701 6120 Brserid - ok
18:01:44.0045 6120 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:01:44.0138 6120 BrSerWdm - ok
18:01:44.0559 6120 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:01:44.0637 6120 BrUsbMdm - ok
18:01:44.0949 6120 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:01:45.0043 6120 BrUsbSer - ok
18:01:45.0293 6120 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:01:45.0371 6120 BTHMODEM - ok
18:01:45.0573 6120 catchme - ok
18:01:45.0901 6120 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:01:45.0979 6120 cdfs - ok
18:01:45.0995 6120 cdrom - ok
18:01:46.0151 6120 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
18:01:46.0182 6120 circlass - ok
18:01:46.0213 6120 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:01:46.0229 6120 CLFS - ok
18:01:46.0556 6120 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:01:46.0634 6120 CmBatt - ok
18:01:46.0884 6120 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
18:01:46.0899 6120 cmdide - ok
18:01:47.0305 6120 CnxtHdAudService (dda0cb141150fef87419926790cd26c8) C:\Windows\system32\drivers\CHDRT32.sys
18:01:47.0352 6120 CnxtHdAudService - ok
18:01:47.0633 6120 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:01:47.0648 6120 Compbatt - ok
18:01:47.0991 6120 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:01:48.0007 6120 crcdisk - ok
18:01:48.0444 6120 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:01:48.0475 6120 Crusoe - ok
18:01:48.0849 6120 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:01:48.0912 6120 DfsC - ok
18:01:49.0193 6120 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:01:49.0208 6120 disk - ok
18:01:49.0364 6120 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
18:01:49.0411 6120 Dot4 - ok
18:01:49.0505 6120 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:01:49.0567 6120 Dot4Print - ok
18:01:49.0973 6120 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
18:01:50.0051 6120 dot4usb - ok
18:01:50.0456 6120 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:01:50.0519 6120 drmkaud - ok
18:01:50.0862 6120 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:01:50.0893 6120 DXGKrnl - ok
18:01:51.0127 6120 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:01:51.0158 6120 E1G60 - ok
18:01:51.0283 6120 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:01:51.0299 6120 Ecache - ok
18:01:51.0642 6120 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:01:51.0673 6120 elxstor - ok
18:01:51.0907 6120 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
18:01:51.0969 6120 ErrDev - ok
18:01:52.0235 6120 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:01:52.0281 6120 exfat - ok
18:01:52.0453 6120 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:01:52.0500 6120 fastfat - ok
18:01:52.0625 6120 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:01:52.0656 6120 fdc - ok
18:01:52.0937 6120 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:01:52.0937 6120 FileInfo - ok
18:01:53.0202 6120 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:01:53.0249 6120 Filetrace - ok
18:01:53.0405 6120 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:01:53.0451 6120 flpydisk - ok
18:01:53.0654 6120 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:01:53.0670 6120 FltMgr - ok
18:01:53.0919 6120 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:01:53.0982 6120 Fs_Rec - ok
18:01:54.0107 6120 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:01:54.0122 6120 gagp30kx - ok
18:01:54.0216 6120 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:01:54.0278 6120 HdAudAddService - ok
18:01:54.0575 6120 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:01:54.0621 6120 HDAudBus - ok
18:01:54.0731 6120 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:01:54.0824 6120 HidBth - ok
18:01:54.0840 6120 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:01:54.0887 6120 HidIr - ok
18:01:55.0074 6120 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:01:55.0136 6120 HidUsb - ok
18:01:55.0417 6120 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:01:55.0433 6120 HpCISSs - ok
18:01:55.0651 6120 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
18:01:55.0713 6120 HpqKbFiltr - ok
18:01:55.0916 6120 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
18:01:55.0979 6120 HSFHWAZL - ok
18:01:56.0213 6120 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:01:56.0275 6120 HSF_DPV - ok
18:01:56.0571 6120 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
18:01:56.0603 6120 HSXHWAZL - ok
18:01:56.0946 6120 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:01:57.0024 6120 HTTP - ok
18:01:57.0242 6120 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:01:57.0242 6120 i2omp - ok
18:01:57.0476 6120 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:01:57.0507 6120 i8042prt - ok
18:01:57.0570 6120 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:01:57.0585 6120 iaStorV - ok
18:01:57.0757 6120 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:01:57.0757 6120 iirsp - ok
18:01:58.0007 6120 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:01:58.0022 6120 intelide - ok
18:01:58.0241 6120 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:01:58.0272 6120 intelppm - ok
18:01:58.0350 6120 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:01:58.0428 6120 IpFilterDriver - ok
18:01:58.0475 6120 IpInIp - ok
18:01:58.0615 6120 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:01:58.0646 6120 IPMIDRV - ok
18:01:58.0865 6120 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:01:58.0927 6120 IPNAT - ok
18:01:59.0270 6120 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:01:59.0348 6120 IRENUM - ok
18:01:59.0723 6120 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:01:59.0738 6120 isapnp - ok
18:02:00.0144 6120 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:02:00.0159 6120 iScsiPrt - ok
18:02:00.0487 6120 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:02:00.0503 6120 iteatapi - ok
18:02:00.0846 6120 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:02:00.0861 6120 iteraid - ok
18:02:01.0205 6120 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:02:01.0220 6120 kbdclass - ok
18:02:01.0735 6120 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:02:01.0782 6120 kbdhid - ok
18:02:02.0156 6120 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
18:02:02.0172 6120 KSecDD - ok
18:02:02.0406 6120 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:02:02.0484 6120 lltdio - ok
18:02:02.0593 6120 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:02:02.0609 6120 LSI_FC - ok
18:02:02.0921 6120 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:02:02.0936 6120 LSI_SAS - ok
18:02:03.0311 6120 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:02:03.0326 6120 LSI_SCSI - ok
18:02:03.0763 6120 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:02:03.0857 6120 luafv - ok
18:02:04.0106 6120 MBAMSwissArmy - ok
18:02:04.0293 6120 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:02:04.0309 6120 mdmxsdk - ok
18:02:04.0730 6120 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:02:04.0746 6120 megasas - ok
18:02:05.0167 6120 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:02:05.0183 6120 MegaSR - ok
18:02:05.0417 6120 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:02:05.0479 6120 Modem - ok
18:02:05.0541 6120 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:02:05.0635 6120 monitor - ok
18:02:05.0994 6120 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:02:06.0009 6120 mouclass - ok
