Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Rootkit: hidden boot-sector: PC freezes trying to remove

Started by 750steve , Feb 10 2012 08:02 PM

  • This topic is locked This topic is locked

#16
oldman960
Posted 12 February 2012 - 02:23 AM

oldman960

    Trusted Helper

  • Malware Removal
  • 123 posts
Hi 750steve,

Ok that part of the fix went ok. Does the computer boot properly now?

Avast may have detected the remnants of the infection we just removed. Those remnants will be removed shortly.

You should be able to use the computer now to downoad tools.

Let's see what else is there

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

Advertisements

#17
750steve
Posted 12 February 2012 - 05:12 AM

750steve

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Good Morning Oldman. Thanks for coming back to me again.

*edit* Yes my sick PC boots up properly now & im using it to post here!! Yeeeeeehhaaaaaaaa!!

TDSSKiller Log;

11:07:46.0374 1648 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
11:07:46.0501 1648 ============================================================
11:07:46.0501 1648 Current date / time: 2012/02/12 11:07:46.0501
11:07:46.0501 1648 SystemInfo:
11:07:46.0501 1648
11:07:46.0501 1648 OS Version: 6.1.7600 ServicePack: 0.0
11:07:46.0501 1648 Product type: Workstation
11:07:46.0501 1648 ComputerName: STEVIE-PC
11:07:46.0502 1648 UserName: Stevie
11:07:46.0502 1648 Windows directory: C:\Windows
11:07:46.0502 1648 System windows directory: C:\Windows
11:07:46.0502 1648 Running under WOW64
11:07:46.0502 1648 Processor architecture: Intel x64
11:07:46.0502 1648 Number of processors: 2
11:07:46.0502 1648 Page size: 0x1000
11:07:46.0502 1648 Boot type: Normal boot
11:07:46.0502 1648 ============================================================
11:07:47.0426 1648 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
11:07:47.0489 1648 \Device\Harddisk0\DR0:
11:07:47.0492 1648 MBR used
11:07:47.0492 1648 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x32000
11:07:47.0492 1648 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4D800, BlocksNum 0x7918000
11:07:47.0492 1648 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7965800, BlocksNum 0x1DAC8800
11:07:47.0543 1648 Initialize success
11:07:47.0543 1648 ============================================================
11:08:21.0821 4052 ============================================================
11:08:21.0821 4052 Scan started
11:08:21.0821 4052 Mode: Manual; SigCheck; TDLFS;
11:08:21.0821 4052 ============================================================
11:08:22.0102 4052 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
11:08:22.0205 4052 1394ohci - ok
11:08:22.0227 4052 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
11:08:22.0247 4052 ACPI - ok
11:08:22.0266 4052 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
11:08:22.0298 4052 AcpiPmi - ok
11:08:22.0357 4052 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:08:22.0381 4052 adp94xx - ok
11:08:22.0447 4052 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:08:22.0468 4052 adpahci - ok
11:08:22.0488 4052 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:08:22.0504 4052 adpu320 - ok
11:08:22.0599 4052 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
11:08:22.0640 4052 AFD - ok
11:08:22.0668 4052 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
11:08:22.0683 4052 agp440 - ok
11:08:22.0700 4052 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
11:08:22.0715 4052 aliide - ok
11:08:22.0739 4052 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
11:08:22.0754 4052 amdide - ok
11:08:22.0771 4052 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:08:22.0796 4052 AmdK8 - ok
11:08:22.0854 4052 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:08:22.0892 4052 AmdPPM - ok
11:08:22.0913 4052 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
11:08:22.0930 4052 amdsata - ok
11:08:22.0939 4052 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:08:22.0956 4052 amdsbs - ok
11:08:22.0967 4052 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
11:08:22.0980 4052 amdxata - ok
11:08:23.0004 4052 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
11:08:23.0038 4052 AppID - ok
11:08:23.0071 4052 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:08:23.0085 4052 arc - ok
11:08:23.0093 4052 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:08:23.0107 4052 arcsas - ok
11:08:23.0154 4052 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
11:08:23.0185 4052 aswFsBlk - ok
11:08:23.0262 4052 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
11:08:23.0274 4052 aswMonFlt - ok
11:08:23.0294 4052 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
11:08:23.0305 4052 aswRdr - ok
11:08:23.0330 4052 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
11:08:23.0347 4052 aswSnx - ok
11:08:23.0370 4052 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
11:08:23.0384 4052 aswSP - ok
11:08:23.0403 4052 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
11:08:23.0414 4052 aswTdi - ok
11:08:23.0455 4052 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:08:23.0515 4052 AsyncMac - ok
11:08:23.0576 4052 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
11:08:23.0589 4052 atapi - ok
11:08:23.0746 4052 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
11:08:23.0868 4052 atikmdag - ok
11:08:23.0953 4052 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:08:23.0996 4052 b06bdrv - ok
11:08:24.0017 4052 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:08:24.0048 4052 b57nd60a - ok
11:08:24.0071 4052 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:08:24.0119 4052 Beep - ok
11:08:24.0139 4052 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:08:24.0161 4052 blbdrive - ok
11:08:24.0264 4052 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
11:08:24.0287 4052 bowser - ok
11:08:24.0308 4052 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:08:24.0338 4052 BrFiltLo - ok
11:08:24.0357 4052 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:08:24.0375 4052 BrFiltUp - ok
11:08:24.0395 4052 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:08:24.0422 4052 Brserid - ok
11:08:24.0442 4052 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:08:24.0472 4052 BrSerWdm - ok
11:08:24.0529 4052 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:08:24.0564 4052 BrUsbMdm - ok
11:08:24.0581 4052 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:08:24.0610 4052 BrUsbSer - ok
11:08:24.0631 4052 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:08:24.0658 4052 BTHMODEM - ok
11:08:24.0674 4052 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:08:24.0713 4052 cdfs - ok
11:08:24.0735 4052 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
11:08:24.0752 4052 cdrom - ok
11:08:24.0772 4052 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:08:24.0797 4052 circlass - ok
11:08:24.0861 4052 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:08:24.0883 4052 CLFS - ok
11:08:24.0936 4052 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:08:24.0964 4052 CmBatt - ok
11:08:24.0980 4052 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
11:08:24.0992 4052 cmdide - ok
11:08:25.0012 4052 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
11:08:25.0038 4052 CNG - ok
11:08:25.0054 4052 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:08:25.0066 4052 Compbatt - ok
11:08:25.0077 4052 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:08:25.0104 4052 CompositeBus - ok
11:08:25.0159 4052 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:08:25.0173 4052 crcdisk - ok
11:08:25.0205 4052 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
11:08:25.0239 4052 CSC - ok
11:08:25.0287 4052 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
11:08:25.0312 4052 DfsC - ok
11:08:25.0338 4052 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:08:25.0382 4052 discache - ok
11:08:25.0396 4052 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:08:25.0410 4052 Disk - ok
11:08:25.0481 4052 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:08:25.0507 4052 drmkaud - ok
11:08:25.0566 4052 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
11:08:25.0595 4052 DXGKrnl - ok
11:08:25.0633 4052 e1express (416a2007878ed1d6fc5dddb9e1f6db3e) C:\Windows\system32\DRIVERS\e1e6032e.sys
11:08:25.0669 4052 e1express - ok
11:08:25.0759 4052 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:08:25.0837 4052 ebdrv - ok
11:08:25.0933 4052 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:08:25.0958 4052 elxstor - ok
11:08:25.0990 4052 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
11:08:26.0022 4052 ErrDev - ok
11:08:26.0062 4052 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:08:26.0109 4052 exfat - ok
11:08:26.0127 4052 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:08:26.0179 4052 fastfat - ok
11:08:26.0236 4052 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:08:26.0260 4052 fdc - ok
11:08:26.0289 4052 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:08:26.0303 4052 FileInfo - ok
11:08:26.0317 4052 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:08:26.0364 4052 Filetrace - ok
11:08:26.0381 4052 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:08:26.0396 4052 flpydisk - ok
11:08:26.0483 4052 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
11:08:26.0501 4052 FltMgr - ok
11:08:26.0569 4052 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:08:26.0583 4052 FsDepends - ok
11:08:26.0635 4052 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
11:08:26.0648 4052 fssfltr - ok
11:08:26.0680 4052 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:08:26.0692 4052 Fs_Rec - ok
11:08:26.0732 4052 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:08:26.0750 4052 fvevol - ok
11:08:26.0765 4052 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:08:26.0779 4052 gagp30kx - ok
11:08:26.0819 4052 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:08:26.0829 4052 GEARAspiWDM - ok
11:08:26.0845 4052 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:08:26.0871 4052 hcw85cir - ok
11:08:26.0948 4052 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
11:08:26.0995 4052 HdAudAddService - ok
11:08:27.0138 4052 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:08:27.0180 4052 HDAudBus - ok
11:08:27.0370 4052 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:08:27.0427 4052 HidBatt - ok
11:08:27.0477 4052 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:08:27.0533 4052 HidBth - ok
11:08:27.0599 4052 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:08:27.0647 4052 HidIr - ok
11:08:27.0751 4052 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
11:08:27.0800 4052 HidUsb - ok
11:08:27.0851 4052 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
11:08:27.0867 4052 HpSAMD - ok
11:08:27.0893 4052 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
11:08:27.0940 4052 HTTP - ok
11:08:27.0951 4052 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
11:08:27.0964 4052 hwpolicy - ok
11:08:28.0025 4052 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:08:28.0045 4052 i8042prt - ok
11:08:28.0069 4052 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
11:08:28.0093 4052 iaStorV - ok
11:08:28.0111 4052 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:08:28.0125 4052 iirsp - ok
11:08:28.0152 4052 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
11:08:28.0164 4052 intelide - ok
11:08:28.0178 4052 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:08:28.0217 4052 intelppm - ok
11:08:28.0236 4052 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:08:28.0290 4052 IpFilterDriver - ok
11:08:28.0302 4052 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
11:08:28.0318 4052 IPMIDRV - ok
11:08:28.0383 4052 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:08:28.0440 4052 IPNAT - ok
11:08:28.0472 4052 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:08:28.0491 4052 IRENUM - ok
11:08:28.0535 4052 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
11:08:28.0550 4052 isapnp - ok
11:08:28.0571 4052 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
11:08:28.0588 4052 iScsiPrt - ok
11:08:28.0608 4052 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:08:28.0621 4052 kbdclass - ok
11:08:28.0671 4052 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
11:08:28.0699 4052 kbdhid - ok
11:08:28.0722 4052 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
11:08:28.0736 4052 KSecDD - ok
11:08:28.0769 4052 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
11:08:28.0783 4052 KSecPkg - ok
11:08:28.0800 4052 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:08:28.0846 4052 ksthunk - ok
11:08:28.0887 4052 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:08:28.0937 4052 lltdio - ok
11:08:29.0001 4052 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:08:29.0017 4052 LSI_FC - ok
11:08:29.0044 4052 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:08:29.0059 4052 LSI_SAS - ok
11:08:29.0075 4052 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:08:29.0088 4052 LSI_SAS2 - ok
11:08:29.0116 4052 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:08:29.0130 4052 LSI_SCSI - ok
11:08:29.0153 4052 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:08:29.0195 4052 luafv - ok
11:08:29.0213 4052 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:08:29.0226 4052 megasas - ok
11:08:29.0285 4052 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:08:29.0305 4052 MegaSR - ok
11:08:29.0334 4052 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:08:29.0380 4052 Modem - ok
11:08:29.0394 4052 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:08:29.0419 4052 monitor - ok
11:08:29.0455 4052 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:08:29.0468 4052 mouclass - ok
11:08:29.0480 4052 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:08:29.0496 4052 mouhid - ok
11:08:29.0556 4052 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
11:08:29.0571 4052 mountmgr - ok
11:08:29.0590 4052 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
11:08:29.0605 4052 mpio - ok
11:08:29.0624 4052 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:08:29.0671 4052 mpsdrv - ok
11:08:29.0688 4052 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
11:08:29.0717 4052 MRxDAV - ok
11:08:29.0765 4052 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:08:29.0784 4052 mrxsmb - ok
11:08:29.0829 4052 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:08:29.0851 4052 mrxsmb10 - ok
11:08:29.0928 4052 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:08:29.0955 4052 mrxsmb20 - ok
11:08:29.0983 4052 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
11:08:29.0996 4052 msahci - ok
11:08:30.0030 4052 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
11:08:30.0045 4052 msdsm - ok
11:08:30.0074 4052 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:08:30.0122 4052 Msfs - ok
11:08:30.0140 4052 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:08:30.0198 4052 mshidkmdf - ok
11:08:30.0213 4052 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
11:08:30.0226 4052 msisadrv - ok
11:08:30.0285 4052 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:08:30.0332 4052 MSKSSRV - ok
11:08:30.0350 4052 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:08:30.0386 4052 MSPCLOCK - ok
11:08:30.0402 4052 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:08:30.0451 4052 MSPQM - ok
11:08:30.0501 4052 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
11:08:30.0522 4052 MsRPC - ok
11:08:30.0541 4052 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:08:30.0555 4052 mssmbios - ok
11:08:30.0571 4052 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:08:30.0622 4052 MSTEE - ok
11:08:30.0700 4052 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:08:30.0727 4052 MTConfig - ok
11:08:30.0788 4052 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:08:30.0803 4052 Mup - ok
11:08:30.0839 4052 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:08:30.0875 4052 NativeWifiP - ok
11:08:30.0938 4052 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
11:08:30.0970 4052 NDIS - ok
11:08:31.0033 4052 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:08:31.0073 4052 NdisCap - ok
11:08:31.0092 4052 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:08:31.0138 4052 NdisTapi - ok
11:08:31.0159 4052 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
11:08:31.0209 4052 Ndisuio - ok
11:08:31.0228 4052 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:08:31.0279 4052 NdisWan - ok
11:08:31.0302 4052 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
11:08:31.0340 4052 NDProxy - ok
11:08:31.0405 4052 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:08:31.0447 4052 NetBIOS - ok
11:08:31.0467 4052 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
11:08:31.0518 4052 NetBT - ok
11:08:31.0539 4052 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:08:31.0552 4052 nfrd960 - ok
11:08:31.0585 4052 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:08:31.0630 4052 Npfs - ok
11:08:31.0660 4052 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:08:31.0708 4052 nsiproxy - ok
11:08:31.0806 4052 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
11:08:31.0850 4052 Ntfs - ok
11:08:31.0862 4052 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:08:31.0898 4052 Null - ok
11:08:31.0911 4052 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
11:08:31.0926 4052 nvraid - ok
11:08:31.0941 4052 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
11:08:31.0959 4052 nvstor - ok
11:08:31.0988 4052 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
11:08:32.0003 4052 nv_agp - ok
11:08:32.0080 4052 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
11:08:32.0099 4052 ohci1394 - ok
11:08:32.0116 4052 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:08:32.0135 4052 Parport - ok
11:08:32.0157 4052 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
11:08:32.0171 4052 partmgr - ok
11:08:32.0188 4052 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
11:08:32.0203 4052 pci - ok
11:08:32.0216 4052 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
11:08:32.0228 4052 pciide - ok
11:08:32.0254 4052 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:08:32.0270 4052 pcmcia - ok
11:08:32.0291 4052 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:08:32.0304 4052 pcw - ok
11:08:32.0334 4052 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:08:32.0381 4052 PEAUTH - ok
11:08:32.0466 4052 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
11:08:32.0513 4052 PptpMiniport - ok
11:08:32.0535 4052 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:08:32.0567 4052 Processor - ok
11:08:32.0585 4052 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
11:08:32.0630 4052 Psched - ok
11:08:32.0672 4052 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:08:32.0713 4052 ql2300 - ok
11:08:32.0790 4052 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:08:32.0807 4052 ql40xx - ok
11:08:32.0826 4052 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:08:32.0846 4052 QWAVEdrv - ok
11:08:32.0855 4052 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:08:32.0902 4052 RasAcd - ok
11:08:32.0919 4052 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:08:32.0957 4052 RasAgileVpn - ok
11:08:32.0978 4052 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:08:33.0017 4052 Rasl2tp - ok
11:08:33.0036 4052 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:08:33.0081 4052 RasPppoe - ok
11:08:33.0099 4052 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:08:33.0138 4052 RasSstp - ok
11:08:33.0208 4052 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
11:08:33.0264 4052 rdbss - ok
11:08:33.0276 4052 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:08:33.0294 4052 rdpbus - ok
11:08:33.0309 4052 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:08:33.0357 4052 RDPCDD - ok
11:08:33.0379 4052 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
11:08:33.0404 4052 RDPDR - ok
11:08:33.0411 4052 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:08:33.0453 4052 RDPENCDD - ok
11:08:33.0471 4052 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:08:33.0508 4052 RDPREFMP - ok
11:08:33.0583 4052 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
11:08:33.0642 4052 RDPWD - ok
11:08:33.0661 4052 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
11:08:33.0676 4052 rdyboost - ok
11:08:33.0696 4052 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:08:33.0739 4052 rspndr - ok
11:08:33.0791 4052 RTL8187 (a48b769dec76629bd1a021d33c257b17) C:\Windows\system32\DRIVERS\wg111v2.sys
11:08:33.0820 4052 RTL8187 - ok
11:08:33.0848 4052 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
11:08:33.0879 4052 s3cap - ok
11:08:33.0954 4052 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
11:08:33.0970 4052 sbp2port - ok
11:08:33.0995 4052 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
11:08:34.0046 4052 scfilter - ok
11:08:34.0072 4052 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:08:34.0117 4052 secdrv - ok
11:08:34.0138 4052 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:08:34.0154 4052 Serenum - ok
11:08:34.0168 4052 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:08:34.0185 4052 Serial - ok
11:08:34.0206 4052 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:08:34.0228 4052 sermouse - ok
11:08:34.0254 4052 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
11:08:34.0278 4052 sffdisk - ok
11:08:34.0350 4052 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
11:08:34.0378 4052 sffp_mmc - ok
11:08:34.0394 4052 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
11:08:34.0422 4052 sffp_sd - ok
11:08:34.0443 4052 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:08:34.0459 4052 sfloppy - ok
11:08:34.0484 4052 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:08:34.0497 4052 SiSRaid2 - ok
11:08:34.0515 4052 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:08:34.0529 4052 SiSRaid4 - ok
11:08:34.0551 4052 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:08:34.0597 4052 Smb - ok
11:08:34.0675 4052 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:08:34.0689 4052 spldr - ok
11:08:34.0770 4052 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
11:08:34.0806 4052 srv - ok
11:08:34.0828 4052 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
11:08:34.0856 4052 srv2 - ok
11:08:34.0892 4052 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
11:08:34.0912 4052 srvnet - ok
11:08:34.0986 4052 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:08:35.0001 4052 stexstor - ok
11:08:35.0047 4052 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
11:08:35.0062 4052 storflt - ok
11:08:35.0167 4052 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
11:08:35.0182 4052 storvsc - ok
11:08:35.0210 4052 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:08:35.0225 4052 swenum - ok
11:08:35.0324 4052 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
11:08:35.0372 4052 Tcpip - ok
11:08:35.0449 4052 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
11:08:35.0489 4052 TCPIP6 - ok
11:08:35.0530 4052 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
11:08:35.0584 4052 tcpipreg - ok
11:08:35.0601 4052 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:08:35.0647 4052 TDPIPE - ok
11:08:35.0662 4052 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:08:35.0699 4052 TDTCP - ok
11:08:35.0718 4052 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
11:08:35.0766 4052 tdx - ok
11:08:35.0785 4052 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
11:08:35.0798 4052 TermDD - ok
11:08:35.0875 4052 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:08:35.0930 4052 tssecsrv - ok
11:08:35.0962 4052 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
11:08:36.0012 4052 tunnel - ok
11:08:36.0024 4052 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:08:36.0038 4052 uagp35 - ok
11:08:36.0061 4052 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
11:08:36.0111 4052 udfs - ok
11:08:36.0183 4052 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
11:08:36.0198 4052 uliagpkx - ok
11:08:36.0216 4052 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
11:08:36.0242 4052 umbus - ok
11:08:36.0265 4052 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:08:36.0294 4052 UmPass - ok
11:08:36.0339 4052 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
11:08:36.0368 4052 USBAAPL64 - ok
11:08:36.0390 4052 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
11:08:36.0418 4052 usbccgp - ok
11:08:36.0480 4052 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
11:08:36.0513 4052 usbcir - ok
11:08:36.0537 4052 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
11:08:36.0553 4052 usbehci - ok
11:08:36.0574 4052 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
11:08:36.0594 4052 usbhub - ok
11:08:36.0610 4052 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
11:08:36.0626 4052 usbohci - ok
11:08:36.0667 4052 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:08:36.0685 4052 usbprint - ok
11:08:36.0717 4052 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:08:36.0744 4052 usbscan - ok
11:08:36.0774 4052 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:08:36.0790 4052 USBSTOR - ok
11:08:36.0867 4052 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
11:08:36.0885 4052 usbuhci - ok
11:08:36.0918 4052 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
11:08:36.0931 4052 vdrvroot - ok
11:08:36.0951 4052 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:08:36.0970 4052 vga - ok
11:08:36.0985 4052 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:08:37.0028 4052 VgaSave - ok
11:08:37.0052 4052 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
11:08:37.0068 4052 vhdmp - ok
11:08:37.0088 4052 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
11:08:37.0101 4052 viaide - ok
11:08:37.0120 4052 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
11:08:37.0137 4052 vmbus - ok
11:08:37.0206 4052 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
11:08:37.0233 4052 VMBusHID - ok
11:08:37.0258 4052 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
11:08:37.0273 4052 volmgr - ok
11:08:37.0293 4052 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
11:08:37.0312 4052 volmgrx - ok
11:08:37.0333 4052 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
11:08:37.0350 4052 volsnap - ok
11:08:37.0370 4052 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:08:37.0386 4052 vsmraid - ok
11:08:37.0407 4052 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:08:37.0425 4052 vwifibus - ok
11:08:37.0447 4052 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:08:37.0463 4052 WacomPen - ok
11:08:37.0526 4052 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:08:37.0576 4052 WANARP - ok
11:08:37.0590 4052 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:08:37.0633 4052 Wanarpv6 - ok
11:08:37.0673 4052 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:08:37.0685 4052 Wd - ok
11:08:37.0714 4052 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:08:37.0739 4052 Wdf01000 - ok
11:08:37.0766 4052 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:08:37.0803 4052 WfpLwf - ok
11:08:37.0820 4052 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:08:37.0833 4052 WIMMount - ok
11:08:37.0934 4052 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
11:08:37.0955 4052 WinUsb - ok
11:08:37.0995 4052 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:08:38.0021 4052 WmiAcpi - ok
11:08:38.0058 4052 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:08:38.0108 4052 ws2ifsl - ok
11:08:38.0134 4052 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
11:08:38.0181 4052 WudfPf - ok
11:08:38.0253 4052 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:08:38.0296 4052 WUDFRd - ok
11:08:38.0321 4052 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:08:38.0389 4052 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:08:38.0389 4052 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:08:38.0393 4052 Boot (0x1200) (1fc2341becc00d09d610a88fc167e453) \Device\Harddisk0\DR0\Partition0
11:08:38.0394 4052 \Device\Harddisk0\DR0\Partition0 - ok
11:08:38.0398 4052 Boot (0x1200) (dcbd7aa55f219ea68d9c46f0925ad754) \Device\Harddisk0\DR0\Partition1
11:08:38.0398 4052 \Device\Harddisk0\DR0\Partition1 - ok
11:08:38.0419 4052 Boot (0x1200) (8c9a843b126339a06b2540aaa6cc9783) \Device\Harddisk0\DR0\Partition2
11:08:38.0420 4052 \Device\Harddisk0\DR0\Partition2 - ok
11:08:38.0420 4052 ============================================================
11:08:38.0420 4052 Scan finished
11:08:38.0421 4052 ============================================================
11:08:38.0432 2368 Detected object count: 1
11:08:38.0432 2368 Actual detected object count: 1
11:10:08.0179 2368 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:10:08.0179 2368 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
11:10:22.0483 0308 Deinitialize success

Edited by 750steve, 12 February 2012 - 05:18 AM.

  • 0

#18
oldman960
Posted 12 February 2012 - 11:27 AM

oldman960

    Trusted Helper

  • Malware Removal
  • 123 posts
Hi 750steve,

µTorrent
You have µTorrent, a P2P/file sharing program installed on your computer. P2P applications like it are the largest source of malware we see. It's not the program itself tha is the problem but what can be downloaded with it, usually from an unknown source. You'll be doing yourself a favor by removing it.

References for the risk of these programs can be found in these links:
http://www.microsoft...protection.mspx

http://www.internetw...cles/art053.htm

I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove this program, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.



Please rerun TDSSKiller. This time when you are presented with

11:08:38.0389 4052 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:08:38.0389 4052 \Device\Harddisk0\DR0 - detected TDSS File System (1)


use the drop down menu and select delete.



Next

You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Next

Please rerun aswsMBR. Make sure the setting in the box just to the left of the scan button is set to quick scan, click the scan button.


Please post back with
  • TDSSK log
  • MBAM logaswMBR log
Computer still ok?
  • 0

#19
750steve
Posted 12 February 2012 - 11:44 AM

750steve

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Hi again Oldman, are there any safe sites like uTorrent or is it the nature of those programmes that let malware in?

Here is the TDSSKiller log,



17:38:24.0793 1844 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
17:38:25.0027 1844 ============================================================
17:38:25.0027 1844 Current date / time: 2012/02/12 17:38:25.0027
17:38:25.0027 1844 SystemInfo:
17:38:25.0027 1844
17:38:25.0027 1844 OS Version: 6.1.7600 ServicePack: 0.0
17:38:25.0027 1844 Product type: Workstation
17:38:25.0027 1844 ComputerName: STEVIE-PC
17:38:25.0027 1844 UserName: Stevie
17:38:25.0027 1844 Windows directory: C:\Windows
17:38:25.0027 1844 System windows directory: C:\Windows
17:38:25.0027 1844 Running under WOW64
17:38:25.0027 1844 Processor architecture: Intel x64
17:38:25.0027 1844 Number of processors: 2
17:38:25.0027 1844 Page size: 0x1000
17:38:25.0027 1844 Boot type: Normal boot
17:38:25.0027 1844 ============================================================
17:38:25.0931 1844 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
17:38:25.0994 1844 \Device\Harddisk0\DR0:
17:38:25.0994 1844 MBR used
17:38:25.0994 1844 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x32000
17:38:25.0994 1844 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4D800, BlocksNum 0x7918000
17:38:25.0994 1844 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7965800, BlocksNum 0x1DAC8800
17:38:26.0041 1844 Initialize success
17:38:26.0041 1844 ============================================================
17:38:27.0616 3168 ============================================================
17:38:27.0616 3168 Scan started
17:38:27.0616 3168 Mode: Manual;
17:38:27.0616 3168 ============================================================
17:38:28.0162 3168 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
17:38:28.0162 3168 1394ohci - ok
17:38:28.0193 3168 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
17:38:28.0193 3168 ACPI - ok
17:38:28.0209 3168 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
17:38:28.0209 3168 AcpiPmi - ok
17:38:28.0256 3168 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:38:28.0256 3168 adp94xx - ok
17:38:28.0271 3168 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:38:28.0287 3168 adpahci - ok
17:38:28.0287 3168 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:38:28.0287 3168 adpu320 - ok
17:38:28.0349 3168 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
17:38:28.0349 3168 AFD - ok
17:38:28.0412 3168 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
17:38:28.0412 3168 agp440 - ok
17:38:28.0443 3168 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
17:38:28.0443 3168 aliide - ok
17:38:28.0474 3168 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
17:38:28.0474 3168 amdide - ok
17:38:28.0490 3168 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:38:28.0490 3168 AmdK8 - ok
17:38:28.0505 3168 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:38:28.0505 3168 AmdPPM - ok
17:38:28.0521 3168 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
17:38:28.0537 3168 amdsata - ok
17:38:28.0537 3168 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:38:28.0537 3168 amdsbs - ok
17:38:28.0552 3168 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
17:38:28.0552 3168 amdxata - ok
17:38:28.0583 3168 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
17:38:28.0583 3168 AppID - ok
17:38:28.0661 3168 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:38:28.0661 3168 arc - ok
17:38:28.0661 3168 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:38:28.0677 3168 arcsas - ok
17:38:28.0724 3168 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
17:38:28.0724 3168 aswFsBlk - ok
17:38:28.0755 3168 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
17:38:28.0755 3168 aswMonFlt - ok
17:38:28.0771 3168 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
17:38:28.0771 3168 aswRdr - ok
17:38:28.0802 3168 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
17:38:28.0802 3168 aswSnx - ok
17:38:28.0817 3168 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
17:38:28.0817 3168 aswSP - ok
17:38:28.0880 3168 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
17:38:28.0880 3168 aswTdi - ok
17:38:28.0927 3168 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:38:28.0927 3168 AsyncMac - ok
17:38:28.0942 3168 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
17:38:28.0942 3168 atapi - ok
17:38:29.0098 3168 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
17:38:29.0161 3168 atikmdag - ok
17:38:29.0254 3168 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:38:29.0254 3168 b06bdrv - ok
17:38:29.0270 3168 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:38:29.0285 3168 b57nd60a - ok
17:38:29.0301 3168 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:38:29.0301 3168 Beep - ok
17:38:29.0332 3168 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:38:29.0332 3168 blbdrive - ok
17:38:29.0395 3168 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
17:38:29.0395 3168 bowser - ok
17:38:29.0410 3168 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:38:29.0410 3168 BrFiltLo - ok
17:38:29.0473 3168 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:38:29.0488 3168 BrFiltUp - ok
17:38:29.0488 3168 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:38:29.0504 3168 Brserid - ok
17:38:29.0519 3168 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:38:29.0519 3168 BrSerWdm - ok
17:38:29.0535 3168 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:38:29.0535 3168 BrUsbMdm - ok
17:38:29.0551 3168 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:38:29.0551 3168 BrUsbSer - ok
17:38:29.0566 3168 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:38:29.0566 3168 BTHMODEM - ok
17:38:29.0597 3168 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:38:29.0597 3168 cdfs - ok
17:38:29.0613 3168 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
17:38:29.0613 3168 cdrom - ok
17:38:29.0644 3168 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:38:29.0644 3168 circlass - ok
17:38:29.0675 3168 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:38:29.0675 3168 CLFS - ok
17:38:29.0753 3168 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:38:29.0753 3168 CmBatt - ok
17:38:29.0785 3168 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
17:38:29.0785 3168 cmdide - ok
17:38:29.0800 3168 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
17:38:29.0800 3168 CNG - ok
17:38:29.0816 3168 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:38:29.0816 3168 Compbatt - ok
17:38:29.0831 3168 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:38:29.0831 3168 CompositeBus - ok
17:38:29.0863 3168 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:38:29.0863 3168 crcdisk - ok
17:38:29.0894 3168 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
17:38:29.0894 3168 CSC - ok
17:38:29.0941 3168 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
17:38:29.0941 3168 DfsC - ok
17:38:30.0019 3168 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:38:30.0019 3168 discache - ok
17:38:30.0034 3168 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:38:30.0050 3168 Disk - ok
17:38:30.0159 3168 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:38:30.0159 3168 drmkaud - ok
17:38:30.0237 3168 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
17:38:30.0237 3168 DXGKrnl - ok
17:38:30.0268 3168 e1express (416a2007878ed1d6fc5dddb9e1f6db3e) C:\Windows\system32\DRIVERS\e1e6032e.sys
17:38:30.0268 3168 e1express - ok
17:38:30.0393 3168 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:38:30.0440 3168 ebdrv - ok
17:38:30.0487 3168 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:38:30.0487 3168 elxstor - ok
17:38:30.0502 3168 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
17:38:30.0502 3168 ErrDev - ok
17:38:30.0580 3168 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:38:30.0596 3168 exfat - ok
17:38:30.0611 3168 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:38:30.0611 3168 fastfat - ok
17:38:30.0627 3168 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:38:30.0643 3168 fdc - ok
17:38:30.0658 3168 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:38:30.0658 3168 FileInfo - ok
17:38:30.0689 3168 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:38:30.0689 3168 Filetrace - ok
17:38:30.0705 3168 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:38:30.0705 3168 flpydisk - ok
17:38:30.0736 3168 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
17:38:30.0736 3168 FltMgr - ok
17:38:30.0752 3168 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:38:30.0767 3168 FsDepends - ok
17:38:30.0861 3168 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
17:38:30.0861 3168 fssfltr - ok
17:38:30.0892 3168 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:38:30.0892 3168 Fs_Rec - ok
17:38:30.0923 3168 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:38:30.0939 3168 fvevol - ok
17:38:30.0955 3168 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:38:30.0955 3168 gagp30kx - ok
17:38:30.0986 3168 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:38:30.0986 3168 GEARAspiWDM - ok
17:38:31.0017 3168 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:38:31.0017 3168 hcw85cir - ok
17:38:31.0048 3168 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
17:38:31.0048 3168 HdAudAddService - ok
17:38:31.0126 3168 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:38:31.0126 3168 HDAudBus - ok
17:38:31.0142 3168 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:38:31.0142 3168 HidBatt - ok
17:38:31.0173 3168 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:38:31.0173 3168 HidBth - ok
17:38:31.0204 3168 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:38:31.0204 3168 HidIr - ok
17:38:31.0235 3168 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
17:38:31.0235 3168 HidUsb - ok
17:38:31.0251 3168 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
17:38:31.0267 3168 HpSAMD - ok
17:38:31.0298 3168 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
17:38:31.0298 3168 HTTP - ok
17:38:31.0313 3168 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
17:38:31.0313 3168 hwpolicy - ok
17:38:31.0391 3168 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:38:31.0391 3168 i8042prt - ok
17:38:31.0423 3168 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
17:38:31.0423 3168 iaStorV - ok
17:38:31.0438 3168 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:38:31.0438 3168 iirsp - ok
17:38:31.0469 3168 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
17:38:31.0469 3168 intelide - ok
17:38:31.0501 3168 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:38:31.0501 3168 intelppm - ok
17:38:31.0516 3168 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:38:31.0516 3168 IpFilterDriver - ok
17:38:31.0532 3168 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:38:31.0532 3168 IPMIDRV - ok
17:38:31.0563 3168 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:38:31.0563 3168 IPNAT - ok
17:38:31.0641 3168 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:38:31.0641 3168 IRENUM - ok
17:38:31.0672 3168 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
17:38:31.0672 3168 isapnp - ok
17:38:31.0688 3168 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
17:38:31.0703 3168 iScsiPrt - ok
17:38:31.0719 3168 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:38:31.0719 3168 kbdclass - ok
17:38:31.0735 3168 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
17:38:31.0735 3168 kbdhid - ok
17:38:31.0750 3168 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
17:38:31.0750 3168 KSecDD - ok
17:38:31.0797 3168 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
17:38:31.0797 3168 KSecPkg - ok
17:38:31.0813 3168 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:38:31.0813 3168 ksthunk - ok
17:38:31.0891 3168 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:38:31.0891 3168 lltdio - ok
17:38:31.0922 3168 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:38:31.0922 3168 LSI_FC - ok
17:38:31.0953 3168 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:38:31.0953 3168 LSI_SAS - ok
17:38:31.0969 3168 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:38:31.0969 3168 LSI_SAS2 - ok
17:38:32.0000 3168 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:38:32.0000 3168 LSI_SCSI - ok
17:38:32.0015 3168 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:38:32.0015 3168 luafv - ok
17:38:32.0031 3168 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:38:32.0031 3168 megasas - ok
17:38:32.0047 3168 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:38:32.0062 3168 MegaSR - ok
17:38:32.0140 3168 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:38:32.0140 3168 Modem - ok
17:38:32.0156 3168 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:38:32.0156 3168 monitor - ok
17:38:32.0171 3168 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:38:32.0187 3168 mouclass - ok
17:38:32.0203 3168 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:38:32.0203 3168 mouhid - ok
17:38:32.0218 3168 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
17:38:32.0218 3168 mountmgr - ok
17:38:32.0234 3168 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
17:38:32.0234 3168 mpio - ok
17:38:32.0249 3168 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:38:32.0249 3168 mpsdrv - ok
17:38:32.0312 3168 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
17:38:32.0312 3168 MRxDAV - ok
17:38:32.0343 3168 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:38:32.0343 3168 mrxsmb - ok
17:38:32.0405 3168 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:38:32.0405 3168 mrxsmb10 - ok
17:38:32.0437 3168 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:38:32.0452 3168 mrxsmb20 - ok
17:38:32.0452 3168 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
17:38:32.0452 3168 msahci - ok
17:38:32.0483 3168 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
17:38:32.0483 3168 msdsm - ok
17:38:32.0499 3168 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:38:32.0499 3168 Msfs - ok
17:38:32.0530 3168 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:38:32.0546 3168 mshidkmdf - ok
17:38:32.0577 3168 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
17:38:32.0577 3168 msisadrv - ok
17:38:32.0608 3168 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:38:32.0624 3168 MSKSSRV - ok
17:38:32.0624 3168 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:38:32.0639 3168 MSPCLOCK - ok
17:38:32.0655 3168 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:38:32.0655 3168 MSPQM - ok
17:38:32.0671 3168 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
17:38:32.0671 3168 MsRPC - ok
17:38:32.0717 3168 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:38:32.0717 3168 mssmbios - ok
17:38:32.0749 3168 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:38:32.0749 3168 MSTEE - ok
17:38:32.0780 3168 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:38:32.0780 3168 MTConfig - ok
17:38:32.0795 3168 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:38:32.0811 3168 Mup - ok
17:38:32.0858 3168 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:38:32.0858 3168 NativeWifiP - ok
17:38:32.0905 3168 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
17:38:32.0920 3168 NDIS - ok
17:38:32.0951 3168 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:38:32.0951 3168 NdisCap - ok
17:38:32.0998 3168 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:38:32.0998 3168 NdisTapi - ok
17:38:33.0029 3168 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
17:38:33.0029 3168 Ndisuio - ok
17:38:33.0061 3168 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:38:33.0061 3168 NdisWan - ok
17:38:33.0076 3168 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
17:38:33.0076 3168 NDProxy - ok
17:38:33.0092 3168 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:38:33.0092 3168 NetBIOS - ok
17:38:33.0107 3168 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
17:38:33.0123 3168 NetBT - ok
17:38:33.0139 3168 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:38:33.0139 3168 nfrd960 - ok
17:38:33.0170 3168 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:38:33.0170 3168 Npfs - ok
17:38:33.0201 3168 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:38:33.0201 3168 nsiproxy - ok
17:38:33.0279 3168 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
17:38:33.0310 3168 Ntfs - ok
17:38:33.0341 3168 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:38:33.0341 3168 Null - ok
17:38:33.0373 3168 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
17:38:33.0373 3168 nvraid - ok
17:38:33.0404 3168 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
17:38:33.0404 3168 nvstor - ok
17:38:33.0435 3168 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
17:38:33.0435 3168 nv_agp - ok
17:38:33.0482 3168 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
17:38:33.0482 3168 ohci1394 - ok
17:38:33.0513 3168 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:38:33.0529 3168 Parport - ok
17:38:33.0544 3168 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
17:38:33.0544 3168 partmgr - ok
17:38:33.0560 3168 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
17:38:33.0560 3168 pci - ok
17:38:33.0591 3168 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
17:38:33.0591 3168 pciide - ok
17:38:33.0622 3168 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:38:33.0638 3168 pcmcia - ok
17:38:33.0654 3168 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:38:33.0654 3168 pcw - ok
17:38:33.0669 3168 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:38:33.0685 3168 PEAUTH - ok
17:38:33.0732 3168 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
17:38:33.0732 3168 PptpMiniport - ok
17:38:33.0763 3168 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:38:33.0763 3168 Processor - ok
17:38:33.0810 3168 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
17:38:33.0825 3168 Psched - ok
17:38:33.0888 3168 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:38:33.0903 3168 ql2300 - ok
17:38:33.0919 3168 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:38:33.0919 3168 ql40xx - ok
17:38:33.0934 3168 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:38:33.0934 3168 QWAVEdrv - ok
17:38:33.0950 3168 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:38:33.0950 3168 RasAcd - ok
17:38:33.0981 3168 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:38:33.0981 3168 RasAgileVpn - ok
17:38:33.0997 3168 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:38:33.0997 3168 Rasl2tp - ok
17:38:34.0044 3168 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:38:34.0044 3168 RasPppoe - ok
17:38:34.0075 3168 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:38:34.0075 3168 RasSstp - ok
17:38:34.0106 3168 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
17:38:34.0106 3168 rdbss - ok
17:38:34.0122 3168 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:38:34.0122 3168 rdpbus - ok
17:38:34.0137 3168 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:38:34.0137 3168 RDPCDD - ok
17:38:34.0168 3168 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
17:38:34.0168 3168 RDPDR - ok
17:38:34.0200 3168 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:38:34.0200 3168 RDPENCDD - ok
17:38:34.0215 3168 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:38:34.0215 3168 RDPREFMP - ok
17:38:34.0231 3168 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
17:38:34.0231 3168 RDPWD - ok
17:38:34.0278 3168 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
17:38:34.0278 3168 rdyboost - ok
17:38:34.0324 3168 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:38:34.0324 3168 rspndr - ok
17:38:34.0371 3168 RTL8187 (a48b769dec76629bd1a021d33c257b17) C:\Windows\system32\DRIVERS\wg111v2.sys
17:38:34.0371 3168 RTL8187 - ok
17:38:34.0402 3168 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
17:38:34.0402 3168 s3cap - ok
17:38:34.0434 3168 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
17:38:34.0434 3168 sbp2port - ok
17:38:34.0465 3168 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
17:38:34.0465 3168 scfilter - ok
17:38:34.0496 3168 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:38:34.0512 3168 secdrv - ok
17:38:34.0558 3168 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:38:34.0558 3168 Serenum - ok
17:38:34.0605 3168 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:38:34.0605 3168 Serial - ok
17:38:34.0621 3168 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:38:34.0621 3168 sermouse - ok
17:38:34.0636 3168 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
17:38:34.0652 3168 sffdisk - ok
17:38:34.0652 3168 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:38:34.0652 3168 sffp_mmc - ok
17:38:34.0683 3168 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:38:34.0683 3168 sffp_sd - ok
17:38:34.0699 3168 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:38:34.0699 3168 sfloppy - ok
17:38:34.0730 3168 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:38:34.0730 3168 SiSRaid2 - ok
17:38:34.0761 3168 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:38:34.0761 3168 SiSRaid4 - ok
17:38:34.0808 3168 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:38:34.0808 3168 Smb - ok
17:38:34.0855 3168 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:38:34.0855 3168 spldr - ok
17:38:34.0917 3168 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
17:38:34.0933 3168 srv - ok
17:38:34.0948 3168 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
17:38:34.0964 3168 srv2 - ok
17:38:35.0011 3168 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
17:38:35.0011 3168 srvnet - ok
17:38:35.0058 3168 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:38:35.0058 3168 stexstor - ok
17:38:35.0089 3168 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
17:38:35.0104 3168 storflt - ok
17:38:35.0136 3168 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
17:38:35.0151 3168 storvsc - ok
17:38:35.0198 3168 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:38:35.0198 3168 swenum - ok
17:38:35.0323 3168 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
17:38:35.0338 3168 Tcpip - ok
17:38:35.0401 3168 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
17:38:35.0416 3168 TCPIP6 - ok
17:38:35.0463 3168 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
17:38:35.0463 3168 tcpipreg - ok
17:38:35.0479 3168 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:38:35.0479 3168 TDPIPE - ok
17:38:35.0510 3168 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:38:35.0510 3168 TDTCP - ok
17:38:35.0541 3168 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
17:38:35.0541 3168 tdx - ok
17:38:35.0557 3168 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
17:38:35.0557 3168 TermDD - ok
17:38:35.0588 3168 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:38:35.0588 3168 tssecsrv - ok
17:38:35.0604 3168 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
17:38:35.0604 3168 tunnel - ok
17:38:35.0619 3168 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:38:35.0619 3168 uagp35 - ok
17:38:35.0682 3168 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
17:38:35.0682 3168 udfs - ok
17:38:35.0713 3168 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
17:38:35.0713 3168 uliagpkx - ok
17:38:35.0728 3168 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
17:38:35.0728 3168 umbus - ok
17:38:35.0760 3168 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:38:35.0760 3168 UmPass - ok
17:38:35.0806 3168 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
17:38:35.0822 3168 USBAAPL64 - ok
17:38:35.0838 3168 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
17:38:35.0838 3168 usbccgp - ok
17:38:35.0869 3168 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
17:38:35.0869 3168 usbcir - ok
17:38:35.0916 3168 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
17:38:35.0916 3168 usbehci - ok
17:38:35.0931 3168 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
17:38:35.0931 3168 usbhub - ok
17:38:35.0962 3168 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
17:38:35.0962 3168 usbohci - ok
17:38:36.0009 3168 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:38:36.0009 3168 usbprint - ok
17:38:36.0040 3168 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:38:36.0040 3168 usbscan - ok
17:38:36.0072 3168 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:38:36.0072 3168 USBSTOR - ok
17:38:36.0087 3168 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
17:38:36.0087 3168 usbuhci - ok
17:38:36.0103 3168 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
17:38:36.0103 3168 vdrvroot - ok
17:38:36.0165 3168 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:38:36.0165 3168 vga - ok
17:38:36.0181 3168 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:38:36.0181 3168 VgaSave - ok
17:38:36.0212 3168 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
17:38:36.0212 3168 vhdmp - ok
17:38:36.0243 3168 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
17:38:36.0243 3168 viaide - ok
17:38:36.0274 3168 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
17:38:36.0274 3168 vmbus - ok
17:38:36.0290 3168 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
17:38:36.0290 3168 VMBusHID - ok
17:38:36.0306 3168 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
17:38:36.0306 3168 volmgr - ok
17:38:36.0337 3168 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
17:38:36.0337 3168 volmgrx - ok
17:38:36.0352 3168 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
17:38:36.0368 3168 volsnap - ok
17:38:36.0415 3168 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:38:36.0415 3168 vsmraid - ok
17:38:36.0430 3168 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:38:36.0430 3168 vwifibus - ok
17:38:36.0462 3168 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:38:36.0462 3168 WacomPen - ok
17:38:36.0493 3168 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:38:36.0493 3168 WANARP - ok
17:38:36.0493 3168 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:38:36.0493 3168 Wanarpv6 - ok
17:38:36.0524 3168 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:38:36.0524 3168 Wd - ok
17:38:36.0571 3168 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:38:36.0571 3168 Wdf01000 - ok
17:38:36.0602 3168 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:38:36.0602 3168 WfpLwf - ok
17:38:36.0649 3168 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:38:36.0649 3168 WIMMount - ok
17:38:36.0711 3168 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
17:38:36.0711 3168 WinUsb - ok
17:38:36.0758 3168 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:38:36.0758 3168 WmiAcpi - ok
17:38:36.0805 3168 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:38:36.0805 3168 ws2ifsl - ok
17:38:36.0820 3168 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
17:38:36.0820 3168 WudfPf - ok
17:38:36.0852 3168 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:38:36.0852 3168 WUDFRd - ok
17:38:36.0883 3168 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:38:36.0945 3168 \Device\Harddisk0\DR0 - ok
17:38:36.0945 3168 Boot (0x1200) (1fc2341becc00d09d610a88fc167e453) \Device\Harddisk0\DR0\Partition0
17:38:36.0945 3168 \Device\Harddisk0\DR0\Partition0 - ok
17:38:36.0961 3168 Boot (0x1200) (dcbd7aa55f219ea68d9c46f0925ad754) \Device\Harddisk0\DR0\Partition1
17:38:36.0961 3168 \Device\Harddisk0\DR0\Partition1 - ok
17:38:36.0976 3168 Boot (0x1200) (8c9a843b126339a06b2540aaa6cc9783) \Device\Harddisk0\DR0\Partition2
17:38:36.0976 3168 \Device\Harddisk0\DR0\Partition2 - ok
17:38:36.0976 3168 ============================================================
17:38:36.0976 3168 Scan finished
17:38:36.0976 3168 ============================================================
17:38:36.0992 1168 Detected object count: 0
17:38:36.0992 1168 Actual detected object count: 0
17:38:50.0642 2616 ============================================================
17:38:50.0642 2616 Scan started
17:38:50.0642 2616 Mode: Manual; SigCheck; TDLFS;
17:38:50.0642 2616 ============================================================
17:38:50.0938 2616 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
17:38:51.0032 2616 1394ohci - ok
17:38:51.0048 2616 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
17:38:51.0063 2616 ACPI - ok
17:38:51.0079 2616 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
17:38:51.0110 2616 AcpiPmi - ok
17:38:51.0141 2616 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:38:51.0157 2616 adp94xx - ok
17:38:51.0172 2616 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:38:51.0188 2616 adpahci - ok
17:38:51.0204 2616 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:38:51.0219 2616 adpu320 - ok
17:38:51.0313 2616 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
17:38:51.0360 2616 AFD - ok
17:38:51.0375 2616 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
17:38:51.0391 2616 agp440 - ok
17:38:51.0406 2616 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
17:38:51.0422 2616 aliide - ok
17:38:51.0422 2616 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
17:38:51.0438 2616 amdide - ok
17:38:51.0453 2616 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:38:51.0484 2616 AmdK8 - ok
17:38:51.0500 2616 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:38:51.0531 2616 AmdPPM - ok
17:38:51.0578 2616 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
17:38:51.0594 2616 amdsata - ok
17:38:51.0609 2616 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:38:51.0625 2616 amdsbs - ok
17:38:51.0640 2616 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
17:38:51.0656 2616 amdxata - ok
17:38:51.0672 2616 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
17:38:51.0703 2616 AppID - ok
17:38:51.0718 2616 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:38:51.0734 2616 arc - ok
17:38:51.0750 2616 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:38:51.0765 2616 arcsas - ok
17:38:51.0796 2616 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
17:38:51.0999 2616 aswFsBlk - ok
17:38:52.0030 2616 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
17:38:52.0046 2616 aswMonFlt - ok
17:38:52.0062 2616 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
17:38:52.0062 2616 aswRdr - ok
17:38:52.0093 2616 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
17:38:52.0108 2616 aswSnx - ok
17:38:52.0171 2616 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
17:38:52.0186 2616 aswSP - ok
17:38:52.0202 2616 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
17:38:52.0218 2616 aswTdi - ok
17:38:52.0249 2616 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:38:52.0311 2616 AsyncMac - ok
17:38:52.0327 2616 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
17:38:52.0342 2616 atapi - ok
17:38:52.0498 2616 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
17:38:52.0576 2616 atikmdag - ok
17:38:52.0670 2616 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:38:52.0701 2616 b06bdrv - ok
17:38:52.0717 2616 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:38:52.0748 2616 b57nd60a - ok
17:38:52.0779 2616 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:38:52.0826 2616 Beep - ok
17:38:52.0842 2616 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:38:52.0857 2616 blbdrive - ok
17:38:52.0904 2616 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
17:38:52.0920 2616 bowser - ok
17:38:52.0982 2616 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:38:53.0013 2616 BrFiltLo - ok
17:38:53.0029 2616 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:38:53.0044 2616 BrFiltUp - ok
17:38:53.0060 2616 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:38:53.0091 2616 Brserid - ok
17:38:53.0107 2616 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:38:53.0138 2616 BrSerWdm - ok
17:38:53.0169 2616 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:38:53.0200 2616 BrUsbMdm - ok
17:38:53.0216 2616 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:38:53.0232 2616 BrUsbSer - ok
17:38:53.0310 2616 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:38:53.0341 2616 BTHMODEM - ok
17:38:53.0356 2616 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:38:53.0403 2616 cdfs - ok
17:38:53.0434 2616 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
17:38:53.0450 2616 cdrom - ok
17:38:53.0466 2616 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:38:53.0497 2616 circlass - ok
17:38:53.0528 2616 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:38:53.0544 2616 CLFS - ok
17:38:53.0559 2616 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:38:53.0590 2616 CmBatt - ok
17:38:53.0653 2616 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
17:38:53.0668 2616 cmdide - ok
17:38:53.0684 2616 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
17:38:53.0715 2616 CNG - ok
17:38:53.0731 2616 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:38:53.0746 2616 Compbatt - ok
17:38:53.0762 2616 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:38:53.0778 2616 CompositeBus - ok
17:38:53.0793 2616 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:38:53.0809 2616 crcdisk - ok
17:38:53.0840 2616 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
17:38:53.0871 2616 CSC - ok
17:38:53.0902 2616 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
17:38:53.0934 2616 DfsC - ok
17:38:53.0996 2616 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:38:54.0043 2616 discache - ok
17:38:54.0074 2616 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:38:54.0074 2616 Disk - ok
17:38:54.0105 2616 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:38:54.0136 2616 drmkaud - ok
17:38:54.0183 2616 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
17:38:54.0214 2616 DXGKrnl - ok
17:38:54.0230 2616 e1express (416a2007878ed1d6fc5dddb9e1f6db3e) C:\Windows\system32\DRIVERS\e1e6032e.sys
17:38:54.0261 2616 e1express - ok
17:38:54.0402 2616 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:38:54.0464 2616 ebdrv - ok
17:38:54.0480 2616 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:38:54.0511 2616 elxstor - ok
17:38:54.0526 2616 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
17:38:54.0558 2616 ErrDev - ok
17:38:54.0636 2616 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:38:54.0682 2616 exfat - ok
17:38:54.0698 2616 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:38:54.0729 2616 fastfat - ok
17:38:54.0760 2616 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:38:54.0776 2616 fdc - ok
17:38:54.0807 2616 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:38:54.0807 2616 FileInfo - ok
17:38:54.0823 2616 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:38:54.0870 2616 Filetrace - ok
17:38:54.0901 2616 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:38:54.0901 2616 flpydisk - ok
17:38:54.0932 2616 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
17:38:54.0948 2616 FltMgr - ok
17:38:55.0010 2616 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:38:55.0026 2616 FsDepends - ok
17:38:55.0072 2616 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
17:38:55.0072 2616 fssfltr - ok
17:38:55.0088 2616 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:38:55.0104 2616 Fs_Rec - ok
17:38:55.0150 2616 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:38:55.0166 2616 fvevol - ok
17:38:55.0182 2616 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:38:55.0197 2616 gagp30kx - ok
17:38:55.0228 2616 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:38:55.0244 2616 GEARAspiWDM - ok
17:38:55.0260 2616 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:38:55.0275 2616 hcw85cir - ok
17:38:55.0306 2616 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
17:38:55.0338 2616 HdAudAddService - ok
17:38:55.0400 2616 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:38:55.0431 2616 HDAudBus - ok
17:38:55.0447 2616 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:38:55.0462 2616 HidBatt - ok
17:38:55.0478 2616 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:38:55.0509 2616 HidBth - ok
17:38:55.0525 2616 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:38:55.0540 2616 HidIr - ok
17:38:55.0556 2616 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
17:38:55.0572 2616 HidUsb - ok
17:38:55.0603 2616 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
17:38:55.0603 2616 HpSAMD - ok
17:38:55.0634 2616 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
17:38:55.0681 2616 HTTP - ok
17:38:55.0743 2616 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
17:38:55.0759 2616 hwpolicy - ok
17:38:55.0774 2616 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:38:55.0790 2616 i8042prt - ok
17:38:55.0821 2616 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
17:38:55.0837 2616 iaStorV - ok
17:38:55.0852 2616 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:38:55.0868 2616 iirsp - ok
17:38:55.0884 2616 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
17:38:55.0899 2616 intelide - ok
17:38:55.0930 2616 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:38:55.0946 2616 intelppm - ok
17:38:55.0962 2616 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:38:56.0008 2616 IpFilterDriver - ok
17:38:56.0024 2616 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:38:56.0055 2616 IPMIDRV - ok
17:38:56.0133 2616 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:38:56.0180 2616 IPNAT - ok
17:38:56.0211 2616 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:38:56.0227 2616 IRENUM - ok
17:38:56.0242 2616 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
17:38:56.0258 2616 isapnp - ok
17:38:56.0305 2616 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
17:38:56.0320 2616 iScsiPrt - ok
17:38:56.0336 2616 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:38:56.0352 2616 kbdclass - ok
17:38:56.0367 2616 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
17:38:56.0398 2616 kbdhid - ok
17:38:56.0461 2616 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
17:38:56.0476 2616 KSecDD - ok
17:38:56.0523 2616 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
17:38:56.0539 2616 KSecPkg - ok
17:38:56.0554 2616 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:38:56.0601 2616 ksthunk - ok
17:38:56.0632 2616 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:38:56.0695 2616 lltdio - ok
17:38:56.0710 2616 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:38:56.0726 2616 LSI_FC - ok
17:38:56.0742 2616 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:38:56.0757 2616 LSI_SAS - ok
17:38:56.0820 2616 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:38:56.0835 2616 LSI_SAS2 - ok
17:38:56.0851 2616 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:38:56.0866 2616 LSI_SCSI - ok
17:38:56.0882 2616 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:38:56.0929 2616 luafv - ok
17:38:56.0944 2616 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:38:56.0960 2616 megasas - ok
17:38:56.0991 2616 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:38:57.0007 2616 MegaSR - ok
17:38:57.0038 2616 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:38:57.0069 2616 Modem - ok
17:38:57.0085 2616 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:38:57.0116 2616 monitor - ok
17:38:57.0178 2616 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:38:57.0194 2616 mouclass - ok
17:38:57.0210 2616 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:38:57.0225 2616 mouhid - ok
17:38:57.0241 2616 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
17:38:57.0256 2616 mountmgr - ok
17:38:57.0272 2616 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
17:38:57.0288 2616 mpio - ok
17:38:57.0303 2616 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:38:57.0350 2616 mpsdrv - ok
17:38:57.0366 2616 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
17:38:57.0397 2616 MRxDAV - ok
17:38:57.0428 2616 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:38:57.0444 2616 mrxsmb - ok
17:38:57.0522 2616 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:38:57.0537 2616 mrxsmb10 - ok
17:38:57.0584 2616 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:38:57.0615 2616 mrxsmb20 - ok
17:38:57.0646 2616 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
17:38:57.0662 2616 msahci - ok
17:38:57.0678 2616 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
17:38:57.0693 2616 msdsm - ok
17:38:57.0724 2616 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:38:57.0756 2616 Msfs - ok
17:38:57.0771 2616 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:38:57.0818 2616 mshidkmdf - ok
17:38:57.0865 2616 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
17:38:57.0865 2616 msisadrv - ok
17:38:57.0896 2616 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:38:57.0943 2616 MSKSSRV - ok
17:38:57.0958 2616 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:38:57.0990 2616 MSPCLOCK - ok
17:38:58.0036 2616 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:38:58.0068 2616 MSPQM - ok
17:38:58.0099 2616 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
17:38:58.0114 2616 MsRPC - ok
17:38:58.0130 2616 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:38:58.0146 2616 mssmbios - ok
17:38:58.0161 2616 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:38:58.0224 2616 MSTEE - ok
17:38:58.0255 2616 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:38:58.0286 2616 MTConfig - ok
17:38:58.0302 2616 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:38:58.0317 2616 Mup - ok
17:38:58.0364 2616 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:38:58.0411 2616 NativeWifiP - ok
17:38:58.0442 2616 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
17:38:58.0473 2616 NDIS - ok
17:38:58.0489 2616 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:38:58.0536 2616 NdisCap - ok
17:38:58.0582 2616 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:38:58.0614 2616 NdisTapi - ok
17:38:58.0645 2616 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
17:38:58.0692 2616 Ndisuio - ok
17:38:58.0723 2616 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:38:58.0770 2616 NdisWan - ok
17:38:58.0785 2616 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
17:38:58.0816 2616 NDProxy - ok
17:38:58.0848 2616 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:38:58.0879 2616 NetBIOS - ok
17:38:58.0894 2616 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
17:38:58.0941 2616 NetBT - ok
17:38:58.0988 2616 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:38:59.0004 2616 nfrd960 - ok
17:38:59.0019 2616 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:38:59.0066 2616 Npfs - ok
17:38:59.0097 2616 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:38:59.0144 2616 nsiproxy - ok
17:38:59.0191 2616 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
17:38:59.0222 2616 Ntfs - ok
17:38:59.0253 2616 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:38:59.0300 2616 Null - ok
17:38:59.0347 2616 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
17:38:59.0362 2616 nvraid - ok
17:38:59.0362 2616 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
17:38:59.0378 2616 nvstor - ok
17:38:59.0409 2616 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
17:38:59.0425 2616 nv_agp - ok
17:38:59.0456 2616 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
17:38:59.0472 2616 ohci1394 - ok
17:38:59.0487 2616 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:38:59.0503 2616 Parport - ok
17:38:59.0518 2616 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
17:38:59.0534 2616 partmgr - ok
17:38:59.0550 2616 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
17:38:59.0565 2616 pci - ok
17:38:59.0581 2616 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
17:38:59.0596 2616 pciide - ok
17:38:59.0628 2616 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:38:59.0643 2616 pcmcia - ok
17:38:59.0674 2616 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:38:59.0690 2616 pcw - ok
17:38:59.0706 2616 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:38:59.0752 2616 PEAUTH - ok
17:38:59.0815 2616 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
17:38:59.0862 2616 PptpMiniport - ok
17:38:59.0877 2616 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:38:59.0908 2616 Processor - ok
17:38:59.0924 2616 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
17:38:59.0971 2616 Psched - ok
17:39:00.0033 2616 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:39:00.0064 2616 ql2300 - ok
17:39:00.0111 2616 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:39:00.0127 2616 ql40xx - ok
17:39:00.0158 2616 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:39:00.0189 2616 QWAVEdrv - ok
17:39:00.0205 2616 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:39:00.0252 2616 RasAcd - ok
17:39:00.0267 2616 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:39:00.0298 2616 RasAgileVpn - ok
17:39:00.0314 2616 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:39:00.0345 2616 Rasl2tp - ok
17:39:00.0376 2616 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:39:00.0423 2616 RasPppoe - ok
17:39:00.0439 2616 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:39:00.0486 2616 RasSstp - ok
17:39:00.0532 2616 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
17:39:00.0595 2616 rdbss - ok
17:39:00.0610 2616 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:39:00.0626 2616 rdpbus - ok
17:39:00.0642 2616 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:39:00.0688 2616 RDPCDD - ok
17:39:00.0704 2616 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
17:39:00.0735 2616 RDPDR - ok
17:39:00.0751 2616 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:39:00.0798 2616 RDPENCDD - ok
17:39:00.0813 2616 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:39:00.0860 2616 RDPREFMP - ok
17:39:00.0907 2616 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
17:39:00.0954 2616 RDPWD - ok
17:39:00.0985 2616 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
17:39:01.0000 2616 rdyboost - ok
17:39:01.0016 2616 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:39:01.0063 2616 rspndr - ok
17:39:01.0094 2616 RTL8187 (a48b769dec76629bd1a021d33c257b17) C:\Windows\system32\DRIVERS\wg111v2.sys
17:39:01.0110 2616 RTL8187 - ok
17:39:01.0156 2616 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
17:39:01.0188 2616 s3cap - ok
17:39:01.0234 2616 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
17:39:01.0250 2616 sbp2port - ok
17:39:01.0281 2616 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
17:39:01.0328 2616 scfilter - ok
17:39:01.0359 2616 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:39:01.0406 2616 secdrv - ok
17:39:01.0437 2616 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:39:01.0453 2616 Serenum - ok
17:39:01.0468 2616 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:39:01.0484 2616 Serial - ok
17:39:01.0500 2616 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:39:01.0515 2616 sermouse - ok
17:39:01.0562 2616 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
17:39:01.0578 2616 sffdisk - ok
17:39:01.0640 2616 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:39:01.0671 2616 sffp_mmc - ok
17:39:01.0687 2616 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:39:01.0718 2616 sffp_sd - ok
17:39:01.0734 2616 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:39:01.0749 2616 sfloppy - ok
17:39:01.0765 2616 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:39:01.0780 2616 SiSRaid2 - ok
17:39:01.0796 2616 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:39:01.0812 2616 SiSRaid4 - ok
17:39:01.0843 2616 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:39:01.0890 2616 Smb - ok
17:39:01.0905 2616 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:39:01.0921 2616 spldr - ok
17:39:02.0014 2616 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
17:39:02.0030 2616 srv - ok
17:39:02.0061 2616 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
17:39:02.0077 2616 srv2 - ok
17:39:02.0108 2616 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
17:39:02.0139 2616 srvnet - ok
17:39:02.0170 2616 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:39:02.0186 2616 stexstor - ok
17:39:02.0217 2616 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
17:39:02.0233 2616 storflt - ok
17:39:02.0248 2616 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
17:39:02.0264 2616 storvsc - ok
17:39:02.0311 2616 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:39:02.0326 2616 swenum - ok
17:39:02.0404 2616 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
17:39:02.0451 2616 Tcpip - ok
17:39:02.0482 2616 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
17:39:02.0514 2616 TCPIP6 - ok
17:39:02.0529 2616 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
17:39:02.0576 2616 tcpipreg - ok
17:39:02.0607 2616 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:39:02.0638 2616 TDPIPE - ok
17:39:02.0685 2616 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:39:02.0716 2616 TDTCP - ok
17:39:02.0763 2616 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
17:39:02.0810 2616 tdx - ok
17:39:02.0826 2616 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
17:39:02.0841 2616 TermDD - ok
17:39:02.0872 2616 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:39:02.0919 2616 tssecsrv - ok
17:39:02.0935 2616 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
17:39:02.0997 2616 tunnel - ok
17:39:03.0013 2616 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:39:03.0028 2616 uagp35 - ok
17:39:03.0060 2616 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
17:39:03.0122 2616 udfs - ok
17:39:03.0169 2616 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
17:39:03.0184 2616 uliagpkx - ok
17:39:03.0216 2616 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
17:39:03.0231 2616 umbus - ok
17:39:03.0262 2616 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:39:03.0294 2616 UmPass - ok
17:39:03.0372 2616 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
17:39:03.0387 2616 USBAAPL64 - ok
17:39:03.0403 2616 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
17:39:03.0434 2616 usbccgp - ok
17:39:03.0465 2616 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
17:39:03.0496 2616 usbcir - ok
17:39:03.0512 2616 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
17:39:03.0528 2616 usbehci - ok
17:39:03.0559 2616 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
17:39:03.0574 2616 usbhub - ok
17:39:03.0590 2616 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
17:39:03.0606 2616 usbohci - ok
17:39:03.0652 2616 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:39:03.0668 2616 usbprint - ok
17:39:03.0699 2616 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:39:03.0730 2616 usbscan - ok
17:39:03.0746 2616 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:39:03.0777 2616 USBSTOR - ok
17:39:03.0793 2616 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
17:39:03.0808 2616 usbuhci - ok
17:39:03.0824 2616 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
17:39:03.0840 2616 vdrvroot - ok
17:39:03.0886 2616 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:39:03.0902 2616 vga - ok
17:39:03.0918 2616 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:39:03.0949 2616 VgaSave - ok
17:39:04.0011 2616 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
17:39:04.0027 2616 vhdmp - ok
17:39:04.0042 2616 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
17:39:04.0058 2616 viaide - ok
17:39:04.0074 2616 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
17:39:04.0089 2616 vmbus - ok
17:39:04.0105 2616 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
17:39:04.0136 2616 VMBusHID - ok
17:39:04.0167 2616 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
17:39:04.0183 2616 volmgr - ok
17:39:04.0198 2616 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
17:39:04.0214 2616 volmgrx - ok
17:39:04.0245 2616 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
17:39:04.0261 2616 volsnap - ok
17:39:04.0308 2616 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:39:04.0323 2616 vsmraid - ok
17:39:04.0339 2616 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:39:04.0370 2616 vwifibus - ok
17:39:04.0386 2616 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:39:04.0401 2616 WacomPen - ok
17:39:04.0417 2616 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:39:04.0479 2616 WANARP - ok
17:39:04.0479 2616 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:39:04.0526 2616 Wanarpv6 - ok
17:39:04.0557 2616 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:39:04.0557 2616 Wd - ok
17:39:04.0604 2616 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:39:04.0620 2616 Wdf01000 - ok
17:39:04.0682 2616 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:39:04.0713 2616 WfpLwf - ok
17:39:04.0744 2616 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:39:04.0760 2616 WIMMount - ok
17:39:04.0791 2616 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
17:39:04.0822 2616 WinUsb - ok
17:39:04.0838 2616 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:39:04.0869 2616 WmiAcpi - ok
17:39:04.0900 2616 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:39:04.0963 2616 ws2ifsl - ok
17:39:04.0994 2616 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
17:39:05.0041 2616 WudfPf - ok
17:39:05.0166 2616 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:39:05.0212 2616 WUDFRd - ok
17:39:05.0228 2616 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:39:05.0306 2616 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:39:05.0306 2616 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:39:05.0306 2616 Boot (0x1200) (1fc2341becc00d09d610a88fc167e453) \Device\Harddisk0\DR0\Partition0
17:39:05.0306 2616 \Device\Harddisk0\DR0\Partition0 - ok
17:39:05.0322 2616 Boot (0x1200) (dcbd7aa55f219ea68d9c46f0925ad754) \Device\Harddisk0\DR0\Partition1
17:39:05.0322 2616 \Device\Harddisk0\DR0\Partition1 - ok
17:39:05.0337 2616 Boot (0x1200) (8c9a843b126339a06b2540aaa6cc9783) \Device\Harddisk0\DR0\Partition2
17:39:05.0337 2616 \Device\Harddisk0\DR0\Partition2 - ok
17:39:05.0337 2616 ============================================================
17:39:05.0337 2616 Scan finished
17:39:05.0337 2616 ============================================================
17:39:05.0353 3268 Detected object count: 1
17:39:05.0353 3268 Actual detected object count: 1
17:39:09.0487 3268 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
17:39:09.0487 3268 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
17:39:13.0543 3268 \Device\Harddisk0\DR0\TDLFS\tdlwsp.dll - copied to quarantine
17:39:13.0590 3268 \Device\Harddisk0\DR0\TDLFS - deleted
17:39:13.0590 3268 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
17:39:31.0898 2964 Deinitialize success


MBAM

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.12.04

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Stevie :: STEVIE-PC [administrator]

12/02/2012 17:42:01
mbam-log-2012-02-12 (17-42-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201297
Time elapsed: 3 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)







aswMBR log;

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-12 17:48:11
-----------------------------
17:48:11.281 OS Version: Windows x64 6.1.7600
17:48:11.281 Number of processors: 2 586 0xF0B
17:48:11.282 ComputerName: STEVIE-PC UserName: Stevie
17:48:11.745 Initialize success
17:48:11.982 AVAST engine defs: 12021200
17:48:14.420 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:48:14.422 Disk 0 Vendor: Hitachi_HDT725032VLA360 V54OA73A Size: 305245MB BusType: 3
17:48:14.446 Disk 0 MBR read successfully
17:48:14.448 Disk 0 MBR scan
17:48:14.451 Disk 0 Windows 7 default MBR code
17:48:14.460 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 112640
17:48:14.473 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 62000 MB offset 317440
17:48:14.495 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 243089 MB offset 127293440
17:48:14.525 Disk 0 Partition 4 00 17 Hidd HPFS/NTFS NTFS 1 MB offset 625139712
17:48:14.555 Disk 0 Partition 4 **INFECTED** MBR:Alureon-K [Rtk]
17:48:14.559 Service scanning
17:48:16.136 Modules scanning
17:48:16.140 Disk 0 trace - called modules:
17:48:16.162 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:48:16.167 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80036e5700]
17:48:16.172 3 CLASSPNP.SYS[fffff8800188943f] -> nt!IofCallDriver -> [0xfffffa80031bf520]
17:48:16.185 5 ACPI.sys[fffff88000f2c781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80031bb680]
17:48:16.473 AVAST engine scan C:\Windows
17:48:17.984 AVAST engine scan C:\Windows\system32
17:50:27.493 AVAST engine scan C:\Windows\system32\drivers
17:50:34.543 AVAST engine scan C:\Users\Stevie
17:57:15.208 AVAST engine scan C:\ProgramData
17:58:44.727 Scan finished successfully
17:59:39.833 Disk 0 MBR has been saved successfully to "C:\Users\Stevie\Desktop\MBR.dat"
17:59:39.838 The log file has been saved successfully to "C:\Users\Stevie\Desktop\aswMBR.txt"
18:00:18.613 Disk 0 MBR has been saved successfully to "C:\Users\Stevie\Desktop\MBR.dat"
18:00:18.618 The log file has been saved successfully to "C:\Users\Stevie\Desktop\aswMBR.txt"
18:01:16.326 Disk 0 MBR has been saved successfully to "C:\Users\Stevie\Documents\MBR.dat"
18:01:16.332 The log file has been saved successfully to "C:\Users\Stevie\Documents\aswMBR.txt"

Edited by 750steve, 12 February 2012 - 12:02 PM.

  • 0

#20
oldman960
Posted 12 February 2012 - 01:09 PM

oldman960

    Trusted Helper

  • Malware Removal
  • 123 posts
Hi 750steve,

uTorrent isn't exactly a site, it's a program that can be used to download files from other peoples computer. The hosting site contains links to whatever file you are looking for. Since these links can lead to almost anything or anywhere, you do not know for sure where the download is coming from. File names can be changed so on the surface it may seem to be what you want but in reality it can be a nasty infection. If your AV doesn't catch it, you end up here.


One more trip with xPUD. Attach the usb device you where using.

  • Boot into xPUD then click the File tab.
  • Press File
  • Expand mnt
  • Click on the folder under mnt that represents your USB drive (sdb1 ?)
  • You should see the tdl_fix.sh file in the main window.
  • Select Tool from the Menu
  • Choose Open Terminal
  • Type bash tdl_fix.sh -delete then press Enter.
  • ** Make sure to leave a space to either side of tdl_fix.sh in the command.
  • You should be notified of a hidden partition found and prompted to delete it.
  • Type y then press Enter.
  • The script will complete and prompt you to reboot the computer.
  • Close the Terminal window and restart back into Windows.
  • Post the contents of the tdl_delete.txt file that was created on your flash drive.

The computer should boot normally. If for some reason it doesn't use the F10 method first. If you still have problems follow the steps below.

Note - in the event there is a problem booting the computer normally after running the script, run the tdl_fix.sh script again using the following command.

bash tdl_fix.sh -restore

Make sure to leave a space to either side of tdl_fix.sh in the command.
This will prompt you to use the file tdl_mbr_sda.bin on drive sda.
Ok the procedure then restart when complete.




Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean



One more scan to check for stragglers.

As a Vista/Win7 user you will need to right click your browser icon and select "Run as Administrator" in order to run this scan.
  • Do not use this instance of your browser for anything besides doing this scan
  • When the scan is complete and the results saved, close that instance of your browser
  • Open a new one the usual way and post the results in this topic.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


Go here to run an online scannner from
ESET

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.


Please post back with
  • tdl_delete.txt
  • Eset log if there was one.

Computer still behaving?

Any more Avast warnings?
  • 0

#21
750steve
Posted 12 February 2012 - 01:57 PM

750steve

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
When i powered off the PC to boot from CD & then power back on the F2 option for the bios & the F12 option for the boot menu is there but the keys will not function to use them, same as before. I have powered off on the PC AND from the mains but i cannot get into the boot menu

Edited by 750steve, 12 February 2012 - 01:57 PM.

  • 0

#22
750steve
Posted 12 February 2012 - 02:09 PM

750steve

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Into boot menu now, posting fron the laptop. Seems very random about letting me into the boot menu!!
  • 0

#23
750steve
Posted 12 February 2012 - 02:45 PM

750steve

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Oldman,here is the tdl_delete file report

2012-02-12-20:12:47

using tdl_delete_sda.bin

Model: ATA Hitachi HDT72503 (scsi)
Disk /dev/sda: 320GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos

Number Start End Size Type File system Flags
1 57.7MB 163MB 105MB primary ntfs boot
2 163MB 65.2GB 65.0GB primary ntfs
3 65.2GB 320GB 255GB primary ntfs
4 320GB 320GB 1393kB primary ntfs hidden

Hidden partition found on sda
sda4 is hidden
Deleting partition 4 on drive sda

Model: ATA Hitachi HDT72503 (scsi)
Disk /dev/sda: 320GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos

Number Start End Size Type File system Flags
1 57.7MB 163MB 105MB primary ntfs boot
2 163MB 65.2GB 65.0GB primary ntfs
3 65.2GB 320GB 255GB primary ntfs

No hidden partition on sdb

ESET Report

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Adware.Toolbar.Dealio application
C:\Users\Stevie\AppData\Local\Babylon\Setup\Setup.exe Win32/Toolbar.Babylon application
C:\Users\Stevie\AppData\Local\Temp\5DD4800A-BAB0-7891-8ABC-B0F45B3E12D2\MyBabylonTB.exe Win32/Toolbar.Babylon application
C:\Users\Stevie\AppData\Local\Temp\5DD4800A-BAB0-7891-8ABC-B0F45B3E12D2\Setup.exe Win32/Toolbar.Babylon application
C:\Users\Stevie\AppData\Local\Temp\is1972027439\MyBabylonTB.exe Win32/Toolbar.Babylon application
C:\Users\Stevie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\2354bc59-76a2ce57 multiple threats
C:\Users\Stevie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\6064a35c-38c8a0f1 a variant of Java/TrojanDownloader.OpenConnection.AQ trojan
C:\Users\Stevie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\1cb50536-36cae38c Java/Agent.DJ trojan
C:\Users\Stevie\Desktop\YouTubeDownloaderSetup272.exe a variant of Win32/Toolbar.Widgi application
C:\Users\Stevie\Downloads\YouTubeDownloaderSetup33.exe a variant of Win32/Toolbar.Widgi application
C:\Users\Stevie\Downloads\Microsoft Office 2007 Complete Third Edition\MS Office 2007.iso probably a variant of Win32/Agent.FGHQVIS trojan

Edited by 750steve, 12 February 2012 - 03:49 PM.

  • 0

#24
oldman960
Posted 13 February 2012 - 10:36 AM

oldman960

    Trusted Helper

  • Malware Removal
  • 123 posts
Hi 750steve,

Most of the detections are related to some toolbars you have or had installed.

C:\Users\Stevie\AppData\Local\Babylon\Setup\Setup.exe Win32/Toolbar.Babylon application
C:\Users\Stevie\AppData\Local\Temp\5DD4800A-BAB0-7891-8ABC-B0F45B3E12D2\MyBabylonTB.exe Win32/Toolbar.Babylon application
C:\Users\Stevie\AppData\Local\Temp\5DD4800A-BAB0-7891-8ABC-B0F45B3E12D2\Setup.exe Win32/Toolbar.Babylon application
C:\Users\Stevie\AppData\Local\Temp\is1972027439\MyBabylonTB.exe Win32/Toolbar.Babylon application

These are related to the Babylon Toolbar. I don't see it installed but do see some components. Is this something you had and uninstalled?

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Adware.Toolbar.Dealio application
C:\Users\Stevie\Desktop\YouTubeDownloaderSetup272.exe a variant of Win32/Toolbar.Widgi application
C:\Users\Stevie\Downloads\YouTubeDownloaderSetup33.exe a variant of Win32/Toolbar.Widgi application

This is the Widgi toolbar. 2 of the detections are in the setup files for YouTube Downloader so they are probably just bundled with thos programs.

Let me know about the toolbars if they are remnants we can clean that up along with the old java exploits. We'll clean up the tools after you post back.
  • 0

#25
750steve
Posted 13 February 2012 - 10:49 AM

750steve

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Hi again Oldman. I tried to get rid of that toolbar a while ago but couldn't remove all of it for some reason. I think my wife accidentally downloaded something that installed it cos it certainly wasn't me, i'd be glad to get rid of it. All i use is Firefox.

C:\Users\Stevie\Downloads\Microsoft Office 2007 Complete Third Edition\MS Office 2007.iso probably a variant of Win32/Agent.FGHQVIS trojan


^^^ I have deleted this from its folder & emptied the recycle bin.
  • 0

Advertisements

#26
oldman960
Posted 14 February 2012 - 05:37 AM

oldman960

    Trusted Helper

  • Malware Removal
  • 123 posts
Hi 750steve,

Next, Right click on OTL.exe and chose Run as Administrator to run it
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :

:Services

:OTL
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&mntrId=e24b061c00000000000000184d625dca&tlver=1.4.35.10&instlRef=sst&affID=100474&q="
[2011/09/01 21:59:00 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Stevie\AppData\Roaming\Mozilla\Firefox\Profiles\ddhh1c2n.default\extensions\[email protected]
[2011/09/01 21:58:54 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
[2011/09/01 21:58:53 | 000,000,000 | ---D | M] -- C:\Users\Stevie\AppData\Roaming\Babylon
:Files
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5
C:\Users\Stevie\AppData\Local\Babylon
C:\Users\Stevie\AppData\Local\Temp\5DD4800A-BAB0-7891-8ABC-B0F45B3E12D2\MyBabylonTB.exe 
C:\Users\Stevie\AppData\Local\Temp\5DD4800A-BAB0-7891-8ABC-B0F45B3E12D2\Setup.exe
C:\Users\Stevie\AppData\Local\Temp\is1972027439\MyBabylonTB.exe
C:\Users\Stevie\Desktop\YouTubeDownloaderSetup272.exe
C:\Users\Stevie\Downloads\YouTubeDownloaderSetup33.exe
C:\Users\Stevie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\2354bc59-76a2ce57
C:\Users\Stevie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\6064a35c-38c8a0f1
C:\Users\Stevie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\1cb50536-36cae38c

:Commands
[emptytemp]
[createrestorepoint]

Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.

Everything still ok?
  • 0

#27
750steve
Posted 14 February 2012 - 05:57 AM

750steve

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Thank you Oldman, im on work again so it'll be about 8 hours until i get to do this.


Do Not copy the word CODE

^^^^^^ Where is that word anyway??


& I Copy & Paste EVERYTHING thats in this quote below?

:Services

:OTL
FF - prefs.js..keyword.URL: "http://search.babylo...ffID=100474&q="
[2011/09/01 21:59:00 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Stevie\AppData\Roaming\Mozilla\Firefox\Profiles\ddhh1c2n.default\extensions\[email protected]
[2011/09/01 21:58:54 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
[2011/09/01 21:58:53 | 000,000,000 | ---D | M] -- C:\Users\Stevie\AppData\Roaming\Babylon
:Files
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5
C:\Users\Stevie\AppData\Local\Babylon
C:\Users\Stevie\AppData\Local\Temp\5DD4800A-BAB0-7891-8ABC-B0F45B3E12D2\MyBabylonTB.exe
C:\Users\Stevie\AppData\Local\Temp\5DD4800A-BAB0-7891-8ABC-B0F45B3E12D2\Setup.exe
C:\Users\Stevie\AppData\Local\Temp\is1972027439\MyBabylonTB.exe
C:\Users\Stevie\Desktop\YouTubeDownloaderSetup272.exe
C:\Users\Stevie\Downloads\YouTubeDownloaderSetup33.exe
C:\Users\Stevie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\2354bc59-76a2ce57
C:\Users\Stevie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\6064a35c-38c8a0f1
C:\Users\Stevie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\1cb50536-36cae38c

:Commands
[emptytemp]
[createrestorepoint]


Edited by 750steve, 14 February 2012 - 05:57 AM.

  • 0

#28
oldman960
Posted 14 February 2012 - 10:20 AM

oldman960

    Trusted Helper

  • Malware Removal
  • 123 posts
Hi 750steve,

I see the forum software works a bit differently on this forum than on others. Usually the word code appears at the top of the box just as the word quote does when you use a quote box.. If copied it can cause a fix to fail as the tool doesn't know what to do with it. In case you are wondering, we use code boxes because forum software will not alter anything in the code box. ;)


Yes copy and paste all the text in the box.
  • 0

#29
750steve
Posted 14 February 2012 - 05:19 PM

750steve

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Hello Oldman, i ran the fix & it completed, it asked me to reboot & i selected 'yes' but did not reboot so got no log file. I disabled my antivirus (without surfing) & ran the fix again, this time it did reboot

Here is the log file
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Prefs.js: "http://search.babylo...ffID=100474&q=" removed from keyword.URL
C:\Users\Stevie\AppData\Roaming\Mozilla\Firefox\Profiles\ddhh1c2n.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\Stevie\AppData\Roaming\Mozilla\Firefox\Profiles\ddhh1c2n.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\Stevie\AppData\Roaming\Mozilla\Firefox\Profiles\ddhh1c2n.default\extensions\[email protected]\content\imgs\mnRadio folder moved successfully.
C:\Users\Stevie\AppData\Roaming\Mozilla\Firefox\Profiles\ddhh1c2n.default\extensions\[email protected]\content\imgs\flgs folder moved successfully.
C:\Users\Stevie\AppData\Roaming\Mozilla\Firefox\Profiles\ddhh1c2n.default\extensions\[email protected]\content\imgs folder moved successfully.
C:\Users\Stevie\AppData\Roaming\Mozilla\Firefox\Profiles\ddhh1c2n.default\extensions\[email protected]\content folder moved successfully.
C:\Users\Stevie\AppData\Roaming\Mozilla\Firefox\Profiles\ddhh1c2n.default\extensions\[email protected]\components folder moved successfully.
C:\Users\Stevie\AppData\Roaming\Mozilla\Firefox\Profiles\ddhh1c2n.default\extensions\[email protected] folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
C:\Users\Stevie\AppData\Roaming\Babylon folder moved successfully.
========== FILES ==========
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 moved successfully.
C:\Users\Stevie\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Users\Stevie\AppData\Local\Babylon\Setup folder moved successfully.
C:\Users\Stevie\AppData\Local\Babylon folder moved successfully.
C:\Users\Stevie\AppData\Local\Temp\5DD4800A-BAB0-7891-8ABC-B0F45B3E12D2\MyBabylonTB.exe moved successfully.
C:\Users\Stevie\AppData\Local\Temp\5DD4800A-BAB0-7891-8ABC-B0F45B3E12D2\Setup.exe moved successfully.
C:\Users\Stevie\AppData\Local\Temp\is1972027439\MyBabylonTB.exe moved successfully.
C:\Users\Stevie\Desktop\YouTubeDownloaderSetup272.exe moved successfully.
C:\Users\Stevie\Downloads\YouTubeDownloaderSetup33.exe moved successfully.
C:\Users\Stevie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\2354bc59-76a2ce57 moved successfully.
C:\Users\Stevie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\6064a35c-38c8a0f1 moved successfully.
C:\Users\Stevie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\1cb50536-36cae38c moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Marissa
->Temp folder emptied: 155755 bytes
->Temporary Internet Files folder emptied: 21426110 bytes
->Java cache emptied: 61012 bytes
->FireFox cache emptied: 390139705 bytes
->Flash cache emptied: 94963 bytes

User: Public

User: Stevie
->Temp folder emptied: 124495506 bytes
->Temporary Internet Files folder emptied: 372764390 bytes
->Java cache emptied: 1868592 bytes
->FireFox cache emptied: 55214999 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 8328677 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 57097195 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes
RecycleBin emptied: 85584 bytes

Total Files Cleaned = 984.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 02142012_223522

Files\Folders moved on Reboot...
C:\Users\Stevie\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
  • 0

#30
oldman960
Posted 15 February 2012 - 12:32 PM

oldman960

    Trusted Helper

  • Malware Removal
  • 123 posts
Hi 750steve,

I tried getting back sooner, sorry about that. Everything looks good from here. Any problems?

We seem to be at opposite times. Just got home and time to sleep. I'll post the cleanup instructions when I get up in a few hours.

Thanks for your patience.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP