Jump to content

Backdoor.Bot


Recommended Posts

Hi! A couple of days ago my browser (Firefox) started saying that it could not connect because of a proxy problem. I figured that whatever virus I had was changing my proxy settings and so ran Malwarebytes. It did remove two viruses entitled Backdoor.Bot but of course it reinstalls whenever I restart my computer and the process starts again. I read some web pages and looked at some problems others were having in these forums unfortuantely there is no process running that I can see to disable. I also tried running in Safe Mode with Networking and ran Malwarebytes again, the results of which I will post underneath this intro. Any help that can be given would be greatly appreciated. Thank so much in advance!

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4602

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

11/12/2010 1:36:38 PM

mbam-log-2010-11-12 (13-36-38).txt

Scan type: Full scan (C:\|)

Objects scanned: 383659

Time elapsed: 1 hour(s), 1 minute(s), 8 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

C:\Users\Rachel\AppData\Roaming\Microsoft\svchost.exe (Backdoor.Bot) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\Rachel\AppData\Roaming\Microsoft\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hi and Welcome to Malwarebytes' Forum,

Please run MBAM in Normal Mode.

Update MBAM before performing a scan.

The current database is at least 5104

Your log shows the database You used for the scan is:

Database version: 4602

Perform a quick scan

Select all threats found to be removed

Post the log back here.

Download and Run TDSSKiller.EXE by following the directions in this link:

http://support.kaspersky.com/viruses/solutions?qid=208280684

  • If TDSSKiller detects an infected driver, it may ask you to reboot to remove it!
  • At the conclusion of the scan, if no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Download OTL and save it on your desktop:

http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the OTL icon (for Vista or Win 7, right click the icon and Run as Administrator) to start the program.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Now click Quick Scan button and let the program run uninterrupted. The scan may take 5-10 minutes.
  • Do NOT touch your keyboard until the scan is done!!
  • It will produce two (2) logs on your desktop, one will pop up called OTL.txt; the other will be named Extras.txt.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and paste them into your next post.
  • Exit OTL by clicking the X at top right.

Download this Antirootkit Program to a folder that you create such as C:\ARK.

Disable the active protection component of your antivirus and antispyware programs by following the directions that apply here:

http://www.bleepingcomputer.com/forums/topic114351.html

Next, please perform a rootkit scan:

  • Double-click the randomly name EXE located in the C:\ARK folder that you just downloaded to run the program.
  • When the program opens, it will automatically initiate a very fast scan of common rootkit hiding places.
  • When the scan is finished, Save (Copy) the scan log to the Windows clipboard
  • Open Notepad or a similar text editor
  • Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V
  • Exit the Program
  • Save the Scan log as ARK.txt and post it in your next reply.

Please perform a scan with the ESET online virus scanner:

http://www.eset.com/onlinescan/index.php

  • ESET recommends disabling your resident antivirus's auto-protection feature before beginning the scan to avoid conflicts and system hangs
  • Use Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan.
  • Check the "Yes, I accept the terms of use" box.
  • Click "Start"
  • Approve the installation of the ActiveX control that's required to enable scanning
  • Make sure the box to
    • Remove found threats. is CHECKED!!
    • Click "Start"

    [*]Allow the definition data base to install

    [*]Click "Scan"

When the scan is done, please post the scan report in your next reply. It can be found in this location:

C:\Program Files\EsetOnlineScanner\log.txt

Note to Windows 7 and Vista users, and anyone with restrictive IE security settings:

Depending on your security settings, you may have to allow cookies and put the ESET website, www.eset.com, into the trusted zone of Internet Explorer if the scan has problems starting (in Vista this is a necessity as IE runs in Protected mode).

To do that, on the Internet Explorer menu click Tools => Internet Options => Security => Trusted Sites => Sites. Then UNcheck "Require server verification for all sites in this zone" checkbox at the bottom of the dialog. Add the above www.eset.com url to the list of trusted sites, by inserting it in the blank box and clicking the Add button, then click Close. For cookies, choose the IE Privacy tab and add the above eset.com url to the exceptions list for cookie blocking.

ite, okay?"

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5116

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

11/14/2010 3:57:35 PM

mbam-log-2010-11-14 (15-57-35).txt

Scan type: Quick scan

Objects scanned: 144465

Time elapsed: 2 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

++++++++++++++++++

DSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22

2010/11/14 16:39:04.0630 ================================================================================

2010/11/14 16:39:04.0630 SystemInfo:

2010/11/14 16:39:04.0630

2010/11/14 16:39:04.0630 OS Version: 6.1.7600 ServicePack: 0.0

2010/11/14 16:39:04.0630 Product type: Workstation

2010/11/14 16:39:04.0631 ComputerName: RACHEL-PC

2010/11/14 16:39:04.0631 UserName: Rachel

2010/11/14 16:39:04.0631 Windows directory: C:\Windows

2010/11/14 16:39:04.0631 System windows directory: C:\Windows

2010/11/14 16:39:04.0631 Running under WOW64

2010/11/14 16:39:04.0631 Processor architecture: Intel x64

2010/11/14 16:39:04.0631 Number of processors: 2

2010/11/14 16:39:04.0631 Page size: 0x1000

2010/11/14 16:39:04.0631 Boot type: Normal boot

2010/11/14 16:39:04.0631 ================================================================================

2010/11/14 16:39:04.0634 Utility is running under WOW64

2010/11/14 16:39:05.0086 Initialize success

2010/11/14 16:39:06.0590 ================================================================================

2010/11/14 16:39:06.0591 Scan started

2010/11/14 16:39:06.0591 Mode: Manual;

2010/11/14 16:39:06.0591 ================================================================================

2010/11/14 16:39:07.0645 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

2010/11/14 16:39:07.0663 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

2010/11/14 16:39:07.0689 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

2010/11/14 16:39:07.0744 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2010/11/14 16:39:07.0777 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2010/11/14 16:39:07.0814 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2010/11/14 16:39:07.0885 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys

2010/11/14 16:39:07.0908 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

2010/11/14 16:39:07.0939 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

2010/11/14 16:39:07.0958 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

2010/11/14 16:39:08.0006 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2010/11/14 16:39:08.0027 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2010/11/14 16:39:08.0053 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

2010/11/14 16:39:08.0082 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2010/11/14 16:39:08.0101 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

2010/11/14 16:39:08.0119 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

2010/11/14 16:39:08.0205 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2010/11/14 16:39:08.0228 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2010/11/14 16:39:08.0279 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/11/14 16:39:08.0294 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

2010/11/14 16:39:08.0343 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2010/11/14 16:39:08.0375 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2010/11/14 16:39:08.0427 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2010/11/14 16:39:08.0488 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2010/11/14 16:39:08.0520 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys

2010/11/14 16:39:08.0547 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2010/11/14 16:39:08.0572 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2010/11/14 16:39:08.0628 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2010/11/14 16:39:08.0649 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2010/11/14 16:39:08.0663 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2010/11/14 16:39:08.0678 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2010/11/14 16:39:08.0710 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2010/11/14 16:39:08.0736 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2010/11/14 16:39:08.0783 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

2010/11/14 16:39:08.0802 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2010/11/14 16:39:08.0849 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2010/11/14 16:39:08.0897 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/11/14 16:39:08.0925 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

2010/11/14 16:39:08.0945 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

2010/11/14 16:39:08.0961 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2010/11/14 16:39:08.0981 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

2010/11/14 16:39:09.0009 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2010/11/14 16:39:09.0076 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys

2010/11/14 16:39:09.0143 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys

2010/11/14 16:39:09.0166 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2010/11/14 16:39:09.0216 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2010/11/14 16:39:09.0284 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2010/11/14 16:39:09.0359 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys

2010/11/14 16:39:09.0471 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2010/11/14 16:39:09.0528 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2010/11/14 16:39:09.0550 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

2010/11/14 16:39:09.0590 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2010/11/14 16:39:09.0625 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2010/11/14 16:39:09.0655 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2010/11/14 16:39:09.0705 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2010/11/14 16:39:09.0724 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2010/11/14 16:39:09.0750 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/11/14 16:39:09.0782 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

2010/11/14 16:39:09.0810 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2010/11/14 16:39:09.0834 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2010/11/14 16:39:09.0874 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

2010/11/14 16:39:09.0898 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2010/11/14 16:39:09.0965 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2010/11/14 16:39:10.0018 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2010/11/14 16:39:10.0092 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

2010/11/14 16:39:10.0148 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/11/14 16:39:10.0178 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2010/11/14 16:39:10.0201 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2010/11/14 16:39:10.0231 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2010/11/14 16:39:10.0281 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

2010/11/14 16:39:10.0313 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

2010/11/14 16:39:10.0379 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

2010/11/14 16:39:10.0471 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

2010/11/14 16:39:10.0550 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/11/14 16:39:10.0616 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

2010/11/14 16:39:10.0668 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2010/11/14 16:39:10.0726 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

2010/11/14 16:39:10.0762 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2010/11/14 16:39:10.0790 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/11/14 16:39:10.0816 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2010/11/14 16:39:10.0848 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2010/11/14 16:39:10.0923 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2010/11/14 16:39:10.0952 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

2010/11/14 16:39:10.0984 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/11/14 16:39:11.0007 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/11/14 16:39:11.0048 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/11/14 16:39:11.0072 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

2010/11/14 16:39:11.0117 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

2010/11/14 16:39:11.0137 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2010/11/14 16:39:11.0216 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys

2010/11/14 16:39:11.0273 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys

2010/11/14 16:39:11.0332 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2010/11/14 16:39:11.0401 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2010/11/14 16:39:11.0424 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2010/11/14 16:39:11.0445 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2010/11/14 16:39:11.0469 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2010/11/14 16:39:11.0496 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2010/11/14 16:39:11.0560 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys

2010/11/14 16:39:11.0595 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys

2010/11/14 16:39:11.0691 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys

2010/11/14 16:39:11.0890 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys

2010/11/14 16:39:11.0983 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys

2010/11/14 16:39:12.0010 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2010/11/14 16:39:12.0035 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2010/11/14 16:39:12.0094 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2010/11/14 16:39:12.0146 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2010/11/14 16:39:12.0196 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

2010/11/14 16:39:12.0248 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2010/11/14 16:39:12.0268 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

2010/11/14 16:39:12.0297 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

2010/11/14 16:39:12.0317 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2010/11/14 16:39:12.0352 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

2010/11/14 16:39:12.0392 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/11/14 16:39:12.0417 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/11/14 16:39:12.0454 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/11/14 16:39:12.0466 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

2010/11/14 16:39:12.0494 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

2010/11/14 16:39:12.0534 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2010/11/14 16:39:12.0553 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2010/11/14 16:39:12.0576 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

2010/11/14 16:39:12.0632 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2010/11/14 16:39:12.0698 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/11/14 16:39:12.0736 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2010/11/14 16:39:12.0765 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

2010/11/14 16:39:12.0806 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/11/14 16:39:12.0849 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2010/11/14 16:39:12.0870 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2010/11/14 16:39:12.0930 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2010/11/14 16:39:12.0989 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2010/11/14 16:39:13.0087 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

2010/11/14 16:39:13.0145 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2010/11/14 16:39:13.0187 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/11/14 16:39:13.0231 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/11/14 16:39:13.0246 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/11/14 16:39:13.0276 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

2010/11/14 16:39:13.0322 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2010/11/14 16:39:13.0346 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

2010/11/14 16:39:13.0411 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2010/11/14 16:39:13.0458 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2010/11/14 16:39:13.0479 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2010/11/14 16:39:13.0530 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

2010/11/14 16:39:13.0552 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2010/11/14 16:39:13.0847 nvlddmkm (feffc8474be060ea7349a172b9810415) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2010/11/14 16:39:13.0929 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

2010/11/14 16:39:13.0948 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

2010/11/14 16:39:14.0008 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

2010/11/14 16:39:14.0047 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/11/14 16:39:14.0114 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2010/11/14 16:39:14.0132 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

2010/11/14 16:39:14.0253 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

2010/11/14 16:39:14.0285 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

2010/11/14 16:39:14.0320 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2010/11/14 16:39:14.0386 PCTCore (3db59fe90f3525cd9bf120b726c11800) C:\Windows\system32\drivers\PCTCore64.sys

2010/11/14 16:39:14.0422 pctDS (ff43e3b1687e4e2140de6349ea5c7372) C:\Windows\system32\drivers\pctDS64.sys

2010/11/14 16:39:14.0462 pctEFA (60e9a05852af7e9cb11237c00aee4ccf) C:\Windows\system32\drivers\pctEFA64.sys

2010/11/14 16:39:14.0486 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2010/11/14 16:39:14.0505 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2010/11/14 16:39:14.0612 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

2010/11/14 16:39:14.0627 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2010/11/14 16:39:14.0687 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

2010/11/14 16:39:14.0739 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2010/11/14 16:39:14.0771 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2010/11/14 16:39:14.0796 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2010/11/14 16:39:14.0823 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2010/11/14 16:39:14.0880 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2010/11/14 16:39:14.0928 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/11/14 16:39:14.0980 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/11/14 16:39:15.0026 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2010/11/14 16:39:15.0056 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

2010/11/14 16:39:15.0078 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2010/11/14 16:39:15.0100 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/11/14 16:39:15.0149 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys

2010/11/14 16:39:15.0169 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2010/11/14 16:39:15.0186 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2010/11/14 16:39:15.0214 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

2010/11/14 16:39:15.0231 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

2010/11/14 16:39:15.0295 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2010/11/14 16:39:15.0332 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys

2010/11/14 16:39:15.0361 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

2010/11/14 16:39:15.0387 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

2010/11/14 16:39:15.0426 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2010/11/14 16:39:15.0453 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2010/11/14 16:39:15.0497 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2010/11/14 16:39:15.0523 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2010/11/14 16:39:15.0572 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

2010/11/14 16:39:15.0638 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2010/11/14 16:39:15.0675 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

2010/11/14 16:39:15.0717 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2010/11/14 16:39:15.0762 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2010/11/14 16:39:15.0783 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2010/11/14 16:39:15.0827 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2010/11/14 16:39:15.0892 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2010/11/14 16:39:16.0005 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys

2010/11/14 16:39:16.0006 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb

2010/11/14 16:39:16.0011 sptd - detected Locked file (1)

2010/11/14 16:39:16.0063 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys

2010/11/14 16:39:16.0112 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys

2010/11/14 16:39:16.0170 SrvHsfPCI (93132c69394a99d992095d8cfe464801) C:\Windows\system32\DRIVERS\VSTBS26.SYS

2010/11/14 16:39:16.0219 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

2010/11/14 16:39:16.0260 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

2010/11/14 16:39:16.0303 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys

2010/11/14 16:39:16.0371 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2010/11/14 16:39:16.0429 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys

2010/11/14 16:39:16.0458 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys

2010/11/14 16:39:16.0476 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

2010/11/14 16:39:16.0582 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys

2010/11/14 16:39:16.0670 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys

2010/11/14 16:39:16.0711 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

2010/11/14 16:39:16.0739 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2010/11/14 16:39:16.0759 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2010/11/14 16:39:16.0783 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

2010/11/14 16:39:16.0805 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

2010/11/14 16:39:16.0848 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/11/14 16:39:16.0900 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

2010/11/14 16:39:16.0926 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2010/11/14 16:39:16.0951 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

2010/11/14 16:39:16.0984 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

2010/11/14 16:39:17.0032 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

2010/11/14 16:39:17.0054 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2010/11/14 16:39:17.0114 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys

2010/11/14 16:39:17.0155 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys

2010/11/14 16:39:17.0207 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/11/14 16:39:17.0266 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

2010/11/14 16:39:17.0290 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys

2010/11/14 16:39:17.0320 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys

2010/11/14 16:39:17.0349 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

2010/11/14 16:39:17.0371 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2010/11/14 16:39:17.0397 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/11/14 16:39:17.0420 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/11/14 16:39:17.0449 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

2010/11/14 16:39:17.0479 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/11/14 16:39:17.0501 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2010/11/14 16:39:17.0528 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

2010/11/14 16:39:17.0554 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

2010/11/14 16:39:17.0596 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys

2010/11/14 16:39:17.0618 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys

2010/11/14 16:39:17.0645 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

2010/11/14 16:39:17.0668 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

2010/11/14 16:39:17.0686 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

2010/11/14 16:39:17.0715 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2010/11/14 16:39:17.0740 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

2010/11/14 16:39:17.0781 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2010/11/14 16:39:17.0832 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2010/11/14 16:39:17.0856 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2010/11/14 16:39:17.0898 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2010/11/14 16:39:17.0942 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2010/11/14 16:39:18.0009 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2010/11/14 16:39:18.0031 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2010/11/14 16:39:18.0132 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

2010/11/14 16:39:18.0185 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

2010/11/14 16:39:18.0253 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2010/11/14 16:39:18.0300 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

2010/11/14 16:39:18.0351 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/11/14 16:39:18.0516 xcbdaNtscV (6caf33678521eb2ae97fe808f19e25ca) C:\Windows\system32\DRIVERS\xcbdaVx64.sys

2010/11/14 16:39:18.0577 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

2010/11/14 16:39:18.0685 ================================================================================

2010/11/14 16:39:18.0685 Scan finished

2010/11/14 16:39:18.0685 ================================================================================

2010/11/14 16:39:18.0696 Detected object count: 1

2010/11/14 16:39:21.0039 Locked file(sptd) - User select action: Skip

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

++++++++++++++++++

OTL logfile created on: 11/14/2010 4:27:45 PM - Run 2

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Rachel\Desktop

64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 70.00% Memory free

8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 455.94 Gb Total Space | 160.82 Gb Free Space | 35.27% Space Free | Partition Type: NTFS

Drive D: | 9.82 Gb Total Space | 9.19 Gb Free Space | 93.56% Space Free | Partition Type: NTFS

Drive F: | 119.78 Mb Total Space | 119.50 Mb Free Space | 99.77% Space Free | Partition Type: FAT

Drive L: | 931.51 Gb Total Space | 260.67 Gb Free Space | 27.98% Space Free | Partition Type: NTFS

Computer Name: RACHEL-PC | User Name: Rachel | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Rachel\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\MpcStar\mpcstar.exe ()

PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)

PRC - C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe ()

PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()

PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()

PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Rachel\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

+++++++++++++++++++++

Link to post
Share on other sites

Hi RaandJ04,

1. I see that MBAM is no longer detecting the bot that was your original problem.

2. Your TDSSKiller log is clean but the driver sptd.sys that is locked, belongs to Daemeon Tools and that driver can impede the functioning of malware detection/removal programs, so I am going to ask you to disable it by following the directions here:

http://www.bleepingcomputer.com/forums/topic293569.html

3. Your OTL log is very incomplete. It may have exceeded the allowed limit for topic replies so you can break it up if that's the case into two or more replies.

4. I am awaiting your ESET scan report.

5. I want you to run the Microsoft Malicious Software Removal Tool (MSRT) 64 bit only - by following these directions:

Download Microsoft's Malicious Software Removal Tool (MSRT) to your desktop

Save and Rename it as You download it to iexplore.exe

Right-click iexplore.exe on your Desktop and Select "Run as Administrator" to launch it

In the "Scan Type" window, select Full Scan

Perform a scan and the Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Click on Start => Run

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter

notepad c:\windows\debug\mrt.log

Link to post
Share on other sites

Thanks for the quick responses! I was unable to run the ESET scan it tells me that my proxy settings are not configured? These are the results of the other scans that you requested I will do this in two posts. Thanks again!

OTL

OTL logfile created on: 11/15/2010 1:26:35 PM - Run 3

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Rachel\Desktop

64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 72.00% Memory free

8.00 Gb Paging File | 7.00 Gb Available in Paging File | 84.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 455.94 Gb Total Space | 160.80 Gb Free Space | 35.27% Space Free | Partition Type: NTFS

Drive D: | 9.82 Gb Total Space | 9.19 Gb Free Space | 93.56% Space Free | Partition Type: NTFS

Drive L: | 931.51 Gb Total Space | 260.67 Gb Free Space | 27.98% Space Free | Partition Type: NTFS

Computer Name: RACHEL-PC | User Name: Rachel | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Rachel\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)

PRC - C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe ()

PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()

PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()

PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Rachel\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (Browser Defender Update Service) -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)

SRV - (sdCoreService) -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe (PC Tools)

SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (sdAuxService) -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe (PC Tools)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys File not found

DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)

DRV:64bit: - (pctEFA) -- C:\Windows\SysNative\drivers\pctEFA64.sys (PC Tools)

DRV:64bit: - (pctDS) -- C:\Windows\SysNative\drivers\pctDS64.sys (PC Tools)

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)

DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)

DRV:64bit: - (LVUVC64) Logitech QuickCam S5500(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)

DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)

DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()

DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (SrvHsfPCI) -- C:\Windows\SysNative\drivers\VSTBS26.SYS (Conexant Systems, Inc.)

DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()

DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (xcbdaNtscV) ViXS Tuner Card (NTSC) -- C:\Windows\SysNative\drivers\xcbdaVx64.sys (ViXS Systems Inc.)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)

DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 A2 7F F7 BE 52 CB 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..extensions.enabledItems: {8CD0D324-2880-455F-8583-523DA80014C4}:1.9.1

FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:2.0.6

FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16046&locale=en_US&q="

FF - prefs.js..network.proxy.http: "127.0.0.1"

FF - prefs.js..network.proxy.http_port: 50370

FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\Firefox\ [2010/09/04 21:13:40 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/27 19:38:00 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/27 19:38:00 | 000,000,000 | ---D | M]

[2010/03/17 11:49:48 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Mozilla\Extensions

[2010/03/17 11:49:48 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

[2010/10/27 18:36:52 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\q9wiu194.default\extensions

[2010/03/17 12:17:58 | 000,002,425 | ---- | M] () -- C:\Users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\q9wiu194.default\searchplugins\askcom.xml

[2010/09/12 16:14:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Users\Rachel\Desktop\BitComet\tools\BitCometBHO_1.3.7.16.dll File not found

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)

O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()

O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe ()

O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found

O4 - Startup: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Users\Rachel\Desktop\BitComet.exe (www.BitComet.com)

O8:64bit: - Extra context menu item: &D&ownload all video with BitComet - C:\Users\Rachel\Desktop\BitComet.exe (www.BitComet.com)

O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Users\Rachel\Desktop\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &D&ownload &with BitComet - C:\Users\Rachel\Desktop\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Users\Rachel\Desktop\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &D&ownload all with BitComet - C:\Users\Rachel\Desktop\BitComet.exe (www.BitComet.com)

O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Users\Rachel\Desktop\BitComet\tools\BitCometBHO_1.3.7.16.dll File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2007/07/03 15:55:19 | 000,000,024 | ---- | M] () - C:\autoexec.txt -- [ NTFS ]

O32 - AutoRun File - [2008/08/18 14:27:08 | 000,000,809 | ---- | M] () - L:\Autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2009/09/20 18:19:31 | 000,000,067 | ---- | M] () - L:\Autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/14 16:51:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2010/11/14 16:26:32 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Rachel\Desktop\OTL.exe

[2010/11/12 12:55:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2010/11/10 12:53:06 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2010/11/01 15:20:15 | 000,000,000 | ---D | C] -- C:\gPotato

[2010/11/01 15:17:13 | 000,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Local\PMB Files

[2010/11/01 15:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files

[2010/11/01 15:16:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks

[2010/10/26 12:22:01 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll

[2010/10/26 12:22:01 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll

[2010/10/26 12:22:01 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll

[2010/10/26 12:22:01 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax

[2010/10/26 12:22:01 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax

[2010/10/26 12:22:01 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax

[2010/10/26 12:22:01 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax

[2010/10/26 12:21:56 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys

[2010/10/23 13:56:34 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

[2010/10/17 15:44:49 | 000,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Roaming\CometPlayer

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/15 13:26:58 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/11/15 13:26:58 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/11/15 13:19:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/11/15 13:19:35 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys

[2010/11/15 13:18:08 | 000,000,020 | ---- | M] () -- C:\Users\Rachel\defogger_reenable

[2010/11/15 09:31:35 | 000,003,584 | ---- | M] () -- C:\Users\Rachel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/14 19:35:52 | 000,000,104 | ---- | M] () -- C:\Users\Rachel\Desktop\Control Panel - Shortcut.lnk

[2010/11/14 16:26:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Rachel\Desktop\OTL.exe

[2010/11/14 14:09:45 | 000,022,390 | ---- | M] () -- C:\Users\Rachel\Documents\hersh5.jpg

[2010/11/14 14:07:16 | 000,029,840 | ---- | M] () -- C:\Users\Rachel\Documents\hersh1.jpg

[2010/11/12 15:39:59 | 000,011,916 | ---- | M] () -- C:\Users\Rachel\Documents\What principles from the classical school continue to characterize modern thought on crime.docx

[2010/11/12 12:55:24 | 000,002,093 | ---- | M] () -- C:\Users\Rachel\Desktop\HijackThis.lnk

[2010/11/10 12:26:12 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/11/10 12:26:12 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/11/10 12:26:11 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/11/09 19:31:36 | 000,003,736 | ---- | M] () -- C:\Users\Rachel\Desktop\BitComet.xml

[2010/11/09 19:31:26 | 000,006,571 | ---- | M] () -- C:\Users\Rachel\Desktop\Downloads.xml

[2010/11/09 16:10:48 | 000,006,571 | ---- | M] () -- C:\Users\Rachel\Desktop\Downloads.xml.bak

[2010/11/08 11:08:22 | 000,060,416 | ---- | M] () -- C:\Users\Rachel\Documents\LearningTeamCharterCriminology.doc

[2010/11/07 15:52:40 | 000,001,029 | ---- | M] () -- C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk

[2010/11/03 10:44:32 | 000,010,892 | ---- | M] () -- C:\Users\Rachel\Documents\coverletter.docx

[2010/11/02 20:37:34 | 000,001,628 | ---- | M] () -- C:\Users\Rachel\Desktop\AikaOnline.lnk

[2010/11/01 15:20:06 | 470,233,249 | ---- | M] () -- C:\Users\Rachel\Desktop\Aika_AshesOfBetrayal.exe

[2010/10/27 19:36:10 | 000,010,245 | ---- | M] () -- C:\Users\Rachel\Documents\CJAsta.docx

[2010/10/26 12:21:50 | 001,197,970 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB

[2010/10/17 15:44:51 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Comet Player.lnk

[2010/10/17 15:44:51 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\MpcStar.lnk

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/15 13:18:08 | 000,000,020 | ---- | C] () -- C:\Users\Rachel\defogger_reenable

[2010/11/15 09:31:34 | 000,003,584 | ---- | C] () -- C:\Users\Rachel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/14 19:35:52 | 000,000,104 | ---- | C] () -- C:\Users\Rachel\Desktop\Control Panel - Shortcut.lnk

[2010/11/14 14:16:46 | 000,022,390 | ---- | C] () -- C:\Users\Rachel\Documents\hersh5.jpg

[2010/11/14 14:16:30 | 000,029,840 | ---- | C] () -- C:\Users\Rachel\Documents\hersh1.jpg

[2010/11/12 12:55:24 | 000,002,093 | ---- | C] () -- C:\Users\Rachel\Desktop\HijackThis.lnk

[2010/11/11 19:14:04 | 000,011,916 | ---- | C] () -- C:\Users\Rachel\Documents\What principles from the classical school continue to characterize modern thought on crime.docx

[2010/11/08 11:08:22 | 000,060,416 | ---- | C] () -- C:\Users\Rachel\Documents\LearningTeamCharterCriminology.doc

[2010/11/01 15:23:13 | 000,001,628 | ---- | C] () -- C:\Users\Rachel\Desktop\AikaOnline.lnk

[2010/11/01 15:17:22 | 470,233,249 | ---- | C] () -- C:\Users\Rachel\Desktop\Aika_AshesOfBetrayal.exe

[2010/10/27 19:36:09 | 000,010,245 | ---- | C] () -- C:\Users\Rachel\Documents\CJAsta.docx

[2010/10/22 15:34:40 | 000,001,029 | ---- | C] () -- C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk

[2010/10/17 15:44:51 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Comet Player.lnk

[2010/09/04 21:13:39 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll

[2010/04/19 18:36:58 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys

[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

TDSSKiller

2010/11/15 13:29:41.0478 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22

2010/11/15 13:29:41.0478 ================================================================================

2010/11/15 13:29:41.0478 SystemInfo:

2010/11/15 13:29:41.0478

2010/11/15 13:29:41.0478 OS Version: 6.1.7600 ServicePack: 0.0

2010/11/15 13:29:41.0478 Product type: Workstation

2010/11/15 13:29:41.0478 ComputerName: RACHEL-PC

2010/11/15 13:29:41.0478 UserName: Rachel

2010/11/15 13:29:41.0478 Windows directory: C:\Windows

2010/11/15 13:29:41.0478 System windows directory: C:\Windows

2010/11/15 13:29:41.0478 Running under WOW64

2010/11/15 13:29:41.0478 Processor architecture: Intel x64

2010/11/15 13:29:41.0478 Number of processors: 2

2010/11/15 13:29:41.0478 Page size: 0x1000

2010/11/15 13:29:41.0478 Boot type: Normal boot

2010/11/15 13:29:41.0478 ================================================================================

2010/11/15 13:29:41.0478 Utility is running under WOW64

2010/11/15 13:29:41.0853 Initialize success

2010/11/15 13:29:44.0130 ================================================================================

2010/11/15 13:29:44.0130 Scan started

2010/11/15 13:29:44.0130 Mode: Manual;

2010/11/15 13:29:44.0130 ================================================================================

2010/11/15 13:29:45.0129 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

2010/11/15 13:29:45.0176 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

2010/11/15 13:29:45.0207 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

2010/11/15 13:29:45.0254 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2010/11/15 13:29:45.0285 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2010/11/15 13:29:45.0316 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2010/11/15 13:29:45.0363 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys

2010/11/15 13:29:45.0394 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

2010/11/15 13:29:45.0441 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

2010/11/15 13:29:45.0488 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

2010/11/15 13:29:45.0534 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2010/11/15 13:29:45.0550 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2010/11/15 13:29:45.0581 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

2010/11/15 13:29:45.0628 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2010/11/15 13:29:45.0659 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

2010/11/15 13:29:45.0675 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

2010/11/15 13:29:45.0737 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2010/11/15 13:29:45.0753 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2010/11/15 13:29:45.0784 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/11/15 13:29:45.0815 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

2010/11/15 13:29:45.0862 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2010/11/15 13:29:45.0924 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2010/11/15 13:29:45.0956 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2010/11/15 13:29:46.0002 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2010/11/15 13:29:46.0034 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys

2010/11/15 13:29:46.0049 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2010/11/15 13:29:46.0080 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2010/11/15 13:29:46.0127 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2010/11/15 13:29:46.0143 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2010/11/15 13:29:46.0158 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2010/11/15 13:29:46.0174 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2010/11/15 13:29:46.0205 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2010/11/15 13:29:46.0252 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2010/11/15 13:29:46.0283 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

2010/11/15 13:29:46.0299 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2010/11/15 13:29:46.0361 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2010/11/15 13:29:46.0408 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/11/15 13:29:46.0424 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

2010/11/15 13:29:46.0439 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

2010/11/15 13:29:46.0470 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2010/11/15 13:29:46.0502 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

2010/11/15 13:29:46.0533 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2010/11/15 13:29:46.0580 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys

2010/11/15 13:29:46.0642 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys

2010/11/15 13:29:46.0673 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2010/11/15 13:29:46.0689 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2010/11/15 13:29:46.0736 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2010/11/15 13:29:46.0798 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys

2010/11/15 13:29:46.0907 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2010/11/15 13:29:47.0032 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2010/11/15 13:29:47.0079 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

2010/11/15 13:29:47.0126 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2010/11/15 13:29:47.0157 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2010/11/15 13:29:47.0188 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2010/11/15 13:29:47.0219 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2010/11/15 13:29:47.0235 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2010/11/15 13:29:47.0266 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/11/15 13:29:47.0297 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

2010/11/15 13:29:47.0328 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2010/11/15 13:29:47.0360 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2010/11/15 13:29:47.0391 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

2010/11/15 13:29:47.0422 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2010/11/15 13:29:47.0484 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2010/11/15 13:29:47.0531 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2010/11/15 13:29:47.0594 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

2010/11/15 13:29:47.0640 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/11/15 13:29:47.0656 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2010/11/15 13:29:47.0687 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2010/11/15 13:29:47.0718 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2010/11/15 13:29:47.0765 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

2010/11/15 13:29:47.0812 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

2010/11/15 13:29:47.0859 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

2010/11/15 13:29:47.0890 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

2010/11/15 13:29:47.0921 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/11/15 13:29:48.0046 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

2010/11/15 13:29:48.0108 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2010/11/15 13:29:48.0140 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

2010/11/15 13:29:48.0186 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2010/11/15 13:29:48.0202 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/11/15 13:29:48.0233 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2010/11/15 13:29:48.0264 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2010/11/15 13:29:48.0327 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2010/11/15 13:29:48.0342 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

2010/11/15 13:29:48.0374 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/11/15 13:29:48.0389 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/11/15 13:29:48.0420 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/11/15 13:29:48.0436 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

2010/11/15 13:29:48.0483 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

2010/11/15 13:29:48.0498 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2010/11/15 13:29:48.0576 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys

2010/11/15 13:29:48.0608 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys

2010/11/15 13:29:48.0654 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2010/11/15 13:29:48.0701 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2010/11/15 13:29:48.0732 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2010/11/15 13:29:48.0748 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2010/11/15 13:29:48.0779 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2010/11/15 13:29:48.0810 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2010/11/15 13:29:48.0857 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys

2010/11/15 13:29:48.0873 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys

2010/11/15 13:29:48.0935 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys

2010/11/15 13:29:49.0122 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys

2010/11/15 13:29:49.0341 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys

2010/11/15 13:29:49.0372 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2010/11/15 13:29:49.0403 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2010/11/15 13:29:49.0450 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2010/11/15 13:29:49.0481 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2010/11/15 13:29:49.0528 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

2010/11/15 13:29:49.0559 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2010/11/15 13:29:49.0575 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

2010/11/15 13:29:49.0606 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

2010/11/15 13:29:49.0622 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2010/11/15 13:29:49.0668 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

2010/11/15 13:29:49.0700 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/11/15 13:29:49.0731 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/11/15 13:29:49.0778 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/11/15 13:29:49.0793 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

2010/11/15 13:29:49.0809 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

2010/11/15 13:29:49.0856 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2010/11/15 13:29:49.0871 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2010/11/15 13:29:49.0887 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

2010/11/15 13:29:49.0934 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2010/11/15 13:29:49.0965 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/11/15 13:29:49.0980 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2010/11/15 13:29:50.0012 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

2010/11/15 13:29:50.0043 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/11/15 13:29:50.0058 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2010/11/15 13:29:50.0074 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2010/11/15 13:29:50.0121 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2010/11/15 13:29:50.0168 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2010/11/15 13:29:50.0214 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

2010/11/15 13:29:50.0261 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2010/11/15 13:29:50.0292 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/11/15 13:29:50.0308 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/11/15 13:29:50.0324 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/11/15 13:29:50.0355 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

2010/11/15 13:29:50.0370 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2010/11/15 13:29:50.0402 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

2010/11/15 13:29:50.0464 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2010/11/15 13:29:50.0495 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2010/11/15 13:29:50.0526 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2010/11/15 13:29:50.0589 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

2010/11/15 13:29:50.0651 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2010/11/15 13:29:50.0932 nvlddmkm (feffc8474be060ea7349a172b9810415) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2010/11/15 13:29:50.0994 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

2010/11/15 13:29:51.0010 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

2010/11/15 13:29:51.0057 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

2010/11/15 13:29:51.0104 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/11/15 13:29:51.0150 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2010/11/15 13:29:51.0182 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

2010/11/15 13:29:51.0291 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

2010/11/15 13:29:51.0322 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

2010/11/15 13:29:51.0369 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2010/11/15 13:29:51.0416 PCTCore (3db59fe90f3525cd9bf120b726c11800) C:\Windows\system32\drivers\PCTCore64.sys

2010/11/15 13:29:51.0462 pctDS (ff43e3b1687e4e2140de6349ea5c7372) C:\Windows\system32\drivers\pctDS64.sys

2010/11/15 13:29:51.0494 pctEFA (60e9a05852af7e9cb11237c00aee4ccf) C:\Windows\system32\drivers\pctEFA64.sys

2010/11/15 13:29:51.0540 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2010/11/15 13:29:51.0556 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2010/11/15 13:29:51.0650 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

2010/11/15 13:29:51.0665 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2010/11/15 13:29:51.0728 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

2010/11/15 13:29:51.0774 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2010/11/15 13:29:51.0837 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2010/11/15 13:29:51.0868 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2010/11/15 13:29:51.0899 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2010/11/15 13:29:51.0930 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2010/11/15 13:29:51.0962 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/11/15 13:29:51.0993 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/11/15 13:29:52.0008 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2010/11/15 13:29:52.0040 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

2010/11/15 13:29:52.0071 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2010/11/15 13:29:52.0086 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/11/15 13:29:52.0133 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys

2010/11/15 13:29:52.0149 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2010/11/15 13:29:52.0164 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2010/11/15 13:29:52.0196 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

2010/11/15 13:29:52.0211 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

2010/11/15 13:29:52.0258 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2010/11/15 13:29:52.0305 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys

2010/11/15 13:29:52.0336 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

2010/11/15 13:29:52.0367 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

2010/11/15 13:29:52.0398 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2010/11/15 13:29:52.0445 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2010/11/15 13:29:52.0461 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2010/11/15 13:29:52.0492 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2010/11/15 13:29:52.0539 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

2010/11/15 13:29:52.0554 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2010/11/15 13:29:52.0570 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

2010/11/15 13:29:52.0601 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2010/11/15 13:29:52.0632 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2010/11/15 13:29:52.0648 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2010/11/15 13:29:52.0679 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2010/11/15 13:29:52.0726 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2010/11/15 13:29:52.0851 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys

2010/11/15 13:29:52.0929 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys

2010/11/15 13:29:52.0991 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys

2010/11/15 13:29:53.0054 SrvHsfPCI (93132c69394a99d992095d8cfe464801) C:\Windows\system32\DRIVERS\VSTBS26.SYS

2010/11/15 13:29:53.0210 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

2010/11/15 13:29:53.0303 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

2010/11/15 13:29:53.0366 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys

2010/11/15 13:29:53.0428 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2010/11/15 13:29:53.0490 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys

2010/11/15 13:29:53.0522 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys

2010/11/15 13:29:53.0537 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

2010/11/15 13:29:53.0631 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys

2010/11/15 13:29:53.0709 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys

2010/11/15 13:29:53.0740 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

2010/11/15 13:29:53.0771 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2010/11/15 13:29:53.0802 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2010/11/15 13:29:53.0834 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

2010/11/15 13:29:53.0849 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

2010/11/15 13:29:53.0896 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/11/15 13:29:53.0943 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

2010/11/15 13:29:53.0958 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2010/11/15 13:29:53.0990 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

2010/11/15 13:29:54.0036 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

2010/11/15 13:29:54.0068 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

2010/11/15 13:29:54.0083 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2010/11/15 13:29:54.0161 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys

2010/11/15 13:29:54.0208 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys

2010/11/15 13:29:54.0255 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/11/15 13:29:54.0286 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

2010/11/15 13:29:54.0317 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys

2010/11/15 13:29:54.0348 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys

2010/11/15 13:29:54.0364 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

2010/11/15 13:29:54.0395 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2010/11/15 13:29:54.0411 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/11/15 13:29:54.0442 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/11/15 13:29:54.0473 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

2010/11/15 13:29:54.0504 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/11/15 13:29:54.0520 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2010/11/15 13:29:54.0551 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

2010/11/15 13:29:54.0582 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

2010/11/15 13:29:54.0629 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys

2010/11/15 13:29:54.0645 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys

2010/11/15 13:29:54.0676 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

2010/11/15 13:29:54.0692 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

2010/11/15 13:29:54.0723 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

2010/11/15 13:29:54.0754 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2010/11/15 13:29:54.0770 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

2010/11/15 13:29:54.0816 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2010/11/15 13:29:54.0848 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2010/11/15 13:29:54.0848 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2010/11/15 13:29:54.0894 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2010/11/15 13:29:54.0941 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2010/11/15 13:29:55.0066 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2010/11/15 13:29:55.0097 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2010/11/15 13:29:55.0191 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

2010/11/15 13:29:55.0206 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

2010/11/15 13:29:55.0269 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2010/11/15 13:29:55.0300 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

2010/11/15 13:29:55.0347 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/11/15 13:29:55.0550 xcbdaNtscV (6caf33678521eb2ae97fe808f19e25ca) C:\Windows\system32\DRIVERS\xcbdaVx64.sys

2010/11/15 13:29:55.0612 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

2010/11/15 13:29:55.0659 ================================================================================

2010/11/15 13:29:55.0659 Scan finished

2010/11/15 13:29:55.0659 ================================================================================

Link to post
Share on other sites

Here are the results from Microsoft's Malicious Software Removal Tool:

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.10, August 2010

Started On Tue Aug 24 13:38:55 2010

WARNING: Security policy doesn't allow for all actions MSRT may require.->Scan ERROR: resource process://pid:2044 (code 0x00000005 (5))

->Scan ERROR: resource process://pid:1324 (code 0x00000057 (87))

-> Sysclean ERROR: Internal error, code = 80508015

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Tue Aug 24 13:39:59 2010

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.11, September 2010

Started On Wed Sep 15 03:01:45 2010

WARNING: Security policy doesn't allow for all actions MSRT may require.->Scan ERROR: resource process://pid:6004 (code 0x00000005 (5))

Engine internal result code = 80508015

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 15 03:03:03 2010

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.12, October 2010

Started On Wed Oct 13 03:01:03 2010

WARNING: Security policy doesn't allow for all actions MSRT may require.->Scan ERROR: resource process://pid:4944 (code 0x00000005 (5))

Engine internal result code = 80508015

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 13 03:02:16 2010

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.13, November 2010

Started On Mon Nov 15 13:35:26 2010

Microsoft Windows Malicious Software Removal Tool Finished On Mon Nov 15 13:35:48 2010

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.13, November 2010

Started On Mon Nov 15 13:36:51 2010

Extended Scan Results

----------------

->Scan ERROR: resource process://pid:4832 (code 0x00000005 (5))

->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))

->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))

->Scan ERROR: resource file://C:\System Volume Information\{0b9f4188-ed02-11df-8e2c-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{0b9f418c-ed02-11df-8e2c-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{0b9f431b-ed02-11df-8e2c-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{0b9f4425-ed02-11df-8e2c-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{4339f4f2-ee8c-11df-8434-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{7ead7ce7-eaa8-11df-892f-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{7ead7ceb-eaa8-11df-892f-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{83b23b07-ecf3-11df-8bde-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{83b23b0b-ecf3-11df-8bde-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{83b23b17-ecf3-11df-8bde-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{989ce0af-ec68-11df-a1ff-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{989ce1ee-ec68-11df-a1ff-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{9d08c12b-de1b-11df-948e-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{9d08c38a-de1b-11df-948e-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{9d08c459-de1b-11df-948e-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{b9a814a7-ecee-11df-9f9a-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{b9a814ab-ecee-11df-9f9a-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{b9a814b7-ecee-11df-9f9a-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{b9d51b08-ee7a-11df-96be-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{bb44b717-cc62-11df-844c-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{bb44b7ce-cc62-11df-844c-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{bb44b837-cc62-11df-844c-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{bb44b875-cc62-11df-844c-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{bb44b987-cc62-11df-844c-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{bb44baee-cc62-11df-844c-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{c65b3092-d69a-11df-a375-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{c65b3236-d69a-11df-a375-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{cbcdb287-eea8-11df-9ea0-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{e4e11fad-e19a-11df-a664-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{e4e1207f-e19a-11df-a664-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{e823f0b9-ecea-11df-a5d7-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{e823f0c0-ecea-11df-a5d7-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{f0abfa91-edf1-11df-89c9-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{f0abfa9d-edf1-11df-89c9-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{f0abfaa1-edf1-11df-89c9-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{f0abfc05-edf1-11df-89c9-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{f6dd6647-e446-11df-9359-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{f6dd67b0-e446-11df-9359-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{f6dd6886-e446-11df-9359-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

No infection found as part of the extended scan

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Mon Nov 15 17:18:23 2010

Return code: 0 (0x0)

Link to post
Share on other sites

Open the Control Panel > Programs and Remove these programs:

LimeWire Toolbar

BitComet Helper

Bonjour

Close the Control Panel

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:OTL
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Users\Rachel\Desktop\BitComet\tools\BitCometBHO_1.3.7.16.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Users\Rachel\Desktop\BitComet\tools\BitCometBHO_1.3.7.16.dll File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
:Commands
[EmptyFlash]
[EmptyTemp]
[Purity]

  • Click the Run Fix button at the top
  • Let the program run WITHOUT interference.
  • When it is done, it will reboot and produce a log.
  • Please Copy/Paste the OTL log into your next reply

To fix the Firefox proxy issue:

  • Open Firefox
  • Click Tools > Options > Advanced > Network > Settings. Then Check "No Proxy".

To disable the proxy settings in Internet Explorer :

1) Under Tools in the browser tool bar select : Internet Options.

2) In the Internet Options window that pops up, click the Connections tab at the top.

3) Click LAN Settings near the bottom of the Connections section.

4) If the Proxy server checkbox is checked, UNcheck it.

5) Click OK to close the Local Area Network (LAN) Settings window.

6) Click OK to close the Internet Options window.

Link to post
Share on other sites

Ok so I was able to fix the proxy settings with your help and run the ESET scan and I will post the results below. I did not run the OTL fix as suggested because I am not able to find Bitcomet Helper to uninstall the program. Also after the ESET scan completed I went to the log found under program files and there was nothing there but this

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

There were no other txt documents.

Any suggestions in regard to this would be helpful thank you again!

Link to post
Share on other sites

See if You can access the ESET scan report this way:

Open a Run Line

Click the Windows 7 Start Orb

Type Run in the "Start Search" Box

At the top of the returned results, Under Programs, double-click Run

Paste the following bolded text exactly (including the quotes) into the Open Box and Click OK:

"C:\Program Files\EsetOnlineScanner\log.txt"

It should look like this (maybe your's is truncated):

# version=4

# OnlineScanner.ocx=1.0.0.56

# OnlineScannerDLLA.dll=1, 0, 0, 51

# OnlineScannerDLLW.dll=1, 0, 0, 51

# OnlineScannerUninstaller.exe=1, 0, 0, 49

# vers_standard_module=2440 (20070806)

# vers_arch_module=1.057 (20070802)

# vers_adv_heur_module=1.065 (20070802)

# EOSSerial=1b4fabfbdd20854e918f213f0ae81857

# end=finished

# remove_checked=false

# unwanted_checked=false

# utc_time=2007-08-06 11:09:04

# local_time=2007-08-06 07:09:04 (-0500, Eastern Daylight Time)

# country="United States"

# osver=6.0.6000 NT

# scanned=114698

# found=0

# scan_time=843

# nod_component=NOD32MOD_WINNT_ENGLISH_BASE Build:0x11081627 (NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Base)

# nod_component=NOD32MOD_WINNT_ENGLISH_INET Build:0x11081627 (NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Internet support)

# nod_component=NOD32MOD_WINNT_ENGLISH_STANDARD Build:0x11081627 (NOD32 for Windows NT/2000/XP/2003/Vista/x64 - Standard component)

Link to post
Share on other sites

Please run mbr.exe and post back the log as follows:

Copy / Paste the following command at the command prompt, and hit Enter

mbr.exe -t -s > "%userprofile%\desktop\mbr.log"

Open the log it created on your Desktop by double-clicking mbr.log, and copy and paste the contents of mbr.log into your next reply.

Please run the F-Secure Online Scanner >Here< by checking the "I have read and accepted the license terms" checkbox and clicking the "Run Check" button.

When done click "Show report" and copy/paste its contents into your next reply

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.