18:02:06.0259 6120 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:02:06.0306 6120 mouhid - ok
18:02:06.0321 6120 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:02:06.0337 6120 MountMgr - ok
18:02:06.0696 6120 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:02:06.0711 6120 mpio - ok
18:02:07.0101 6120 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:02:07.0179 6120 mpsdrv - ok
18:02:07.0523 6120 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:02:07.0538 6120 Mraid35x - ok
18:02:07.0803 6120 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:02:07.0866 6120 MRxDAV - ok
18:02:07.0913 6120 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:02:07.0975 6120 mrxsmb - ok
18:02:08.0318 6120 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:02:08.0349 6120 mrxsmb10 - ok
18:02:08.0538 6120 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:02:08.0600 6120 mrxsmb20 - ok
18:02:08.0631 6120 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
18:02:08.0631 6120 msahci - ok
18:02:08.0647 6120 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:02:08.0662 6120 msdsm - ok
18:02:09.0115 6120 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:02:09.0193 6120 Msfs - ok
18:02:09.0583 6120 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:02:09.0598 6120 msisadrv - ok
18:02:10.0035 6120 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:02:10.0113 6120 MSKSSRV - ok
18:02:10.0441 6120 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:02:10.0519 6120 MSPCLOCK - ok
18:02:10.0800 6120 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:02:10.0831 6120 MSPQM - ok
18:02:11.0236 6120 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:02:11.0252 6120 MsRPC - ok
18:02:11.0595 6120 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:02:11.0595 6120 mssmbios - ok
18:02:11.0704 6120 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:02:11.0767 6120 MSTEE - ok
18:02:12.0141 6120 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:02:12.0157 6120 Mup - ok
18:02:12.0718 6120 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:02:12.0765 6120 NativeWifiP - ok
18:02:13.0186 6120 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:02:13.0218 6120 NDIS - ok
18:02:13.0561 6120 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:02:13.0639 6120 NdisTapi - ok
18:02:13.0966 6120 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:02:13.0998 6120 Ndisuio - ok
18:02:14.0341 6120 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:02:14.0403 6120 NdisWan - ok
18:02:14.0762 6120 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:02:14.0778 6120 NDProxy - ok
18:02:15.0152 6120 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:02:15.0183 6120 NetBIOS - ok
18:02:15.0558 6120 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:02:15.0589 6120 netbt - ok
18:02:15.0854 6120 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:02:15.0870 6120 nfrd960 - ok
18:02:15.0963 6120 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:02:15.0994 6120 Npfs - ok
18:02:16.0088 6120 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:02:16.0150 6120 nsiproxy - ok
18:02:16.0322 6120 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:02:16.0369 6120 Ntfs - ok
18:02:16.0540 6120 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:02:16.0603 6120 ntrigdigi - ok
18:02:16.0884 6120 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:02:16.0930 6120 Null - ok
18:02:17.0133 6120 NVENETFD (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
18:02:17.0133 6120 NVENETFD - ok
18:02:17.0352 6120 NVHDA (b0dd52428bf564f5fc5ee331060be2a6) C:\Windows\system32\drivers\nvhda32v.sys
18:02:17.0367 6120 NVHDA - ok
18:02:18.0210 6120 nvlddmkm (9dac05d828e56801fd6ce5fdfced64af) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:02:18.0771 6120 nvlddmkm - ok
18:02:18.0990 6120 NVNET (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
18:02:19.0005 6120 NVNET - ok
18:02:19.0239 6120 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:02:19.0255 6120 nvraid - ok
18:02:19.0614 6120 nvsmu (0fb6bf3ab170fc5bd403d25e134eafde) C:\Windows\system32\DRIVERS\nvsmu.sys
18:02:19.0676 6120 nvsmu - ok
18:02:19.0816 6120 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:02:19.0832 6120 nvstor - ok
18:02:20.0206 6120 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:02:20.0206 6120 nv_agp - ok
18:02:20.0503 6120 NwlnkFlt - ok
18:02:20.0799 6120 NwlnkFwd - ok
18:02:21.0127 6120 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
18:02:21.0220 6120 ohci1394 - ok
18:02:21.0517 6120 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:02:21.0579 6120 Parport - ok
18:02:21.0969 6120 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:02:21.0985 6120 partmgr - ok
18:02:22.0344 6120 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:02:22.0390 6120 Parvdm - ok
18:02:22.0734 6120 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:02:22.0749 6120 pci - ok
18:02:23.0139 6120 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
18:02:23.0155 6120 pciide - ok
18:02:23.0514 6120 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:02:23.0529 6120 pcmcia - ok
18:02:24.0122 6120 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:02:24.0216 6120 PEAUTH - ok
18:02:24.0762 6120 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:02:24.0824 6120 PptpMiniport - ok
18:02:25.0276 6120 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
18:02:25.0354 6120 Processor - ok
18:02:25.0744 6120 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:02:25.0822 6120 PSched - ok
18:02:26.0462 6120 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:02:26.0571 6120 ql2300 - ok
18:02:26.0883 6120 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:02:26.0899 6120 ql40xx - ok
18:02:27.0398 6120 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:02:27.0492 6120 QWAVEdrv - ok
18:02:27.0866 6120 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:02:27.0897 6120 RasAcd - ok
18:02:28.0287 6120 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:02:28.0334 6120 Rasl2tp - ok
18:02:28.0880 6120 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:02:28.0896 6120 RasPppoe - ok
18:02:29.0442 6120 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:02:29.0442 6120 RasSstp - ok
18:02:30.0003 6120 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:02:30.0050 6120 rdbss - ok
18:02:30.0549 6120 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:02:30.0643 6120 RDPCDD - ok
18:02:31.0111 6120 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:02:31.0158 6120 rdpdr - ok
18:02:31.0719 6120 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:02:31.0797 6120 RDPENCDD - ok
18:02:32.0078 6120 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
18:02:32.0125 6120 RDPWD - ok
18:02:32.0577 6120 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:02:32.0671 6120 rspndr - ok
18:02:33.0139 6120 RTSTOR (b0538dea03e088b80482ca939f4e8740) C:\Windows\system32\drivers\RTSTOR.SYS
18:02:33.0186 6120 RTSTOR - ok
18:02:33.0388 6120 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:02:33.0388 6120 sbp2port - ok
18:02:33.0638 6120 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:02:33.0685 6120 secdrv - ok
18:02:33.0856 6120 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:02:33.0903 6120 Serenum - ok
18:02:34.0059 6120 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:02:34.0137 6120 Serial - ok
18:02:34.0324 6120 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:02:34.0387 6120 sermouse - ok
18:02:34.0512 6120 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:02:34.0574 6120 sffdisk - ok
18:02:34.0590 6120 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:02:34.0636 6120 sffp_mmc - ok
18:02:34.0808 6120 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:02:34.0839 6120 sffp_sd - ok
18:02:35.0011 6120 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:02:35.0073 6120 sfloppy - ok
18:02:35.0182 6120 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:02:35.0198 6120 sisagp - ok
18:02:35.0354 6120 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:02:35.0354 6120 SiSRaid2 - ok
18:02:35.0526 6120 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:02:35.0526 6120 SiSRaid4 - ok
18:02:35.0713 6120 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:02:35.0760 6120 Smb - ok
18:02:35.0900 6120 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:02:35.0916 6120 spldr - ok
18:02:35.0994 6120 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:02:36.0040 6120 srv - ok
18:02:36.0150 6120 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:02:36.0196 6120 srv2 - ok
18:02:36.0274 6120 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:02:36.0306 6120 srvnet - ok
18:02:36.0384 6120 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:02:36.0399 6120 swenum - ok
18:02:36.0508 6120 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:02:36.0524 6120 Symc8xx - ok
18:02:36.0727 6120 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:02:36.0727 6120 Sym_hi - ok
18:02:37.0070 6120 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:02:37.0086 6120 Sym_u3 - ok
18:02:37.0195 6120 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
18:02:37.0210 6120 SynTP - ok
18:02:37.0382 6120 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
18:02:37.0413 6120 Tcpip - ok
18:02:37.0554 6120 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
18:02:37.0663 6120 Tcpip6 - ok
18:02:37.0881 6120 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:02:37.0912 6120 tcpipreg - ok
18:02:38.0022 6120 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:02:38.0068 6120 TDPIPE - ok
18:02:38.0100 6120 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:02:38.0131 6120 TDTCP - ok
18:02:38.0240 6120 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:02:38.0271 6120 tdx - ok
18:02:38.0396 6120 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:02:38.0412 6120 TermDD - ok
18:02:38.0552 6120 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:02:38.0599 6120 tssecsrv - ok
18:02:38.0755 6120 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:02:38.0786 6120 tunmp - ok
18:02:38.0911 6120 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
18:02:38.0958 6120 tunnel - ok
18:02:39.0114 6120 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:02:39.0129 6120 uagp35 - ok
18:02:39.0223 6120 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:02:39.0254 6120 udfs - ok
18:02:39.0410 6120 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:02:39.0410 6120 uliagpkx - ok
18:02:39.0566 6120 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:02:39.0582 6120 uliahci - ok
18:02:39.0722 6120 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:02:39.0738 6120 UlSata - ok
18:02:39.0909 6120 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:02:39.0925 6120 ulsata2 - ok
18:02:40.0128 6120 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:02:40.0174 6120 umbus - ok
18:02:40.0315 6120 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:02:40.0330 6120 usbccgp - ok
18:02:40.0440 6120 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:02:40.0502 6120 usbcir - ok
18:02:40.0642 6120 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:02:40.0674 6120 usbehci - ok
18:02:40.0720 6120 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:02:40.0736 6120 usbhub - ok
18:02:40.0970 6120 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
18:02:41.0001 6120 usbohci - ok
18:02:41.0142 6120 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:02:41.0188 6120 usbprint - ok
18:02:41.0329 6120 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:02:41.0360 6120 usbscan - ok
18:02:41.0391 6120 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:02:41.0407 6120 USBSTOR - ok
18:02:41.0641 6120 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:02:41.0656 6120 usbuhci - ok
18:02:41.0844 6120 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:02:41.0890 6120 usbvideo - ok
18:02:42.0000 6120 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:02:42.0031 6120 vga - ok
18:02:42.0078 6120 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:02:42.0093 6120 VgaSave - ok
18:02:42.0343 6120 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:02:42.0343 6120 viaagp - ok
18:02:42.0514 6120 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:02:42.0546 6120 ViaC7 - ok
18:02:42.0780 6120 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
18:02:42.0795 6120 viaide - ok
18:02:42.0967 6120 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:02:42.0982 6120 volmgr - ok
18:02:43.0170 6120 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:02:43.0185 6120 volmgrx - ok
18:02:43.0466 6120 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:02:43.0482 6120 volsnap - ok
18:02:43.0638 6120 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:02:43.0653 6120 vsmraid - ok
18:02:43.0887 6120 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:02:43.0965 6120 WacomPen - ok
18:02:44.0106 6120 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:02:44.0152 6120 Wanarp - ok
18:02:44.0152 6120 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:02:44.0168 6120 Wanarpv6 - ok
18:02:44.0308 6120 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:02:44.0308 6120 Wd - ok
18:02:44.0527 6120 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:02:44.0558 6120 Wdf01000 - ok
18:02:44.0745 6120 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:02:44.0823 6120 winachsf - ok
18:02:45.0073 6120 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:02:45.0135 6120 WmiAcpi - ok
18:02:45.0354 6120 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:02:45.0400 6120 WpdUsb - ok
18:02:45.0603 6120 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:02:45.0634 6120 ws2ifsl - ok
18:02:45.0759 6120 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:02:45.0790 6120 WUDFRd - ok
18:02:45.0962 6120 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
18:02:45.0993 6120 XAudio - ok
18:02:46.0024 6120 MBR (0x1B8) (85d751f0e41b8e520aee8c07a8da777b) \Device\Harddisk0\DR0
18:02:46.0118 6120 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:02:46.0118 6120 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:02:46.0149 6120 Boot (0x1200) (92cb384172fc1c1a747f11c01837425f) \Device\Harddisk0\DR0\Partition0
18:02:46.0165 6120 \Device\Harddisk0\DR0\Partition0 - ok
18:02:46.0180 6120 Boot (0x1200) (dffb1487c0855251abe230550f50ce6e) \Device\Harddisk0\DR0\Partition1
18:02:46.0180 6120 \Device\Harddisk0\DR0\Partition1 - ok
18:02:46.0180 6120 ============================================================
18:02:46.0180 6120 Scan finished
18:02:46.0180 6120 ============================================================
18:02:46.0196 6104 Detected object count: 1
18:02:46.0196 6104 Actual detected object count: 1
18:03:20.0391 6104 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:03:20.0391 6104 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip





before you sent me the instructions i was being proactive and ran it with the clean option that obviously didnt help and its contents are below too:


17:53:54.0450 4240 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
17:53:54.0856 4240 ============================================================
17:53:54.0856 4240 Current date / time: 2011/12/01 17:53:54.0856
17:53:54.0856 4240 SystemInfo:
17:53:54.0856 4240
17:53:54.0856 4240 OS Version: 6.0.6002 ServicePack: 2.0
17:53:54.0856 4240 Product type: Workstation
17:53:54.0856 4240 ComputerName: TISHA
17:53:54.0856 4240 UserName: Owner
17:53:54.0856 4240 Windows directory: C:\Windows
17:53:54.0856 4240 System windows directory: C:\Windows
17:53:54.0856 4240 Processor architecture: Intel x86
17:53:54.0856 4240 Number of processors: 2
17:53:54.0856 4240 Page size: 0x1000
17:53:54.0856 4240 Boot type: Normal boot
17:53:54.0856 4240 ============================================================
17:53:55.0792 4240 Initialize success
17:54:09.0270 3308 ============================================================
17:54:09.0270 3308 Scan started
17:54:09.0270 3308 Mode: Manual;
17:54:09.0270 3308 ============================================================
17:54:09.0863 3308 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:54:09.0863 3308 ACPI - ok
17:54:10.0034 3308 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
17:54:10.0034 3308 adp94xx - ok
17:54:10.0206 3308 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
17:54:10.0206 3308 adpahci - ok
17:54:10.0346 3308 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
17:54:10.0346 3308 adpu160m - ok
17:54:10.0362 3308 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
17:54:10.0362 3308 adpu320 - ok
17:54:10.0534 3308 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:54:10.0534 3308 AFD - ok
17:54:10.0658 3308 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
17:54:10.0658 3308 agp440 - ok
17:54:10.0690 3308 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:54:10.0690 3308 aic78xx - ok
17:54:10.0705 3308 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
17:54:10.0705 3308 aliide - ok
17:54:10.0721 3308 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
17:54:10.0721 3308 amdagp - ok
17:54:10.0736 3308 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
17:54:10.0736 3308 amdide - ok
17:54:10.0768 3308 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
17:54:10.0768 3308 AmdK7 - ok
17:54:10.0924 3308 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
17:54:10.0924 3308 AmdK8 - ok
17:54:11.0095 3308 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
17:54:11.0095 3308 arc - ok
17:54:11.0236 3308 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
17:54:11.0251 3308 arcsas - ok
17:54:11.0392 3308 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:54:11.0392 3308 AsyncMac - ok
17:54:11.0579 3308 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:54:11.0579 3308 atapi - ok
17:54:11.0688 3308 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
17:54:11.0704 3308 athr - ok
17:54:11.0922 3308 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
17:54:11.0922 3308 AVGIDSDriver - ok
17:54:12.0078 3308 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
17:54:12.0078 3308 AVGIDSEH - ok
17:54:12.0234 3308 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
17:54:12.0234 3308 AVGIDSFilter - ok
17:54:12.0374 3308 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
17:54:12.0374 3308 AVGIDSShim - ok
17:54:12.0546 3308 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
17:54:12.0546 3308 Avgldx86 - ok
17:54:12.0749 3308 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
17:54:12.0749 3308 Avgmfx86 - ok
17:54:12.0920 3308 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
17:54:12.0920 3308 Avgrkx86 - ok
17:54:13.0076 3308 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
17:54:13.0092 3308 Avgtdix - ok
17:54:13.0279 3308 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
17:54:13.0295 3308 BCM43XV - ok
17:54:13.0435 3308 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:54:13.0435 3308 Beep - ok
17:54:13.0560 3308 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
17:54:13.0560 3308 blbdrive - ok
17:54:13.0622 3308 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:54:13.0622 3308 bowser - ok
17:54:13.0732 3308 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:54:13.0747 3308 BrFiltLo - ok
17:54:13.0778 3308 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:54:13.0778 3308 BrFiltUp - ok
17:54:13.0794 3308 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:54:13.0794 3308 Brserid - ok
17:54:13.0825 3308 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:54:13.0841 3308 BrSerWdm - ok
17:54:13.0856 3308 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:54:13.0856 3308 BrUsbMdm - ok
17:54:13.0997 3308 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:54:13.0997 3308 BrUsbSer - ok
17:54:14.0153 3308 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:54:14.0153 3308 BTHMODEM - ok
17:54:14.0215 3308 catchme - ok
17:54:14.0324 3308 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:54:14.0324 3308 cdfs - ok
17:54:14.0340 3308 cdrom - ok
17:54:14.0371 3308 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
17:54:14.0371 3308 circlass - ok
17:54:14.0402 3308 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:54:14.0418 3308 CLFS - ok
17:54:14.0590 3308 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
17:54:14.0590 3308 CmBatt - ok
17:54:14.0683 3308 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
17:54:14.0683 3308 cmdide - ok
17:54:14.0730 3308 CnxtHdAudService (dda0cb141150fef87419926790cd26c8) C:\Windows\system32\drivers\CHDRT32.sys
17:54:14.0730 3308 CnxtHdAudService - ok
17:54:14.0777 3308 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
17:54:14.0777 3308 Compbatt - ok
17:54:14.0964 3308 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
17:54:14.0964 3308 crcdisk - ok
17:54:15.0042 3308 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
17:54:15.0042 3308 Crusoe - ok
17:54:15.0073 3308 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:54:15.0089 3308 DfsC - ok
17:54:15.0151 3308 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:54:15.0151 3308 disk - ok
17:54:15.0323 3308 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
17:54:15.0323 3308 Dot4 - ok
17:54:15.0401 3308 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:54:15.0401 3308 Dot4Print - ok
17:54:15.0432 3308 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
17:54:15.0448 3308 dot4usb - ok
17:54:15.0541 3308 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:54:15.0541 3308 drmkaud - ok
17:54:15.0650 3308 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:54:15.0666 3308 DXGKrnl - ok
17:54:15.0760 3308 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:54:15.0760 3308 E1G60 - ok
17:54:15.0838 3308 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:54:15.0838 3308 Ecache - ok
17:54:15.0962 3308 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
17:54:15.0962 3308 elxstor - ok
17:54:16.0009 3308 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
17:54:16.0009 3308 ErrDev - ok
17:54:16.0087 3308 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:54:16.0087 3308 exfat - ok
17:54:16.0165 3308 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:54:16.0165 3308 fastfat - ok
17:54:16.0228 3308 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
17:54:16.0228 3308 fdc - ok
17:54:16.0274 3308 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:54:16.0274 3308 FileInfo - ok
17:54:16.0352 3308 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:54:16.0352 3308 Filetrace - ok
17:54:16.0384 3308 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:54:16.0384 3308 flpydisk - ok
17:54:16.0415 3308 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:54:16.0415 3308 FltMgr - ok
17:54:16.0540 3308 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
17:54:16.0540 3308 Fs_Rec - ok
17:54:16.0602 3308 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
17:54:16.0602 3308 gagp30kx - ok
17:54:16.0664 3308 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
17:54:16.0664 3308 HdAudAddService - ok
17:54:16.0742 3308 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:54:16.0742 3308 HDAudBus - ok
17:54:16.0883 3308 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:54:16.0883 3308 HidBth - ok
17:54:17.0039 3308 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:54:17.0039 3308 HidIr - ok
17:54:17.0117 3308 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
17:54:17.0117 3308 HidUsb - ok
17:54:17.0164 3308 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
17:54:17.0164 3308 HpCISSs - ok
17:54:17.0335 3308 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
17:54:17.0335 3308 HpqKbFiltr - ok
17:54:17.0460 3308 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
17:54:17.0460 3308 HSFHWAZL - ok
17:54:17.0522 3308 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
17:54:17.0538 3308 HSF_DPV - ok
17:54:17.0694 3308 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
17:54:17.0694 3308 HSXHWAZL - ok
17:54:17.0756 3308 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
17:54:17.0756 3308 HTTP - ok
17:54:17.0912 3308 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
17:54:17.0912 3308 i2omp - ok
17:54:18.0100 3308 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:54:18.0100 3308 i8042prt - ok
17:54:18.0162 3308 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
17:54:18.0162 3308 iaStorV - ok
17:54:18.0193 3308 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:54:18.0193 3308 iirsp - ok
17:54:18.0209 3308 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
17:54:18.0224 3308 intelide - ok
17:54:18.0256 3308 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
17:54:18.0256 3308 intelppm - ok
17:54:18.0287 3308 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:54:18.0287 3308 IpFilterDriver - ok
17:54:18.0365 3308 IpInIp - ok
17:54:18.0427 3308 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
17:54:18.0427 3308 IPMIDRV - ok
17:54:18.0458 3308 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:54:18.0458 3308 IPNAT - ok
17:54:18.0490 3308 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:54:18.0490 3308 IRENUM - ok
17:54:18.0521 3308 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
17:54:18.0521 3308 isapnp - ok
17:54:18.0661 3308 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:54:18.0661 3308 iScsiPrt - ok
17:54:18.0770 3308 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:54:18.0770 3308 iteatapi - ok
17:54:18.0770 3308 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:54:18.0770 3308 iteraid - ok
17:54:18.0802 3308 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:54:18.0802 3308 kbdclass - ok
17:54:18.0833 3308 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
17:54:18.0848 3308 kbdhid - ok
17:54:19.0036 3308 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
17:54:19.0036 3308 KSecDD - ok
17:54:19.0176 3308 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:54:19.0192 3308 lltdio - ok
17:54:19.0223 3308 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
17:54:19.0223 3308 LSI_FC - ok
17:54:19.0394 3308 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
17:54:19.0441 3308 LSI_SAS - ok
17:54:19.0582 3308 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
17:54:19.0597 3308 LSI_SCSI - ok
17:54:19.0675 3308 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:54:19.0675 3308 luafv - ok
17:54:19.0738 3308 MBAMSwissArmy - ok
17:54:19.0816 3308 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:54:19.0816 3308 mdmxsdk - ok
17:54:19.0894 3308 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
17:54:19.0894 3308 megasas - ok
17:54:19.0940 3308 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
17:54:19.0940 3308 MegaSR - ok
17:54:19.0956 3308 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:54:19.0956 3308 Modem - ok
17:54:20.0003 3308 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:54:20.0003 3308 monitor - ok
17:54:20.0081 3308 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:54:20.0081 3308 mouclass - ok
17:54:20.0112 3308 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:54:20.0112 3308 mouhid - ok
17:54:20.0128 3308 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:54:20.0128 3308 MountMgr - ok
17:54:20.0143 3308 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
17:54:20.0143 3308 mpio - ok
17:54:20.0190 3308 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:54:20.0190 3308 mpsdrv - ok
17:54:20.0206 3308 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:54:20.0206 3308 Mraid35x - ok
17:54:20.0299 3308 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:54:20.0299 3308 MRxDAV - ok
17:54:20.0315 3308 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:54:20.0330 3308 mrxsmb - ok
17:54:20.0362 3308 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:54:20.0377 3308 mrxsmb10 - ok
17:54:20.0408 3308 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:54:20.0408 3308 mrxsmb20 - ok
17:54:20.0455 3308 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
17:54:20.0455 3308 msahci - ok
17:54:20.0596 3308 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
17:54:20.0596 3308 msdsm - ok
17:54:20.0705 3308 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:54:20.0720 3308 Msfs - ok
17:54:20.0752 3308 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:54:20.0752 3308 msisadrv - ok
17:54:20.0814 3308 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:54:20.0814 3308 MSKSSRV - ok
17:54:20.0876 3308 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:54:20.0876 3308 MSPCLOCK - ok
17:54:20.0986 3308 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:54:20.0986 3308 MSPQM - ok
17:54:21.0126 3308 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:54:21.0126 3308 MsRPC - ok
17:54:21.0282 3308 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:54:21.0282 3308 mssmbios - ok
17:54:21.0438 3308 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:54:21.0438 3308 MSTEE - ok
17:54:21.0516 3308 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:54:21.0532 3308 Mup - ok
17:54:21.0594 3308 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:54:21.0594 3308 NativeWifiP - ok
17:54:21.0656 3308 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:54:21.0672 3308 NDIS - ok
17:54:21.0766 3308 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:54:21.0766 3308 NdisTapi - ok
17:54:21.0812 3308 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:54:21.0812 3308 Ndisuio - ok
17:54:21.0844 3308 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:54:21.0844 3308 NdisWan - ok
17:54:21.0875 3308 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:54:21.0875 3308 NDProxy - ok
17:54:22.0062 3308 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:54:22.0078 3308 NetBIOS - ok
17:54:22.0187 3308 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
17:54:22.0187 3308 netbt - ok
17:54:22.0202 3308 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:54:22.0202 3308 nfrd960 - ok
17:54:22.0234 3308 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:54:22.0234 3308 Npfs - ok
17:54:22.0265 3308 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:54:22.0265 3308 nsiproxy - ok
17:54:22.0327 3308 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:54:22.0327 3308 Ntfs - ok
17:54:22.0436 3308 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:54:22.0436 3308 ntrigdigi - ok
17:54:22.0468 3308 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:54:22.0468 3308 Null - ok
17:54:22.0514 3308 NVENETFD (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
17:54:22.0530 3308 NVENETFD - ok
17:54:22.0686 3308 NVHDA (b0dd52428bf564f5fc5ee331060be2a6) C:\Windows\system32\drivers\nvhda32v.sys
17:54:22.0686 3308 NVHDA - ok
17:54:23.0045 3308 nvlddmkm (9dac05d828e56801fd6ce5fdfced64af) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:54:23.0263 3308 nvlddmkm - ok
17:54:23.0404 3308 NVNET (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
17:54:23.0419 3308 NVNET - ok
17:54:23.0466 3308 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
17:54:23.0466 3308 nvraid - ok
17:54:23.0575 3308 nvsmu (0fb6bf3ab170fc5bd403d25e134eafde) C:\Windows\system32\DRIVERS\nvsmu.sys
17:54:23.0575 3308 nvsmu - ok
17:54:23.0591 3308 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
17:54:23.0591 3308 nvstor - ok
17:54:23.0638 3308 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
17:54:23.0638 3308 nv_agp - ok
17:54:23.0653 3308 NwlnkFlt - ok
17:54:23.0669 3308 NwlnkFwd - ok
17:54:23.0716 3308 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
17:54:23.0716 3308 ohci1394 - ok
17:54:23.0856 3308 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:54:23.0856 3308 Parport - ok
17:54:23.0903 3308 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
17:54:23.0903 3308 partmgr - ok
17:54:23.0918 3308 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:54:23.0918 3308 Parvdm - ok
17:54:23.0965 3308 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:54:23.0965 3308 pci - ok
17:54:24.0106 3308 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
17:54:24.0106 3308 pciide - ok
17:54:24.0231 3308 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:54:24.0263 3308 pcmcia - ok
17:54:24.0434 3308 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:54:24.0450 3308 PEAUTH - ok
17:54:24.0653 3308 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:54:24.0653 3308 PptpMiniport - ok
17:54:24.0731 3308 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
17:54:24.0731 3308 Processor - ok
17:54:24.0793 3308 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:54:24.0793 3308 PSched - ok
17:54:24.0871 3308 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
17:54:24.0887 3308 ql2300 - ok
17:54:25.0043 3308 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:54:25.0043 3308 ql40xx - ok
17:54:25.0214 3308 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:54:25.0214 3308 QWAVEdrv - ok
17:54:25.0355 3308 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:54:25.0355 3308 RasAcd - ok
17:54:25.0464 3308 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:54:25.0464 3308 Rasl2tp - ok
17:54:25.0526 3308 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:54:25.0526 3308 RasPppoe - ok
17:54:25.0542 3308 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:54:25.0542 3308 RasSstp - ok
17:54:25.0698 3308 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:54:25.0698 3308 rdbss - ok
17:54:25.0791 3308 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:54:25.0791 3308 RDPCDD - ok
17:54:25.0838 3308 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
17:54:25.0838 3308 rdpdr - ok
17:54:25.0854 3308 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:54:25.0854 3308 RDPENCDD - ok
17:54:25.0901 3308 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
17:54:25.0901 3308 RDPWD - ok
17:54:26.0119 3308 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:54:26.0119 3308 rspndr - ok
17:54:26.0259 3308 RTSTOR (b0538dea03e088b80482ca939f4e8740) C:\Windows\system32\drivers\RTSTOR.SYS
17:54:26.0259 3308 RTSTOR - ok
17:54:26.0431 3308 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:54:26.0431 3308 sbp2port - ok
17:54:26.0603 3308 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:54:26.0603 3308 secdrv - ok
17:54:26.0759 3308 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
17:54:26.0759 3308 Serenum - ok
17:54:26.0868 3308 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:54:26.0868 3308 Serial - ok
17:54:26.0899 3308 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:54:26.0899 3308 sermouse - ok
17:54:26.0946 3308 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
17:54:26.0946 3308 sffdisk - ok
17:54:26.0961 3308 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
17:54:26.0961 3308 sffp_mmc - ok
17:54:27.0102 3308 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
17:54:27.0102 3308 sffp_sd - ok
17:54:27.0258 3308 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:54:27.0258 3308 sfloppy - ok
17:54:27.0398 3308 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
17:54:27.0398 3308 sisagp - ok
17:54:27.0476 3308 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
17:54:27.0476 3308 SiSRaid2 - ok
17:54:27.0507 3308 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
17:54:27.0507 3308 SiSRaid4 - ok
17:54:27.0554 3308 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:54:27.0554 3308 Smb - ok
17:54:27.0601 3308 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:54:27.0601 3308 spldr - ok
17:54:27.0741 3308 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:54:27.0741 3308 srv - ok
17:54:27.0866 3308 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:54:27.0866 3308 srv2 - ok
17:54:27.0913 3308 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:54:27.0913 3308 srvnet - ok
17:54:27.0991 3308 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:54:27.0991 3308 swenum - ok
17:54:28.0100 3308 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:54:28.0100 3308 Symc8xx - ok
17:54:28.0163 3308 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:54:28.0163 3308 Sym_hi - ok
17:54:28.0272 3308 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:54:28.0272 3308 Sym_u3 - ok
17:54:28.0428 3308 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
17:54:28.0428 3308 SynTP - ok
17:54:28.0568 3308 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
17:54:28.0584 3308 Tcpip - ok
17:54:28.0693 3308 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
17:54:28.0709 3308 Tcpip6 - ok
17:54:28.0802 3308 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
17:54:28.0802 3308 tcpipreg - ok
17:54:28.0865 3308 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:54:28.0865 3308 TDPIPE - ok
17:54:28.0896 3308 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:54:28.0896 3308 TDTCP - ok
17:54:28.0943 3308 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:54:28.0943 3308 tdx - ok
17:54:29.0099 3308 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:54:29.0099 3308 TermDD - ok
17:54:29.0255 3308 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:54:29.0255 3308 tssecsrv - ok
17:54:29.0411 3308 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:54:29.0411 3308 tunmp - ok
17:54:29.0520 3308 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
17:54:29.0520 3308 tunnel - ok
17:54:29.0551 3308 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
17:54:29.0551 3308 uagp35 - ok
17:54:29.0582 3308 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:54:29.0598 3308 udfs - ok
17:54:29.0613 3308 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
17:54:29.0613 3308 uliagpkx - ok
17:54:29.0676 3308 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
17:54:29.0676 3308 uliahci - ok
17:54:29.0801 3308 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:54:29.0801 3308 UlSata - ok
17:54:29.0863 3308 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:54:29.0863 3308 ulsata2 - ok
17:54:29.0879 3308 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:54:29.0879 3308 umbus - ok
17:54:29.0910 3308 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:54:29.0925 3308 usbccgp - ok
17:54:29.0941 3308 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:54:29.0941 3308 usbcir - ok
17:54:30.0003 3308 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:54:30.0003 3308 usbehci - ok
17:54:30.0175 3308 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:54:30.0175 3308 usbhub - ok
17:54:30.0331 3308 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
17:54:30.0331 3308 usbohci - ok
17:54:30.0487 3308 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:54:30.0487 3308 usbprint - ok
17:54:30.0565 3308 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
17:54:30.0565 3308 usbscan - ok
17:54:30.0627 3308 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:54:30.0627 3308 USBSTOR - ok
17:54:30.0643 3308 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
17:54:30.0659 3308 usbuhci - ok
17:54:30.0705 3308 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
17:54:30.0705 3308 usbvideo - ok
17:54:30.0877 3308 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
17:54:30.0877 3308 vga - ok
17:54:30.0955 3308 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:54:30.0955 3308 VgaSave - ok
17:54:30.0986 3308 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
17:54:30.0986 3308 viaagp - ok
17:54:31.0033 3308 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
17:54:31.0033 3308 ViaC7 - ok
17:54:31.0049 3308 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
17:54:31.0049 3308 viaide - ok
17:54:31.0236 3308 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:54:31.0236 3308 volmgr - ok
17:54:31.0392 3308 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:54:31.0392 3308 volmgrx - ok
17:54:31.0548 3308 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:54:31.0548 3308 volsnap - ok
17:54:31.0719 3308 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
17:54:31.0719 3308 vsmraid - ok
17:54:31.0891 3308 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:54:31.0891 3308 WacomPen - ok
17:54:32.0078 3308 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:54:32.0078 3308 Wanarp - ok
17:54:32.0078 3308 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:54:32.0078 3308 Wanarpv6 - ok
17:54:32.0109 3308 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
17:54:32.0125 3308 Wd - ok
17:54:32.0187 3308 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:54:32.0187 3308 Wdf01000 - ok
17:54:32.0359 3308 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
17:54:32.0375 3308 winachsf - ok
17:54:32.0546 3308 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:54:32.0546 3308 WmiAcpi - ok
17:54:32.0718 3308 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
17:54:32.0718 3308 WpdUsb - ok
17:54:32.0874 3308 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:54:32.0889 3308 ws2ifsl - ok
17:54:33.0045 3308 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:54:33.0045 3308 WUDFRd - ok
17:54:33.0092 3308 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
17:54:33.0108 3308 XAudio - ok
17:54:33.0123 3308 MBR (0x1B8) (0f3b3ca2a559b59f5dab39e15f4346ed) \Device\Harddisk0\DR0
17:54:33.0123 3308 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
17:54:33.0123 3308 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
17:54:33.0123 3308 Boot (0x1200) (92cb384172fc1c1a747f11c01837425f) \Device\Harddisk0\DR0\Partition0
17:54:33.0123 3308 \Device\Harddisk0\DR0\Partition0 - ok
17:54:33.0155 3308 Boot (0x1200) (dffb1487c0855251abe230550f50ce6e) \Device\Harddisk0\DR0\Partition1
17:54:33.0155 3308 \Device\Harddisk0\DR0\Partition1 - ok
17:54:33.0155 3308 ============================================================
17:54:33.0155 3308 Scan finished
17:54:33.0155 3308 ============================================================
17:54:33.0170 2224 Detected object count: 1
17:54:33.0170 2224 Actual detected object count: 1
17:55:09.0659 2224 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
17:55:09.0659 2224 \Device\Harddisk0\DR0 - ok
17:55:09.0659 2224 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
17:55:14.0495 4372 Deinitialize success
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now re-run aswMBR please

And then this small programme

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#9
wholeteam

wholeteam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
MBR Check results pasted below and log file from ASWMBR
S\
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G60 Notebook PC
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 195):
0x81E1E000 \SystemRoot\system32\ntkrnlpa.exe
0x821D8000 \SystemRoot\system32\hal.dll
0x8060B000 \SystemRoot\system32\kdcom.dll
0x80612000 \SystemRoot\system32\PSHED.dll
0x80623000 \SystemRoot\system32\BOOTVID.dll
0x8062B000 \SystemRoot\system32\CLFS.SYS
0x8066C000 \SystemRoot\system32\CI.dll
0x8074C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x807C8000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x89C0D000 \SystemRoot\system32\drivers\acpi.sys
0x89C53000 \SystemRoot\system32\drivers\WMILIB.SYS
0x89C5C000 \SystemRoot\system32\drivers\msisadrv.sys
0x89C64000 \SystemRoot\system32\drivers\pci.sys
0x89C8B000 \SystemRoot\system32\drivers\isapnp.sys
0x89C9A000 \SystemRoot\system32\drivers\mpio.sys
0x89CB6000 \SystemRoot\System32\drivers\partmgr.sys
0x89CC5000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x89CC8000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x89CD2000 \SystemRoot\system32\drivers\volmgr.sys
0x89CE1000 \SystemRoot\System32\drivers\volmgrx.sys
0x89D2B000 \SystemRoot\system32\drivers\intelide.sys
0x89D32000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x89D40000 \SystemRoot\system32\drivers\pciide.sys
0x89D47000 \SystemRoot\system32\drivers\aliide.sys
0x89D4E000 \SystemRoot\system32\drivers\amdide.sys
0x89D55000 \SystemRoot\system32\drivers\cmdide.sys
0x89D5D000 \SystemRoot\System32\drivers\mountmgr.sys
0x89D6D000 \SystemRoot\system32\drivers\msdsm.sys
0x89D87000 \SystemRoot\system32\drivers\nvraid.sys
0x89DA2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x89DC3000 \SystemRoot\system32\drivers\viaide.sys
0x89E02000 \SystemRoot\system32\drivers\iastorv.sys
0x89EA3000 \SystemRoot\system32\drivers\atapi.sys
0x89EAB000 \SystemRoot\system32\drivers\ataport.SYS
0x89EC9000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x89EE3000 \SystemRoot\system32\drivers\storport.sys
0x89F24000 \SystemRoot\system32\drivers\nvstor.sys
0x89F31000 \SystemRoot\system32\drivers\hpcisss.sys
0x89F3C000 \SystemRoot\system32\drivers\adp94xx.sys
0x89FA6000 \SystemRoot\system32\drivers\adpahci.sys
0x89DCB000 \SystemRoot\system32\drivers\adpu160m.sys
0x807D5000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x8A004000 \SystemRoot\system32\drivers\adpu320.sys
0x8A02A000 \SystemRoot\system32\drivers\djsvs.sys
0x8A03E000 \SystemRoot\system32\drivers\arc.sys
0x8A054000 \SystemRoot\system32\drivers\arcsas.sys
0x8A06A000 \SystemRoot\system32\drivers\elxstor.sys
0x8A0FE000 \SystemRoot\system32\drivers\i2omp.sys
0x8A108000 \SystemRoot\system32\drivers\iirsp.sys
0x8A118000 \SystemRoot\system32\drivers\iteatapi.sys
0x8A124000 \SystemRoot\system32\drivers\iteraid.sys
0x8A130000 \SystemRoot\system32\drivers\lsi_fc.sys
0x8A14A000 \SystemRoot\system32\drivers\lsi_sas.sys
0x8A162000 \SystemRoot\system32\drivers\megasas.sys
0x8A204000 \SystemRoot\system32\drivers\megasr.sys
0x8A2BB000 \SystemRoot\system32\drivers\mraid35x.sys
0x8A2C6000 \SystemRoot\system32\drivers\msahci.sys
0x8A2D0000 \SystemRoot\system32\drivers\nfrd960.sys
0x8A407000 \SystemRoot\system32\drivers\ql2300.sys
0x8A53F000 \SystemRoot\system32\drivers\ql40xx.sys
0x8A594000 \SystemRoot\system32\drivers\sisraid2.sys
0x8A5A1000 \SystemRoot\system32\drivers\sisraid4.sys
0x8A5B6000 \SystemRoot\system32\drivers\symc8xx.sys
0x8A5C2000 \SystemRoot\system32\drivers\sym_hi.sys
0x8A5CD000 \SystemRoot\system32\drivers\sym_u3.sys
0x8A2DE000 \SystemRoot\system32\drivers\uliahci.sys
0x8A5D8000 \SystemRoot\system32\drivers\ulsata.sys
0x8A31A000 \SystemRoot\system32\drivers\ulsata2.sys
0x8A346000 \SystemRoot\system32\drivers\vsmraid.sys
0x8A367000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A399000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A16C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A60F000 \SystemRoot\system32\drivers\ndis.sys
0x8A71A000 \SystemRoot\system32\drivers\msrpc.sys
0x8A745000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A808000 \SystemRoot\System32\drivers\tcpip.sys
0x8A8F2000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AA09000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AB19000 \SystemRoot\system32\drivers\wd.sys
0x8AB21000 \SystemRoot\system32\drivers\volsnap.sys
0x8AB5A000 \SystemRoot\System32\Drivers\spldr.sys
0x8AB62000 \SystemRoot\system32\drivers\sbp2port.sys
0x8AB77000 \SystemRoot\System32\Drivers\mup.sys
0x8AB86000 \SystemRoot\System32\drivers\ecache.sys
0x8ABAD000 \SystemRoot\system32\drivers\disk.sys
0x8ABBE000 \SystemRoot\system32\drivers\crcdisk.sys
0x8ABC7000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x8ABCE000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x8ABF2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8AA00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A90D000 \SystemRoot\system32\DRIVERS\processr.sys
0x8A91C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8A925000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8A938000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8A93D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8A948000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8ABFD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8A978000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8A983000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8A987000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8A98F000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8A999000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A9D7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E20A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E297000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8E60E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8EF65000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8E2DD000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EF67000 \SystemRoot\System32\drivers\watchdog.sys
0x8F00D000 \SystemRoot\system32\DRIVERS\athr.sys
0x8F0F1000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F120000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F12B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F142000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F14D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F170000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F17F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F193000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F1A8000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F1B8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F1BA000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F1E4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F1EE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8EF73000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8EFA8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8EFB9000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8E37D000 \SystemRoot\system32\drivers\portcls.sys
0x8E3AA000 \SystemRoot\system32\drivers\drmk.sys
0x8A780000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8F404000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8F507000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8F5BC000 \SystemRoot\system32\drivers\modem.sys
0x8F5C9000 \SystemRoot\system32\drivers\nvhda32v.sys
0x8F5D7000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8E3CF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8A7BE000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8F5EA000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x8F5F7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F000000 \SystemRoot\System32\Drivers\Null.SYS
0x8EFF4000 \SystemRoot\System32\Drivers\Beep.SYS
0x8E3E6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8E600000 \SystemRoot\System32\drivers\vga.sys
0x8A7DF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8E3ED000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8E3F5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8A9E6000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8A9F1000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8E200000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8A3A9000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8A3BF000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F604000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x8F64B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F67D000 \SystemRoot\system32\drivers\afd.sys
0x8F6C5000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8F6CE000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F6E4000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F6F2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F705000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F741000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F74B000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F762000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x8F799000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F7A6000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8F7B1000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x98820000 \SystemRoot\System32\win32k.sys
0x8F7B9000 \SystemRoot\System32\drivers\Dxapi.sys
0x8F7C3000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98A40000 \SystemRoot\System32\TSDDD.dll
0x98A60000 \SystemRoot\System32\cdd.dll
0x8F7D2000 \SystemRoot\system32\drivers\luafv.sys
0x9D809000 \SystemRoot\system32\drivers\spsys.sys
0x9D8B9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9D8C9000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9D8F3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9D8FD000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9D910000 \SystemRoot\system32\drivers\HTTP.sys
0x9D97D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9D99A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9D9B3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9D9C8000 \SystemRoot\system32\drivers\mrxdav.sys
0x8ABD2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9EA07000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9EA40000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9EA58000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9EA80000 \SystemRoot\System32\DRIVERS\srv.sys
0x9EAE7000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0x9EAEA000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9EAEE000 \SystemRoot\system32\drivers\peauth.sys
0x9EBCC000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9EBD6000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9EBE2000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9EBEA000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0x8A3D3000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0x9EBEF000 \??\C:\Users\Owner\AppData\Local\Temp\aswMBR.sys
0x77750000 \WINDOWS\System32\ntdll.dll

Processes (total 59):
0 System Idle Process
4 System
8080 C:\WINDOWS\System32\smss.exe
8112 C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
8144 C:\Program Files\AVG\AVG2012\avgcsrvx.exe
7560 csrss.exe
7440 C:\WINDOWS\System32\wininit.exe
7416 csrss.exe
7352 C:\WINDOWS\System32\services.exe
7328 C:\WINDOWS\System32\lsass.exe
7304 C:\WINDOWS\System32\lsm.exe
6992 C:\WINDOWS\System32\svchost.exe
6904 C:\WINDOWS\System32\nvvsvc.exe
6848 C:\WINDOWS\System32\svchost.exe
6600 C:\WINDOWS\System32\svchost.exe
6544 C:\WINDOWS\System32\svchost.exe
6504 C:\WINDOWS\System32\svchost.exe
6352 C:\WINDOWS\System32\winlogon.exe
6256 C:\WINDOWS\System32\audiodg.exe
6152 C:\WINDOWS\System32\svchost.exe
6108 C:\WINDOWS\System32\SLsvc.exe
6044 C:\WINDOWS\System32\svchost.exe
5692 C:\WINDOWS\System32\svchost.exe
5516 C:\WINDOWS\System32\nvvsvc.exe
5172 C:\WINDOWS\System32\wlanext.exe
4972 C:\WINDOWS\System32\spoolsv.exe
4844 C:\WINDOWS\System32\svchost.exe
4444 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
4364 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
4300 C:\Program Files\Bonjour\mDNSResponder.exe
4220 C:\WINDOWS\System32\svchost.exe
4108 C:\WINDOWS\System32\svchost.exe
3800 C:\WINDOWS\System32\svchost.exe
3704 C:\WINDOWS\System32\svchost.exe
3568 C:\WINDOWS\SMINST\BLService.exe
3440 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
3368 C:\WINDOWS\System32\svchost.exe
3040 C:\Program Files\Viewpoint\Common\ViewpointService.exe
2968 C:\WINDOWS\System32\svchost.exe
2896 C:\WINDOWS\System32\SearchIndexer.exe
2808 C:\WINDOWS\System32\drivers\XAudio.exe
2712 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2208 C:\Program Files\AVG\AVG2012\avgnsx.exe
1792 C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
1232 C:\WINDOWS\System32\taskeng.exe
544 C:\WINDOWS\System32\dwm.exe
464 C:\WINDOWS\System32\taskeng.exe
388 C:\WINDOWS\explorer.exe
996 C:\Program Files\Windows Media Player\wmpnscfg.exe
2652 C:\Program Files\Windows Media Player\wmpnetwk.exe
4012 C:\Program Files\Mozilla Firefox\firefox.exe
4856 C:\WINDOWS\System32\svchost.exe
4904 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
5888 C:\WINDOWS\System32\wuauclt.exe
7916 C:\WINDOWS\System32\mmc.exe
652 C:\WINDOWS\System32\notepad.exe
7164 C:\WINDOWS\System32\SearchProtocolHost.exe
4180 C:\WINDOWS\System32\SearchFilterHost.exe
1248 C:\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000022`cc600000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS543216L9A300, Rev: FB2OC44C

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 08F21ADD893776C287CC68A3558F8D095B50ED3C


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Attached Files


  • 0

#10
wholeteam

wholeteam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
latest steps I have now booted up into the recovery mode and did a bootrec /fixmbr and now into Vista, re-running Malwarbytes and also running the ASWMBR and attaching the log file here again

As of now my executables are still jacked but I saw the registry entry that keeps getting modified that is making the executables not work..i'll do a combofix in a second as a 2nd chance

Attached Files


Edited by wholeteam, 02 December 2011 - 09:30 AM.

  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Allow combofix to update and I will have a shufti at the drivers
  • 0

#12
wholeteam

wholeteam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
one thing i have noticed my last few times of running ocmbofix is that it is hanging on Step 50, i have to go into the processes and i always see 2 of the 3xe files that are the same i have to end one of the tasks and it will tne proceed, and sometimes the log will generate or sit forever and i have to end another duplicate 3xe task and then the log is created successfully. nonetheless after all these fixes the executables still keep getting scrambled up and the machine reinfects.
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK scrub the combofix run - I will go for some deeper looks

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
Megaupload
  • 0

#14
wholeteam

wholeteam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Ok i have finally done both of these and have attached them

Attached Files


  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks good - all the infections were in the restore point... What problems do you have at the moment ?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP