Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Started as redirect virus, now worse

This is a discussion on Started as redirect virus, now worse within the Resolved HJT Threads forums, part of the Tech Support Forum category. I first noticed that I had a redirect virus on the computer and tried to fix it myself with anti-virus/spyware


 
 
Thread Tools Search this Thread
Old 02-29-2012, 02:56 PM   #1
Registered Member
 
Join Date: Feb 2012
Posts: 18
OS: Windows 7



I first noticed that I had a redirect virus on the computer and tried to fix it myself with anti-virus/spyware programs. After several weeks and no progress, my entire system crashed and I could not log int Windows. I do not have the disks, but I was able to reinstall Windws from the company I purched the computer by using F3. I wiped the computer clean, or so I thought. I decided to use Avast antivirus instead of AVG (what I was using before) and every couple of minutes there is a new threat detected from malicious URL's. The addresses on the websites appear to be colleges, insurance, and credit card companies, but Avast shows them globalroot / systemroot / svchost. I also had to stop using google completely because Avast was blocking everything. I am now using Avant browser which helps a ittle, but I'm still being attacked left and right.

Here is the DDS File:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by colortyme at 11:16:52 on 2012-02-29
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.915 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\CNGKeyLock.exe
C:\Windows\system32\servicescache.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\WUDFHost.exe
-netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Avant Browser\avant.exe
C:\Program Files (x86)\Avant Browser\adownloader.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Avant Browser\ybrowser.exe
C:\Program Files (x86)\Avant Browser\ybrowser.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.startpage.com/eng/
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [AROReminder]
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{764273A9-6AD7-46E9-BE54-B87FB2A31B85} : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]
R1 aswKbd;aswKbd;C:\Windows\system32\drivers\aswKbd.sys --> C:\Windows\system32\drivers\aswKbd.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-10 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-2-28 44768]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2012-2-28 131288]
R2 CNGKeyLock;CNG Key Isolation Service;system32\CNGKeyLock.exe --> system32\CNGKeyLock.exe [?]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-6 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-11-3 92216]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 systemCheck;SystemWindows;system32\servicescache.exe --> system32\servicescache.exe [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R4 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
S2 MicrosoftHardwareDriver;MicrosoftHardwareDriver;system32\sysDriverHardWare.exe --> system32\sysDriverHardWare.exe [?]
S2 SysCacheDriver;SysCacheDriver;system32\sysSecurityCheck.exe --> system32\sysSecurityCheck.exe [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-02-29 13:56:25 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{457D63C8-EAD4-4EB3-857A-EA1D7EAB7381}\mpengine.dll
2012-02-29 01:50:44 162664 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-29 01:41:24 141144 ----a-w- C:\Windows\System32\drivers\aswFW.sys
2012-02-29 01:40:09 258904 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
2012-02-29 01:40:08 28504 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2012-02-29 01:39:41 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys
2012-02-29 01:28:56 -------- d-----w- C:\Users\colortyme\AppData\Roaming\Avant Downloader
2012-02-29 01:28:52 -------- d-----w- C:\Users\colortyme\AppData\Roaming\Avant Profiles
2012-02-29 01:28:28 -------- d-----w- C:\Program Files (x86)\Avant Browser
2012-02-28 12:37:30 -------- d-----w- C:\Program Files (x86)\Ask.com
2012-02-28 12:36:17 -------- d-----w- C:\Program Files (x86)\ARO 2012
2012-02-28 11:50:17 -------- d-----w- C:\Users\colortyme\AppData\Local\Google
2012-02-28 11:49:55 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-02-28 11:49:52 817496 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-02-28 11:49:45 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-02-28 11:48:48 41184 ----a-w- C:\Windows\avastSS.scr
2012-02-28 11:48:18 -------- d-----w- C:\ProgramData\AVAST Software
2012-02-28 11:48:18 -------- d-----w- C:\Program Files\AVAST Software
2012-02-28 11:44:04 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-02-28 11:43:51 -------- d--h--w- C:\ProgramData\Common Files
2012-02-28 11:36:39 -------- d-----w- C:\Program Files (x86)\AVG
2012-02-28 11:32:07 -------- d-----w- C:\ProgramData\MFAData
2012-02-28 11:02:49 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-28 11:02:28 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BF6B12C6-B24E-481B-90C1-0170C6FD79C6}\gapaengine.dll
2012-02-28 11:02:25 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-28 10:14:47 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-28 10:14:30 -------- d-----w- C:\Users\colortyme\AppData\Local\Temp
2012-02-28 08:21:36 -------- d-----w- C:\Recovery
2012-02-28 03:43:48 20480 ----a-w- C:\Windows\svchost.exe
.
==================== Find3M ====================
.
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2011-06-03 20:46:18 405504 --sha-r- C:\Windows\System32\vshadow.exe
2011-06-03 20:46:22 364032 --sha-r- C:\Windows\System32\vshadowamd64.exe
2011-06-03 20:46:20 352256 --sha-r- C:\Windows\System32\vshadowXP.exe
.
============= FINISH: 11:18:36.32 ===============
Attached Files
File Type: zip Attach.zip (3.8 KB, 28 views)
ladyliberty is offline  
Sponsored Links
Advertisement
 
Old 03-03-2012, 08:21 AM   #2
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Download TDSSKiller.exe to your desktop
https://support.kaspersky.com/downloa...tdsskiller.exe
Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, select Skip by changing the default Cure selection at the upper right
Once complete, a log will be produced at the root drive which is typically C:\
For example, C:\TDSSKiller.2.7.17.0_date_time_log.txt
Attach that log, please.

Please download aswMBR.exe and save it to your desktop.
https://public.avast.com/~gmerek/aswMBR.exe

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)

Allow it to download the definitions from the internet.

Click Scan

* Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
* You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 03-04-2012, 01:36 PM   #3
Registered Member
 
Join Date: Feb 2012
Posts: 18
OS: Windows 7



Thank you!

The Kaspersky log:
15:01:38.0747 7052 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
15:01:39.0133 7052 ============================================================
15:01:39.0133 7052 Current date / time: 2012/03/04 15:01:39.0133
15:01:39.0133 7052 SystemInfo:
15:01:39.0133 7052
15:01:39.0133 7052 OS Version: 6.1.7600 ServicePack: 0.0
15:01:39.0133 7052 Product type: Workstation
15:01:39.0133 7052 ComputerName: COLORTYME-HP
15:01:39.0134 7052 UserName: colortyme
15:01:39.0134 7052 Windows directory: C:\Windows
15:01:39.0134 7052 System windows directory: C:\Windows
15:01:39.0134 7052 Running under WOW64
15:01:39.0134 7052 Processor architecture: Intel x64
15:01:39.0134 7052 Number of processors: 2
15:01:39.0134 7052 Page size: 0x1000
15:01:39.0134 7052 Boot type: Normal boot
15:01:39.0134 7052 ============================================================
15:01:40.0470 7052 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:01:40.0478 7052 Drive \Device\Harddisk1\DR1 - Size: 0x75E00000 (1.84 Gb), SectorSize: 0x200, Cylinders: 0xF0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:01:40.0480 7052 \Device\Harddisk0\DR0:
15:01:40.0480 7052 MBR used
15:01:40.0480 7052 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
15:01:40.0480 7052 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x386B1000
15:01:40.0480 7052 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
15:01:40.0480 7052 \Device\Harddisk1\DR1:
15:01:40.0481 7052 MBR used
15:01:40.0481 7052 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x87, BlocksNum 0x3AE039
15:01:40.0525 7052 Initialize success
15:01:40.0525 7052 ============================================================
15:01:45.0338 5668 ============================================================
15:01:45.0338 5668 Scan started
15:01:45.0338 5668 Mode: Manual;
15:01:45.0339 5668 ============================================================
15:01:47.0573 5668 Suspicious service (NoAccess): .Net bKernelMain
15:01:48.0170 5668 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
15:01:48.0172 5668 1394ohci - ok
15:01:48.0723 5668 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
15:01:48.0726 5668 ACPI - ok
15:01:49.0284 5668 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
15:01:49.0285 5668 AcpiPmi - ok
15:01:50.0279 5668 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:01:50.0282 5668 adp94xx - ok
15:01:51.0240 5668 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:01:51.0247 5668 adpahci - ok
15:01:51.0761 5668 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:01:51.0766 5668 adpu320 - ok
15:01:52.0484 5668 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
15:01:52.0488 5668 AFD - ok
15:01:53.0133 5668 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
15:01:53.0134 5668 agp440 - ok
15:01:53.0625 5668 akerneldrv - ok
15:01:54.0333 5668 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
15:01:54.0334 5668 aliide - ok
15:01:55.0090 5668 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
15:01:55.0091 5668 amdide - ok
15:01:55.0718 5668 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
15:01:55.0719 5668 amdiox64 - ok
15:01:57.0041 5668 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:01:57.0044 5668 AmdK8 - ok
15:01:57.0761 5668 amdkmdag (98e20c5a39fea1920031d3850004b334) C:\Windows\system32\DRIVERS\atikmdag.sys
15:01:57.0818 5668 amdkmdag - ok
15:01:58.0387 5668 amdkmdap (8624dc7b8d22daf28f5438735095f6c4) C:\Windows\system32\DRIVERS\atikmpag.sys
15:01:58.0390 5668 amdkmdap - ok
15:01:58.0894 5668 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:01:58.0897 5668 AmdPPM - ok
15:01:59.0523 5668 amdsata (ab3166c09438a161fbde13099a72e0af) C:\Windows\system32\DRIVERS\amdsata.sys
15:01:59.0524 5668 amdsata - ok
15:02:00.0049 5668 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:02:00.0051 5668 amdsbs - ok
15:02:00.0676 5668 amdxata (5118dcd2065d8c8d752ad5ec0b2d6aa6) C:\Windows\system32\DRIVERS\amdxata.sys
15:02:00.0678 5668 amdxata - ok
15:02:01.0415 5668 amd_sata (08e8a4172c57abd7693a6915cf1e7a99) C:\Windows\system32\DRIVERS\amd_sata.sys
15:02:01.0418 5668 amd_sata - ok
15:02:01.0928 5668 amd_xata (9866af4e4ad7f16e810b6c0b8473f9cd) C:\Windows\system32\DRIVERS\amd_xata.sys
15:02:01.0930 5668 amd_xata - ok
15:02:02.0872 5668 apcmci - ok
15:02:03.0413 5668 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
15:02:03.0416 5668 AppID - ok
15:02:03.0925 5668 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:02:03.0926 5668 arc - ok
15:02:04.0422 5668 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:02:04.0423 5668 arcsas - ok
15:02:04.0933 5668 aswFsBlk (c7c69ed14a7ddecaf58e3dfd1fca6d37) C:\Windows\system32\drivers\aswFsBlk.sys
15:02:04.0935 5668 aswFsBlk - ok
15:02:05.0560 5668 aswFW (baa236e2e146b864803c9b4a5aa65816) C:\Windows\system32\drivers\aswFW.sys
15:02:05.0562 5668 aswFW - ok
15:02:06.0093 5668 aswKbd (29ec2fb2d3a5d2177ef6ba600e0305ae) C:\Windows\system32\drivers\aswKbd.sys
15:02:06.0095 5668 aswKbd - ok
15:02:06.0648 5668 aswMonFlt (ad5276449159ba8d5206c6094c764249) C:\Windows\system32\drivers\aswMonFlt.sys
15:02:06.0650 5668 aswMonFlt - ok
15:02:07.0182 5668 aswNdis (518b8d447a1975ab46da093a2e743256) C:\Windows\system32\DRIVERS\aswNdis.sys
15:02:07.0183 5668 aswNdis - ok
15:02:07.0739 5668 aswNdis2 (b33e66eb8b76a818aee08e4e6d9a11ea) C:\Windows\system32\drivers\aswNdis2.sys
15:02:07.0744 5668 aswNdis2 - ok
15:02:08.0837 5668 aswRdr (1e5ca4c89227df49c5fc779e7848ae8b) C:\Windows\System32\Drivers\aswrdr2.sys
15:02:08.0840 5668 aswRdr - ok
15:02:09.0356 5668 aswSnx (45ad1ed2a0ccd582e32b10535f5c42e9) C:\Windows\system32\drivers\aswSnx.sys
15:02:09.0370 5668 aswSnx - ok
15:02:09.0853 5668 aswSP (06fd751c1b15734e57df09614602be66) C:\Windows\system32\drivers\aswSP.sys
15:02:09.0859 5668 aswSP - ok
15:02:10.0373 5668 aswTdi (bf670f65762ff8da7615d7b80914c0f8) C:\Windows\system32\drivers\aswTdi.sys
15:02:10.0376 5668 aswTdi - ok
15:02:10.0969 5668 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:02:10.0972 5668 AsyncMac - ok
15:02:11.0496 5668 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
15:02:11.0498 5668 atapi - ok
15:02:12.0008 5668 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
15:02:12.0011 5668 AtiHdmiService - ok
15:02:12.0534 5668 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
15:02:12.0536 5668 AtiPcie - ok
15:02:13.0131 5668 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:02:13.0140 5668 b06bdrv - ok
15:02:13.0637 5668 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:02:13.0639 5668 b57nd60a - ok
15:02:14.0201 5668 bakerneldrv (263453cbd29f8228ce9c0ae371841425) C:\Windows\system32\Drivers\bakerneldrv64.sys
15:02:14.0201 5668 Suspicious file (NoAccess): C:\Windows\system32\Drivers\bakerneldrv64.sys. md5: 263453cbd29f8228ce9c0ae371841425
15:02:14.0221 5668 bakerneldrv ( LockedFile.Multi.Generic ) - warning
15:02:14.0221 5668 bakerneldrv - detected LockedFile.Multi.Generic (1)
15:02:14.0758 5668 bapcmci (5f6badbd0229095026c259ee464e2521) C:\Windows\system32\Drivers\bapcmci64.sys
15:02:14.0759 5668 Suspicious file (NoAccess): C:\Windows\system32\Drivers\bapcmci64.sys. md5: 5f6badbd0229095026c259ee464e2521
15:02:14.0782 5668 bapcmci ( LockedFile.Multi.Generic ) - warning
15:02:14.0783 5668 bapcmci - detected LockedFile.Multi.Generic (1)
15:02:15.0422 5668 BCM43XX (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys
15:02:15.0453 5668 BCM43XX - ok
15:02:16.0396 5668 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:02:16.0398 5668 Beep - ok
15:02:16.0991 5668 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:02:16.0993 5668 blbdrive - ok
15:02:17.0477 5668 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
15:02:17.0480 5668 bowser - ok
15:02:17.0967 5668 bpcrasys (63ff513df9109d66675aafe46465ae20) C:\Windows\system32\Drivers\bpcrasys64.sys
15:02:17.0967 5668 Suspicious file (NoAccess): C:\Windows\system32\Drivers\bpcrasys64.sys. md5: 63ff513df9109d66675aafe46465ae20
15:02:17.0969 5668 bpcrasys ( LockedFile.Multi.Generic ) - warning
15:02:17.0969 5668 bpcrasys - detected LockedFile.Multi.Generic (1)
15:02:18.0475 5668 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:02:18.0477 5668 BrFiltLo - ok
15:02:18.0982 5668 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:02:18.0985 5668 BrFiltUp - ok
15:02:19.0480 5668 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:02:19.0486 5668 Brserid - ok
15:02:20.0007 5668 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:02:20.0009 5668 BrSerWdm - ok
15:02:20.0524 5668 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:02:20.0526 5668 BrUsbMdm - ok
15:02:21.0031 5668 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:02:21.0033 5668 BrUsbSer - ok
15:02:21.0538 5668 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:02:21.0540 5668 BTHMODEM - ok
15:02:22.0114 5668 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:02:22.0115 5668 cdfs - ok
15:02:22.0731 5668 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
15:02:22.0736 5668 cdrom - ok
15:02:23.0265 5668 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:02:23.0268 5668 circlass - ok
15:02:23.0717 5668 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:02:23.0721 5668 CLFS - ok
15:02:24.0338 5668 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
15:02:24.0339 5668 clwvd - ok
15:02:25.0008 5668 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:02:25.0009 5668 CmBatt - ok
15:02:25.0536 5668 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
15:02:25.0538 5668 cmdide - ok
15:02:26.0391 5668 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
15:02:26.0395 5668 CNG - ok
15:02:26.0977 5668 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:02:26.0978 5668 Compbatt - ok
15:02:27.0514 5668 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:02:27.0515 5668 CompositeBus - ok
15:02:28.0070 5668 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:02:28.0071 5668 crcdisk - ok
15:02:29.0182 5668 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
15:02:29.0186 5668 DfsC - ok
15:02:29.0669 5668 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:02:29.0671 5668 discache - ok
15:02:30.0193 5668 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:02:30.0196 5668 Disk - ok
15:02:30.0732 5668 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:02:30.0733 5668 drmkaud - ok
15:02:31.0291 5668 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
15:02:31.0298 5668 DXGKrnl - ok
15:02:31.0858 5668 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:02:31.0879 5668 ebdrv - ok
15:02:32.0450 5668 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:02:32.0460 5668 elxstor - ok
15:02:32.0965 5668 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
15:02:32.0966 5668 ErrDev - ok
15:02:33.0490 5668 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:02:33.0494 5668 exfat - ok
15:02:34.0003 5668 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:02:34.0005 5668 fastfat - ok
15:02:34.0986 5668 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:02:34.0987 5668 fdc - ok
15:02:35.0494 5668 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:02:35.0497 5668 FileInfo - ok
15:02:35.0974 5668 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:02:35.0976 5668 Filetrace - ok
15:02:36.0517 5668 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:02:36.0518 5668 flpydisk - ok
15:02:37.0036 5668 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
15:02:37.0044 5668 FltMgr - ok
15:02:37.0571 5668 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:02:37.0573 5668 FsDepends - ok
15:02:38.0090 5668 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:02:38.0092 5668 Fs_Rec - ok
15:02:38.0622 5668 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
15:02:38.0627 5668 fvevol - ok
15:02:39.0146 5668 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:02:39.0149 5668 gagp30kx - ok
15:02:39.0664 5668 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:02:39.0666 5668 hcw85cir - ok
15:02:40.0545 5668 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
15:02:40.0549 5668 HdAudAddService - ok
15:02:41.0141 5668 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:02:41.0144 5668 HDAudBus - ok
15:02:41.0644 5668 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:02:41.0646 5668 HidBatt - ok
15:02:42.0122 5668 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:02:42.0126 5668 HidBth - ok
15:02:42.0631 5668 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:02:42.0634 5668 HidIr - ok
15:02:43.0158 5668 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
15:02:43.0160 5668 HidUsb - ok
15:02:43.0775 5668 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:02:43.0778 5668 HpSAMD - ok
15:02:44.0467 5668 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
15:02:44.0476 5668 HTTP - ok
15:02:45.0077 5668 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
15:02:45.0078 5668 hwpolicy - ok
15:02:45.0724 5668 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:02:45.0726 5668 i8042prt - ok
15:02:46.0314 5668 iaStorV (513dc087cfed7d2bb82f005385d3531f) C:\Windows\system32\DRIVERS\iaStorV.sys
15:02:46.0317 5668 iaStorV - ok
15:02:46.0987 5668 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:02:47.0032 5668 igfx - ok
15:02:47.0557 5668 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:02:47.0558 5668 iirsp - ok
15:02:48.0096 5668 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
15:02:48.0097 5668 intelide - ok
15:02:48.0646 5668 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:02:48.0647 5668 intelppm - ok
15:02:49.0187 5668 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:02:49.0189 5668 IpFilterDriver - ok
15:02:49.0772 5668 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:02:49.0775 5668 IPMIDRV - ok
15:02:50.0499 5668 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:02:50.0501 5668 IPNAT - ok
15:02:51.0476 5668 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:02:51.0477 5668 IRENUM - ok
15:02:52.0004 5668 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
15:02:52.0005 5668 isapnp - ok
15:02:52.0523 5668 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
15:02:52.0528 5668 iScsiPrt - ok
15:02:53.0054 5668 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:02:53.0055 5668 kbdclass - ok
15:02:53.0543 5668 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
15:02:53.0544 5668 kbdhid - ok
15:02:54.0091 5668 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
15:02:54.0095 5668 KSecDD - ok
15:02:54.0602 5668 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
15:02:54.0606 5668 KSecPkg - ok
15:02:55.0173 5668 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:02:55.0174 5668 ksthunk - ok
15:02:55.0750 5668 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:02:55.0751 5668 lltdio - ok
15:02:56.0640 5668 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:02:56.0641 5668 LSI_FC - ok
15:02:57.0848 5668 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:02:57.0850 5668 LSI_SAS - ok
15:02:58.0421 5668 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:02:58.0422 5668 LSI_SAS2 - ok
15:02:59.0020 5668 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:02:59.0024 5668 LSI_SCSI - ok
15:02:59.0579 5668 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:02:59.0581 5668 luafv - ok
15:03:00.0052 5668 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:03:00.0055 5668 megasas - ok
15:03:00.0531 5668 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:03:00.0535 5668 MegaSR - ok
15:03:01.0331 5668 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:03:01.0332 5668 Modem - ok
15:03:01.0852 5668 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:03:01.0854 5668 monitor - ok
15:03:02.0511 5668 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:03:02.0513 5668 mouclass - ok
15:03:03.0075 5668 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:03:03.0076 5668 mouhid - ok
15:03:03.0576 5668 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
15:03:03.0578 5668 mountmgr - ok
15:03:04.0367 5668 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
15:03:04.0369 5668 MpFilter - ok
15:03:04.0871 5668 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
15:03:04.0873 5668 mpio - ok
15:03:05.0392 5668 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
15:03:05.0393 5668 MpNWMon - ok
15:03:06.0103 5668 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:03:06.0105 5668 mpsdrv - ok
15:03:06.0962 5668 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
15:03:06.0964 5668 MRxDAV - ok
15:03:07.0438 5668 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:03:07.0440 5668 mrxsmb - ok
15:03:08.0070 5668 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:03:08.0073 5668 mrxsmb10 - ok
15:03:08.0651 5668 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:03:08.0653 5668 mrxsmb20 - ok
15:03:09.0141 5668 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\Windows\system32\DRIVERS\msahci.sys
15:03:09.0143 5668 msahci - ok
15:03:09.0597 5668 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
15:03:09.0601 5668 msdsm - ok
15:03:10.0344 5668 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:03:10.0345 5668 Msfs - ok
15:03:10.0843 5668 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:03:10.0845 5668 mshidkmdf - ok
15:03:11.0369 5668 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
15:03:11.0370 5668 msisadrv - ok
15:03:12.0061 5668 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:03:12.0063 5668 MSKSSRV - ok
15:03:12.0641 5668 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:03:12.0643 5668 MSPCLOCK - ok
15:03:13.0173 5668 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:03:13.0175 5668 MSPQM - ok
15:03:14.0002 5668 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
15:03:14.0005 5668 MsRPC - ok
15:03:14.0560 5668 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:03:14.0562 5668 mssmbios - ok
15:03:15.0103 5668 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:03:15.0106 5668 MSTEE - ok
15:03:15.0637 5668 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:03:15.0638 5668 MTConfig - ok
15:03:16.0185 5668 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:03:16.0187 5668 Mup - ok
15:03:16.0745 5668 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:03:16.0752 5668 NativeWifiP - ok
15:03:17.0291 5668 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
15:03:17.0298 5668 NDIS - ok
15:03:17.0800 5668 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:03:17.0803 5668 NdisCap - ok
15:03:18.0340 5668 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:03:18.0341 5668 NdisTapi - ok
15:03:18.0893 5668 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
15:03:18.0896 5668 Ndisuio - ok
15:03:19.0417 5668 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:03:19.0422 5668 NdisWan - ok
15:03:19.0992 5668 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
15:03:19.0995 5668 NDProxy - ok
15:03:20.0524 5668 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:03:20.0527 5668 NetBIOS - ok
15:03:21.0040 5668 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
15:03:21.0043 5668 NetBT - ok
15:03:21.0761 5668 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
15:03:21.0800 5668 netw5v64 - ok
15:03:22.0338 5668 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:03:22.0339 5668 nfrd960 - ok
15:03:22.0872 5668 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:03:22.0875 5668 NisDrv - ok
15:03:23.0392 5668 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:03:23.0395 5668 Npfs - ok
15:03:23.0912 5668 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:03:23.0914 5668 nsiproxy - ok
15:03:24.0501 5668 Ntfs (1ad8fef2d6ac7116b68b887a9782fd33) C:\Windows\system32\drivers\Ntfs.sys
15:03:24.0528 5668 Ntfs - ok
15:03:25.0048 5668 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:03:25.0051 5668 Null - ok
15:03:25.0564 5668 nvraid (deab10231cbdb0881fc25428ebe11506) C:\Windows\system32\DRIVERS\nvraid.sys
15:03:25.0568 5668 nvraid - ok
15:03:26.0052 5668 nvstor (0af7b8136794e23e87be138992880e64) C:\Windows\system32\DRIVERS\nvstor.sys
15:03:26.0054 5668 nvstor - ok
15:03:26.0582 5668 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
15:03:26.0587 5668 nv_agp - ok
15:03:27.0071 5668 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
15:03:27.0074 5668 ohci1394 - ok
15:03:27.0609 5668 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:03:27.0612 5668 Parport - ok
15:03:28.0122 5668 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
15:03:28.0126 5668 partmgr - ok
15:03:28.0651 5668 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
15:03:28.0655 5668 pci - ok
15:03:29.0140 5668 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
15:03:29.0143 5668 pciide - ok
15:03:29.0637 5668 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:03:29.0642 5668 pcmcia - ok
15:03:30.0138 5668 pcrasys - ok
15:03:30.0649 5668 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:03:30.0650 5668 pcw - ok
15:03:31.0168 5668 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:03:31.0173 5668 PEAUTH - ok
15:03:31.0796 5668 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
15:03:31.0798 5668 PptpMiniport - ok
15:03:32.0497 5668 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:03:32.0499 5668 Processor - ok
15:03:33.0054 5668 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
15:03:33.0057 5668 Psched - ok
15:03:33.0608 5668 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:03:33.0622 5668 ql2300 - ok
15:03:34.0176 5668 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:03:34.0179 5668 ql40xx - ok
15:03:34.0677 5668 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:03:34.0679 5668 QWAVEdrv - ok
15:03:35.0204 5668 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:03:35.0205 5668 RasAcd - ok
15:03:35.0746 5668 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:03:35.0747 5668 RasAgileVpn - ok
15:03:36.0931 5668 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:03:36.0936 5668 Rasl2tp - ok
15:03:37.0457 5668 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:03:37.0460 5668 RasPppoe - ok
15:03:37.0979 5668 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:03:37.0982 5668 RasSstp - ok
15:03:38.0489 5668 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
15:03:38.0495 5668 rdbss - ok
15:03:38.0965 5668 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:03:38.0968 5668 rdpbus - ok
15:03:39.0489 5668 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:03:39.0491 5668 RDPCDD - ok
15:03:40.0035 5668 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:03:40.0038 5668 RDPENCDD - ok
15:03:40.0570 5668 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:03:40.0572 5668 RDPREFMP - ok
15:03:41.0109 5668 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
15:03:41.0111 5668 RDPWD - ok
15:03:41.0654 5668 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
15:03:41.0659 5668 rdyboost - ok
15:03:42.0292 5668 RSPCIESTOR (ca327a84085f68200452e6761f943298) C:\Windows\system32\DRIVERS\RtsPStor.sys
15:03:42.0298 5668 RSPCIESTOR - ok
15:03:42.0826 5668 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:03:42.0828 5668 rspndr - ok
15:03:43.0344 5668 RTL8167 (b15c021c2c9bb217a799d9532e8f04d4) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:03:43.0349 5668 RTL8167 - ok
15:03:44.0006 5668 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
15:03:44.0010 5668 sbp2port - ok
15:03:44.0730 5668 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
15:03:44.0733 5668 scfilter - ok
15:03:45.0276 5668 sdbus (84e00908975faf79e91282ed8fb88c2f) C:\Windows\system32\DRIVERS\sdbus.sys
15:03:45.0280 5668 sdbus - ok
15:03:45.0846 5668 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:03:45.0847 5668 secdrv - ok
15:03:46.0482 5668 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:03:46.0484 5668 Serenum - ok
15:03:46.0991 5668 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:03:46.0993 5668 Serial - ok
15:03:47.0473 5668 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:03:47.0475 5668 sermouse - ok
15:03:48.0034 5668 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
15:03:48.0035 5668 sffdisk - ok
15:03:48.0510 5668 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:03:48.0511 5668 sffp_mmc - ok
15:03:49.0006 5668 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:03:49.0008 5668 sffp_sd - ok
15:03:49.0508 5668 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:03:49.0509 5668 sfloppy - ok
15:03:50.0169 5668 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:03:50.0172 5668 SiSRaid2 - ok
15:03:50.0675 5668 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:03:50.0677 5668 SiSRaid4 - ok
15:03:51.0190 5668 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:03:51.0192 5668 Smb - ok
15:03:51.0725 5668 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:03:51.0728 5668 spldr - ok
15:03:52.0320 5668 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
15:03:52.0326 5668 srv - ok
15:03:52.0840 5668 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
15:03:52.0849 5668 srv2 - ok
15:03:53.0391 5668 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:03:53.0394 5668 SrvHsfHDA - ok
15:03:54.0233 5668 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:03:54.0252 5668 SrvHsfV92 - ok
15:03:54.0794 5668 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:03:54.0808 5668 SrvHsfWinac - ok
15:03:55.0328 5668 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
15:03:55.0332 5668 srvnet - ok
15:03:55.0986 5668 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:03:55.0987 5668 stexstor - ok
15:03:56.0560 5668 STHDA (0aad250a31a7ee96e0945ab9e1f3baa7) C:\Windows\system32\DRIVERS\stwrt64.sys
15:03:56.0570 5668 STHDA - ok
15:03:57.0091 5668 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:03:57.0093 5668 swenum - ok
15:03:57.0672 5668 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
15:03:57.0685 5668 SynTP - ok
15:03:58.0540 5668 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
15:03:58.0567 5668 Tcpip - ok
15:03:59.0220 5668 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
15:03:59.0233 5668 TCPIP6 - ok
15:03:59.0704 5668 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
15:03:59.0706 5668 tcpipreg - ok
15:04:00.0251 5668 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:04:00.0254 5668 TDPIPE - ok
15:04:00.0768 5668 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:04:00.0770 5668 TDTCP - ok
15:04:01.0306 5668 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
15:04:01.0307 5668 tdx - ok
15:04:01.0798 5668 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
15:04:01.0799 5668 TermDD - ok
15:04:02.0336 5668 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:04:02.0337 5668 tssecsrv - ok
15:04:02.0865 5668 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
15:04:02.0867 5668 tunnel - ok
15:04:03.0406 5668 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:04:03.0407 5668 uagp35 - ok
15:04:04.0139 5668 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys
15:04:04.0142 5668 udfs - ok
15:04:05.0023 5668 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:04:05.0025 5668 uliagpkx - ok
15:04:05.0541 5668 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
15:04:05.0542 5668 umbus - ok
15:04:06.0068 5668 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:04:06.0069 5668 UmPass - ok
15:04:06.0607 5668 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
15:04:06.0609 5668 usbccgp - ok
15:04:07.0127 5668 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
15:04:07.0131 5668 usbcir - ok
15:04:07.0684 5668 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
15:04:07.0686 5668 usbehci - ok
15:04:08.0212 5668 usbfilter (dc2b306861f42eeeb92ef525f4119f08) C:\Windows\system32\DRIVERS\usbfilter.sys
15:04:08.0215 5668 usbfilter - ok
15:04:08.0784 5668 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
15:04:08.0787 5668 usbhub - ok
15:04:09.0323 5668 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
15:04:09.0326 5668 usbohci - ok
15:04:10.0056 5668 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:04:10.0060 5668 usbprint - ok
15:04:10.0790 5668 USBSTOR (a60e7e0fa88ff067d049d525547cd5e9) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:04:10.0792 5668 USBSTOR - ok
15:04:11.0287 5668 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
15:04:11.0289 5668 usbuhci - ok
15:04:11.0818 5668 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
15:04:11.0820 5668 usbvideo - ok
15:04:12.0338 5668 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:04:12.0341 5668 vdrvroot - ok
15:04:12.0895 5668 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:04:12.0898 5668 vga - ok
15:04:13.0417 5668 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:04:13.0419 5668 VgaSave - ok
15:04:13.0980 5668 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
15:04:13.0985 5668 vhdmp - ok
15:04:14.0549 5668 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
15:04:14.0552 5668 viaide - ok
15:04:15.0096 5668 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
15:04:15.0099 5668 volmgr - ok
15:04:15.0690 5668 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
15:04:15.0698 5668 volmgrx - ok
15:04:16.0244 5668 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
15:04:16.0248 5668 volsnap - ok
15:04:16.0793 5668 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:04:16.0795 5668 vsmraid - ok
15:04:17.0286 5668 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:04:17.0287 5668 vwifibus - ok
15:04:17.0836 5668 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:04:17.0837 5668 vwififlt - ok
15:04:18.0356 5668 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:04:18.0357 5668 WacomPen - ok
15:04:18.0875 5668 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:04:18.0877 5668 WANARP - ok
15:04:18.0911 5668 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:04:18.0914 5668 Wanarpv6 - ok
15:04:19.0500 5668 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:04:19.0502 5668 Wd - ok
15:04:20.0265 5668 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:04:20.0278 5668 Wdf01000 - ok
15:04:21.0013 5668 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:04:21.0016 5668 WfpLwf - ok
15:04:21.0683 5668 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:04:21.0684 5668 WIMMount - ok
15:04:22.0535 5668 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:04:22.0536 5668 WmiAcpi - ok
15:04:23.0093 5668 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:04:23.0094 5668 ws2ifsl - ok
15:04:23.0650 5668 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
15:04:23.0655 5668 WudfPf - ok
15:04:24.0240 5668 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:04:24.0246 5668 WUDFRd - ok
15:04:25.0143 5668 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
15:04:25.0147 5668 yukonw7 - ok
15:04:25.0216 5668 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
15:04:25.0251 5668 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
15:04:25.0251 5668 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
15:04:25.0263 5668 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
15:04:25.0271 5668 \Device\Harddisk1\DR1 - ok
15:04:25.0306 5668 Boot (0x1200) (d43677a08e18f1fb1e6fb2c489a667f2) \Device\Harddisk0\DR0\Partition0
15:04:25.0309 5668 \Device\Harddisk0\DR0\Partition0 - ok
15:04:25.0317 5668 Boot (0x1200) (f69d96640c2660ab3531225c7626b972) \Device\Harddisk0\DR0\Partition1
15:04:25.0319 5668 \Device\Harddisk0\DR0\Partition1 - ok
15:04:25.0354 5668 Boot (0x1200) (4e51c91605a244392a1812d3d3c88b3a) \Device\Harddisk0\DR0\Partition2
15:04:25.0355 5668 \Device\Harddisk0\DR0\Partition2 - ok
15:04:25.0366 5668 Boot (0x1200) (78537a8517d039ca5316184b2b2fce1d) \Device\Harddisk1\DR1\Partition0
15:04:25.0367 5668 \Device\Harddisk1\DR1\Partition0 - ok
15:04:25.0367 5668 ============================================================
15:04:25.0367 5668 Scan finished
15:04:25.0367 5668 ============================================================
15:04:25.0387 6360 Detected object count: 4
15:04:25.0387 6360 Actual detected object count: 4
15:04:52.0963 6360 bakerneldrv ( LockedFile.Multi.Generic ) - skipped by user
15:04:52.0964 6360 bakerneldrv ( LockedFile.Multi.Generic ) - User select action: Skip
15:04:52.0964 6360 bapcmci ( LockedFile.Multi.Generic ) - skipped by user
15:04:52.0964 6360 bapcmci ( LockedFile.Multi.Generic ) - User select action: Skip
15:04:52.0966 6360 bpcrasys ( LockedFile.Multi.Generic ) - skipped by user
15:04:52.0966 6360 bpcrasys ( LockedFile.Multi.Generic ) - User select action: Skip
15:04:52.0969 6360 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user
15:04:52.0969 6360 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip






aswMBR file:

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-04 15:24:55
-----------------------------
15:24:55.867 OS Version: Windows x64 6.1.7600
15:24:55.867 Number of processors: 2 586 0x603
15:24:55.869 ComputerName: COLORTYME-HP UserName: colortyme
15:24:59.006 Initialize success
15:24:59.388 AVAST engine defs: 12030401
15:25:16.190 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
15:25:16.195 Disk 0 Vendor: ST950032 0005 Size: 476940MB BusType: 11
15:25:16.199 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000079
15:25:16.201 Disk 1 Vendor: Size: 476940MB BusType: 0
15:25:16.203 Device \Driver\amd_sata -> MajorFunction fffffa8004a285c4
15:25:16.207 Disk 0 MBR read successfully
15:25:16.211 Disk 0 MBR scan
15:25:16.215 Disk 0 Windows 7 default MBR code
15:25:16.226 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
15:25:16.237 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 462178 MB offset 409600
15:25:16.272 Disk 0 Partition 3 00 76 14458 MB offset 946950144
15:25:16.296 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
15:25:16.331 Disk 0 scanning C:\Windows\system32\drivers
15:25:42.694 Service scanning
15:25:59.238 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
15:26:22.115 Modules scanning
15:26:22.133 Disk 0 trace - called modules:
15:26:22.145 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys >>UNKNOWN [0xfffffa8004a285c4]<<
15:26:22.153 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004326060]
15:26:22.162 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa800429eb80]
15:26:22.170 5 amd_xata.sys[fffff8800107f7a8] -> nt!IofCallDriver -> \Device\00000064[0xfffffa800429c6c0]
15:26:22.177 \Driver\amd_sata[0xfffffa8004894e70] -> IRP_MJ_CREATE -> 0xfffffa8004a285c4
15:26:23.681 AVAST engine scan C:\Windows
15:26:27.665 AVAST engine scan C:\Windows\system32
15:30:24.435 AVAST engine scan C:\Windows\system32\drivers
15:30:43.501 AVAST engine scan C:\Users\colortyme
15:31:37.438 Disk 0 MBR has been saved successfully to "C:\Users\colortyme\Documents\MBR.dat"
15:31:37.511 The log file has been saved successfully to "C:\Users\colortyme\Documents\aswMBR.txt"

MBR file is attached.
Attached Files
File Type: zip MBR.zip (622 Bytes, 21 views)
ladyliberty is offline  
Sponsored Links
Advertisement
 
Old 03-04-2012, 03:37 PM   #4
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Please run TDSSKiller once again. For items marked Cure, allow it to cure. For items marked Skip, leave those as Skip. Reboot at the prompt, and please send the new log created.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 03-04-2012, 06:31 PM   #5
Registered Member
 
Join Date: Feb 2012
Posts: 18
OS: Windows 7



After it rebooted, it didn't give me a log. I rescanned and got this report. I also had a url ib.mookie1 try to install itself on my desktop. I hit cancel so that it didn't download.

20:17:17.0049 4512 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
20:17:17.0408 4512 ============================================================
20:17:17.0408 4512 Current date / time: 2012/03/04 20:17:17.0408
20:17:17.0408 4512 SystemInfo:
20:17:17.0408 4512
20:17:17.0408 4512 OS Version: 6.1.7600 ServicePack: 0.0
20:17:17.0408 4512 Product type: Workstation
20:17:17.0408 4512 ComputerName: COLORTYME-HP
20:17:17.0408 4512 UserName: colortyme
20:17:17.0408 4512 Windows directory: C:\Windows
20:17:17.0408 4512 System windows directory: C:\Windows
20:17:17.0408 4512 Running under WOW64
20:17:17.0408 4512 Processor architecture: Intel x64
20:17:17.0408 4512 Number of processors: 2
20:17:17.0408 4512 Page size: 0x1000
20:17:17.0408 4512 Boot type: Normal boot
20:17:17.0408 4512 ============================================================
20:17:24.0038 4512 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:17:24.0069 4512 Drive \Device\Harddisk1\DR1 - Size: 0x75E00000 (1.84 Gb), SectorSize: 0x200, Cylinders: 0xF0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:17:24.0084 4512 \Device\Harddisk0\DR0:
20:17:24.0100 4512 MBR used
20:17:24.0100 4512 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
20:17:24.0100 4512 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x386B1000
20:17:24.0100 4512 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
20:17:24.0100 4512 \Device\Harddisk1\DR1:
20:17:24.0116 4512 MBR used
20:17:24.0116 4512 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x87, BlocksNum 0x3AE039
20:17:24.0365 4512 Initialize success
20:17:24.0365 4512 ============================================================
20:17:38.0187 5048 ============================================================
20:17:38.0187 5048 Scan started
20:17:38.0187 5048 Mode: Manual;
20:17:38.0187 5048 ============================================================
20:17:39.0731 5048 Scan interrupted by user!
20:17:39.0731 5048 Scan interrupted by user!
20:17:39.0731 5048 Scan interrupted by user!
20:17:39.0731 5048 ============================================================
20:17:39.0731 5048 Scan finished
20:17:39.0731 5048 ============================================================
20:17:39.0747 2796 Detected object count: 0
20:17:39.0747 2796 Actual detected object count: 0
20:17:47.0391 3276 ============================================================
20:17:47.0391 3276 Scan started
20:17:47.0391 3276 Mode: Manual;
20:17:47.0391 3276 ============================================================
20:17:48.0951 3276 Suspicious service (NoAccess): .Net bKernelMain
20:17:50.0136 3276 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
20:17:50.0168 3276 1394ohci - ok
20:17:51.0603 3276 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
20:17:51.0696 3276 ACPI - ok
20:17:52.0788 3276 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
20:17:52.0788 3276 AcpiPmi - ok
20:17:53.0818 3276 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:17:53.0834 3276 adp94xx - ok
20:17:55.0144 3276 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:17:55.0160 3276 adpahci - ok
20:17:56.0470 3276 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:17:56.0532 3276 adpu320 - ok
20:17:57.0858 3276 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
20:17:57.0890 3276 AFD - ok
20:17:58.0904 3276 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
20:17:58.0904 3276 agp440 - ok
20:18:00.0042 3276 akerneldrv - ok
20:18:01.0431 3276 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
20:18:01.0446 3276 aliide - ok
20:18:02.0570 3276 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
20:18:02.0570 3276 amdide - ok
20:18:03.0942 3276 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
20:18:03.0942 3276 amdiox64 - ok
20:18:05.0284 3276 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:18:05.0284 3276 AmdK8 - ok
20:18:07.0421 3276 amdkmdag (98e20c5a39fea1920031d3850004b334) C:\Windows\system32\DRIVERS\atikmdag.sys
20:18:07.0702 3276 amdkmdag - ok
20:18:08.0747 3276 amdkmdap (8624dc7b8d22daf28f5438735095f6c4) C:\Windows\system32\DRIVERS\atikmpag.sys
20:18:08.0747 3276 amdkmdap - ok
20:18:09.0465 3276 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:18:09.0465 3276 AmdPPM - ok
20:18:10.0884 3276 amdsata (ab3166c09438a161fbde13099a72e0af) C:\Windows\system32\DRIVERS\amdsata.sys
20:18:10.0900 3276 amdsata - ok
20:18:11.0774 3276 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:18:11.0789 3276 amdsbs - ok
20:18:12.0928 3276 amdxata (5118dcd2065d8c8d752ad5ec0b2d6aa6) C:\Windows\system32\DRIVERS\amdxata.sys
20:18:12.0928 3276 amdxata - ok
20:18:13.0895 3276 amd_sata (08e8a4172c57abd7693a6915cf1e7a99) C:\Windows\system32\DRIVERS\amd_sata.sys
20:18:13.0895 3276 amd_sata - ok
20:18:15.0159 3276 amd_xata (9866af4e4ad7f16e810b6c0b8473f9cd) C:\Windows\system32\DRIVERS\amd_xata.sys
20:18:15.0159 3276 amd_xata - ok
20:18:16.0766 3276 apcmci - ok
20:18:18.0419 3276 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
20:18:18.0419 3276 AppID - ok
20:18:19.0870 3276 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:18:19.0886 3276 arc - ok
20:18:21.0414 3276 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:18:21.0430 3276 arcsas - ok
20:18:22.0366 3276 aswFsBlk (c7c69ed14a7ddecaf58e3dfd1fca6d37) C:\Windows\system32\drivers\aswFsBlk.sys
20:18:22.0366 3276 aswFsBlk - ok
20:18:23.0489 3276 aswFW (baa236e2e146b864803c9b4a5aa65816) C:\Windows\system32\drivers\aswFW.sys
20:18:23.0489 3276 aswFW - ok
20:18:24.0612 3276 aswKbd (29ec2fb2d3a5d2177ef6ba600e0305ae) C:\Windows\system32\drivers\aswKbd.sys
20:18:24.0628 3276 aswKbd - ok
20:18:25.0595 3276 aswMonFlt (ad5276449159ba8d5206c6094c764249) C:\Windows\system32\drivers\aswMonFlt.sys
20:18:25.0595 3276 aswMonFlt - ok
20:18:26.0531 3276 aswNdis (518b8d447a1975ab46da093a2e743256) C:\Windows\system32\DRIVERS\aswNdis.sys
20:18:26.0531 3276 aswNdis - ok
20:18:27.0577 3276 aswNdis2 (b33e66eb8b76a818aee08e4e6d9a11ea) C:\Windows\system32\drivers\aswNdis2.sys
20:18:27.0623 3276 aswNdis2 - ok
20:18:28.0606 3276 aswRdr (1e5ca4c89227df49c5fc779e7848ae8b) C:\Windows\System32\Drivers\aswrdr2.sys
20:18:28.0606 3276 aswRdr - ok
20:18:29.0605 3276 aswSnx (45ad1ed2a0ccd582e32b10535f5c42e9) C:\Windows\system32\drivers\aswSnx.sys
20:18:29.0620 3276 aswSnx - ok
20:18:30.0728 3276 aswSP (06fd751c1b15734e57df09614602be66) C:\Windows\system32\drivers\aswSP.sys
20:18:30.0728 3276 aswSP - ok
20:18:31.0664 3276 aswTdi (bf670f65762ff8da7615d7b80914c0f8) C:\Windows\system32\drivers\aswTdi.sys
20:18:31.0664 3276 aswTdi - ok
20:18:32.0990 3276 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:18:33.0005 3276 AsyncMac - ok
20:18:34.0035 3276 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
20:18:34.0035 3276 atapi - ok
20:18:35.0018 3276 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
20:18:35.0018 3276 AtiHdmiService - ok
20:18:36.0047 3276 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
20:18:36.0047 3276 AtiPcie - ok
20:18:37.0171 3276 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:18:37.0186 3276 b06bdrv - ok
20:18:38.0341 3276 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:18:38.0356 3276 b57nd60a - ok
20:18:39.0339 3276 bakerneldrv (263453cbd29f8228ce9c0ae371841425) C:\Windows\system32\Drivers\bakerneldrv64.sys
20:18:39.0339 3276 Suspicious file (NoAccess): C:\Windows\system32\Drivers\bakerneldrv64.sys. md5: 263453cbd29f8228ce9c0ae371841425
20:18:39.0355 3276 bakerneldrv ( LockedFile.Multi.Generic ) - warning
20:18:39.0355 3276 bakerneldrv - detected LockedFile.Multi.Generic (1)
20:18:40.0618 3276 bapcmci (5f6badbd0229095026c259ee464e2521) C:\Windows\system32\Drivers\bapcmci64.sys
20:18:40.0618 3276 Suspicious file (NoAccess): C:\Windows\system32\Drivers\bapcmci64.sys. md5: 5f6badbd0229095026c259ee464e2521
20:18:40.0649 3276 bapcmci ( LockedFile.Multi.Generic ) - warning
20:18:40.0649 3276 bapcmci - detected LockedFile.Multi.Generic (1)
20:18:42.0428 3276 BCM43XX (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys
20:18:42.0459 3276 BCM43XX - ok
20:18:43.0676 3276 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:18:43.0676 3276 Beep - ok
20:18:44.0643 3276 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:18:44.0659 3276 blbdrive - ok
20:18:45.0673 3276 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
20:18:45.0688 3276 bowser - ok
20:18:46.0499 3276 bpcrasys (63ff513df9109d66675aafe46465ae20) C:\Windows\system32\Drivers\bpcrasys64.sys
20:18:46.0499 3276 Suspicious file (NoAccess): C:\Windows\system32\Drivers\bpcrasys64.sys. md5: 63ff513df9109d66675aafe46465ae20
20:18:46.0499 3276 bpcrasys ( LockedFile.Multi.Generic ) - warning
20:18:46.0499 3276 bpcrasys - detected LockedFile.Multi.Generic (1)
20:18:47.0747 3276 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:18:47.0763 3276 BrFiltLo - ok
20:18:48.0574 3276 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:18:48.0590 3276 BrFiltUp - ok
20:18:49.0479 3276 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:18:49.0479 3276 Brserid - ok
20:18:50.0368 3276 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:18:50.0368 3276 BrSerWdm - ok
20:18:51.0086 3276 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:18:51.0101 3276 BrUsbMdm - ok
20:18:51.0897 3276 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:18:51.0913 3276 BrUsbSer - ok
20:18:52.0911 3276 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:18:52.0927 3276 BTHMODEM - ok
20:18:54.0128 3276 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:18:54.0143 3276 cdfs - ok
20:18:55.0469 3276 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
20:18:55.0485 3276 cdrom - ok
20:18:56.0499 3276 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:18:56.0499 3276 circlass - ok
20:18:57.0076 3276 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:18:57.0092 3276 CLFS - ok
20:18:58.0043 3276 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
20:18:58.0043 3276 clwvd - ok
20:18:58.0870 3276 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:18:58.0886 3276 CmBatt - ok
20:18:59.0728 3276 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
20:18:59.0744 3276 cmdide - ok
20:19:00.0851 3276 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
20:19:00.0867 3276 CNG - ok
20:19:01.0803 3276 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:19:01.0803 3276 Compbatt - ok
20:19:02.0567 3276 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:19:02.0583 3276 CompositeBus - ok
20:19:03.0691 3276 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:19:03.0691 3276 crcdisk - ok
20:19:05.0734 3276 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
20:19:05.0750 3276 DfsC - ok
20:19:07.0107 3276 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:19:07.0123 3276 discache - ok
20:19:08.0043 3276 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:19:08.0059 3276 Disk - ok
20:19:08.0975 3276 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:19:08.0975 3276 drmkaud - ok
20:19:09.0911 3276 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
20:19:09.0927 3276 DXGKrnl - ok
20:19:11.0066 3276 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:19:11.0159 3276 ebdrv - ok
20:19:12.0220 3276 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:19:12.0236 3276 elxstor - ok
20:19:13.0453 3276 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
20:19:13.0453 3276 ErrDev - ok
20:19:14.0279 3276 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:19:14.0279 3276 exfat - ok
20:19:15.0122 3276 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:19:15.0137 3276 fastfat - ok
20:19:15.0980 3276 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:19:15.0980 3276 fdc - ok
20:19:16.0885 3276 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:19:16.0885 3276 FileInfo - ok
20:19:17.0743 3276 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:19:17.0758 3276 Filetrace - ok
20:19:18.0647 3276 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:19:18.0647 3276 flpydisk - ok
20:19:19.0349 3276 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
20:19:19.0365 3276 FltMgr - ok
20:19:20.0301 3276 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:19:20.0317 3276 FsDepends - ok
20:19:21.0128 3276 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:19:21.0143 3276 Fs_Rec - ok
20:19:21.0955 3276 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
20:19:21.0955 3276 fvevol - ok
20:19:22.0844 3276 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:19:22.0859 3276 gagp30kx - ok
20:19:23.0811 3276 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:19:23.0811 3276 hcw85cir - ok
20:19:24.0513 3276 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
20:19:24.0513 3276 HdAudAddService - ok
20:19:25.0153 3276 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:19:25.0153 3276 HDAudBus - ok
20:19:25.0855 3276 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:19:25.0870 3276 HidBatt - ok
20:19:26.0650 3276 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:19:26.0666 3276 HidBth - ok
20:19:27.0290 3276 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:19:27.0305 3276 HidIr - ok
20:19:28.0101 3276 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
20:19:28.0101 3276 HidUsb - ok
20:19:28.0959 3276 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:19:29.0021 3276 HpSAMD - ok
20:19:30.0098 3276 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
20:19:30.0129 3276 HTTP - ok
20:19:30.0925 3276 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
20:19:30.0925 3276 hwpolicy - ok
20:19:31.0736 3276 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:19:31.0751 3276 i8042prt - ok
20:19:32.0625 3276 iaStorV (513dc087cfed7d2bb82f005385d3531f) C:\Windows\system32\DRIVERS\iaStorV.sys
20:19:32.0641 3276 iaStorV - ok
20:19:34.0216 3276 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:19:34.0435 3276 igfx - ok
20:19:35.0480 3276 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:19:35.0480 3276 iirsp - ok
20:19:36.0353 3276 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
20:19:36.0353 3276 intelide - ok
20:19:37.0133 3276 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:19:37.0149 3276 intelppm - ok
20:19:37.0960 3276 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:19:37.0960 3276 IpFilterDriver - ok
20:19:38.0725 3276 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:19:38.0740 3276 IPMIDRV - ok
20:19:39.0364 3276 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:19:39.0380 3276 IPNAT - ok
20:19:40.0238 3276 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:19:40.0300 3276 IRENUM - ok
20:19:41.0143 3276 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
20:19:41.0158 3276 isapnp - ok
20:19:41.0704 3276 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
20:19:41.0720 3276 iScsiPrt - ok
20:19:42.0531 3276 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:19:42.0531 3276 kbdclass - ok
20:19:43.0389 3276 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
20:19:43.0389 3276 kbdhid - ok
20:19:44.0231 3276 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
20:19:44.0247 3276 KSecDD - ok
20:19:45.0043 3276 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
20:19:45.0058 3276 KSecPkg - ok
20:19:46.0088 3276 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:19:46.0088 3276 ksthunk - ok
20:19:46.0868 3276 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:19:46.0883 3276 lltdio - ok
20:19:47.0679 3276 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:19:47.0679 3276 LSI_FC - ok
20:19:48.0194 3276 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:19:48.0194 3276 LSI_SAS - ok
20:19:48.0724 3276 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:19:48.0740 3276 LSI_SAS2 - ok
20:19:49.0255 3276 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:19:49.0270 3276 LSI_SCSI - ok
20:19:49.0910 3276 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:19:49.0925 3276 luafv - ok
20:19:50.0674 3276 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:19:50.0690 3276 megasas - ok
20:19:51.0392 3276 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:19:51.0407 3276 MegaSR - ok
20:19:52.0156 3276 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:19:52.0156 3276 Modem - ok
20:19:52.0765 3276 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:19:52.0765 3276 monitor - ok
20:19:53.0420 3276 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:19:53.0435 3276 mouclass - ok
20:19:54.0169 3276 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:19:54.0184 3276 mouhid - ok
20:19:54.0980 3276 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
20:19:54.0995 3276 mountmgr - ok
20:19:55.0604 3276 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
20:19:55.0604 3276 MpFilter - ok
20:19:56.0462 3276 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
20:19:56.0462 3276 mpio - ok
20:19:57.0179 3276 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
20:19:57.0179 3276 MpNWMon - ok
20:19:57.0913 3276 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:19:57.0913 3276 mpsdrv - ok
20:19:58.0661 3276 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
20:19:58.0661 3276 MRxDAV - ok
20:19:59.0379 3276 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:19:59.0379 3276 mrxsmb - ok
20:20:00.0112 3276 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:20:00.0128 3276 mrxsmb10 - ok
20:20:00.0814 3276 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:20:00.0830 3276 mrxsmb20 - ok
20:20:01.0501 3276 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\Windows\system32\DRIVERS\msahci.sys
20:20:01.0516 3276 msahci - ok
20:20:02.0265 3276 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
20:20:02.0281 3276 msdsm - ok
20:20:03.0107 3276 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:20:03.0107 3276 Msfs - ok
20:20:03.0747 3276 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:20:03.0747 3276 mshidkmdf - ok
20:20:04.0433 3276 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
20:20:04.0433 3276 msisadrv - ok
20:20:05.0135 3276 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:20:05.0135 3276 MSKSSRV - ok
20:20:05.0806 3276 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:20:05.0822 3276 MSPCLOCK - ok
20:20:06.0399 3276 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:20:06.0399 3276 MSPQM - ok
20:20:07.0085 3276 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
20:20:07.0101 3276 MsRPC - ok
20:20:07.0834 3276 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:20:07.0834 3276 mssmbios - ok
20:20:08.0599 3276 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:20:08.0599 3276 MSTEE - ok
20:20:09.0285 3276 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:20:09.0301 3276 MTConfig - ok
20:20:10.0096 3276 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:20:10.0112 3276 Mup - ok
20:20:11.0750 3276 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:20:11.0750 3276 NativeWifiP - ok
20:20:15.0619 3276 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
20:20:15.0759 3276 NDIS - ok
20:20:16.0695 3276 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:20:16.0711 3276 NdisCap - ok
20:20:18.0130 3276 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:20:18.0130 3276 NdisTapi - ok
20:20:18.0903 3276 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
20:20:18.0910 3276 Ndisuio - ok
20:20:19.0756 3276 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:20:19.0761 3276 NdisWan - ok
20:20:20.0508 3276 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
20:20:20.0514 3276 NDProxy - ok
20:20:21.0547 3276 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:20:21.0558 3276 NetBIOS - ok
20:20:22.0518 3276 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
20:20:22.0526 3276 NetBT - ok
20:20:23.0917 3276 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
20:20:24.0062 3276 netw5v64 - ok
20:20:24.0869 3276 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:20:24.0875 3276 nfrd960 - ok
20:20:25.0479 3276 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:20:25.0482 3276 NisDrv - ok
20:20:26.0120 3276 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:20:26.0125 3276 Npfs - ok
20:20:26.0937 3276 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:20:26.0947 3276 nsiproxy - ok
20:20:27.0603 3276 Ntfs (1ad8fef2d6ac7116b68b887a9782fd33) C:\Windows\system32\drivers\Ntfs.sys
20:20:27.0695 3276 Ntfs - ok
20:20:28.0260 3276 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:20:28.0264 3276 Null - ok
20:20:28.0798 3276 nvraid (deab10231cbdb0881fc25428ebe11506) C:\Windows\system32\DRIVERS\nvraid.sys
20:20:28.0805 3276 nvraid - ok
20:20:29.0332 3276 nvstor (0af7b8136794e23e87be138992880e64) C:\Windows\system32\DRIVERS\nvstor.sys
20:20:29.0339 3276 nvstor - ok
20:20:29.0849 3276 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
20:20:29.0856 3276 nv_agp - ok
20:20:30.0426 3276 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
20:20:30.0431 3276 ohci1394 - ok
20:20:30.0996 3276 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:20:31.0002 3276 Parport - ok
20:20:31.0675 3276 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
20:20:31.0680 3276 partmgr - ok
20:20:32.0302 3276 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
20:20:32.0315 3276 pci - ok
20:20:33.0166 3276 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
20:20:33.0170 3276 pciide - ok
20:20:33.0816 3276 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:20:33.0825 3276 pcmcia - ok
20:20:34.0439 3276 pcrasys - ok
20:20:35.0115 3276 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:20:35.0120 3276 pcw - ok
20:20:35.0804 3276 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:20:35.0829 3276 PEAUTH - ok
20:20:36.0538 3276 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
20:20:36.0543 3276 PptpMiniport - ok
20:20:37.0182 3276 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:20:37.0186 3276 Processor - ok
20:20:38.0203 3276 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
20:20:38.0210 3276 Psched - ok
20:20:38.0942 3276 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:20:38.0998 3276 ql2300 - ok
20:20:39.0623 3276 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:20:39.0636 3276 ql40xx - ok
20:20:40.0265 3276 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:20:40.0269 3276 QWAVEdrv - ok
20:20:40.0897 3276 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:20:40.0903 3276 RasAcd - ok
20:20:41.0918 3276 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:20:41.0930 3276 RasAgileVpn - ok
20:20:42.0684 3276 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:20:42.0688 3276 Rasl2tp - ok
20:20:43.0617 3276 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:20:43.0621 3276 RasPppoe - ok
20:20:44.0437 3276 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:20:44.0443 3276 RasSstp - ok
20:20:45.0518 3276 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
20:20:45.0525 3276 rdbss - ok
20:20:46.0403 3276 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:20:46.0408 3276 rdpbus - ok
20:20:48.0015 3276 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:20:48.0018 3276 RDPCDD - ok
20:20:49.0014 3276 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:20:49.0016 3276 RDPENCDD - ok
20:20:50.0960 3276 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:20:50.0961 3276 RDPREFMP - ok
20:20:53.0597 3276 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
20:20:53.0604 3276 RDPWD - ok
20:20:56.0541 3276 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
20:20:56.0553 3276 rdyboost - ok
20:21:01.0239 3276 RSPCIESTOR (ca327a84085f68200452e6761f943298) C:\Windows\system32\DRIVERS\RtsPStor.sys
20:21:01.0244 3276 RSPCIESTOR - ok
20:21:05.0154 3276 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:21:05.0159 3276 rspndr - ok
20:21:08.0191 3276 RTL8167 (b15c021c2c9bb217a799d9532e8f04d4) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:21:08.0202 3276 RTL8167 - ok
20:21:09.0601 3276 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
20:21:09.0605 3276 sbp2port - ok
20:21:10.0961 3276 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
20:21:11.0036 3276 scfilter - ok
20:21:12.0137 3276 sdbus (84e00908975faf79e91282ed8fb88c2f) C:\Windows\system32\DRIVERS\sdbus.sys
20:21:12.0145 3276 sdbus - ok
20:21:13.0466 3276 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:21:13.0472 3276 secdrv - ok
20:21:14.0510 3276 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:21:14.0517 3276 Serenum - ok
20:21:16.0053 3276 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:21:16.0098 3276 Serial - ok
20:21:16.0938 3276 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:21:16.0941 3276 sermouse - ok
20:21:17.0822 3276 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
20:21:17.0826 3276 sffdisk - ok
20:21:18.0980 3276 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:21:18.0986 3276 sffp_mmc - ok
20:21:20.0071 3276 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:21:20.0082 3276 sffp_sd - ok
20:21:21.0684 3276 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:21:21.0691 3276 sfloppy - ok
20:21:23.0434 3276 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:21:23.0439 3276 SiSRaid2 - ok
20:21:24.0569 3276 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:21:24.0572 3276 SiSRaid4 - ok
20:21:26.0161 3276 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:21:26.0166 3276 Smb - ok
20:21:27.0334 3276 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:21:27.0337 3276 spldr - ok
20:21:28.0789 3276 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
20:21:28.0815 3276 srv - ok
20:21:29.0759 3276 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
20:21:29.0792 3276 srv2 - ok
20:21:30.0988 3276 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:21:30.0999 3276 SrvHsfHDA - ok
20:21:32.0471 3276 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:21:32.0541 3276 SrvHsfV92 - ok
20:21:34.0154 3276 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:21:34.0185 3276 SrvHsfWinac - ok
20:21:35.0208 3276 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
20:21:35.0213 3276 srvnet - ok
20:21:36.0856 3276 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:21:36.0864 3276 stexstor - ok
20:21:38.0210 3276 STHDA (0aad250a31a7ee96e0945ab9e1f3baa7) C:\Windows\system32\DRIVERS\stwrt64.sys
20:21:38.0249 3276 STHDA - ok
20:21:39.0546 3276 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:21:39.0549 3276 swenum - ok
20:21:40.0890 3276 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
20:21:40.0926 3276 SynTP - ok
20:21:42.0821 3276 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
20:21:42.0885 3276 Tcpip - ok
20:21:44.0288 3276 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
20:21:44.0301 3276 TCPIP6 - ok
20:21:45.0515 3276 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
20:21:45.0517 3276 tcpipreg - ok
20:21:46.0865 3276 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:21:46.0870 3276 TDPIPE - ok
20:21:48.0020 3276 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:21:48.0036 3276 TDTCP - ok
20:21:49.0407 3276 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
20:21:49.0429 3276 tdx - ok
20:21:50.0866 3276 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
20:21:50.0870 3276 TermDD - ok
20:21:52.0149 3276 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:21:52.0152 3276 tssecsrv - ok
20:21:53.0287 3276 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
20:21:53.0294 3276 tunnel - ok
20:21:54.0489 3276 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:21:54.0497 3276 uagp35 - ok
20:21:55.0954 3276 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys
20:21:55.0996 3276 udfs - ok
20:21:57.0161 3276 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:21:57.0169 3276 uliagpkx - ok
20:21:58.0615 3276 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
20:21:58.0621 3276 umbus - ok
20:21:59.0526 3276 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:21:59.0533 3276 UmPass - ok
20:22:01.0078 3276 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
20:22:01.0128 3276 usbccgp - ok
20:22:02.0768 3276 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
20:22:02.0771 3276 usbcir - ok
20:22:04.0378 3276 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
20:22:04.0388 3276 usbehci - ok
20:22:05.0818 3276 usbfilter (dc2b306861f42eeeb92ef525f4119f08) C:\Windows\system32\DRIVERS\usbfilter.sys
20:22:05.0825 3276 usbfilter - ok
20:22:07.0276 3276 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
20:22:07.0286 3276 usbhub - ok
20:22:08.0758 3276 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
20:22:08.0767 3276 usbohci - ok
20:22:09.0908 3276 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:22:09.0913 3276 usbprint - ok
20:22:11.0304 3276 USBSTOR (a60e7e0fa88ff067d049d525547cd5e9) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:22:11.0311 3276 USBSTOR - ok
20:22:12.0835 3276 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
20:22:12.0841 3276 usbuhci - ok
20:22:14.0263 3276 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
20:22:14.0271 3276 usbvideo - ok
20:22:15.0459 3276 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:22:15.0462 3276 vdrvroot - ok
20:22:16.0852 3276 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:22:16.0856 3276 vga - ok
20:22:17.0935 3276 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:22:17.0940 3276 VgaSave - ok
20:22:19.0169 3276 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
20:22:19.0212 3276 vhdmp - ok
20:22:20.0487 3276 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
20:22:20.0492 3276 viaide - ok
20:22:21.0715 3276 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
20:22:21.0721 3276 volmgr - ok
20:22:22.0754 3276 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
20:22:22.0765 3276 volmgrx - ok
20:22:23.0717 3276 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
20:22:23.0726 3276 volsnap - ok
20:22:24.0483 3276 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:22:24.0491 3276 vsmraid - ok
20:22:25.0161 3276 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:22:25.0167 3276 vwifibus - ok
20:22:26.0427 3276 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:22:26.0438 3276 vwififlt - ok
20:22:28.0410 3276 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:22:28.0417 3276 WacomPen - ok
20:22:30.0075 3276 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:22:30.0085 3276 WANARP - ok
20:22:30.0121 3276 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:22:30.0125 3276 Wanarpv6 - ok
20:22:31.0403 3276 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:22:31.0412 3276 Wd - ok
20:22:33.0297 3276 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:22:33.0370 3276 Wdf01000 - ok
20:22:34.0721 3276 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:22:34.0730 3276 WfpLwf - ok
20:22:35.0445 3276 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:22:35.0450 3276 WIMMount - ok
20:22:36.0253 3276 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:22:36.0257 3276 WmiAcpi - ok
20:22:37.0130 3276 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:22:37.0134 3276 ws2ifsl - ok
20:22:38.0006 3276 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
20:22:38.0019 3276 WudfPf - ok
20:22:38.0695 3276 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:22:38.0703 3276 WUDFRd - ok
20:22:39.0338 3276 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
20:22:39.0352 3276 yukonw7 - ok
20:22:39.0517 3276 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:22:39.0631 3276 \Device\Harddisk0\DR0 - ok
20:22:39.0642 3276 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
20:22:39.0649 3276 \Device\Harddisk1\DR1 - ok
20:22:39.0658 3276 Boot (0x1200) (d43677a08e18f1fb1e6fb2c489a667f2) \Device\Harddisk0\DR0\Partition0
20:22:39.0664 3276 \Device\Harddisk0\DR0\Partition0 - ok
20:22:39.0696 3276 Boot (0x1200) (f69d96640c2660ab3531225c7626b972) \Device\Harddisk0\DR0\Partition1
20:22:39.0701 3276 \Device\Harddisk0\DR0\Partition1 - ok
20:22:39.0771 3276 Boot (0x1200) (4e51c91605a244392a1812d3d3c88b3a) \Device\Harddisk0\DR0\Partition2
20:22:39.0776 3276 \Device\Harddisk0\DR0\Partition2 - ok
20:22:39.0782 3276 Boot (0x1200) (78537a8517d039ca5316184b2b2fce1d) \Device\Harddisk1\DR1\Partition0
20:22:39.0783 3276 \Device\Harddisk1\DR1\Partition0 - ok
20:22:39.0784 3276 ============================================================
20:22:39.0785 3276 Scan finished
20:22:39.0785 3276 ============================================================
20:22:39.0805 2928 Detected object count: 3
20:22:39.0805 2928 Actual detected object count: 3
20:23:07.0047 2928 bakerneldrv ( LockedFile.Multi.Generic ) - skipped by user
20:23:07.0047 2928 bakerneldrv ( LockedFile.Multi.Generic ) - User select action: Skip
20:23:07.0048 2928 bapcmci ( LockedFile.Multi.Generic ) - skipped by user
20:23:07.0048 2928 bapcmci ( LockedFile.Multi.Generic ) - User select action: Skip
20:23:07.0052 2928 bpcrasys ( LockedFile.Multi.Generic ) - skipped by user
20:23:07.0052 2928 bpcrasys ( LockedFile.Multi.Generic ) - User select action: Skip
ladyliberty is offline  
Old 03-04-2012, 06:39 PM   #6
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



A log is automatically created. Each time the tool is run, a log will be produced at the root drive which is typically C:\
For example, C:\TDSSKiller.2.7.17.0_date_time_log.txt

I can see from this log you did send that Pihar rootkit has been neutralized. If you can send the previous log in your next post, that will be fine. It will be the second oldest log with the above naming convention.

Next....

Download ComboFix from one of these locations.

https://download.bleepingcomputer.com/sUBs/ComboFix.exe

ComboFix (by sUBs) | iSpyNET

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

You can get help on disabling your protection programs here:
How to disable your security applications - Tech Support Forum

Double click on ComboFix.exe & follow the prompts.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you, C:\ComboFix.txt. Attach that log in your next reply.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 03-04-2012, 07:07 PM   #7
Registered Member
 
Join Date: Feb 2012
Posts: 18
OS: Windows 7



Sorry about that. Here's the other log, now I am going to go take care of the Combofix :-)

19:58:40.0106 4360 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
19:58:40.0504 4360 ============================================================
19:58:40.0504 4360 Current date / time: 2012/03/04 19:58:40.0504
19:58:40.0505 4360 SystemInfo:
19:58:40.0505 4360
19:58:40.0505 4360 OS Version: 6.1.7600 ServicePack: 0.0
19:58:40.0505 4360 Product type: Workstation
19:58:40.0505 4360 ComputerName: COLORTYME-HP
19:58:40.0505 4360 UserName: colortyme
19:58:40.0505 4360 Windows directory: C:\Windows
19:58:40.0506 4360 System windows directory: C:\Windows
19:58:40.0506 4360 Running under WOW64
19:58:40.0506 4360 Processor architecture: Intel x64
19:58:40.0506 4360 Number of processors: 2
19:58:40.0506 4360 Page size: 0x1000
19:58:40.0506 4360 Boot type: Normal boot
19:58:40.0506 4360 ============================================================
19:58:42.0097 4360 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:58:42.0109 4360 Drive \Device\Harddisk1\DR1 - Size: 0x75E00000 (1.84 Gb), SectorSize: 0x200, Cylinders: 0xF0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:58:42.0111 4360 \Device\Harddisk0\DR0:
19:58:42.0112 4360 MBR used
19:58:42.0112 4360 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
19:58:42.0112 4360 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x386B1000
19:58:42.0112 4360 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
19:58:42.0112 4360 \Device\Harddisk1\DR1:
19:58:42.0113 4360 MBR used
19:58:42.0113 4360 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x87, BlocksNum 0x3AE039
19:58:42.0138 4360 Initialize success
19:58:42.0138 4360 ============================================================
19:59:02.0581 6556 ============================================================
19:59:02.0581 6556 Scan started
19:59:02.0581 6556 Mode: Manual;
19:59:02.0581 6556 ============================================================
19:59:05.0958 6556 Suspicious service (NoAccess): .Net bKernelMain
19:59:06.0544 6556 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
19:59:06.0549 6556 1394ohci - ok
19:59:07.0066 6556 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
19:59:07.0073 6556 ACPI - ok
19:59:07.0616 6556 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
19:59:07.0620 6556 AcpiPmi - ok
19:59:08.0195 6556 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:59:08.0209 6556 adp94xx - ok
19:59:08.0860 6556 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:59:08.0866 6556 adpahci - ok
19:59:09.0394 6556 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:59:09.0401 6556 adpu320 - ok
19:59:09.0981 6556 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
19:59:09.0994 6556 AFD - ok
19:59:10.0519 6556 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
19:59:10.0522 6556 agp440 - ok
19:59:11.0024 6556 akerneldrv - ok
19:59:11.0708 6556 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
19:59:11.0710 6556 aliide - ok
19:59:12.0278 6556 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
19:59:12.0280 6556 amdide - ok
19:59:12.0830 6556 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
19:59:12.0833 6556 amdiox64 - ok
19:59:13.0447 6556 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:59:13.0450 6556 AmdK8 - ok
19:59:14.0233 6556 amdkmdag (98e20c5a39fea1920031d3850004b334) C:\Windows\system32\DRIVERS\atikmdag.sys
19:59:14.0470 6556 amdkmdag - ok
19:59:15.0059 6556 amdkmdap (8624dc7b8d22daf28f5438735095f6c4) C:\Windows\system32\DRIVERS\atikmpag.sys
19:59:15.0064 6556 amdkmdap - ok
19:59:15.0754 6556 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:59:15.0761 6556 AmdPPM - ok
19:59:16.0316 6556 amdsata (ab3166c09438a161fbde13099a72e0af) C:\Windows\system32\DRIVERS\amdsata.sys
19:59:16.0322 6556 amdsata - ok
19:59:16.0853 6556 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:59:16.0858 6556 amdsbs - ok
19:59:17.0402 6556 amdxata (5118dcd2065d8c8d752ad5ec0b2d6aa6) C:\Windows\system32\DRIVERS\amdxata.sys
19:59:17.0413 6556 amdxata - ok
19:59:17.0953 6556 amd_sata (08e8a4172c57abd7693a6915cf1e7a99) C:\Windows\system32\DRIVERS\amd_sata.sys
19:59:17.0954 6556 amd_sata - ok
19:59:18.0456 6556 amd_xata (9866af4e4ad7f16e810b6c0b8473f9cd) C:\Windows\system32\DRIVERS\amd_xata.sys
19:59:18.0461 6556 amd_xata - ok
19:59:18.0983 6556 apcmci - ok
19:59:19.0534 6556 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
19:59:19.0541 6556 AppID - ok
19:59:20.0122 6556 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:59:20.0125 6556 arc - ok
19:59:20.0642 6556 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:59:20.0646 6556 arcsas - ok
19:59:21.0307 6556 aswFsBlk (c7c69ed14a7ddecaf58e3dfd1fca6d37) C:\Windows\system32\drivers\aswFsBlk.sys
19:59:21.0310 6556 aswFsBlk - ok
19:59:21.0868 6556 aswFW (baa236e2e146b864803c9b4a5aa65816) C:\Windows\system32\drivers\aswFW.sys
19:59:21.0874 6556 aswFW - ok
19:59:22.0401 6556 aswKbd (29ec2fb2d3a5d2177ef6ba600e0305ae) C:\Windows\system32\drivers\aswKbd.sys
19:59:22.0404 6556 aswKbd - ok
19:59:22.0955 6556 aswMonFlt (ad5276449159ba8d5206c6094c764249) C:\Windows\system32\drivers\aswMonFlt.sys
19:59:22.0958 6556 aswMonFlt - ok
19:59:23.0513 6556 aswNdis (518b8d447a1975ab46da093a2e743256) C:\Windows\system32\DRIVERS\aswNdis.sys
19:59:23.0517 6556 aswNdis - ok
19:59:24.0078 6556 aswNdis2 (b33e66eb8b76a818aee08e4e6d9a11ea) C:\Windows\system32\drivers\aswNdis2.sys
19:59:24.0087 6556 aswNdis2 - ok
19:59:24.0605 6556 aswRdr (1e5ca4c89227df49c5fc779e7848ae8b) C:\Windows\System32\Drivers\aswrdr2.sys
19:59:24.0609 6556 aswRdr - ok
19:59:25.0252 6556 aswSnx (45ad1ed2a0ccd582e32b10535f5c42e9) C:\Windows\system32\drivers\aswSnx.sys
19:59:25.0287 6556 aswSnx - ok
19:59:25.0840 6556 aswSP (06fd751c1b15734e57df09614602be66) C:\Windows\system32\drivers\aswSP.sys
19:59:25.0846 6556 aswSP - ok
19:59:26.0362 6556 aswTdi (bf670f65762ff8da7615d7b80914c0f8) C:\Windows\system32\drivers\aswTdi.sys
19:59:26.0369 6556 aswTdi - ok
19:59:26.0903 6556 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:59:26.0907 6556 AsyncMac - ok
19:59:27.0561 6556 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
19:59:27.0563 6556 atapi - ok
19:59:28.0118 6556 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
19:59:28.0123 6556 AtiHdmiService - ok
19:59:28.0634 6556 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
19:59:28.0636 6556 AtiPcie - ok
19:59:29.0361 6556 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:59:29.0371 6556 b06bdrv - ok
19:59:29.0890 6556 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:59:29.0896 6556 b57nd60a - ok
19:59:30.0455 6556 bakerneldrv (263453cbd29f8228ce9c0ae371841425) C:\Windows\system32\Drivers\bakerneldrv64.sys
19:59:30.0455 6556 Suspicious file (NoAccess): C:\Windows\system32\Drivers\bakerneldrv64.sys. md5: 263453cbd29f8228ce9c0ae371841425
19:59:30.0475 6556 bakerneldrv ( LockedFile.Multi.Generic ) - warning
19:59:30.0476 6556 bakerneldrv - detected LockedFile.Multi.Generic (1)
19:59:31.0012 6556 bapcmci (5f6badbd0229095026c259ee464e2521) C:\Windows\system32\Drivers\bapcmci64.sys
19:59:31.0012 6556 Suspicious file (NoAccess): C:\Windows\system32\Drivers\bapcmci64.sys. md5: 5f6badbd0229095026c259ee464e2521
19:59:31.0036 6556 bapcmci ( LockedFile.Multi.Generic ) - warning
19:59:31.0036 6556 bapcmci - detected LockedFile.Multi.Generic (1)
19:59:31.0728 6556 BCM43XX (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys
19:59:31.0839 6556 BCM43XX - ok
19:59:32.0396 6556 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:59:32.0398 6556 Beep - ok
19:59:32.0936 6556 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:59:32.0938 6556 blbdrive - ok
19:59:33.0499 6556 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
19:59:33.0504 6556 bowser - ok
19:59:34.0044 6556 bpcrasys (63ff513df9109d66675aafe46465ae20) C:\Windows\system32\Drivers\bpcrasys64.sys
19:59:34.0044 6556 Suspicious file (NoAccess): C:\Windows\system32\Drivers\bpcrasys64.sys. md5: 63ff513df9109d66675aafe46465ae20
19:59:34.0045 6556 bpcrasys ( LockedFile.Multi.Generic ) - warning
19:59:34.0045 6556 bpcrasys - detected LockedFile.Multi.Generic (1)
19:59:34.0695 6556 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:59:34.0697 6556 BrFiltLo - ok
19:59:35.0334 6556 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:59:35.0337 6556 BrFiltUp - ok
19:59:35.0851 6556 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:59:35.0860 6556 Brserid - ok
19:59:36.0380 6556 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:59:36.0382 6556 BrSerWdm - ok
19:59:36.0908 6556 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:59:36.0910 6556 BrUsbMdm - ok
19:59:37.0525 6556 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:59:37.0527 6556 BrUsbSer - ok
19:59:38.0199 6556 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:59:38.0206 6556 BTHMODEM - ok
19:59:38.0828 6556 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:59:38.0831 6556 cdfs - ok
19:59:39.0424 6556 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
19:59:39.0431 6556 cdrom - ok
19:59:39.0960 6556 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:59:39.0967 6556 circlass - ok
19:59:40.0376 6556 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:59:40.0384 6556 CLFS - ok
19:59:40.0962 6556 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
19:59:40.0973 6556 clwvd - ok
19:59:41.0722 6556 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:59:41.0725 6556 CmBatt - ok
19:59:42.0228 6556 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
19:59:42.0230 6556 cmdide - ok
19:59:42.0873 6556 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
19:59:42.0882 6556 CNG - ok
19:59:43.0528 6556 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:59:43.0533 6556 Compbatt - ok
19:59:44.0051 6556 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:59:44.0054 6556 CompositeBus - ok
19:59:44.0596 6556 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:59:44.0599 6556 crcdisk - ok
19:59:45.0182 6556 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
19:59:45.0185 6556 DfsC - ok
19:59:45.0692 6556 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:59:45.0694 6556 discache - ok
19:59:46.0226 6556 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:59:46.0228 6556 Disk - ok
19:59:46.0765 6556 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:59:46.0767 6556 drmkaud - ok
19:59:47.0574 6556 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
19:59:47.0616 6556 DXGKrnl - ok
19:59:48.0202 6556 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:59:48.0291 6556 ebdrv - ok
19:59:48.0854 6556 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:59:48.0863 6556 elxstor - ok
19:59:49.0614 6556 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
19:59:49.0617 6556 ErrDev - ok
19:59:50.0137 6556 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:59:50.0142 6556 exfat - ok
19:59:50.0642 6556 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:59:50.0650 6556 fastfat - ok
19:59:51.0305 6556 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:59:51.0309 6556 fdc - ok
19:59:51.0824 6556 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:59:51.0828 6556 FileInfo - ok
19:59:52.0326 6556 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:59:52.0329 6556 Filetrace - ok
19:59:53.0198 6556 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:59:53.0200 6556 flpydisk - ok
19:59:53.0725 6556 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
19:59:53.0731 6556 FltMgr - ok
19:59:54.0241 6556 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:59:54.0244 6556 FsDepends - ok
19:59:54.0716 6556 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:59:54.0720 6556 Fs_Rec - ok
19:59:55.0257 6556 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
19:59:55.0262 6556 fvevol - ok
19:59:55.0827 6556 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:59:55.0831 6556 gagp30kx - ok
19:59:56.0345 6556 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:59:56.0348 6556 hcw85cir - ok
19:59:56.0886 6556 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
19:59:56.0897 6556 HdAudAddService - ok
19:59:57.0514 6556 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:59:57.0521 6556 HDAudBus - ok
19:59:58.0204 6556 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:59:58.0211 6556 HidBatt - ok
19:59:58.0726 6556 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:59:58.0730 6556 HidBth - ok
19:59:59.0257 6556 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:59:59.0259 6556 HidIr - ok
19:59:59.0795 6556 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
19:59:59.0798 6556 HidUsb - ok
20:00:00.0369 6556 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:00:00.0373 6556 HpSAMD - ok
20:00:00.0966 6556 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
20:00:01.0002 6556 HTTP - ok
20:00:01.0583 6556 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
20:00:01.0584 6556 hwpolicy - ok
20:00:02.0142 6556 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:00:02.0145 6556 i8042prt - ok
20:00:02.0677 6556 iaStorV (513dc087cfed7d2bb82f005385d3531f) C:\Windows\system32\DRIVERS\iaStorV.sys
20:00:02.0686 6556 iaStorV - ok
20:00:03.0453 6556 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:00:03.0647 6556 igfx - ok
20:00:04.0206 6556 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:00:04.0208 6556 iirsp - ok
20:00:04.0712 6556 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
20:00:04.0714 6556 intelide - ok
20:00:05.0262 6556 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:00:05.0269 6556 intelppm - ok
20:00:05.0781 6556 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:00:05.0783 6556 IpFilterDriver - ok
20:00:06.0320 6556 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:00:06.0324 6556 IPMIDRV - ok
20:00:06.0808 6556 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:00:06.0813 6556 IPNAT - ok
20:00:07.0332 6556 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:00:07.0336 6556 IRENUM - ok
20:00:07.0850 6556 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
20:00:07.0852 6556 isapnp - ok
20:00:08.0367 6556 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
20:00:08.0371 6556 iScsiPrt - ok
20:00:08.0878 6556 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:00:08.0882 6556 kbdclass - ok
20:00:09.0411 6556 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
20:00:09.0415 6556 kbdhid - ok
20:00:09.0914 6556 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
20:00:09.0925 6556 KSecDD - ok
20:00:10.0435 6556 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
20:00:10.0442 6556 KSecPkg - ok
20:00:10.0996 6556 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:00:11.0000 6556 ksthunk - ok
20:00:11.0617 6556 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:00:11.0622 6556 lltdio - ok
20:00:12.0187 6556 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:00:12.0192 6556 LSI_FC - ok
20:00:12.0746 6556 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:00:12.0751 6556 LSI_SAS - ok
20:00:13.0353 6556 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:00:13.0358 6556 LSI_SAS2 - ok
20:00:13.0919 6556 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:00:13.0924 6556 LSI_SCSI - ok
20:00:14.0489 6556 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:00:14.0496 6556 luafv - ok
20:00:14.0983 6556 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:00:14.0986 6556 megasas - ok
20:00:15.0509 6556 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:00:15.0519 6556 MegaSR - ok
20:00:16.0049 6556 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:00:16.0062 6556 Modem - ok
20:00:16.0574 6556 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:00:16.0576 6556 monitor - ok
20:00:17.0113 6556 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:00:17.0128 6556 mouclass - ok
20:00:17.0765 6556 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:00:17.0769 6556 mouhid - ok
20:00:18.0308 6556 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
20:00:18.0313 6556 mountmgr - ok
20:00:18.0871 6556 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
20:00:18.0876 6556 MpFilter - ok
20:00:19.0451 6556 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
20:00:19.0455 6556 mpio - ok
20:00:19.0961 6556 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
20:00:19.0963 6556 MpNWMon - ok
20:00:20.0870 6556 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:00:20.0873 6556 mpsdrv - ok
20:00:21.0366 6556 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
20:00:21.0371 6556 MRxDAV - ok
20:00:21.0854 6556 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:00:21.0862 6556 mrxsmb - ok
20:00:22.0385 6556 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:00:22.0392 6556 mrxsmb10 - ok
20:00:22.0891 6556 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:00:22.0897 6556 mrxsmb20 - ok
20:00:23.0402 6556 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\Windows\system32\DRIVERS\msahci.sys
20:00:23.0405 6556 msahci - ok
20:00:23.0890 6556 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
20:00:23.0894 6556 msdsm - ok
20:00:24.0451 6556 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:00:24.0456 6556 Msfs - ok
20:00:24.0949 6556 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:00:24.0953 6556 mshidkmdf - ok
20:00:25.0586 6556 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
20:00:25.0590 6556 msisadrv - ok
20:00:26.0288 6556 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:00:26.0295 6556 MSKSSRV - ok
20:00:26.0856 6556 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:00:26.0859 6556 MSPCLOCK - ok
20:00:27.0378 6556 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:00:27.0382 6556 MSPQM - ok
20:00:27.0901 6556 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
20:00:27.0912 6556 MsRPC - ok
20:00:28.0434 6556 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:00:28.0435 6556 mssmbios - ok
20:00:28.0967 6556 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:00:28.0971 6556 MSTEE - ok
20:00:29.0622 6556 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:00:29.0624 6556 MTConfig - ok
20:00:30.0126 6556 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:00:30.0130 6556 Mup - ok
20:00:30.0707 6556 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:00:30.0715 6556 NativeWifiP - ok
20:00:31.0378 6556 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
20:00:31.0412 6556 NDIS - ok
20:00:31.0950 6556 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:00:31.0953 6556 NdisCap - ok
20:00:32.0501 6556 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:00:32.0505 6556 NdisTapi - ok
20:00:33.0043 6556 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
20:00:33.0046 6556 Ndisuio - ok
20:00:33.0720 6556 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:00:33.0725 6556 NdisWan - ok
20:00:34.0230 6556 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
20:00:34.0233 6556 NDProxy - ok
20:00:34.0763 6556 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:00:34.0767 6556 NetBIOS - ok
20:00:35.0400 6556 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
20:00:35.0409 6556 NetBT - ok
20:00:36.0111 6556 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
20:00:36.0255 6556 netw5v64 - ok
20:00:36.0853 6556 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:00:36.0856 6556 nfrd960 - ok
20:00:37.0550 6556 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:00:37.0553 6556 NisDrv - ok
20:00:38.0071 6556 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:00:38.0075 6556 Npfs - ok
20:00:38.0745 6556 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:00:38.0746 6556 nsiproxy - ok
20:00:39.0409 6556 Ntfs (1ad8fef2d6ac7116b68b887a9782fd33) C:\Windows\system32\drivers\Ntfs.sys
20:00:39.0455 6556 Ntfs - ok
20:00:39.0969 6556 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:00:39.0972 6556 Null - ok
20:00:40.0485 6556 nvraid (deab10231cbdb0881fc25428ebe11506) C:\Windows\system32\DRIVERS\nvraid.sys
20:00:40.0491 6556 nvraid - ok
20:00:41.0007 6556 nvstor (0af7b8136794e23e87be138992880e64) C:\Windows\system32\DRIVERS\nvstor.sys
20:00:41.0013 6556 nvstor - ok
20:00:41.0690 6556 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
20:00:41.0694 6556 nv_agp - ok
20:00:42.0156 6556 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
20:00:42.0160 6556 ohci1394 - ok
20:00:42.0639 6556 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:00:42.0642 6556 Parport - ok
20:00:43.0164 6556 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
20:00:43.0167 6556 partmgr - ok
20:00:43.0670 6556 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
20:00:43.0677 6556 pci - ok
20:00:44.0171 6556 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
20:00:44.0174 6556 pciide - ok
20:00:44.0676 6556 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:00:44.0688 6556 pcmcia - ok
20:00:45.0344 6556 pcrasys - ok
20:00:45.0822 6556 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:00:45.0825 6556 pcw - ok
20:00:46.0333 6556 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:00:46.0354 6556 PEAUTH - ok
20:00:46.0947 6556 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
20:00:46.0950 6556 PptpMiniport - ok
20:00:47.0702 6556 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:00:47.0704 6556 Processor - ok
20:00:48.0217 6556 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
20:00:48.0222 6556 Psched - ok
20:00:48.0727 6556 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:00:48.0774 6556 ql2300 - ok
20:00:49.0261 6556 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:00:49.0264 6556 ql40xx - ok
20:00:49.0774 6556 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:00:49.0777 6556 QWAVEdrv - ok
20:00:50.0272 6556 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:00:50.0275 6556 RasAcd - ok
20:00:50.0798 6556 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:00:50.0826 6556 RasAgileVpn - ok
20:00:51.0432 6556 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:00:51.0436 6556 Rasl2tp - ok
20:00:51.0969 6556 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:00:51.0972 6556 RasPppoe - ok
20:00:52.0503 6556 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:00:52.0507 6556 RasSstp - ok
20:00:53.0231 6556 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
20:00:53.0238 6556 rdbss - ok
20:00:53.0721 6556 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:00:53.0723 6556 rdpbus - ok
20:00:54.0233 6556 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:00:54.0234 6556 RDPCDD - ok
20:00:54.0747 6556 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:00:54.0750 6556 RDPENCDD - ok
20:00:55.0402 6556 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:00:55.0403 6556 RDPREFMP - ok
20:00:56.0096 6556 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
20:00:56.0102 6556 RDPWD - ok
20:00:56.0617 6556 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
20:00:56.0623 6556 rdyboost - ok
20:00:57.0620 6556 RSPCIESTOR (ca327a84085f68200452e6761f943298) C:\Windows\system32\DRIVERS\RtsPStor.sys
20:00:57.0632 6556 RSPCIESTOR - ok
20:00:58.0430 6556 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:00:58.0433 6556 rspndr - ok
20:00:59.0002 6556 RTL8167 (b15c021c2c9bb217a799d9532e8f04d4) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:00:59.0013 6556 RTL8167 - ok
20:00:59.0653 6556 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
20:00:59.0659 6556 sbp2port - ok
20:01:00.0212 6556 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
20:01:00.0215 6556 scfilter - ok
20:01:00.0747 6556 sdbus (84e00908975faf79e91282ed8fb88c2f) C:\Windows\system32\DRIVERS\sdbus.sys
20:01:00.0750 6556 sdbus - ok
20:01:01.0383 6556 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:01:01.0385 6556 secdrv - ok
20:01:01.0908 6556 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:01:01.0912 6556 Serenum - ok
20:01:02.0407 6556 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:01:02.0412 6556 Serial - ok
20:01:02.0977 6556 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:01:02.0984 6556 sermouse - ok
20:01:03.0768 6556 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
20:01:03.0772 6556 sffdisk - ok
20:01:04.0233 6556 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:01:04.0235 6556 sffp_mmc - ok
20:01:04.0775 6556 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:01:04.0778 6556 sffp_sd - ok
20:01:05.0287 6556 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:01:05.0292 6556 sfloppy - ok
20:01:05.0839 6556 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:01:05.0844 6556 SiSRaid2 - ok
20:01:06.0465 6556 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:01:06.0483 6556 SiSRaid4 - ok
20:01:07.0013 6556 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:01:07.0020 6556 Smb - ok
20:01:07.0646 6556 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:01:07.0651 6556 spldr - ok
20:01:08.0208 6556 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
20:01:08.0217 6556 srv - ok
20:01:08.0775 6556 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
20:01:08.0791 6556 srv2 - ok
20:01:09.0457 6556 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:01:09.0462 6556 SrvHsfHDA - ok
20:01:10.0002 6556 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:01:10.0049 6556 SrvHsfV92 - ok
20:01:10.0591 6556 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:01:10.0616 6556 SrvHsfWinac - ok
20:01:11.0150 6556 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
20:01:11.0156 6556 srvnet - ok
20:01:11.0721 6556 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:01:11.0724 6556 stexstor - ok
20:01:12.0253 6556 STHDA (0aad250a31a7ee96e0945ab9e1f3baa7) C:\Windows\system32\DRIVERS\stwrt64.sys
20:01:12.0274 6556 STHDA - ok
20:01:12.0826 6556 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:01:12.0830 6556 swenum - ok
20:01:13.0617 6556 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
20:01:13.0660 6556 SynTP - ok
20:01:14.0263 6556 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
20:01:14.0322 6556 Tcpip - ok
20:01:14.0912 6556 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
20:01:14.0924 6556 TCPIP6 - ok
20:01:15.0539 6556 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
20:01:15.0544 6556 tcpipreg - ok
20:01:16.0086 6556 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:01:16.0088 6556 TDPIPE - ok
20:01:16.0581 6556 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:01:16.0583 6556 TDTCP - ok
20:01:17.0107 6556 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
20:01:17.0111 6556 tdx - ok
20:01:17.0632 6556 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
20:01:17.0657 6556 TermDD - ok
20:01:18.0215 6556 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:01:18.0219 6556 tssecsrv - ok
20:01:18.0754 6556 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
20:01:18.0759 6556 tunnel - ok
20:01:19.0438 6556 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:01:19.0442 6556 uagp35 - ok
20:01:19.0960 6556 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys
20:01:19.0967 6556 udfs - ok
20:01:20.0494 6556 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:01:20.0498 6556 uliagpkx - ok
20:01:21.0044 6556 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
20:01:21.0047 6556 umbus - ok
20:01:21.0824 6556 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:01:21.0828 6556 UmPass - ok
20:01:22.0375 6556 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
20:01:22.0381 6556 usbccgp - ok
20:01:22.0894 6556 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
20:01:22.0901 6556 usbcir - ok
20:01:23.0518 6556 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
20:01:23.0521 6556 usbehci - ok
20:01:24.0034 6556 usbfilter (dc2b306861f42eeeb92ef525f4119f08) C:\Windows\system32\DRIVERS\usbfilter.sys
20:01:24.0037 6556 usbfilter - ok
20:01:24.0553 6556 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
20:01:24.0560 6556 usbhub - ok
20:01:25.0068 6556 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
20:01:25.0073 6556 usbohci - ok
20:01:25.0602 6556 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:01:25.0607 6556 usbprint - ok
20:01:26.0271 6556 USBSTOR (a60e7e0fa88ff067d049d525547cd5e9) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:01:26.0274 6556 USBSTOR - ok
20:01:26.0779 6556 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
20:01:26.0782 6556 usbuhci - ok
20:01:27.0333 6556 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
20:01:27.0342 6556 usbvideo - ok
20:01:27.0952 6556 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:01:27.0965 6556 vdrvroot - ok
20:01:28.0542 6556 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:01:28.0556 6556 vga - ok
20:01:29.0107 6556 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:01:29.0110 6556 VgaSave - ok
20:01:29.0638 6556 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
20:01:29.0647 6556 vhdmp - ok
20:01:30.0163 6556 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
20:01:30.0166 6556 viaide - ok
20:01:30.0665 6556 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
20:01:30.0685 6556 volmgr - ok
20:01:31.0326 6556 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
20:01:31.0333 6556 volmgrx - ok
20:01:31.0836 6556 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
20:01:31.0842 6556 volsnap - ok
20:01:32.0385 6556 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:01:32.0392 6556 vsmraid - ok
20:01:32.0911 6556 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:01:32.0915 6556 vwifibus - ok
20:01:33.0538 6556 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:01:33.0541 6556 vwififlt - ok
20:01:34.0069 6556 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:01:34.0072 6556 WacomPen - ok
20:01:34.0588 6556 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:01:34.0592 6556 WANARP - ok
20:01:34.0622 6556 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:01:34.0625 6556 Wanarpv6 - ok
20:01:35.0246 6556 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:01:35.0252 6556 Wd - ok
20:01:35.0974 6556 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:01:35.0986 6556 Wdf01000 - ok
20:01:36.0550 6556 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:01:36.0555 6556 WfpLwf - ok
20:01:37.0450 6556 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:01:37.0452 6556 WIMMount - ok
20:01:38.0137 6556 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:01:38.0139 6556 WmiAcpi - ok
20:01:38.0662 6556 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:01:38.0664 6556 ws2ifsl - ok
20:01:39.0185 6556 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
20:01:39.0194 6556 WudfPf - ok
20:01:39.0731 6556 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:01:39.0739 6556 WUDFRd - ok
20:01:40.0297 6556 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
20:01:40.0310 6556 yukonw7 - ok
20:01:40.0389 6556 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
20:01:40.0424 6556 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
20:01:40.0424 6556 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
20:01:40.0436 6556 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
20:01:40.0444 6556 \Device\Harddisk1\DR1 - ok
20:01:40.0501 6556 Boot (0x1200) (d43677a08e18f1fb1e6fb2c489a667f2) \Device\Harddisk0\DR0\Partition0
20:01:40.0504 6556 \Device\Harddisk0\DR0\Partition0 - ok
20:01:40.0512 6556 Boot (0x1200) (f69d96640c2660ab3531225c7626b972) \Device\Harddisk0\DR0\Partition1
20:01:40.0515 6556 \Device\Harddisk0\DR0\Partition1 - ok
20:01:40.0549 6556 Boot (0x1200) (4e51c91605a244392a1812d3d3c88b3a) \Device\Harddisk0\DR0\Partition2
20:01:40.0558 6556 \Device\Harddisk0\DR0\Partition2 - ok
20:01:40.0563 6556 Boot (0x1200) (78537a8517d039ca5316184b2b2fce1d) \Device\Harddisk1\DR1\Partition0
20:01:40.0565 6556 \Device\Harddisk1\DR1\Partition0 - ok
20:01:40.0569 6556 ============================================================
20:01:40.0569 6556 Scan finished
20:01:40.0569 6556 ============================================================
20:01:40.0589 3940 Detected object count: 4
20:01:40.0589 3940 Actual detected object count: 4
20:01:50.0912 3940 bakerneldrv ( LockedFile.Multi.Generic ) - skipped by user
20:01:50.0912 3940 bakerneldrv ( LockedFile.Multi.Generic ) - User select action: Skip
20:01:50.0912 3940 bapcmci ( LockedFile.Multi.Generic ) - skipped by user
20:01:50.0913 3940 bapcmci ( LockedFile.Multi.Generic ) - User select action: Skip
20:01:50.0915 3940 bpcrasys ( LockedFile.Multi.Generic ) - skipped by user
20:01:50.0915 3940 bpcrasys ( LockedFile.Multi.Generic ) - User select action: Skip
20:01:51.0089 3940 \Device\Harddisk0\DR0\# - copied to quarantine
20:01:51.0208 3940 \Device\Harddisk0\DR0 - copied to quarantine
20:01:51.0389 3940 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
20:01:59.0546 3940 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
20:01:59.0632 3940 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
20:01:59.0757 3940 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
20:01:59.0975 3940 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
20:02:09.0665 3940 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
20:02:10.0082 3940 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
20:02:10.0089 3940 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
20:02:10.0102 3940 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
20:02:10.0118 3940 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
20:02:10.0555 3940 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
20:02:10.0707 3940 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
20:02:10.0882 3940 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
20:02:10.0883 3940 \Device\Harddisk0\DR0 - ok
20:02:11.0652 3940 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
20:02:36.0896 6208 Deinitialize success
ladyliberty is offline  
Old 03-04-2012, 09:31 PM   #8
Registered Member
 
Join Date: Feb 2012
Posts: 18
OS: Windows 7



ComboFix 12-03-04.02 - colortyme 03/04/2012 21:24:51.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2278 [GMT -5:00]
Running from: c:\users\colortyme\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))))
.
.
2012-03-05 03:19 . 2012-03-05 03:19 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AE10E213-2F34-41E5-AE31-54B6C030C39B}\offreg.dll
2012-03-05 01:29 . 2012-02-08 04:14 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AE10E213-2F34-41E5-AE31-54B6C030C39B}\mpengine.dll
2012-03-05 01:01 . 2012-03-05 01:01 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-04 19:55 . 2012-03-04 19:55 116016 ----a-w- c:\windows\system32\drivers\44969335.sys
2012-03-03 14:04 . 2012-03-03 14:05 -------- d-----w- c:\users\colortyme\AppData\Local\Adobe
2012-03-03 00:00 . 2012-03-03 00:00 -------- d-----w- c:\users\colortyme\AppData\Local\CrashDumps
2012-03-02 16:18 . 2012-03-02 16:18 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-03-02 16:11 . 2009-11-25 17:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-03-02 16:11 . 2009-11-25 17:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-03-02 16:11 . 2009-11-25 17:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-03-02 16:11 . 2009-11-25 17:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-03-02 16:11 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-03-02 16:11 . 2009-11-25 17:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-03-02 16:11 . 2009-11-25 17:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-03-02 16:11 . 2009-11-25 17:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-03-02 16:11 . 2009-11-25 17:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-03-02 16:11 . 2009-11-25 17:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-03-01 02:40 . 2012-03-01 02:40 -------- d-----w- c:\users\colortyme\AppData\Local\Spotify
2012-03-01 02:39 . 2012-03-01 12:51 -------- d-----w- c:\users\colortyme\AppData\Roaming\Spotify
2012-03-01 02:37 . 2012-03-01 02:37 -------- d-----w- c:\users\colortyme\AppData\Local\Apps
2012-03-01 02:37 . 2012-03-01 02:39 -------- d-----w- c:\users\colortyme\AppData\Local\Deployment
2012-03-01 00:12 . 2012-03-01 00:12 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-01 00:12 . 2012-03-01 00:12 -------- d-----w- c:\windows\system32\Macromed
2012-02-29 19:08 . 2012-02-29 19:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-29 19:08 . 2012-02-29 19:09 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-02-29 17:05 . 2012-02-29 17:05 -------- d-----w- c:\program files (x86)\7-Zip
2012-02-29 16:48 . 2012-03-02 02:44 -------- d-----w- c:\users\colortyme\AppData\Roaming\ZipGenius
2012-02-29 16:47 . 2012-02-29 16:48 -------- d-----w- c:\program files (x86)\ZipGenius 6
2012-02-29 01:50 . 2012-02-29 01:50 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-29 01:41 . 2012-02-23 16:13 141144 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-02-29 01:40 . 2012-02-23 16:12 258904 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-02-29 01:40 . 2012-02-23 16:11 28504 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-02-29 01:39 . 2012-02-23 15:54 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-02-29 01:28 . 2012-02-29 01:28 -------- d-----w- c:\users\colortyme\AppData\Roaming\Avant Downloader
2012-02-29 01:28 . 2012-02-29 01:28 -------- d-----w- c:\users\colortyme\AppData\Roaming\Avant Profiles
2012-02-29 01:28 . 2012-02-29 01:32 -------- d-----w- c:\program files (x86)\Avant Browser
2012-02-28 12:37 . 2012-02-28 12:37 -------- d-----w- c:\program files (x86)\Ask.com
2012-02-28 12:36 . 2012-02-28 12:36 -------- d-----w- c:\program files (x86)\ARO 2012
2012-02-28 11:56 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-02-28 11:56 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-02-28 11:56 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-02-28 11:56 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-02-28 11:50 . 2012-02-29 16:13 -------- d-----w- c:\program files (x86)\Google
2012-02-28 11:50 . 2012-02-29 15:14 -------- d-----w- c:\users\colortyme\AppData\Local\Google
2012-02-28 11:50 . 2012-02-23 16:10 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-28 11:50 . 2012-02-23 16:12 335704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-28 11:49 . 2012-02-23 16:11 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-02-28 11:49 . 2012-02-23 16:10 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-28 11:49 . 2012-02-23 16:12 817496 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-28 11:49 . 2012-02-23 16:10 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-28 11:49 . 2012-02-23 16:23 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-28 11:48 . 2012-02-23 16:23 41184 ----a-w- c:\windows\avastSS.scr
2012-02-28 11:48 . 2012-02-23 16:23 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-02-28 11:48 . 2012-02-28 11:48 -------- d-----w- c:\programdata\AVAST Software
2012-02-28 11:48 . 2012-02-28 11:48 -------- d-----w- c:\program files\AVAST Software
2012-02-28 11:44 . 2012-02-29 01:58 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-02-28 11:43 . 2012-02-28 11:43 -------- d--h--w- c:\programdata\Common Files
2012-02-28 11:36 . 2012-02-28 11:36 -------- d-----w- c:\program files (x86)\AVG
2012-02-28 11:35 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-02-28 11:35 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-02-28 11:32 . 2012-02-29 13:21 -------- d-----w- c:\programdata\MFAData
2012-02-28 11:02 . 2011-06-03 20:37 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-28 11:02 . 2012-02-28 11:01 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF6B12C6-B24E-481B-90C1-0170C6FD79C6}\gapaengine.dll
2012-02-28 11:02 . 2012-02-08 04:14 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-28 10:14 . 2012-03-05 03:45 -------- d-----w- c:\users\colortyme\AppData\Local\Temp
2012-02-28 08:21 . 2012-02-28 08:21 -------- d-----w- C:\Recovery
2012-02-28 03:43 . 2009-07-14 03:31 20480 ----a-w- c:\windows\svchost.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-04 15:37 . 2011-06-03 20:27 8007680 ------r- c:\windows\system32\Microsoft.mshtml.dll
2012-03-04 15:37 . 2011-06-03 20:27 126976 ------r- c:\windows\system32\Interop.SHDocVw.dll
2012-01-31 12:44 . 2011-05-27 18:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-06-03 20:46 405504 --sha-r- c:\windows\System32\vshadow.exe
2011-06-03 20:46 364032 --sha-r- c:\windows\System32\vshadowamd64.exe
2011-06-03 20:46 352256 --sha-r- c:\windows\System32\vshadowXP.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 21:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-10 336384]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-10 586296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 akerneldrv;akerneldrv;c:\windows\system32\Drivers\akerneldrv64.sys [x]
R0 apcmci;apcmci;c:\windows\system32\Drivers\apcmci64.sys [x]
R0 pcrasys;pcrasys;c:\windows\system32\Drivers\pcrasys64.sys [x]
R2 .Net bKernelSecurity;Microsoft.NET Framework KernelSecurity x2.0b;c:\windows\system32\bKernelSecurity.exe [x]
R2 .Net bSecurityCrypt;Microsoft.NET Framework SecurityCrypt x2.0b;c:\windows\system32\bSecurityCrypt.exe [x]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-02-23 131288]
R2 CNGKeyLock;CNG Key Isolation Service;c:\windows\system32\CNGKeyLock.exe [x]
R2 MicrosoftHardwareDriver;MicrosoftHardwareDriver;c:\windows\system32\sysDriverHardWare.exe [x]
R2 SysCacheDriver;SysCacheDriver;c:\windows\system32\sysSecurityCheck.exe [x]
R2 systemCheck;SystemWindows;c:\windows\system32\servicescache.exe [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 bakerneldrv;bakerneldrv;c:\windows\system32\Drivers\bakerneldrv64.sys [x]
S0 bapcmci;bapcmci;c:\windows\system32\Drivers\bapcmci64.sys [x]
S0 bpcrasys;bpcrasys;c:\windows\system32\Drivers\bpcrasys64.sys [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 .Net bCNGKeyLock;CNG Key Isolation Service x2.0b;c:\windows\system32\bNETCommando.exe [x]
S2 .Net bKernelMain;Microsoft.NET Framework KernelMain x2.0b;c:\windows\system32\bKernelMain.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-10 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-22 103992]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-11-04 92216]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-10 26680]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 05:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 05:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 05:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 05:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 05:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-21 524800]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-22 8192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = https://www.startpage.com/eng/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AROReminder - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4} - c:\program files (x86)\InstallShield Installation Information\{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.Net bKernelMain]
"ImagePath"="system32\bKernelMain.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,79,97,a5,33,73,05,21,47,8e,81,a0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,79,97,a5,33,73,05,21,47,8e,81,a0,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-03-04 22:48:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-05 03:48
.
Pre-Run: 428,737,118,208 bytes free
Post-Run: 428,678,569,984 bytes free
.
- - End Of File - - EA863DBAC26DCAF4567A97E108895E2D
ladyliberty is offline  
Old 03-04-2012, 10:07 PM   #9
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Is this a rental computer?

As stated in our pre-posting sticky topic...

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

Quote:
If you have more than one antivirus software installed, leave only ONE and uninstall the others
While this may seem like greater protection, it can cause problems including slowdowns, system hangs or even crashes. This can happen if both AntiVirus applications attempt to access the same file at the same time. This may cause the applications to interfere with each other, or cause the system to lock up. It can also be a drain on system resources, making a machine run slower than it should.

I see you have more than one Anti-Virus program installed, Avast and MS Security Essentials. Choose one to keep and uninstall the other.

Any antivirus program must be removed via add/remove program.
For any program that doesn't have an add/remove entry, you will have to do this:
re-install the program -> reboot -> uninstall

Please go to: VirusTotal
https://www.virustotal.com
On the page you'll find a "Browse" button.
Click on the Browse button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.

c:\windows\system32\drivers\44969335.sys

Next, click the Open button.
Then click the "Send File " button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.

Please repeat for the following files.

C:\Windows\system32\Drivers\bapcmci64.sys
c:\windows\system32\Drivers\bakerneldrv64.sys
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 03-04-2012, 11:10 PM   #10
Registered Member
 
Join Date: Feb 2012
Posts: 18
OS: Windows 7



No, it's not a rental. Igot a decent deal and bought it from a rental place a little over a year ago, someone turned it in so they couldn't sell it as new with some scratches. Haven't had any problems I couldn't handle until now.

When I went to the VirusTotal site, it won't let me paste into the "choose file" area, and there's no other browse link. I did a search for the file and follwed the path to upload the file. It's not showing up when I search for it. It's as if it doesn't exist (or the computer doesn't want me to think it does) Ugh. Suggestions?
ladyliberty is offline  
Old 03-05-2012, 12:35 AM   #11
Registered Member
 
Join Date: Feb 2012
Posts: 18
OS: Windows 7



... I deleted the MSE and kept Avast. Thanks. When I reinstalled everything it resest the computer back to the way it was when I got it.
ladyliberty is offline  
Old 03-05-2012, 06:59 AM   #12
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
  1. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  2. Open notepad and copy/paste the text in the codebox below into it:


    Code:
    https://www.techsupportforum.com/forums/f50/started-as-redirect-virus-now-worse-633282.html#post3651280
    Collect::
    c:\windows\system32\drivers\44969335.sys
    c:\windows\svchost.exe
    Suspect::
    C:\Windows\system32\Drivers\bapcmci64.sys
    c:\windows\system32\Drivers\bakerneldrv64.sys


    Save this as CFScript.txt




    Referring to the picture above, drag CFScript.txt into ComboFix.exe
  3. ComboFix may request an update; please allow it.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    **Note**

    When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
    • Ensure you are connected to the internet and click OK on the message box.

    Please let me know if the file was successfully submitted . Thanks.

    ------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 03-05-2012, 12:02 PM   #13
Registered Member
 
Join Date: Feb 2012
Posts: 18
OS: Windows 7



It connested to the internet and subitted the files. Here is the log:

ComboFix 12-03-04.02 - colortyme 03/05/2012 13:23:30.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.1918 [GMT -5:00]
Running from: c:\users\colortyme\Desktop\ComboFix.exe
Command switches used :: c:\users\colortyme\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msxml4-KB954430-enu.LOG
c:\windows\msxml4-KB973688-enu.LOG
.
.
((((((((((((((((((((((((( Files Created from 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))))
.
.
2012-03-05 18:33 . 2012-03-05 18:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-05 07:33 . 2012-03-05 07:33 20080 ----a-w- C:\FixitRegBackup.reg
2012-03-05 01:29 . 2012-02-08 04:14 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AE10E213-2F34-41E5-AE31-54B6C030C39B}\mpengine.dll
2012-03-05 01:01 . 2012-03-05 01:01 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-04 19:55 . 2012-03-04 19:55 116016 ----a-w- c:\windows\system32\drivers\44969335.sys
2012-03-03 14:04 . 2012-03-03 14:05 -------- d-----w- c:\users\colortyme\AppData\Local\Adobe
2012-03-03 00:00 . 2012-03-03 00:00 -------- d-----w- c:\users\colortyme\AppData\Local\CrashDumps
2012-03-02 16:18 . 2012-03-02 16:18 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-03-02 16:11 . 2009-11-25 17:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-03-02 16:11 . 2009-11-25 17:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-03-02 16:11 . 2009-11-25 17:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-03-02 16:11 . 2009-11-25 17:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-03-02 16:11 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-03-02 16:11 . 2009-11-25 17:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-03-02 16:11 . 2009-11-25 17:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-03-02 16:11 . 2009-11-25 17:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-03-02 16:11 . 2009-11-25 17:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-03-02 16:11 . 2009-11-25 17:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-03-01 02:40 . 2012-03-01 02:40 -------- d-----w- c:\users\colortyme\AppData\Local\Spotify
2012-03-01 02:39 . 2012-03-01 12:51 -------- d-----w- c:\users\colortyme\AppData\Roaming\Spotify
2012-03-01 02:37 . 2012-03-01 02:37 -------- d-----w- c:\users\colortyme\AppData\Local\Apps
2012-03-01 02:37 . 2012-03-01 02:39 -------- d-----w- c:\users\colortyme\AppData\Local\Deployment
2012-03-01 00:12 . 2012-03-01 00:12 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-01 00:12 . 2012-03-01 00:12 -------- d-----w- c:\windows\system32\Macromed
2012-02-29 19:08 . 2012-02-29 19:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-29 19:08 . 2012-02-29 19:09 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-02-29 17:05 . 2012-02-29 17:05 -------- d-----w- c:\program files (x86)\7-Zip
2012-02-29 16:48 . 2012-03-02 02:44 -------- d-----w- c:\users\colortyme\AppData\Roaming\ZipGenius
2012-02-29 16:47 . 2012-02-29 16:48 -------- d-----w- c:\program files (x86)\ZipGenius 6
2012-02-29 01:50 . 2012-02-29 01:50 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-29 01:41 . 2012-02-23 16:13 141144 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-02-29 01:40 . 2012-02-23 16:12 258904 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-02-29 01:40 . 2012-02-23 16:11 28504 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-02-29 01:39 . 2012-02-23 15:54 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-02-29 01:28 . 2012-02-29 01:28 -------- d-----w- c:\users\colortyme\AppData\Roaming\Avant Downloader
2012-02-29 01:28 . 2012-02-29 01:28 -------- d-----w- c:\users\colortyme\AppData\Roaming\Avant Profiles
2012-02-29 01:28 . 2012-02-29 01:32 -------- d-----w- c:\program files (x86)\Avant Browser
2012-02-28 12:36 . 2012-02-28 12:36 -------- d-----w- c:\program files (x86)\ARO 2012
2012-02-28 12:01 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-02-28 12:01 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2012-02-28 11:56 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-02-28 11:56 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-02-28 11:56 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-02-28 11:56 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-02-28 11:50 . 2012-02-29 16:13 -------- d-----w- c:\program files (x86)\Google
2012-02-28 11:50 . 2012-02-29 15:14 -------- d-----w- c:\users\colortyme\AppData\Local\Google
2012-02-28 11:50 . 2012-02-23 16:10 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-28 11:50 . 2012-02-23 16:12 335704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-28 11:49 . 2012-02-23 16:11 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-02-28 11:49 . 2012-02-23 16:10 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-28 11:49 . 2012-02-23 16:12 817496 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-28 11:49 . 2012-02-23 16:10 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-28 11:49 . 2012-02-23 16:23 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-28 11:48 . 2012-02-23 16:23 41184 ----a-w- c:\windows\avastSS.scr
2012-02-28 11:48 . 2012-02-23 16:23 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-02-28 11:48 . 2012-02-28 11:48 -------- d-----w- c:\programdata\AVAST Software
2012-02-28 11:48 . 2012-02-28 11:48 -------- d-----w- c:\program files\AVAST Software
2012-02-28 11:44 . 2012-02-29 01:58 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-02-28 11:43 . 2012-02-28 11:43 -------- d--h--w- c:\programdata\Common Files
2012-02-28 11:36 . 2012-02-28 11:36 -------- d-----w- c:\program files (x86)\AVG
2012-02-28 11:35 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-02-28 11:35 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-02-28 11:32 . 2012-02-29 13:21 -------- d-----w- c:\programdata\MFAData
2012-02-28 11:02 . 2011-06-03 20:37 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-28 11:02 . 2012-02-28 11:01 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF6B12C6-B24E-481B-90C1-0170C6FD79C6}\gapaengine.dll
2012-02-28 11:02 . 2012-02-08 04:14 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-28 10:14 . 2012-03-05 18:51 -------- d-----w- c:\users\colortyme\AppData\Local\Temp
2012-02-28 08:21 . 2012-02-28 08:21 -------- d-----w- C:\Recovery
2012-02-28 03:43 . 2009-07-14 03:31 20480 ------w- c:\windows\svchost.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-04 15:37 . 2011-06-03 20:27 8007680 ------r- c:\windows\system32\Microsoft.mshtml.dll
2012-03-04 15:37 . 2011-06-03 20:27 126976 ------r- c:\windows\system32\Interop.SHDocVw.dll
2012-01-31 12:44 . 2011-05-27 18:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-06-03 20:46 405504 --sha-r- c:\windows\System32\vshadow.exe
2011-06-03 20:46 364032 --sha-r- c:\windows\System32\vshadowamd64.exe
2011-06-03 20:46 352256 --sha-r- c:\windows\System32\vshadowXP.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-10 336384]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-10 586296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 akerneldrv;akerneldrv;c:\windows\system32\Drivers\akerneldrv64.sys [x]
R0 apcmci;apcmci;c:\windows\system32\Drivers\apcmci64.sys [x]
R0 pcrasys;pcrasys;c:\windows\system32\Drivers\pcrasys64.sys [x]
R2 .Net bKernelSecurity;Microsoft.NET Framework KernelSecurity x2.0b;c:\windows\system32\bKernelSecurity.exe [x]
R2 .Net bSecurityCrypt;Microsoft.NET Framework SecurityCrypt x2.0b;c:\windows\system32\bSecurityCrypt.exe [x]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-02-23 131288]
R2 CNGKeyLock;CNG Key Isolation Service;c:\windows\system32\CNGKeyLock.exe [x]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-22 103992]
R2 MicrosoftHardwareDriver;MicrosoftHardwareDriver;c:\windows\system32\sysDriverHardWare.exe [x]
R2 SysCacheDriver;SysCacheDriver;c:\windows\system32\sysSecurityCheck.exe [x]
R2 systemCheck;SystemWindows;c:\windows\system32\servicescache.exe [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
ladyliberty is offline  
Old 03-05-2012, 01:14 PM   #14
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



The log seems incomplete, please repost.

Next...

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop. Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 03-05-2012, 02:06 PM   #15
Registered Member
 
Join Date: Feb 2012
Posts: 18
OS: Windows 7



ComboFix 12-03-04.02 - colortyme 03/05/2012 13:23:30.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.1918 [GMT -5:00]
Running from: c:\users\colortyme\Desktop\ComboFix.exe
Command switches used :: c:\users\colortyme\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msxml4-KB954430-enu.LOG
c:\windows\msxml4-KB973688-enu.LOG
.
.
((((((((((((((((((((((((( Files Created from 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))))
.
.
2012-03-05 18:33 . 2012-03-05 18:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-05 07:33 . 2012-03-05 07:33 20080 ----a-w- C:\FixitRegBackup.reg
2012-03-05 01:29 . 2012-02-08 04:14 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AE10E213-2F34-41E5-AE31-54B6C030C39B}\mpengine.dll
2012-03-05 01:01 . 2012-03-05 01:01 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-04 19:55 . 2012-03-04 19:55 116016 ----a-w- c:\windows\system32\drivers\44969335.sys
2012-03-03 14:04 . 2012-03-03 14:05 -------- d-----w- c:\users\colortyme\AppData\Local\Adobe
2012-03-03 00:00 . 2012-03-03 00:00 -------- d-----w- c:\users\colortyme\AppData\Local\CrashDumps
2012-03-02 16:18 . 2012-03-02 16:18 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-03-02 16:11 . 2009-11-25 17:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-03-02 16:11 . 2009-11-25 17:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-03-02 16:11 . 2009-11-25 17:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-03-02 16:11 . 2009-11-25 17:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-03-02 16:11 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-03-02 16:11 . 2009-11-25 17:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-03-02 16:11 . 2009-11-25 17:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-03-02 16:11 . 2009-11-25 17:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-03-02 16:11 . 2009-11-25 17:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-03-02 16:11 . 2009-11-25 17:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-03-01 02:40 . 2012-03-01 02:40 -------- d-----w- c:\users\colortyme\AppData\Local\Spotify
2012-03-01 02:39 . 2012-03-01 12:51 -------- d-----w- c:\users\colortyme\AppData\Roaming\Spotify
2012-03-01 02:37 . 2012-03-01 02:37 -------- d-----w- c:\users\colortyme\AppData\Local\Apps
2012-03-01 02:37 . 2012-03-01 02:39 -------- d-----w- c:\users\colortyme\AppData\Local\Deployment
2012-03-01 00:12 . 2012-03-01 00:12 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-01 00:12 . 2012-03-01 00:12 -------- d-----w- c:\windows\system32\Macromed
2012-02-29 19:08 . 2012-02-29 19:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-29 19:08 . 2012-02-29 19:09 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-02-29 17:05 . 2012-02-29 17:05 -------- d-----w- c:\program files (x86)\7-Zip
2012-02-29 16:48 . 2012-03-02 02:44 -------- d-----w- c:\users\colortyme\AppData\Roaming\ZipGenius
2012-02-29 16:47 . 2012-02-29 16:48 -------- d-----w- c:\program files (x86)\ZipGenius 6
2012-02-29 01:50 . 2012-02-29 01:50 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-29 01:41 . 2012-02-23 16:13 141144 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-02-29 01:40 . 2012-02-23 16:12 258904 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-02-29 01:40 . 2012-02-23 16:11 28504 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-02-29 01:39 . 2012-02-23 15:54 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-02-29 01:28 . 2012-02-29 01:28 -------- d-----w- c:\users\colortyme\AppData\Roaming\Avant Downloader
2012-02-29 01:28 . 2012-02-29 01:28 -------- d-----w- c:\users\colortyme\AppData\Roaming\Avant Profiles
2012-02-29 01:28 . 2012-02-29 01:32 -------- d-----w- c:\program files (x86)\Avant Browser
2012-02-28 12:36 . 2012-02-28 12:36 -------- d-----w- c:\program files (x86)\ARO 2012
2012-02-28 12:01 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-02-28 12:01 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2012-02-28 11:56 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-02-28 11:56 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-02-28 11:56 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-02-28 11:56 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-02-28 11:50 . 2012-02-29 16:13 -------- d-----w- c:\program files (x86)\Google
2012-02-28 11:50 . 2012-02-29 15:14 -------- d-----w- c:\users\colortyme\AppData\Local\Google
2012-02-28 11:50 . 2012-02-23 16:10 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-28 11:50 . 2012-02-23 16:12 335704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-28 11:49 . 2012-02-23 16:11 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-02-28 11:49 . 2012-02-23 16:10 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-28 11:49 . 2012-02-23 16:12 817496 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-28 11:49 . 2012-02-23 16:10 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-28 11:49 . 2012-02-23 16:23 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-28 11:48 . 2012-02-23 16:23 41184 ----a-w- c:\windows\avastSS.scr
2012-02-28 11:48 . 2012-02-23 16:23 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-02-28 11:48 . 2012-02-28 11:48 -------- d-----w- c:\programdata\AVAST Software
2012-02-28 11:48 . 2012-02-28 11:48 -------- d-----w- c:\program files\AVAST Software
2012-02-28 11:44 . 2012-02-29 01:58 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-02-28 11:43 . 2012-02-28 11:43 -------- d--h--w- c:\programdata\Common Files
2012-02-28 11:36 . 2012-02-28 11:36 -------- d-----w- c:\program files (x86)\AVG
2012-02-28 11:35 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-02-28 11:35 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-02-28 11:32 . 2012-02-29 13:21 -------- d-----w- c:\programdata\MFAData
2012-02-28 11:02 . 2011-06-03 20:37 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-28 11:02 . 2012-02-28 11:01 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF6B12C6-B24E-481B-90C1-0170C6FD79C6}\gapaengine.dll
2012-02-28 11:02 . 2012-02-08 04:14 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-28 10:14 . 2012-03-05 18:51 -------- d-----w- c:\users\colortyme\AppData\Local\Temp
2012-02-28 08:21 . 2012-02-28 08:21 -------- d-----w- C:\Recovery
2012-02-28 03:43 . 2009-07-14 03:31 20480 ------w- c:\windows\svchost.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-04 15:37 . 2011-06-03 20:27 8007680 ------r- c:\windows\system32\Microsoft.mshtml.dll
2012-03-04 15:37 . 2011-06-03 20:27 126976 ------r- c:\windows\system32\Interop.SHDocVw.dll
2012-01-31 12:44 . 2011-05-27 18:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-06-03 20:46 405504 --sha-r- c:\windows\System32\vshadow.exe
2011-06-03 20:46 364032 --sha-r- c:\windows\System32\vshadowamd64.exe
2011-06-03 20:46 352256 --sha-r- c:\windows\System32\vshadowXP.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-10 336384]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-10 586296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 akerneldrv;akerneldrv;c:\windows\system32\Drivers\akerneldrv64.sys [x]
R0 apcmci;apcmci;c:\windows\system32\Drivers\apcmci64.sys [x]
R0 pcrasys;pcrasys;c:\windows\system32\Drivers\pcrasys64.sys [x]
R2 .Net bKernelSecurity;Microsoft.NET Framework KernelSecurity x2.0b;c:\windows\system32\bKernelSecurity.exe [x]
R2 .Net bSecurityCrypt;Microsoft.NET Framework SecurityCrypt x2.0b;c:\windows\system32\bSecurityCrypt.exe [x]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-02-23 131288]
R2 CNGKeyLock;CNG Key Isolation Service;c:\windows\system32\CNGKeyLock.exe [x]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-22 103992]
R2 MicrosoftHardwareDriver;MicrosoftHardwareDriver;c:\windows\system32\sysDriverHardWare.exe [x]
R2 SysCacheDriver;SysCacheDriver;c:\windows\system32\sysSecurityCheck.exe [x]
R2 systemCheck;SystemWindows;c:\windows\system32\servicescache.exe [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 bakerneldrv;bakerneldrv;c:\windows\system32\Drivers\bakerneldrv64.sys [x]
S0 bapcmci;bapcmci;c:\windows\system32\Drivers\bapcmci64.sys [x]
S0 bpcrasys;bpcrasys;c:\windows\system32\Drivers\bpcrasys64.sys [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 .Net bCNGKeyLock;CNG Key Isolation Service x2.0b;c:\windows\system32\bNETCommando.exe [x]
S2 .Net bKernelMain;Microsoft.NET Framework KernelMain x2.0b;c:\windows\system32\bKernelMain.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-10 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-11-04 92216]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-10 26680]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 05:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 05:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 05:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 05:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 05:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-21 524800]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-22 8192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
------- Supplementary Scan -------
.
uStart Page = https://www.startpage.com/eng/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.Net bKernelMain]
"ImagePath"="system32\bKernelMain.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,79,97,a5,33,73,05,21,47,8e,81,a0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,79,97,a5,33,73,05,21,47,8e,81,a0,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\atibtmon.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Completion time: 2012-03-05 13:57:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-05 18:57
ComboFix2.txt 2012-03-05 03:48
.
Pre-Run: 426,427,154,432 bytes free
Post-Run: 426,597,519,360 bytes free
.
- - End Of File - - B671FCA9FEAEC4BC1959CD6C8EF22A9E
Upload was successful
ladyliberty is offline  
Old 03-05-2012, 02:30 PM   #16
Registered Member
 
Join Date: Feb 2012
Posts: 18
OS: Windows 7



Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.05.08
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
colortyme :: COLORTYME-HP [administrator]
3/5/2012 4:09:31 PM
mbam-log-2012-03-05 (16-09-31).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 183934
Time elapsed: 6 minute(s), 3 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
ladyliberty is offline  
Old 03-05-2012, 03:51 PM   #17
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Please run TDSSkiller once again, and allow it to Cure anything set to Cure by default. Again, have it Skip anything set to Skip.

Send that new log, please.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 03-05-2012, 04:18 PM   #18
Registered Member
 
Join Date: Feb 2012
Posts: 18
OS: Windows 7



18:14:57.0368 7408 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
18:15:03.0141 7408 ============================================================
18:15:03.0141 7408 Current date / time: 2012/03/05 18:15:03.0141
18:15:03.0141 7408 SystemInfo:
18:15:03.0141 7408
18:15:03.0141 7408 OS Version: 6.1.7600 ServicePack: 0.0
18:15:03.0141 7408 Product type: Workstation
18:15:03.0142 7408 ComputerName: COLORTYME-HP
18:15:03.0142 7408 UserName: colortyme
18:15:03.0143 7408 Windows directory: C:\Windows
18:15:03.0143 7408 System windows directory: C:\Windows
18:15:03.0143 7408 Running under WOW64
18:15:03.0143 7408 Processor architecture: Intel x64
18:15:03.0143 7408 Number of processors: 2
18:15:03.0143 7408 Page size: 0x1000
18:15:03.0143 7408 Boot type: Normal boot
18:15:03.0143 7408 ============================================================
18:15:04.0918 7408 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:15:04.0929 7408 Drive \Device\Harddisk1\DR1 - Size: 0x75E00000 (1.84 Gb), SectorSize: 0x200, Cylinders: 0xF0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:15:04.0935 7408 \Device\Harddisk0\DR0:
18:15:04.0935 7408 MBR used
18:15:04.0935 7408 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
18:15:04.0936 7408 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x386B1000
18:15:04.0936 7408 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
18:15:04.0936 7408 \Device\Harddisk1\DR1:
18:15:04.0936 7408 MBR used
18:15:04.0936 7408 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x87, BlocksNum 0x3AE039
18:15:04.0958 7408 Initialize success
18:15:04.0958 7408 ============================================================
18:15:07.0124 8164 ============================================================
18:15:07.0124 8164 Scan started
18:15:07.0124 8164 Mode: Manual;
18:15:07.0124 8164 ============================================================
18:15:09.0735 8164 Suspicious service (NoAccess): .Net bKernelMain
18:15:10.0289 8164 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
18:15:10.0297 8164 1394ohci - ok
18:15:10.0823 8164 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
18:15:10.0833 8164 ACPI - ok
18:15:11.0392 8164 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
18:15:11.0399 8164 AcpiPmi - ok
18:15:12.0180 8164 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:15:12.0194 8164 adp94xx - ok
18:15:12.0705 8164 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:15:12.0715 8164 adpahci - ok
18:15:13.0224 8164 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:15:13.0231 8164 adpu320 - ok
18:15:13.0791 8164 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
18:15:13.0815 8164 AFD - ok
18:15:14.0340 8164 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
18:15:14.0344 8164 agp440 - ok
18:15:14.0833 8164 akerneldrv - ok
18:15:15.0363 8164 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
18:15:15.0366 8164 aliide - ok
18:15:15.0922 8164 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
18:15:15.0926 8164 amdide - ok
18:15:16.0440 8164 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
18:15:16.0445 8164 amdiox64 - ok
18:15:17.0004 8164 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:15:17.0008 8164 AmdK8 - ok
18:15:17.0749 8164 amdkmdag (98e20c5a39fea1920031d3850004b334) C:\Windows\system32\DRIVERS\atikmdag.sys
18:15:18.0031 8164 amdkmdag - ok
18:15:18.0562 8164 amdkmdap (8624dc7b8d22daf28f5438735095f6c4) C:\Windows\system32\DRIVERS\atikmpag.sys
18:15:18.0571 8164 amdkmdap - ok
18:15:19.0089 8164 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:15:19.0092 8164 AmdPPM - ok
18:15:19.0597 8164 amdsata (ab3166c09438a161fbde13099a72e0af) C:\Windows\system32\DRIVERS\amdsata.sys
18:15:19.0602 8164 amdsata - ok
18:15:20.0125 8164 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:15:20.0132 8164 amdsbs - ok
18:15:20.0629 8164 amdxata (5118dcd2065d8c8d752ad5ec0b2d6aa6) C:\Windows\system32\DRIVERS\amdxata.sys
18:15:20.0633 8164 amdxata - ok
18:15:21.0125 8164 amd_sata (08e8a4172c57abd7693a6915cf1e7a99) C:\Windows\system32\DRIVERS\amd_sata.sys
18:15:21.0127 8164 amd_sata - ok
18:15:21.0614 8164 amd_xata (9866af4e4ad7f16e810b6c0b8473f9cd) C:\Windows\system32\DRIVERS\amd_xata.sys
18:15:21.0618 8164 amd_xata - ok
18:15:22.0108 8164 apcmci - ok
18:15:22.0661 8164 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
18:15:22.0665 8164 AppID - ok
18:15:23.0239 8164 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:15:23.0244 8164 arc - ok
18:15:23.0737 8164 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:15:23.0742 8164 arcsas - ok
18:15:24.0269 8164 aswFsBlk (c7c69ed14a7ddecaf58e3dfd1fca6d37) C:\Windows\system32\drivers\aswFsBlk.sys
18:15:24.0273 8164 aswFsBlk - ok
18:15:24.0832 8164 aswFW (baa236e2e146b864803c9b4a5aa65816) C:\Windows\system32\drivers\aswFW.sys
18:15:24.0838 8164 aswFW - ok
18:15:25.0374 8164 aswKbd (29ec2fb2d3a5d2177ef6ba600e0305ae) C:\Windows\system32\drivers\aswKbd.sys
18:15:25.0378 8164 aswKbd - ok
18:15:25.0918 8164 aswMonFlt (ad5276449159ba8d5206c6094c764249) C:\Windows\system32\drivers\aswMonFlt.sys
18:15:25.0922 8164 aswMonFlt - ok
18:15:26.0528 8164 aswNdis (518b8d447a1975ab46da093a2e743256) C:\Windows\system32\DRIVERS\aswNdis.sys
18:15:26.0532 8164 aswNdis - ok
18:15:27.0030 8164 aswNdis2 (b33e66eb8b76a818aee08e4e6d9a11ea) C:\Windows\system32\drivers\aswNdis2.sys
18:15:27.0036 8164 aswNdis2 - ok
18:15:27.0513 8164 aswRdr (1e5ca4c89227df49c5fc779e7848ae8b) C:\Windows\System32\Drivers\aswrdr2.sys
18:15:27.0515 8164 aswRdr - ok
18:15:28.0032 8164 aswSnx (45ad1ed2a0ccd582e32b10535f5c42e9) C:\Windows\system32\drivers\aswSnx.sys
18:15:28.0067 8164 aswSnx - ok
18:15:28.0748 8164 aswSP (06fd751c1b15734e57df09614602be66) C:\Windows\system32\drivers\aswSP.sys
18:15:28.0772 8164 aswSP - ok
18:15:29.0258 8164 aswTdi (bf670f65762ff8da7615d7b80914c0f8) C:\Windows\system32\drivers\aswTdi.sys
18:15:29.0262 8164 aswTdi - ok
18:15:29.0777 8164 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:15:29.0781 8164 AsyncMac - ok
18:15:30.0303 8164 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
18:15:30.0307 8164 atapi - ok
18:15:30.0815 8164 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
18:15:30.0821 8164 AtiHdmiService - ok
18:15:31.0320 8164 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
18:15:31.0323 8164 AtiPcie - ok
18:15:31.0928 8164 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:15:31.0941 8164 b06bdrv - ok
18:15:32.0446 8164 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:15:32.0455 8164 b57nd60a - ok
18:15:33.0009 8164 bakerneldrv (263453cbd29f8228ce9c0ae371841425) C:\Windows\system32\Drivers\bakerneldrv64.sys
18:15:33.0009 8164 Suspicious file (NoAccess): C:\Windows\system32\Drivers\bakerneldrv64.sys. md5: 263453cbd29f8228ce9c0ae371841425
18:15:33.0028 8164 bakerneldrv ( LockedFile.Multi.Generic ) - warning
18:15:33.0029 8164 bakerneldrv - detected LockedFile.Multi.Generic (1)
18:15:33.0555 8164 bapcmci (5f6badbd0229095026c259ee464e2521) C:\Windows\system32\Drivers\bapcmci64.sys
18:15:33.0556 8164 Suspicious file (NoAccess): C:\Windows\system32\Drivers\bapcmci64.sys. md5: 5f6badbd0229095026c259ee464e2521
18:15:33.0579 8164 bapcmci ( LockedFile.Multi.Generic ) - warning
18:15:33.0579 8164 bapcmci - detected LockedFile.Multi.Generic (1)
18:15:34.0274 8164 BCM43XX (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys
18:15:34.0374 8164 BCM43XX - ok
18:15:34.0917 8164 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:15:34.0921 8164 Beep - ok
18:15:35.0436 8164 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:15:35.0440 8164 blbdrive - ok
18:15:35.0965 8164 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
18:15:35.0970 8164 bowser - ok
18:15:36.0500 8164 bpcrasys (63ff513df9109d66675aafe46465ae20) C:\Windows\system32\Drivers\bpcrasys64.sys
18:15:36.0500 8164 Suspicious file (NoAccess): C:\Windows\system32\Drivers\bpcrasys64.sys. md5: 63ff513df9109d66675aafe46465ae20
18:15:36.0502 8164 bpcrasys ( LockedFile.Multi.Generic ) - warning
18:15:36.0502 8164 bpcrasys - detected LockedFile.Multi.Generic (1)
18:15:37.0008 8164 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:15:37.0011 8164 BrFiltLo - ok
18:15:37.0515 8164 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:15:37.0518 8164 BrFiltUp - ok
18:15:38.0034 8164 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:15:38.0040 8164 BridgeMP - ok
18:15:38.0541 8164 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:15:38.0551 8164 Brserid - ok
18:15:39.0067 8164 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:15:39.0073 8164 BrSerWdm - ok
18:15:39.0585 8164 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:15:39.0589 8164 BrUsbMdm - ok
18:15:40.0092 8164 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:15:40.0095 8164 BrUsbSer - ok
18:15:40.0653 8164 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:15:40.0659 8164 BTHMODEM - ok
18:15:40.0711 8164 catchme - ok
18:15:41.0220 8164 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:15:41.0225 8164 cdfs - ok
18:15:41.0748 8164 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
18:15:41.0754 8164 cdrom - ok
18:15:42.0271 8164 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:15:42.0277 8164 circlass - ok
18:15:42.0659 8164 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:15:42.0671 8164 CLFS - ok
18:15:43.0199 8164 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
18:15:43.0203 8164 clwvd - ok
18:15:43.0695 8164 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:15:43.0698 8164 CmBatt - ok
18:15:44.0190 8164 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
18:15:44.0193 8164 cmdide - ok
18:15:44.0705 8164 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
18:15:44.0729 8164 CNG - ok
18:15:45.0268 8164 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:15:45.0271 8164 Compbatt - ok
18:15:45.0758 8164 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:15:45.0762 8164 CompositeBus - ok
18:15:46.0271 8164 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:15:46.0274 8164 crcdisk - ok
18:15:46.0823 8164 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
18:15:46.0829 8164 DfsC - ok
18:15:47.0310 8164 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:15:47.0313 8164 discache - ok
18:15:47.0846 8164 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:15:47.0850 8164 Disk - ok
18:15:48.0417 8164 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:15:48.0421 8164 drmkaud - ok
18:15:48.0973 8164 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
18:15:49.0020 8164 DXGKrnl - ok
18:15:49.0623 8164 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:15:49.0750 8164 ebdrv - ok
18:15:50.0300 8164 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:15:50.0320 8164 elxstor - ok
18:15:50.0815 8164 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
18:15:50.0818 8164 ErrDev - ok
18:15:51.0350 8164 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:15:51.0354 8164 exfat - ok
18:15:51.0843 8164 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:15:51.0851 8164 fastfat - ok
18:15:52.0375 8164 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:15:52.0381 8164 fdc - ok
18:15:52.0882 8164 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:15:52.0887 8164 FileInfo - ok
18:15:53.0362 8164 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:15:53.0366 8164 Filetrace - ok
18:15:53.0871 8164 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:15:53.0875 8164 flpydisk - ok
18:15:54.0368 8164 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
18:15:54.0377 8164 FltMgr - ok
18:15:54.0915 8164 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:15:54.0920 8164 FsDepends - ok
18:15:55.0401 8164 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:15:55.0405 8164 Fs_Rec - ok
18:15:55.0922 8164 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
18:15:55.0930 8164 fvevol - ok
18:15:56.0446 8164 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:15:56.0452 8164 gagp30kx - ok
18:15:56.0953 8164 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:15:56.0956 8164 hcw85cir - ok
18:15:57.0450 8164 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
18:15:57.0461 8164 HdAudAddService - ok
18:15:57.0946 8164 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:15:57.0952 8164 HDAudBus - ok
18:15:58.0427 8164 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:15:58.0433 8164 HidBatt - ok
18:15:58.0927 8164 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:15:58.0932 8164 HidBth - ok
18:15:59.0415 8164 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:15:59.0419 8164 HidIr - ok
18:15:59.0918 8164 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
18:15:59.0922 8164 HidUsb - ok
18:16:00.0470 8164 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:16:00.0475 8164 HpSAMD - ok
18:16:01.0022 8164 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
18:16:01.0058 8164 HTTP - ok
18:16:01.0563 8164 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
18:16:01.0566 8164 hwpolicy - ok
18:16:02.0310 8164 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:16:02.0315 8164 i8042prt - ok
18:16:02.0847 8164 iaStorV (513dc087cfed7d2bb82f005385d3531f) C:\Windows\system32\DRIVERS\iaStorV.sys
18:16:02.0859 8164 iaStorV - ok
18:16:03.0532 8164 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:16:03.0737 8164 igfx - ok
18:16:04.0241 8164 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:16:04.0247 8164 iirsp - ok
18:16:04.0736 8164 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
18:16:04.0740 8164 intelide - ok
18:16:05.0242 8164 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:16:05.0249 8164 intelppm - ok
18:16:05.0739 8164 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:16:05.0744 8164 IpFilterDriver - ok
18:16:06.0235 8164 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:16:06.0239 8164 IPMIDRV - ok
18:16:06.0733 8164 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:16:06.0739 8164 IPNAT - ok
18:16:07.0257 8164 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:16:07.0261 8164 IRENUM - ok
18:16:07.0808 8164 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
18:16:07.0811 8164 isapnp - ok
18:16:08.0293 8164 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
18:16:08.0301 8164 iScsiPrt - ok
18:16:08.0814 8164 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:16:08.0820 8164 kbdclass - ok
18:16:09.0347 8164 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
18:16:09.0351 8164 kbdhid - ok
18:16:09.0817 8164 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
18:16:09.0822 8164 KSecDD - ok
18:16:10.0305 8164 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
18:16:10.0312 8164 KSecPkg - ok
18:16:10.0822 8164 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:16:10.0826 8164 ksthunk - ok
18:16:11.0410 8164 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:16:11.0414 8164 lltdio - ok
18:16:11.0904 8164 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:16:11.0910 8164 LSI_FC - ok
18:16:12.0364 8164 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:16:12.0370 8164 LSI_SAS - ok
18:16:12.0838 8164 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:16:12.0843 8164 LSI_SAS2 - ok
18:16:13.0316 8164 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:16:13.0322 8164 LSI_SCSI - ok
18:16:13.0865 8164 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:16:13.0872 8164 luafv - ok
18:16:14.0370 8164 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:16:14.0375 8164 megasas - ok
18:16:14.0884 8164 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:16:14.0894 8164 MegaSR - ok
18:16:15.0418 8164 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:16:15.0423 8164 Modem - ok
18:16:15.0939 8164 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:16:15.0943 8164 monitor - ok
18:16:16.0467 8164 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:16:16.0471 8164 mouclass - ok
18:16:16.0997 8164 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:16:17.0001 8164 mouhid - ok
18:16:17.0497 8164 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
18:16:17.0503 8164 mountmgr - ok
18:16:18.0015 8164 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
18:16:18.0022 8164 MpFilter - ok
18:16:18.0519 8164 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
18:16:18.0525 8164 mpio - ok
18:16:19.0028 8164 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:16:19.0032 8164 MpNWMon - ok
18:16:19.0519 8164 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:16:19.0525 8164 mpsdrv - ok
18:16:20.0016 8164 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
18:16:20.0023 8164 MRxDAV - ok
18:16:20.0525 8164 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:16:20.0531 8164 mrxsmb - ok
18:16:21.0022 8164 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:16:21.0032 8164 mrxsmb10 - ok
18:16:21.0507 8164 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:16:21.0512 8164 mrxsmb20 - ok
18:16:21.0984 8164 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\Windows\system32\DRIVERS\msahci.sys
18:16:21.0989 8164 msahci - ok
18:16:22.0473 8164 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
18:16:22.0480 8164 msdsm - ok
18:16:23.0023 8164 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:16:23.0027 8164 Msfs - ok
18:16:23.0521 8164 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:16:23.0525 8164 mshidkmdf - ok
18:16:24.0013 8164 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
18:16:24.0017 8164 msisadrv - ok
18:16:24.0562 8164 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:16:24.0566 8164 MSKSSRV - ok
18:16:25.0109 8164 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:16:25.0115 8164 MSPCLOCK - ok
18:16:25.0619 8164 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:16:25.0623 8164 MSPQM - ok
18:16:26.0143 8164 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
18:16:26.0154 8164 MsRPC - ok
18:16:26.0653 8164 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:16:26.0657 8164 mssmbios - ok
18:16:27.0165 8164 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:16:27.0170 8164 MSTEE - ok
18:16:27.0654 8164 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:16:27.0658 8164 MTConfig - ok
18:16:28.0170 8164 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:16:28.0176 8164 Mup - ok
18:16:28.0729 8164 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:16:28.0739 8164 NativeWifiP - ok
18:16:29.0294 8164 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
18:16:29.0341 8164 NDIS - ok
18:16:29.0895 8164 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:16:29.0899 8164 NdisCap - ok
18:16:30.0425 8164 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:16:30.0428 8164 NdisTapi - ok
18:16:30.0978 8164 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
18:16:30.0983 8164 Ndisuio - ok
18:16:31.0479 8164 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:16:31.0487 8164 NdisWan - ok
18:16:31.0988 8164 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
18:16:31.0993 8164 NDProxy - ok
18:16:32.0521 8164 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:16:32.0525 8164 NetBIOS - ok
18:16:33.0038 8164 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
18:16:33.0047 8164 NetBT - ok
18:16:33.0710 8164 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
18:16:33.0870 8164 netw5v64 - ok
18:16:34.0401 8164 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:16:34.0406 8164 nfrd960 - ok
18:16:34.0890 8164 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:16:34.0895 8164 NisDrv - ok
18:16:35.0410 8164 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:16:35.0415 8164 Npfs - ok
18:16:35.0908 8164 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:16:35.0911 8164 nsiproxy - ok
18:16:36.0452 8164 Ntfs (1ad8fef2d6ac7116b68b887a9782fd33) C:\Windows\system32\drivers\Ntfs.sys
18:16:36.0544 8164 Ntfs - ok
18:16:37.0044 8164 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:16:37.0048 8164 Null - ok
18:16:37.0538 8164 nvraid (deab10231cbdb0881fc25428ebe11506) C:\Windows\system32\DRIVERS\nvraid.sys
18:16:37.0545 8164 nvraid - ok
18:16:38.0039 8164 nvstor (0af7b8136794e23e87be138992880e64) C:\Windows\system32\DRIVERS\nvstor.sys
18:16:38.0046 8164 nvstor - ok
18:16:38.0568 8164 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
18:16:38.0573 8164 nv_agp - ok
18:16:39.0056 8164 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
18:16:39.0061 8164 ohci1394 - ok
18:16:39.0560 8164 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:16:39.0566 8164 Parport - ok
18:16:40.0074 8164 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
18:16:40.0079 8164 partmgr - ok
18:16:40.0625 8164 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
18:16:40.0631 8164 pci - ok
18:16:41.0103 8164 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
18:16:41.0107 8164 pciide - ok
18:16:41.0599 8164 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:16:41.0607 8164 pcmcia - ok
18:16:42.0100 8164 pcrasys - ok
18:16:42.0600 8164 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:16:42.0606 8164 pcw - ok
18:16:43.0123 8164 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:16:43.0149 8164 PEAUTH - ok
18:16:43.0737 8164 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
18:16:43.0743 8164 PptpMiniport - ok
18:16:44.0227 8164 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:16:44.0232 8164 Processor - ok
18:16:44.0775 8164 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
18:16:44.0781 8164 Psched - ok
18:16:45.0299 8164 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:16:45.0363 8164 ql2300 - ok
18:16:45.0842 8164 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:16:45.0847 8164 ql40xx - ok
18:16:46.0330 8164 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:16:46.0335 8164 QWAVEdrv - ok
18:16:46.0830 8164 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:16:46.0834 8164 RasAcd - ok
18:16:47.0357 8164 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:16:47.0361 8164 RasAgileVpn - ok
18:16:47.0882 8164 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:16:47.0888 8164 Rasl2tp - ok
18:16:48.0430 8164 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:16:48.0435 8164 RasPppoe - ok
18:16:48.0952 8164 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:16:48.0957 8164 RasSstp - ok
18:16:49.0448 8164 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
18:16:49.0454 8164 rdbss - ok
18:16:49.0927 8164 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:16:49.0929 8164 rdpbus - ok
18:16:50.0417 8164 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:16:50.0420 8164 RDPCDD - ok
18:16:50.0942 8164 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:16:50.0943 8164 RDPENCDD - ok
18:16:51.0454 8164 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:16:51.0457 8164 RDPREFMP - ok
18:16:51.0962 8164 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
18:16:51.0970 8164 RDPWD - ok
18:16:52.0506 8164 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
18:16:52.0514 8164 rdyboost - ok
18:16:53.0089 8164 RSPCIESTOR (ca327a84085f68200452e6761f943298) C:\Windows\system32\DRIVERS\RtsPStor.sys
18:16:53.0099 8164 RSPCIESTOR - ok
18:16:53.0624 8164 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:16:53.0629 8164 rspndr - ok
18:16:54.0151 8164 RTL8167 (b15c021c2c9bb217a799d9532e8f04d4) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:16:54.0162 8164 RTL8167 - ok
18:16:54.0649 8164 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
18:16:54.0654 8164 sbp2port - ok
18:16:55.0208 8164 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
18:16:55.0212 8164 scfilter - ok
18:16:55.0743 8164 sdbus (84e00908975faf79e91282ed8fb88c2f) C:\Windows\system32\DRIVERS\sdbus.sys
18:16:55.0749 8164 sdbus - ok
18:16:56.0268 8164 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:16:56.0272 8164 secdrv - ok
18:16:56.0816 8164 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:16:56.0820 8164 Serenum - ok
18:16:57.0303 8164 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:16:57.0309 8164 Serial - ok
18:16:57.0807 8164 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:16:57.0811 8164 sermouse - ok
18:16:58.0291 8164 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
18:16:58.0295 8164 sffdisk - ok
18:16:58.0777 8164 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:16:58.0782 8164 sffp_mmc - ok
18:16:59.0263 8164 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:16:59.0267 8164 sffp_sd - ok
18:16:59.0776 8164 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:16:59.0780 8164 sfloppy - ok
18:17:00.0305 8164 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:17:00.0309 8164 SiSRaid2 - ok
18:17:00.0800 8164 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:17:00.0805 8164 SiSRaid4 - ok
18:17:01.0316 8164 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:17:01.0322 8164 Smb - ok
18:17:01.0850 8164 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:17:01.0854 8164 spldr - ok
18:17:02.0381 8164 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
18:17:02.0395 8164 srv - ok
18:17:02.0912 8164 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
18:17:02.0924 8164 srv2 - ok
18:17:03.0440 8164 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:17:03.0450 8164 SrvHsfHDA - ok
18:17:03.0994 8164 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:17:04.0087 8164 SrvHsfV92 - ok
18:17:04.0610 8164 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:17:04.0646 8164 SrvHsfWinac - ok
18:17:05.0156 8164 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
18:17:05.0165 8164 srvnet - ok
18:17:05.0759 8164 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:17:05.0763 8164 stexstor - ok
18:17:06.0278 8164 STHDA (0aad250a31a7ee96e0945ab9e1f3baa7) C:\Windows\system32\DRIVERS\stwrt64.sys
18:17:06.0303 8164 STHDA - ok
18:17:06.0809 8164 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:17:06.0813 8164 swenum - ok
18:17:07.0377 8164 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
18:17:07.0458 8164 SynTP - ok
18:17:08.0071 8164 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
18:17:08.0138 8164 Tcpip - ok
18:17:08.0720 8164 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
18:17:08.0739 8164 TCPIP6 - ok
18:17:09.0225 8164 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
18:17:09.0229 8164 tcpipreg - ok
18:17:09.0761 8164 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:17:09.0765 8164 TDPIPE - ok
18:17:10.0421 8164 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:17:10.0425 8164 TDTCP - ok
18:17:10.0937 8164 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
18:17:10.0942 8164 tdx - ok
18:17:11.0428 8164 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
18:17:11.0433 8164 TermDD - ok
18:17:11.0967 8164 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:17:11.0971 8164 tssecsrv - ok
18:17:12.0496 8164 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
18:17:12.0503 8164 tunnel - ok
18:17:12.0993 8164 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:17:13.0000 8164 uagp35 - ok
18:17:13.0505 8164 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys
18:17:13.0515 8164 udfs - ok
18:17:14.0048 8164 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:17:14.0053 8164 uliagpkx - ok
18:17:14.0565 8164 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
18:17:14.0570 8164 umbus - ok
18:17:15.0070 8164 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:17:15.0075 8164 UmPass - ok
18:17:15.0599 8164 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
18:17:15.0604 8164 usbccgp - ok
18:17:16.0107 8164 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
18:17:16.0113 8164 usbcir - ok
18:17:16.0610 8164 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
18:17:16.0615 8164 usbehci - ok
18:17:17.0126 8164 usbfilter (dc2b306861f42eeeb92ef525f4119f08) C:\Windows\system32\DRIVERS\usbfilter.sys
18:17:17.0132 8164 usbfilter - ok
18:17:17.0635 8164 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
18:17:17.0645 8164 usbhub - ok
18:17:18.0149 8164 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
18:17:18.0156 8164 usbohci - ok
18:17:18.0661 8164 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:17:18.0666 8164 usbprint - ok
18:17:19.0155 8164 USBSTOR (a60e7e0fa88ff067d049d525547cd5e9) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:17:19.0160 8164 USBSTOR - ok
18:17:19.0662 8164 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:17:19.0668 8164 usbuhci - ok
18:17:20.0193 8164 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
18:17:20.0201 8164 usbvideo - ok
18:17:20.0757 8164 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:17:20.0762 8164 vdrvroot - ok
18:17:21.0270 8164 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:17:21.0274 8164 vga - ok
18:17:21.0747 8164 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:17:21.0752 8164 VgaSave - ok
18:17:22.0233 8164 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
18:17:22.0242 8164 vhdmp - ok
18:17:22.0727 8164 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
18:17:22.0731 8164 viaide - ok
18:17:23.0218 8164 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
18:17:23.0223 8164 volmgr - ok
18:17:23.0738 8164 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
18:17:23.0749 8164 volmgrx - ok
18:17:24.0248 8164 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
18:17:24.0259 8164 volsnap - ok
18:17:24.0773 8164 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:17:24.0781 8164 vsmraid - ok
18:17:25.0277 8164 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:17:25.0282 8164 vwifibus - ok
18:17:25.0805 8164 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:17:25.0811 8164 vwififlt - ok
18:17:26.0313 8164 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:17:26.0318 8164 WacomPen - ok
18:17:26.0834 8164 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:17:26.0839 8164 WANARP - ok
18:17:26.0871 8164 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:17:26.0875 8164 Wanarpv6 - ok
18:17:27.0447 8164 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:17:27.0452 8164 Wd - ok
18:17:27.0970 8164 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:17:28.0006 8164 Wdf01000 - ok
18:17:28.0564 8164 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:17:28.0568 8164 WfpLwf - ok
18:17:29.0068 8164 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:17:29.0072 8164 WIMMount - ok
18:17:29.0689 8164 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:17:29.0693 8164 WmiAcpi - ok
18:17:30.0246 8164 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:17:30.0249 8164 ws2ifsl - ok
18:17:30.0748 8164 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
18:17:30.0751 8164 WudfPf - ok
18:17:31.0261 8164 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:17:31.0268 8164 WUDFRd - ok
18:17:31.0793 8164 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
18:17:31.0806 8164 yukonw7 - ok
18:17:31.0886 8164 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:17:31.0977 8164 \Device\Harddisk0\DR0 - ok
18:17:31.0989 8164 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
18:17:31.0995 8164 \Device\Harddisk1\DR1 - ok
18:17:32.0009 8164 Boot (0x1200) (d43677a08e18f1fb1e6fb2c489a667f2) \Device\Harddisk0\DR0\Partition0
18:17:32.0012 8164 \Device\Harddisk0\DR0\Partition0 - ok
18:17:32.0030 8164 Boot (0x1200) (f69d96640c2660ab3531225c7626b972) \Device\Harddisk0\DR0\Partition1
18:17:32.0034 8164 \Device\Harddisk0\DR0\Partition1 - ok
18:17:32.0067 8164 Boot (0x1200) (4e51c91605a244392a1812d3d3c88b3a) \Device\Harddisk0\DR0\Partition2
18:17:32.0068 8164 \Device\Harddisk0\DR0\Partition2 - ok
18:17:32.0077 8164 Boot (0x1200) (78537a8517d039ca5316184b2b2fce1d) \Device\Harddisk1\DR1\Partition0
18:17:32.0078 8164 \Device\Harddisk1\DR1\Partition0 - ok
18:17:32.0082 8164 ============================================================
18:17:32.0082 8164 Scan finished
18:17:32.0082 8164 ============================================================
18:17:32.0108 7120 Detected object count: 3
18:17:32.0108 7120 Actual detected object count: 3
18:17:41.0050 7120 bakerneldrv ( LockedFile.Multi.Generic ) - skipped by user
18:17:41.0050 7120 bakerneldrv ( LockedFile.Multi.Generic ) - User select action: Skip
18:17:41.0051 7120 bapcmci ( LockedFile.Multi.Generic ) - skipped by user
18:17:41.0051 7120 bapcmci ( LockedFile.Multi.Generic ) - User select action: Skip
18:17:41.0054 7120 bpcrasys ( LockedFile.Multi.Generic ) - skipped by user
18:17:41.0054 7120 bpcrasys ( LockedFile.Multi.Generic ) - User select action: Skip
ladyliberty is offline  
Old 03-05-2012, 04:24 PM   #19
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Any further redirects?

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Download the latest version of Java Runtime Environment (JRE) 31 and save it to your desktop.
Java Downloads for All Operating Systems

Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.Go to Start > Control Panel, Uninstall a program, and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.

Java(TM) 6 Update 22

Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u31-windows-i586.exe to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
On the General tab, under Temporary Internet Files, click the Settings button.Next, click on the Delete Files button

There are two options in the window to clear the cache - Leave BOTH Checked

Applications and Applets
Trace and Log Files

Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.Click OK to leave the Temporary Files Window. Click OK to leave the Java Control Panel.

Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan. Vista/Windows7 users will need to right click on their IE shortcut, run as Administrator.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop, and then attach it to a reply for me.
  • Close the ESET online scan.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 03-05-2012, 07:16 PM   #20
Registered Member
 
Join Date: Feb 2012
Posts: 18
OS: Windows 7



The redirects have stopped
I took care of Java. The File is attached.
Attached Files
File Type: txt Eset.txt (100 Bytes, 36 views)
ladyliberty is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Wordpress as the backbone
Hi all, Is it possible to use Wordpress as the backbone for a website that I have created with CSS, HTML and Java? If yes, from where can I learn this? Will appreciate your comments and help. Thank you. Love :flowers:
Acer2000 Web Design & Development 11 03-07-2012 04:05 PM
please help. had system check virus, now redirect
Had system check virus and removed approx two weeks ago. Computer still acting up. I ran TDSS Killer and I believe I hit cure at the end. Since that I cannot get online. "Internet explorer cannot display the webpage" shows on the screen. Also i geta message that Mcafee real time scanning is...
Tlaptony Resolved HJT Threads 93 03-05-2012 07:53 AM
virus removal help
:smile::smile: thanks in advance for any help you can provide. i have been a member on the forum for a number of yrs, and you have helped me in the past. i started to see my pc slow down so i did all the standard (cleaning, delete all tmp files, etc) it did not help. then i notice that i was...
stroh Resolved HJT Threads 50 03-04-2012 08:06 AM
[SOLVED] Unpartitioned space - now Windows won't load
Hi all I have a user with a Dell Optiplex desktop on Windows XP. He was complaining about poor performance lately, so after doing the usual steps of cleaning up temp folders and general junk, I attempted a defrag and chkdsk. Neither would run, with the chkdsk returning an error about "the type...
elgaz Hard Drive Support 5 03-02-2012 02:33 AM
cant get onto any anti virus sites or microsofts website
Hi, ive completely exhausted all ideas so i need to ask some of the really clever guys on here about this! let me start from the beginning, literally one morning i switched on my computer and had no audio what so ever, 1st itunes wont play music and upon futher investigation i have very...
Adam1910 Windows XP Support 1 02-29-2012 12:45 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:48 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts