RaandJ04 Posted November 12, 2010 ID:343935 Share Posted November 12, 2010 Hi! A couple of days ago my browser (Firefox) started saying that it could not connect because of a proxy problem. I figured that whatever virus I had was changing my proxy settings and so ran Malwarebytes. It did remove two viruses entitled Backdoor.Bot but of course it reinstalls whenever I restart my computer and the process starts again. I read some web pages and looked at some problems others were having in these forums unfortuantely there is no process running that I can see to disable. I also tried running in Safe Mode with Networking and ran Malwarebytes again, the results of which I will post underneath this intro. Any help that can be given would be greatly appreciated. Thank so much in advance!Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4602Windows 6.1.7600 (Safe Mode)Internet Explorer 8.0.7600.1638511/12/2010 1:36:38 PMmbam-log-2010-11-12 (13-36-38).txtScan type: Full scan (C:\|)Objects scanned: 383659Time elapsed: 1 hour(s), 1 minute(s), 8 second(s)Memory Processes Infected: 1Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 2Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:C:\Users\Rachel\AppData\Roaming\Microsoft\svchost.exe (Backdoor.Bot) -> Unloaded process successfully.Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\Users\Rachel\AppData\Roaming\Microsoft\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully. Link to post Share on other sites More sharing options...
negster22 Posted November 13, 2010 ID:344172 Share Posted November 13, 2010 Hi and Welcome to Malwarebytes' Forum,Please run MBAM in Normal Mode.Update MBAM before performing a scan.The current database is at least 5104 Your log shows the database You used for the scan is:Database version: 4602 Perform a quick scanSelect all threats found to be removedPost the log back here.Download and Run TDSSKiller.EXE by following the directions in this link:http://support.kaspersky.com/viruses/solutions?qid=208280684If TDSSKiller detects an infected driver, it may ask you to reboot to remove it! At the conclusion of the scan, if no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. Download OTL and save it on your desktop: http://oldtimer.geekstogo.com/OTL.exe Close all open windows on the Task Bar. Click the OTL icon (for Vista or Win 7, right click the icon and Run as Administrator) to start the program. When the window appears, underneath Output at the top change it to Minimal Output.Now click Quick Scan button and let the program run uninterrupted. The scan may take 5-10 minutes.Do NOT touch your keyboard until the scan is done!!It will produce two (2) logs on your desktop, one will pop up called OTL.txt; the other will be named Extras.txt.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and paste them into your next post.Exit OTL by clicking the X at top right.Download this Antirootkit Program to a folder that you create such as C:\ARK.Disable the active protection component of your antivirus and antispyware programs by following the directions that apply here:http://www.bleepingcomputer.com/forums/topic114351.htmlNext, please perform a rootkit scan:Double-click the randomly name EXE located in the C:\ARK folder that you just downloaded to run the program. When the program opens, it will automatically initiate a very fast scan of common rootkit hiding places.When the scan is finished, Save (Copy) the scan log to the Windows clipboard Open Notepad or a similar text editor Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl VExit the ProgramSave the Scan log as ARK.txt and post it in your next reply.Please perform a scan with the ESET online virus scanner:http://www.eset.com/onlinescan/index.phpESET recommends disabling your resident antivirus's auto-protection feature before beginning the scan to avoid conflicts and system hangsUse Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan.Check the "Yes, I accept the terms of use" box.Click "Start"Approve the installation of the ActiveX control that's required to enable scanningMake sure the box to Remove found threats. is CHECKED!!Click "Start" [*]Allow the definition data base to install[*]Click "Scan"When the scan is done, please post the scan report in your next reply. It can be found in this location:C:\Program Files\EsetOnlineScanner\log.txtNote to Windows 7 and Vista users, and anyone with restrictive IE security settings:Depending on your security settings, you may have to allow cookies and put the ESET website, www.eset.com, into the trusted zone of Internet Explorer if the scan has problems starting (in Vista this is a necessity as IE runs in Protected mode).To do that, on the Internet Explorer menu click Tools => Internet Options => Security => Trusted Sites => Sites. Then UNcheck "Require server verification for all sites in this zone" checkbox at the bottom of the dialog. Add the above www.eset.com url to the list of trusted sites, by inserting it in the blank box and clicking the Add button, then click Close. For cookies, choose the IE Privacy tab and add the above eset.com url to the exceptions list for cookie blocking.ite, okay?" Link to post Share on other sites More sharing options...
RaandJ04 Posted November 14, 2010 Author ID:345281 Share Posted November 14, 2010 Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 5116Windows 6.1.7600Internet Explorer 8.0.7600.1638511/14/2010 3:57:35 PMmbam-log-2010-11-14 (15-57-35).txtScan type: Quick scanObjects scanned: 144465Time elapsed: 2 minute(s), 43 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++DSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:222010/11/14 16:39:04.0630 ================================================================================2010/11/14 16:39:04.0630 SystemInfo:2010/11/14 16:39:04.0630 2010/11/14 16:39:04.0630 OS Version: 6.1.7600 ServicePack: 0.02010/11/14 16:39:04.0630 Product type: Workstation2010/11/14 16:39:04.0631 ComputerName: RACHEL-PC2010/11/14 16:39:04.0631 UserName: Rachel2010/11/14 16:39:04.0631 Windows directory: C:\Windows2010/11/14 16:39:04.0631 System windows directory: C:\Windows2010/11/14 16:39:04.0631 Running under WOW642010/11/14 16:39:04.0631 Processor architecture: Intel x642010/11/14 16:39:04.0631 Number of processors: 22010/11/14 16:39:04.0631 Page size: 0x10002010/11/14 16:39:04.0631 Boot type: Normal boot2010/11/14 16:39:04.0631 ================================================================================2010/11/14 16:39:04.0634 Utility is running under WOW642010/11/14 16:39:05.0086 Initialize success2010/11/14 16:39:06.0590 ================================================================================2010/11/14 16:39:06.0591 Scan started2010/11/14 16:39:06.0591 Mode: Manual; 2010/11/14 16:39:06.0591 ================================================================================2010/11/14 16:39:07.0645 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys2010/11/14 16:39:07.0663 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys2010/11/14 16:39:07.0689 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys2010/11/14 16:39:07.0744 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys2010/11/14 16:39:07.0777 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys2010/11/14 16:39:07.0814 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys2010/11/14 16:39:07.0885 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys2010/11/14 16:39:07.0908 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys2010/11/14 16:39:07.0939 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys2010/11/14 16:39:07.0958 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys2010/11/14 16:39:08.0006 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys2010/11/14 16:39:08.0027 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys2010/11/14 16:39:08.0053 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys2010/11/14 16:39:08.0082 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys2010/11/14 16:39:08.0101 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys2010/11/14 16:39:08.0119 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys2010/11/14 16:39:08.0205 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys2010/11/14 16:39:08.0228 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys2010/11/14 16:39:08.0279 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys2010/11/14 16:39:08.0294 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys2010/11/14 16:39:08.0343 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys2010/11/14 16:39:08.0375 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys2010/11/14 16:39:08.0427 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys2010/11/14 16:39:08.0488 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys2010/11/14 16:39:08.0520 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys2010/11/14 16:39:08.0547 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys2010/11/14 16:39:08.0572 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys2010/11/14 16:39:08.0628 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys2010/11/14 16:39:08.0649 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys2010/11/14 16:39:08.0663 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys2010/11/14 16:39:08.0678 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys2010/11/14 16:39:08.0710 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys2010/11/14 16:39:08.0736 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys2010/11/14 16:39:08.0783 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys2010/11/14 16:39:08.0802 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys2010/11/14 16:39:08.0849 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys2010/11/14 16:39:08.0897 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys2010/11/14 16:39:08.0925 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys2010/11/14 16:39:08.0945 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys2010/11/14 16:39:08.0961 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys2010/11/14 16:39:08.0981 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys2010/11/14 16:39:09.0009 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys2010/11/14 16:39:09.0076 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys2010/11/14 16:39:09.0143 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys2010/11/14 16:39:09.0166 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys2010/11/14 16:39:09.0216 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys2010/11/14 16:39:09.0284 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys2010/11/14 16:39:09.0359 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys2010/11/14 16:39:09.0471 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys2010/11/14 16:39:09.0528 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys2010/11/14 16:39:09.0550 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys2010/11/14 16:39:09.0590 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys2010/11/14 16:39:09.0625 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys2010/11/14 16:39:09.0655 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys2010/11/14 16:39:09.0705 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys2010/11/14 16:39:09.0724 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys2010/11/14 16:39:09.0750 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys2010/11/14 16:39:09.0782 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys2010/11/14 16:39:09.0810 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys2010/11/14 16:39:09.0834 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys2010/11/14 16:39:09.0874 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys2010/11/14 16:39:09.0898 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys2010/11/14 16:39:09.0965 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys2010/11/14 16:39:10.0018 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys2010/11/14 16:39:10.0092 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys2010/11/14 16:39:10.0148 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys2010/11/14 16:39:10.0178 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys2010/11/14 16:39:10.0201 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys2010/11/14 16:39:10.0231 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys2010/11/14 16:39:10.0281 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys2010/11/14 16:39:10.0313 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys2010/11/14 16:39:10.0379 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys2010/11/14 16:39:10.0471 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys2010/11/14 16:39:10.0550 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys2010/11/14 16:39:10.0616 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys2010/11/14 16:39:10.0668 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys2010/11/14 16:39:10.0726 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys2010/11/14 16:39:10.0762 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys2010/11/14 16:39:10.0790 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys2010/11/14 16:39:10.0816 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys2010/11/14 16:39:10.0848 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys2010/11/14 16:39:10.0923 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys2010/11/14 16:39:10.0952 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys2010/11/14 16:39:10.0984 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys2010/11/14 16:39:11.0007 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys2010/11/14 16:39:11.0048 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys2010/11/14 16:39:11.0072 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys2010/11/14 16:39:11.0117 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys2010/11/14 16:39:11.0137 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys2010/11/14 16:39:11.0216 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys2010/11/14 16:39:11.0273 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys2010/11/14 16:39:11.0332 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys2010/11/14 16:39:11.0401 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys2010/11/14 16:39:11.0424 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys2010/11/14 16:39:11.0445 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys2010/11/14 16:39:11.0469 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys2010/11/14 16:39:11.0496 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys2010/11/14 16:39:11.0560 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys2010/11/14 16:39:11.0595 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys2010/11/14 16:39:11.0691 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys2010/11/14 16:39:11.0890 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys2010/11/14 16:39:11.0983 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys2010/11/14 16:39:12.0010 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys2010/11/14 16:39:12.0035 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys2010/11/14 16:39:12.0094 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys2010/11/14 16:39:12.0146 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys2010/11/14 16:39:12.0196 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys2010/11/14 16:39:12.0248 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys2010/11/14 16:39:12.0268 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys2010/11/14 16:39:12.0297 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys2010/11/14 16:39:12.0317 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys2010/11/14 16:39:12.0352 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys2010/11/14 16:39:12.0392 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys2010/11/14 16:39:12.0417 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys2010/11/14 16:39:12.0454 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys2010/11/14 16:39:12.0466 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys2010/11/14 16:39:12.0494 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys2010/11/14 16:39:12.0534 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys2010/11/14 16:39:12.0553 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys2010/11/14 16:39:12.0576 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys2010/11/14 16:39:12.0632 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys2010/11/14 16:39:12.0698 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys2010/11/14 16:39:12.0736 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys2010/11/14 16:39:12.0765 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys2010/11/14 16:39:12.0806 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys2010/11/14 16:39:12.0849 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys2010/11/14 16:39:12.0870 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys2010/11/14 16:39:12.0930 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys2010/11/14 16:39:12.0989 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys2010/11/14 16:39:13.0087 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys2010/11/14 16:39:13.0145 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys2010/11/14 16:39:13.0187 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys2010/11/14 16:39:13.0231 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys2010/11/14 16:39:13.0246 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys2010/11/14 16:39:13.0276 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys2010/11/14 16:39:13.0322 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys2010/11/14 16:39:13.0346 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys2010/11/14 16:39:13.0411 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys2010/11/14 16:39:13.0458 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys2010/11/14 16:39:13.0479 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys2010/11/14 16:39:13.0530 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys2010/11/14 16:39:13.0552 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys2010/11/14 16:39:13.0847 nvlddmkm (feffc8474be060ea7349a172b9810415) C:\Windows\system32\DRIVERS\nvlddmkm.sys2010/11/14 16:39:13.0929 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys2010/11/14 16:39:13.0948 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys2010/11/14 16:39:14.0008 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys2010/11/14 16:39:14.0047 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys2010/11/14 16:39:14.0114 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys2010/11/14 16:39:14.0132 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys2010/11/14 16:39:14.0253 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys2010/11/14 16:39:14.0285 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys2010/11/14 16:39:14.0320 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys2010/11/14 16:39:14.0386 PCTCore (3db59fe90f3525cd9bf120b726c11800) C:\Windows\system32\drivers\PCTCore64.sys2010/11/14 16:39:14.0422 pctDS (ff43e3b1687e4e2140de6349ea5c7372) C:\Windows\system32\drivers\pctDS64.sys2010/11/14 16:39:14.0462 pctEFA (60e9a05852af7e9cb11237c00aee4ccf) C:\Windows\system32\drivers\pctEFA64.sys2010/11/14 16:39:14.0486 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys2010/11/14 16:39:14.0505 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys2010/11/14 16:39:14.0612 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys2010/11/14 16:39:14.0627 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys2010/11/14 16:39:14.0687 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys2010/11/14 16:39:14.0739 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys2010/11/14 16:39:14.0771 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys2010/11/14 16:39:14.0796 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys2010/11/14 16:39:14.0823 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys2010/11/14 16:39:14.0880 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys2010/11/14 16:39:14.0928 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys2010/11/14 16:39:14.0980 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys2010/11/14 16:39:15.0026 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys2010/11/14 16:39:15.0056 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys2010/11/14 16:39:15.0078 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys2010/11/14 16:39:15.0100 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys2010/11/14 16:39:15.0149 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys2010/11/14 16:39:15.0169 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys2010/11/14 16:39:15.0186 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys2010/11/14 16:39:15.0214 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys2010/11/14 16:39:15.0231 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys2010/11/14 16:39:15.0295 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys2010/11/14 16:39:15.0332 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys2010/11/14 16:39:15.0361 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys2010/11/14 16:39:15.0387 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys2010/11/14 16:39:15.0426 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys2010/11/14 16:39:15.0453 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys2010/11/14 16:39:15.0497 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys2010/11/14 16:39:15.0523 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys2010/11/14 16:39:15.0572 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys2010/11/14 16:39:15.0638 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys2010/11/14 16:39:15.0675 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys2010/11/14 16:39:15.0717 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys2010/11/14 16:39:15.0762 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys2010/11/14 16:39:15.0783 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys2010/11/14 16:39:15.0827 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys2010/11/14 16:39:15.0892 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys2010/11/14 16:39:16.0005 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys2010/11/14 16:39:16.0006 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb2010/11/14 16:39:16.0011 sptd - detected Locked file (1)2010/11/14 16:39:16.0063 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys2010/11/14 16:39:16.0112 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys2010/11/14 16:39:16.0170 SrvHsfPCI (93132c69394a99d992095d8cfe464801) C:\Windows\system32\DRIVERS\VSTBS26.SYS2010/11/14 16:39:16.0219 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS2010/11/14 16:39:16.0260 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS2010/11/14 16:39:16.0303 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys2010/11/14 16:39:16.0371 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys2010/11/14 16:39:16.0429 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys2010/11/14 16:39:16.0458 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys2010/11/14 16:39:16.0476 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys2010/11/14 16:39:16.0582 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys2010/11/14 16:39:16.0670 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys2010/11/14 16:39:16.0711 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys2010/11/14 16:39:16.0739 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys2010/11/14 16:39:16.0759 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys2010/11/14 16:39:16.0783 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys2010/11/14 16:39:16.0805 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys2010/11/14 16:39:16.0848 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys2010/11/14 16:39:16.0900 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys2010/11/14 16:39:16.0926 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys2010/11/14 16:39:16.0951 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys2010/11/14 16:39:16.0984 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys2010/11/14 16:39:17.0032 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys2010/11/14 16:39:17.0054 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys2010/11/14 16:39:17.0114 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys2010/11/14 16:39:17.0155 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys2010/11/14 16:39:17.0207 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys2010/11/14 16:39:17.0266 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys2010/11/14 16:39:17.0290 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys2010/11/14 16:39:17.0320 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys2010/11/14 16:39:17.0349 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys2010/11/14 16:39:17.0371 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys2010/11/14 16:39:17.0397 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS2010/11/14 16:39:17.0420 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys2010/11/14 16:39:17.0449 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys2010/11/14 16:39:17.0479 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys2010/11/14 16:39:17.0501 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys2010/11/14 16:39:17.0528 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys2010/11/14 16:39:17.0554 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys2010/11/14 16:39:17.0596 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys2010/11/14 16:39:17.0618 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys2010/11/14 16:39:17.0645 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys2010/11/14 16:39:17.0668 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys2010/11/14 16:39:17.0686 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys2010/11/14 16:39:17.0715 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys2010/11/14 16:39:17.0740 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys2010/11/14 16:39:17.0781 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys2010/11/14 16:39:17.0832 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys2010/11/14 16:39:17.0856 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys2010/11/14 16:39:17.0898 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys2010/11/14 16:39:17.0942 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys2010/11/14 16:39:18.0009 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys2010/11/14 16:39:18.0031 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys2010/11/14 16:39:18.0132 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys2010/11/14 16:39:18.0185 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys2010/11/14 16:39:18.0253 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys2010/11/14 16:39:18.0300 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys2010/11/14 16:39:18.0351 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys2010/11/14 16:39:18.0516 xcbdaNtscV (6caf33678521eb2ae97fe808f19e25ca) C:\Windows\system32\DRIVERS\xcbdaVx64.sys2010/11/14 16:39:18.0577 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys2010/11/14 16:39:18.0685 ================================================================================2010/11/14 16:39:18.0685 Scan finished2010/11/14 16:39:18.0685 ================================================================================2010/11/14 16:39:18.0696 Detected object count: 12010/11/14 16:39:21.0039 Locked file(sptd) - User select action: Skip++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++OTL logfile created on: 11/14/2010 4:27:45 PM - Run 2OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Rachel\Desktop64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstationInternet Explorer (Version = 8.0.7600.16385)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 70.00% Memory free8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 455.94 Gb Total Space | 160.82 Gb Free Space | 35.27% Space Free | Partition Type: NTFSDrive D: | 9.82 Gb Total Space | 9.19 Gb Free Space | 93.56% Space Free | Partition Type: NTFSDrive F: | 119.78 Mb Total Space | 119.50 Mb Free Space | 99.77% Space Free | Partition Type: FATDrive L: | 931.51 Gb Total Space | 260.67 Gb Free Space | 27.98% Space Free | Partition Type: NTFSComputer Name: RACHEL-PC | User Name: Rachel | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - C:\Users\Rachel\Desktop\OTL.exe (OldTimer Tools)PRC - C:\Program Files (x86)\MpcStar\mpcstar.exe ()PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)PRC - C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)PRC - C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe ()PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)========== Modules (SafeList) ==========MOD - C:\Users\Rachel\Desktop\OTL.exe (OldTimer Tools)MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Link to post Share on other sites More sharing options...
negster22 Posted November 15, 2010 ID:345327 Share Posted November 15, 2010 Hi RaandJ04,1. I see that MBAM is no longer detecting the bot that was your original problem.2. Your TDSSKiller log is clean but the driver sptd.sys that is locked, belongs to Daemeon Tools and that driver can impede the functioning of malware detection/removal programs, so I am going to ask you to disable it by following the directions here:http://www.bleepingcomputer.com/forums/topic293569.html3. Your OTL log is very incomplete. It may have exceeded the allowed limit for topic replies so you can break it up if that's the case into two or more replies.4. I am awaiting your ESET scan report.5. I want you to run the Microsoft Malicious Software Removal Tool (MSRT) 64 bit only - by following these directions:Download Microsoft's Malicious Software Removal Tool (MSRT) to your desktopSave and Rename it as You download it to iexplore.exeRight-click iexplore.exe on your Desktop and Select "Run as Administrator" to launch itIn the "Scan Type" window, select Full Scan Perform a scan and the Click Finish when the scan is done.Retrieve the MSRT log as follows, and post it in your next reply:1) Click on Start => Run2) Type or Copy/Paste the following command to the "Run Line" and Press Enternotepad c:\windows\debug\mrt.log Link to post Share on other sites More sharing options...
RaandJ04 Posted November 15, 2010 Author ID:345726 Share Posted November 15, 2010 Thanks for the quick responses! I was unable to run the ESET scan it tells me that my proxy settings are not configured? These are the results of the other scans that you requested I will do this in two posts. Thanks again!OTLOTL logfile created on: 11/15/2010 1:26:35 PM - Run 3OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Rachel\Desktop64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstationInternet Explorer (Version = 8.0.7600.16385)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 72.00% Memory free8.00 Gb Paging File | 7.00 Gb Available in Paging File | 84.00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 455.94 Gb Total Space | 160.80 Gb Free Space | 35.27% Space Free | Partition Type: NTFSDrive D: | 9.82 Gb Total Space | 9.19 Gb Free Space | 93.56% Space Free | Partition Type: NTFSDrive L: | 931.51 Gb Total Space | 260.67 Gb Free Space | 27.98% Space Free | Partition Type: NTFSComputer Name: RACHEL-PC | User Name: Rachel | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - C:\Users\Rachel\Desktop\OTL.exe (OldTimer Tools)PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)PRC - C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)PRC - C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe ()PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)========== Modules (SafeList) ==========MOD - C:\Users\Rachel\Desktop\OTL.exe (OldTimer Tools)MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)========== Win32 Services (SafeList) ==========SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)SRV - (Browser Defender Update Service) -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)SRV - (sdCoreService) -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe (PC Tools)SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)SRV - (sdAuxService) -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe (PC Tools)SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)========== Driver Services (SafeList) ==========DRV:64bit: - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys File not foundDRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)DRV:64bit: - (pctEFA) -- C:\Windows\SysNative\drivers\pctEFA64.sys (PC Tools)DRV:64bit: - (pctDS) -- C:\Windows\SysNative\drivers\pctDS64.sys (PC Tools)DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)DRV:64bit: - (LVUVC64) Logitech QuickCam S5500(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)DRV:64bit: - (SrvHsfPCI) -- C:\Windows\SysNative\drivers\VSTBS26.SYS (Conexant Systems, Inc.)DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)DRV:64bit: - (xcbdaNtscV) ViXS Tuner Card (NTSC) -- C:\Windows\SysNative\drivers\xcbdaVx64.sys (ViXS Systems Inc.)DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 A2 7F F7 BE 52 CB 01 [binary data]IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370========== FireFox ==========FF - prefs.js..browser.search.defaultengine: "Ask.com"FF - prefs.js..browser.search.defaultenginename: "Ask.com"FF - prefs.js..browser.search.order.1: "Ask.com"FF - prefs.js..browser.search.selectedEngine: "Google"FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "www.google.com"FF - prefs.js..extensions.enabledItems: {8CD0D324-2880-455F-8583-523DA80014C4}:1.9.1FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:2.0.6FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16046&locale=en_US&q="FF - prefs.js..network.proxy.http: "127.0.0.1"FF - prefs.js..network.proxy.http_port: 50370FF - prefs.js..network.proxy.type: 4FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\Firefox\ [2010/09/04 21:13:40 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/27 19:38:00 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/27 19:38:00 | 000,000,000 | ---D | M][2010/03/17 11:49:48 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Mozilla\Extensions[2010/03/17 11:49:48 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org[2010/10/27 18:36:52 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\q9wiu194.default\extensions[2010/03/17 12:17:58 | 000,002,425 | ---- | M] () -- C:\Users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\q9wiu194.default\searchplugins\askcom.xml[2010/09/12 16:14:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensionsO1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Users\Rachel\Desktop\BitComet\tools\BitCometBHO_1.3.7.16.dll File not foundO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe ()O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not foundO4 - Startup: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Users\Rachel\Desktop\BitComet.exe (www.BitComet.com)O8:64bit: - Extra context menu item: &D&ownload all video with BitComet - C:\Users\Rachel\Desktop\BitComet.exe (www.BitComet.com)O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Users\Rachel\Desktop\BitComet.exe (www.BitComet.com)O8 - Extra context menu item: &D&ownload &with BitComet - C:\Users\Rachel\Desktop\BitComet.exe (www.BitComet.com)O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Users\Rachel\Desktop\BitComet.exe (www.BitComet.com)O8 - Extra context menu item: &D&ownload all with BitComet - C:\Users\Rachel\Desktop\BitComet.exe (www.BitComet.com)O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Users\Rachel\Desktop\BitComet\tools\BitCometBHO_1.3.7.16.dll File not foundO10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)O13 - gopher Prefix: missingO13 - gopher Prefix: missingO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not foundO18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not foundO18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not foundO18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not foundO20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O32 - AutoRun File - [2007/07/03 15:55:19 | 000,000,024 | ---- | M] () - C:\autoexec.txt -- [ NTFS ]O32 - AutoRun File - [2008/08/18 14:27:08 | 000,000,809 | ---- | M] () - L:\Autoexec.bat -- [ NTFS ]O32 - AutoRun File - [2009/09/20 18:19:31 | 000,000,067 | ---- | M] () - L:\Autorun.inf -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*========== Files/Folders - Created Within 30 Days ==========[2010/11/14 16:51:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET[2010/11/14 16:26:32 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Rachel\Desktop\OTL.exe[2010/11/12 12:55:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro[2010/11/10 12:53:06 | 000,000,000 | ---D | C] -- C:\Windows\pss[2010/11/01 15:20:15 | 000,000,000 | ---D | C] -- C:\gPotato[2010/11/01 15:17:13 | 000,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Local\PMB Files[2010/11/01 15:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files[2010/11/01 15:16:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks[2010/10/26 12:22:01 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll[2010/10/26 12:22:01 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll[2010/10/26 12:22:01 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll[2010/10/26 12:22:01 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax[2010/10/26 12:22:01 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax[2010/10/26 12:22:01 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax[2010/10/26 12:22:01 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax[2010/10/26 12:21:56 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys[2010/10/23 13:56:34 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee[2010/10/17 15:44:49 | 000,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Roaming\CometPlayer[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2010/11/15 13:26:58 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2010/11/15 13:26:58 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2010/11/15 13:19:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2010/11/15 13:19:35 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys[2010/11/15 13:18:08 | 000,000,020 | ---- | M] () -- C:\Users\Rachel\defogger_reenable[2010/11/15 09:31:35 | 000,003,584 | ---- | M] () -- C:\Users\Rachel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010/11/14 19:35:52 | 000,000,104 | ---- | M] () -- C:\Users\Rachel\Desktop\Control Panel - Shortcut.lnk[2010/11/14 16:26:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Rachel\Desktop\OTL.exe[2010/11/14 14:09:45 | 000,022,390 | ---- | M] () -- C:\Users\Rachel\Documents\hersh5.jpg[2010/11/14 14:07:16 | 000,029,840 | ---- | M] () -- C:\Users\Rachel\Documents\hersh1.jpg[2010/11/12 15:39:59 | 000,011,916 | ---- | M] () -- C:\Users\Rachel\Documents\What principles from the classical school continue to characterize modern thought on crime.docx[2010/11/12 12:55:24 | 000,002,093 | ---- | M] () -- C:\Users\Rachel\Desktop\HijackThis.lnk[2010/11/10 12:26:12 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2010/11/10 12:26:12 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2010/11/10 12:26:11 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2010/11/09 19:31:36 | 000,003,736 | ---- | M] () -- C:\Users\Rachel\Desktop\BitComet.xml[2010/11/09 19:31:26 | 000,006,571 | ---- | M] () -- C:\Users\Rachel\Desktop\Downloads.xml[2010/11/09 16:10:48 | 000,006,571 | ---- | M] () -- C:\Users\Rachel\Desktop\Downloads.xml.bak[2010/11/08 11:08:22 | 000,060,416 | ---- | M] () -- C:\Users\Rachel\Documents\LearningTeamCharterCriminology.doc[2010/11/07 15:52:40 | 000,001,029 | ---- | M] () -- C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk[2010/11/03 10:44:32 | 000,010,892 | ---- | M] () -- C:\Users\Rachel\Documents\coverletter.docx[2010/11/02 20:37:34 | 000,001,628 | ---- | M] () -- C:\Users\Rachel\Desktop\AikaOnline.lnk[2010/11/01 15:20:06 | 470,233,249 | ---- | M] () -- C:\Users\Rachel\Desktop\Aika_AshesOfBetrayal.exe[2010/10/27 19:36:10 | 000,010,245 | ---- | M] () -- C:\Users\Rachel\Documents\CJAsta.docx[2010/10/26 12:21:50 | 001,197,970 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB[2010/10/17 15:44:51 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Comet Player.lnk[2010/10/17 15:44:51 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\MpcStar.lnk[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]========== Files Created - No Company Name ==========[2010/11/15 13:18:08 | 000,000,020 | ---- | C] () -- C:\Users\Rachel\defogger_reenable[2010/11/15 09:31:34 | 000,003,584 | ---- | C] () -- C:\Users\Rachel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010/11/14 19:35:52 | 000,000,104 | ---- | C] () -- C:\Users\Rachel\Desktop\Control Panel - Shortcut.lnk[2010/11/14 14:16:46 | 000,022,390 | ---- | C] () -- C:\Users\Rachel\Documents\hersh5.jpg[2010/11/14 14:16:30 | 000,029,840 | ---- | C] () -- C:\Users\Rachel\Documents\hersh1.jpg[2010/11/12 12:55:24 | 000,002,093 | ---- | C] () -- C:\Users\Rachel\Desktop\HijackThis.lnk[2010/11/11 19:14:04 | 000,011,916 | ---- | C] () -- C:\Users\Rachel\Documents\What principles from the classical school continue to characterize modern thought on crime.docx[2010/11/08 11:08:22 | 000,060,416 | ---- | C] () -- C:\Users\Rachel\Documents\LearningTeamCharterCriminology.doc[2010/11/01 15:23:13 | 000,001,628 | ---- | C] () -- C:\Users\Rachel\Desktop\AikaOnline.lnk[2010/11/01 15:17:22 | 470,233,249 | ---- | C] () -- C:\Users\Rachel\Desktop\Aika_AshesOfBetrayal.exe[2010/10/27 19:36:09 | 000,010,245 | ---- | C] () -- C:\Users\Rachel\Documents\CJAsta.docx[2010/10/22 15:34:40 | 000,001,029 | ---- | C] () -- C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk[2010/10/17 15:44:51 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Comet Player.lnk[2010/09/04 21:13:39 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll[2010/04/19 18:36:58 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll========== Alternate Data Streams ==========@Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:DFC5A2B2@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:430C6D84< End of report >TDSSKiller2010/11/15 13:29:41.0478 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:222010/11/15 13:29:41.0478 ================================================================================2010/11/15 13:29:41.0478 SystemInfo:2010/11/15 13:29:41.0478 2010/11/15 13:29:41.0478 OS Version: 6.1.7600 ServicePack: 0.02010/11/15 13:29:41.0478 Product type: Workstation2010/11/15 13:29:41.0478 ComputerName: RACHEL-PC2010/11/15 13:29:41.0478 UserName: Rachel2010/11/15 13:29:41.0478 Windows directory: C:\Windows2010/11/15 13:29:41.0478 System windows directory: C:\Windows2010/11/15 13:29:41.0478 Running under WOW642010/11/15 13:29:41.0478 Processor architecture: Intel x642010/11/15 13:29:41.0478 Number of processors: 22010/11/15 13:29:41.0478 Page size: 0x10002010/11/15 13:29:41.0478 Boot type: Normal boot2010/11/15 13:29:41.0478 ================================================================================2010/11/15 13:29:41.0478 Utility is running under WOW642010/11/15 13:29:41.0853 Initialize success2010/11/15 13:29:44.0130 ================================================================================2010/11/15 13:29:44.0130 Scan started2010/11/15 13:29:44.0130 Mode: Manual; 2010/11/15 13:29:44.0130 ================================================================================2010/11/15 13:29:45.0129 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys2010/11/15 13:29:45.0176 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys2010/11/15 13:29:45.0207 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys2010/11/15 13:29:45.0254 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys2010/11/15 13:29:45.0285 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys2010/11/15 13:29:45.0316 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys2010/11/15 13:29:45.0363 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys2010/11/15 13:29:45.0394 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys2010/11/15 13:29:45.0441 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys2010/11/15 13:29:45.0488 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys2010/11/15 13:29:45.0534 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys2010/11/15 13:29:45.0550 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys2010/11/15 13:29:45.0581 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys2010/11/15 13:29:45.0628 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys2010/11/15 13:29:45.0659 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys2010/11/15 13:29:45.0675 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys2010/11/15 13:29:45.0737 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys2010/11/15 13:29:45.0753 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys2010/11/15 13:29:45.0784 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys2010/11/15 13:29:45.0815 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys2010/11/15 13:29:45.0862 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys2010/11/15 13:29:45.0924 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys2010/11/15 13:29:45.0956 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys2010/11/15 13:29:46.0002 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys2010/11/15 13:29:46.0034 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys2010/11/15 13:29:46.0049 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys2010/11/15 13:29:46.0080 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys2010/11/15 13:29:46.0127 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys2010/11/15 13:29:46.0143 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys2010/11/15 13:29:46.0158 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys2010/11/15 13:29:46.0174 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys2010/11/15 13:29:46.0205 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys2010/11/15 13:29:46.0252 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys2010/11/15 13:29:46.0283 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys2010/11/15 13:29:46.0299 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys2010/11/15 13:29:46.0361 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys2010/11/15 13:29:46.0408 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys2010/11/15 13:29:46.0424 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys2010/11/15 13:29:46.0439 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys2010/11/15 13:29:46.0470 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys2010/11/15 13:29:46.0502 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys2010/11/15 13:29:46.0533 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys2010/11/15 13:29:46.0580 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys2010/11/15 13:29:46.0642 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys2010/11/15 13:29:46.0673 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys2010/11/15 13:29:46.0689 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys2010/11/15 13:29:46.0736 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys2010/11/15 13:29:46.0798 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys2010/11/15 13:29:46.0907 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys2010/11/15 13:29:47.0032 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys2010/11/15 13:29:47.0079 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys2010/11/15 13:29:47.0126 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys2010/11/15 13:29:47.0157 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys2010/11/15 13:29:47.0188 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys2010/11/15 13:29:47.0219 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys2010/11/15 13:29:47.0235 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys2010/11/15 13:29:47.0266 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys2010/11/15 13:29:47.0297 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys2010/11/15 13:29:47.0328 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys2010/11/15 13:29:47.0360 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys2010/11/15 13:29:47.0391 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys2010/11/15 13:29:47.0422 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys2010/11/15 13:29:47.0484 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys2010/11/15 13:29:47.0531 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys2010/11/15 13:29:47.0594 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys2010/11/15 13:29:47.0640 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys2010/11/15 13:29:47.0656 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys2010/11/15 13:29:47.0687 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys2010/11/15 13:29:47.0718 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys2010/11/15 13:29:47.0765 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys2010/11/15 13:29:47.0812 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys2010/11/15 13:29:47.0859 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys2010/11/15 13:29:47.0890 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys2010/11/15 13:29:47.0921 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys2010/11/15 13:29:48.0046 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys2010/11/15 13:29:48.0108 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys2010/11/15 13:29:48.0140 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys2010/11/15 13:29:48.0186 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys2010/11/15 13:29:48.0202 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys2010/11/15 13:29:48.0233 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys2010/11/15 13:29:48.0264 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys2010/11/15 13:29:48.0327 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys2010/11/15 13:29:48.0342 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys2010/11/15 13:29:48.0374 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys2010/11/15 13:29:48.0389 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys2010/11/15 13:29:48.0420 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys2010/11/15 13:29:48.0436 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys2010/11/15 13:29:48.0483 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys2010/11/15 13:29:48.0498 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys2010/11/15 13:29:48.0576 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys2010/11/15 13:29:48.0608 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys2010/11/15 13:29:48.0654 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys2010/11/15 13:29:48.0701 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys2010/11/15 13:29:48.0732 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys2010/11/15 13:29:48.0748 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys2010/11/15 13:29:48.0779 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys2010/11/15 13:29:48.0810 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys2010/11/15 13:29:48.0857 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys2010/11/15 13:29:48.0873 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys2010/11/15 13:29:48.0935 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys2010/11/15 13:29:49.0122 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys2010/11/15 13:29:49.0341 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys2010/11/15 13:29:49.0372 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys2010/11/15 13:29:49.0403 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys2010/11/15 13:29:49.0450 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys2010/11/15 13:29:49.0481 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys2010/11/15 13:29:49.0528 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys2010/11/15 13:29:49.0559 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys2010/11/15 13:29:49.0575 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys2010/11/15 13:29:49.0606 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys2010/11/15 13:29:49.0622 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys2010/11/15 13:29:49.0668 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys2010/11/15 13:29:49.0700 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys2010/11/15 13:29:49.0731 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys2010/11/15 13:29:49.0778 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys2010/11/15 13:29:49.0793 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys2010/11/15 13:29:49.0809 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys2010/11/15 13:29:49.0856 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys2010/11/15 13:29:49.0871 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys2010/11/15 13:29:49.0887 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys2010/11/15 13:29:49.0934 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys2010/11/15 13:29:49.0965 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys2010/11/15 13:29:49.0980 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys2010/11/15 13:29:50.0012 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys2010/11/15 13:29:50.0043 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys2010/11/15 13:29:50.0058 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys2010/11/15 13:29:50.0074 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys2010/11/15 13:29:50.0121 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys2010/11/15 13:29:50.0168 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys2010/11/15 13:29:50.0214 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys2010/11/15 13:29:50.0261 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys2010/11/15 13:29:50.0292 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys2010/11/15 13:29:50.0308 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys2010/11/15 13:29:50.0324 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys2010/11/15 13:29:50.0355 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys2010/11/15 13:29:50.0370 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys2010/11/15 13:29:50.0402 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys2010/11/15 13:29:50.0464 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys2010/11/15 13:29:50.0495 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys2010/11/15 13:29:50.0526 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys2010/11/15 13:29:50.0589 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys2010/11/15 13:29:50.0651 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys2010/11/15 13:29:50.0932 nvlddmkm (feffc8474be060ea7349a172b9810415) C:\Windows\system32\DRIVERS\nvlddmkm.sys2010/11/15 13:29:50.0994 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys2010/11/15 13:29:51.0010 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys2010/11/15 13:29:51.0057 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys2010/11/15 13:29:51.0104 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys2010/11/15 13:29:51.0150 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys2010/11/15 13:29:51.0182 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys2010/11/15 13:29:51.0291 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys2010/11/15 13:29:51.0322 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys2010/11/15 13:29:51.0369 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys2010/11/15 13:29:51.0416 PCTCore (3db59fe90f3525cd9bf120b726c11800) C:\Windows\system32\drivers\PCTCore64.sys2010/11/15 13:29:51.0462 pctDS (ff43e3b1687e4e2140de6349ea5c7372) C:\Windows\system32\drivers\pctDS64.sys2010/11/15 13:29:51.0494 pctEFA (60e9a05852af7e9cb11237c00aee4ccf) C:\Windows\system32\drivers\pctEFA64.sys2010/11/15 13:29:51.0540 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys2010/11/15 13:29:51.0556 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys2010/11/15 13:29:51.0650 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys2010/11/15 13:29:51.0665 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys2010/11/15 13:29:51.0728 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys2010/11/15 13:29:51.0774 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys2010/11/15 13:29:51.0837 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys2010/11/15 13:29:51.0868 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys2010/11/15 13:29:51.0899 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys2010/11/15 13:29:51.0930 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys2010/11/15 13:29:51.0962 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys2010/11/15 13:29:51.0993 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys2010/11/15 13:29:52.0008 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys2010/11/15 13:29:52.0040 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys2010/11/15 13:29:52.0071 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys2010/11/15 13:29:52.0086 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys2010/11/15 13:29:52.0133 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys2010/11/15 13:29:52.0149 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys2010/11/15 13:29:52.0164 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys2010/11/15 13:29:52.0196 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys2010/11/15 13:29:52.0211 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys2010/11/15 13:29:52.0258 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys2010/11/15 13:29:52.0305 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys2010/11/15 13:29:52.0336 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys2010/11/15 13:29:52.0367 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys2010/11/15 13:29:52.0398 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys2010/11/15 13:29:52.0445 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys2010/11/15 13:29:52.0461 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys2010/11/15 13:29:52.0492 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys2010/11/15 13:29:52.0539 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys2010/11/15 13:29:52.0554 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys2010/11/15 13:29:52.0570 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys2010/11/15 13:29:52.0601 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys2010/11/15 13:29:52.0632 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys2010/11/15 13:29:52.0648 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys2010/11/15 13:29:52.0679 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys2010/11/15 13:29:52.0726 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys2010/11/15 13:29:52.0851 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys2010/11/15 13:29:52.0929 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys2010/11/15 13:29:52.0991 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys2010/11/15 13:29:53.0054 SrvHsfPCI (93132c69394a99d992095d8cfe464801) C:\Windows\system32\DRIVERS\VSTBS26.SYS2010/11/15 13:29:53.0210 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS2010/11/15 13:29:53.0303 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS2010/11/15 13:29:53.0366 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys2010/11/15 13:29:53.0428 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys2010/11/15 13:29:53.0490 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys2010/11/15 13:29:53.0522 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys2010/11/15 13:29:53.0537 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys2010/11/15 13:29:53.0631 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys2010/11/15 13:29:53.0709 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys2010/11/15 13:29:53.0740 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys2010/11/15 13:29:53.0771 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys2010/11/15 13:29:53.0802 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys2010/11/15 13:29:53.0834 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys2010/11/15 13:29:53.0849 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys2010/11/15 13:29:53.0896 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys2010/11/15 13:29:53.0943 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys2010/11/15 13:29:53.0958 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys2010/11/15 13:29:53.0990 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys2010/11/15 13:29:54.0036 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys2010/11/15 13:29:54.0068 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys2010/11/15 13:29:54.0083 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys2010/11/15 13:29:54.0161 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys2010/11/15 13:29:54.0208 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys2010/11/15 13:29:54.0255 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys2010/11/15 13:29:54.0286 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys2010/11/15 13:29:54.0317 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys2010/11/15 13:29:54.0348 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys2010/11/15 13:29:54.0364 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys2010/11/15 13:29:54.0395 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys2010/11/15 13:29:54.0411 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS2010/11/15 13:29:54.0442 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys2010/11/15 13:29:54.0473 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys2010/11/15 13:29:54.0504 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys2010/11/15 13:29:54.0520 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys2010/11/15 13:29:54.0551 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys2010/11/15 13:29:54.0582 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys2010/11/15 13:29:54.0629 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys2010/11/15 13:29:54.0645 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys2010/11/15 13:29:54.0676 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys2010/11/15 13:29:54.0692 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys2010/11/15 13:29:54.0723 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys2010/11/15 13:29:54.0754 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys2010/11/15 13:29:54.0770 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys2010/11/15 13:29:54.0816 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys2010/11/15 13:29:54.0848 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys2010/11/15 13:29:54.0848 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys2010/11/15 13:29:54.0894 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys2010/11/15 13:29:54.0941 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys2010/11/15 13:29:55.0066 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys2010/11/15 13:29:55.0097 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys2010/11/15 13:29:55.0191 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys2010/11/15 13:29:55.0206 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys2010/11/15 13:29:55.0269 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys2010/11/15 13:29:55.0300 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys2010/11/15 13:29:55.0347 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys2010/11/15 13:29:55.0550 xcbdaNtscV (6caf33678521eb2ae97fe808f19e25ca) C:\Windows\system32\DRIVERS\xcbdaVx64.sys2010/11/15 13:29:55.0612 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys2010/11/15 13:29:55.0659 ================================================================================2010/11/15 13:29:55.0659 Scan finished2010/11/15 13:29:55.0659 ================================================================================ Link to post Share on other sites More sharing options...
RaandJ04 Posted November 15, 2010 Author ID:345851 Share Posted November 15, 2010 Here are the results from Microsoft's Malicious Software Removal Tool:---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v3.10, August 2010Started On Tue Aug 24 13:38:55 2010WARNING: Security policy doesn't allow for all actions MSRT may require.->Scan ERROR: resource process://pid:2044 (code 0x00000005 (5))->Scan ERROR: resource process://pid:1324 (code 0x00000057 (87))-> Sysclean ERROR: Internal error, code = 80508015Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Tue Aug 24 13:39:59 2010Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v3.11, September 2010Started On Wed Sep 15 03:01:45 2010WARNING: Security policy doesn't allow for all actions MSRT may require.->Scan ERROR: resource process://pid:6004 (code 0x00000005 (5))Engine internal result code = 80508015Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 15 03:03:03 2010Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v3.12, October 2010Started On Wed Oct 13 03:01:03 2010WARNING: Security policy doesn't allow for all actions MSRT may require.->Scan ERROR: resource process://pid:4944 (code 0x00000005 (5))Engine internal result code = 80508015Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 13 03:02:16 2010Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v3.13, November 2010Started On Mon Nov 15 13:35:26 2010Microsoft Windows Malicious Software Removal Tool Finished On Mon Nov 15 13:35:48 2010Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v3.13, November 2010Started On Mon Nov 15 13:36:51 2010Extended Scan Results----------------->Scan ERROR: resource process://pid:4832 (code 0x00000005 (5))->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))->Scan ERROR: resource file://C:\System Volume Information\{0b9f4188-ed02-11df-8e2c-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{0b9f418c-ed02-11df-8e2c-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{0b9f431b-ed02-11df-8e2c-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{0b9f4425-ed02-11df-8e2c-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{4339f4f2-ee8c-11df-8434-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{7ead7ce7-eaa8-11df-892f-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{7ead7ceb-eaa8-11df-892f-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{83b23b07-ecf3-11df-8bde-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{83b23b0b-ecf3-11df-8bde-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{83b23b17-ecf3-11df-8bde-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{989ce0af-ec68-11df-a1ff-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{989ce1ee-ec68-11df-a1ff-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{9d08c12b-de1b-11df-948e-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{9d08c38a-de1b-11df-948e-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{9d08c459-de1b-11df-948e-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{b9a814a7-ecee-11df-9f9a-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{b9a814ab-ecee-11df-9f9a-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{b9a814b7-ecee-11df-9f9a-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{b9d51b08-ee7a-11df-96be-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{bb44b717-cc62-11df-844c-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{bb44b7ce-cc62-11df-844c-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{bb44b837-cc62-11df-844c-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{bb44b875-cc62-11df-844c-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{bb44b987-cc62-11df-844c-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{bb44baee-cc62-11df-844c-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{c65b3092-d69a-11df-a375-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{c65b3236-d69a-11df-a375-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{cbcdb287-eea8-11df-9ea0-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{e4e11fad-e19a-11df-a664-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{e4e1207f-e19a-11df-a664-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{e823f0b9-ecea-11df-a5d7-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{e823f0c0-ecea-11df-a5d7-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{f0abfa91-edf1-11df-89c9-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{f0abfa9d-edf1-11df-89c9-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{f0abfaa1-edf1-11df-89c9-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{f0abfc05-edf1-11df-89c9-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{f6dd6647-e446-11df-9359-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{f6dd67b0-e446-11df-9359-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{f6dd6886-e446-11df-9359-001bb95d64da}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))No infection found as part of the extended scanResults Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Mon Nov 15 17:18:23 2010Return code: 0 (0x0) Link to post Share on other sites More sharing options...
negster22 Posted November 15, 2010 ID:345868 Share Posted November 15, 2010 I have to review your logs, but in the mean time see if this enables You to run the ESET scan:First, do this to disable the proxy settings in Internet Explorer (this setting is commonly changed by malware):1) Under Link to post Share on other sites More sharing options...
negster22 Posted November 16, 2010 ID:345950 Share Posted November 16, 2010 Open the Control Panel > Programs and Remove these programs:LimeWire ToolbarBitComet HelperBonjourClose the Control PanelRun OTL.exeCopy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL:OTLO2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Users\Rachel\Desktop\BitComet\tools\BitCometBHO_1.3.7.16.dll File not foundO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Users\Rachel\Desktop\BitComet\tools\BitCometBHO_1.3.7.16.dll File not foundO20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found:Commands[EmptyFlash][EmptyTemp][Purity]Click the Run Fix button at the topLet the program run WITHOUT interference.When it is done, it will reboot and produce a log.Please Copy/Paste the OTL log into your next replyTo fix the Firefox proxy issue:Open FirefoxClick Tools > Options > Advanced > Network > Settings. Then Check "No Proxy".To disable the proxy settings in Internet Explorer :1) Under Tools in the browser tool bar select : Internet Options.2) In the Internet Options window that pops up, click the Connections tab at the top.3) Click LAN Settings near the bottom of the Connections section.4) If the Proxy server checkbox is checked, UNcheck it.5) Click OK to close the Local Area Network (LAN) Settings window.6) Click OK to close the Internet Options window. Link to post Share on other sites More sharing options...
RaandJ04 Posted November 16, 2010 Author ID:346392 Share Posted November 16, 2010 Ok so I was able to fix the proxy settings with your help and run the ESET scan and I will post the results below. I did not run the OTL fix as suggested because I am not able to find Bitcomet Helper to uninstall the program. Also after the ESET scan completed I went to the log found under program files and there was nothing there but thisESETSmartInstaller@High as CAB hook log:OnlineScanner64.ocx - registred OKOnlineScanner.ocx - registred OKThere were no other txt documents.Any suggestions in regard to this would be helpful thank you again! Link to post Share on other sites More sharing options...
negster22 Posted November 16, 2010 ID:346426 Share Posted November 16, 2010 See if You can access the ESET scan report this way:Open a Run LineClick the Windows 7 Start OrbType Run in the "Start Search" BoxAt the top of the returned results, Under Programs, double-click RunPaste the following bolded text exactly (including the quotes) into the Open Box and Click OK:"C:\Program Files\EsetOnlineScanner\log.txt"It should look like this (maybe your's is truncated):# version=4# OnlineScanner.ocx=1.0.0.56# OnlineScannerDLLA.dll=1, 0, 0, 51# OnlineScannerDLLW.dll=1, 0, 0, 51# OnlineScannerUninstaller.exe=1, 0, 0, 49# vers_standard_module=2440 (20070806)# vers_arch_module=1.057 (20070802)# vers_adv_heur_module=1.065 (20070802)# EOSSerial=1b4fabfbdd20854e918f213f0ae81857# end=finished# remove_checked=false# unwanted_checked=false# utc_time=2007-08-06 11:09:04# local_time=2007-08-06 07:09:04 (-0500, Eastern Daylight Time)# country="United States"# osver=6.0.6000 NT # scanned=114698# found=0# scan_time=843# nod_component=NOD32MOD_WINNT_ENGLISH_BASE Build:0x11081627 (NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Base)# nod_component=NOD32MOD_WINNT_ENGLISH_INET Build:0x11081627 (NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Internet support)# nod_component=NOD32MOD_WINNT_ENGLISH_STANDARD Build:0x11081627 (NOD32 for Windows NT/2000/XP/2003/Vista/x64 - Standard component) Link to post Share on other sites More sharing options...
RaandJ04 Posted November 17, 2010 Author ID:346763 Share Posted November 17, 2010 When I try that it says that it refers to a location which is currently unavailable. Link to post Share on other sites More sharing options...
negster22 Posted November 17, 2010 ID:346790 Share Posted November 17, 2010 Please run mbr.exe and post back the log as follows:Copy / Paste the following command at the command prompt, and hit Entermbr.exe -t -s > "%userprofile%\desktop\mbr.log"Open the log it created on your Desktop by double-clicking mbr.log, and copy and paste the contents of mbr.log into your next reply.Please run the F-Secure Online Scanner >Here< by checking the "I have read and accepted the license terms" checkbox and clicking the "Run Check" button.When done click "Show report" and copy/paste its contents into your next reply Link to post Share on other sites More sharing options...
Recommended Posts