dfethers Posted December 14, 2010 ID:360748 Share Posted December 14, 2010 Hope someone can help on this one. I am now running Malwarebytes Pro.DDS (Ver_10-12-12.02) - NTFSx86 Run by dfethers at 19:46:18.48 on 14/12/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Enterprise 6.1.7600.0.1252.61.1033.18.2047.1047 [GMT 11:00]AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}SP: Trend Micro Client/Server Security Agent Anti-spyware *Enabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exeC:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exeC:\Program Files\ATKGFNEX\GFNEXSrv.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\M-Files\7.0.2589.6\Bin\x86\mfclient.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Kaseya\Agent\AgentMon.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\Program Files\M-Files\7.0.2589.6\Bin\x86\mfsetup.exeC:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files\ASUS\NB Probe\SPM\spmgr.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\atieclxx.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\taskhost.exeC:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exeC:\Program Files\ASUS\ATK Hotkey\HControl.exeC:\Program Files\P4G\BatteryLife.exeC:\Program Files\Wireless Console 2\wcourier.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\ASUS\ASUS Live Update\ALU.exeC:\Program Files\ASUS\SmartLogon\sensorsrv.exeC:\Program Files\ASUS\ASUS CopyProtect\aspg.exeC:\Program Files\ASUS\ATK Hotkey\ATKOSD.exeC:\Program Files\ASUS\Splendid\ACMON.exeC:\Program Files\ASUS\Net4Switch\Net4Switch.exeC:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exeC:\Program Files\ASUS\ATK Hotkey\KBFiltr.exeC:\Program Files\ASUS\ATK Hotkey\WDC.exeC:\Windows\System32\ACEngSvr.exeC:\Program Files\ASUS\ATKOSD2\ATKOSD2.exeC:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exeC:\Program Files\Kaseya\Agent\KaUsrTsk.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\M-Files\7.0.2589.6\Bin\x86\MFAUClient.exeC:\Program Files\M-Files\7.0.2589.6\Bin\x86\MFStatus.exeC:\Program Files\Nero\Update\NASvc.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\ProgramData\U3\U3Launcher\LaunchU3.exeC:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exeC:\Windows\system32\conhost.exeC:\Windows\System32\mobsync.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Windows\system32\taskhost.exeC:\Users\dfethers\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\dfethers\AppData\Local\Google\Chrome\Application\chrome.exec:\program files\windows defender\MpCmdRun.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Users\dfethers\Downloads\dds.scrC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exe============== Pseudo HJT Report ===============uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUSuSearch Page = hxxp://www.telstra.com/uStart Page = hxxp://www.google.com.au/uWindow Title = Telstra BigPond Home Internet ExplorermDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUSmStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUSuInternet Settings,ProxyOverride = *.localBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1003\TmIEPlg.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: DialIEBHO Class: {e14eb96c-ac90-45be-9fde-37c5652f1a65} - c:\program files\mitel\unified communicator advanced 3.2\assemblies\DialIE.dllTB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dlluRun: [Google Update] "c:\users\dfethers\appdata\local\google\update\GoogleUpdate.exe" /cmRun: [ATKOSD2] c:\program files\asus\atkosd2\ATKOSD2.exemRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindowmRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -smRun: [KASHCRRSLT57696379106515] "c:\program files\kaseya\agent\KaUsrTsk.exe"mRun: [M-Files Updates 7.0.2589.6] "c:\program files\m-files\7.0.2589.6\bin\x86\MFAUClient.exe"mRun: [M-Files Status 7.0.2589.6] "c:\program files\m-files\7.0.2589.6\bin\x86\MFStatus.exe"mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttrayStartupFolder: c:\users\dfethers\appdata\roaming\micros~1\windows\startm~1\programs\startup\launch~1.lnk - c:\users\dfethers\appdata\roaming\microsoft\installer\{d8e363a7-88b7-446d-b2c0-e26ce4dc8e54}\_294823.exemPolicies-explorer: NoWelcomeScreen = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableLUA = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)mPolicies-system: PromptOnSecureDesktop = 0 (0x0)IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLLTCP: {474121F4-3DC9-4106-8837-C51A8113AEC8} = 10.0.0.1TCP: {DD945C8E-4A8B-49A7-9CE3-03C17D7BCDC8} = 139.130.4.4 203.50.2.71Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllHandler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\client server security agent\bho\1003\TmIEPlg.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllLSA: Notification Packages = scecli c:\program files\asus\asus data security manager\ASPWDFLT============= SERVICES / DRIVERS ===============R0 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2010-6-23 15416]R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2009-7-16 146448]R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-6-23 172032]R2 KACRRSLT57696379106515;Kaseya Agent;c:\program files\kaseya\agent\AgentMon.exe [2010-6-24 745472]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-14 363344]R2 MFClient 7.0.2589.6;M-Files Client 7.0.2589.6;c:\program files\m-files\7.0.2589.6\bin\x86\MFClient.exe [2010-9-21 4231992]R2 MFSetup 7.0.2589.6;M-Files Common Services 7.0.2589.6;c:\program files\m-files\7.0.2589.6\bin\x86\MFSetup.exe [2010-9-21 965432]R2 MSSQL$WK3SINGLE;SQL Server (WK3SINGLE);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-25 29263712]R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-7-7 50704]R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\tmxpflt.sys [2009-6-11 230928]R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2009-6-11 36368]R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2009-7-16 283152]R3 KAPFA;KAPFA;c:\windows\system32\drivers\KaPFA.sys [2010-6-24 16384]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-14 20952]R3 MFFSD6320733A-D907-4287-B5CD-A96EE25D9C08;MFFSD6320733A-D907-4287-B5CD-A96EE25D9C08;c:\program files\m-files\7.0.2589.6\bin\x86\MFFSD.sys [2010-9-20 73400]R3 MFVDDC45894A2-7BC8-4878-AF05-A1E6545991F4;MFVDDC45894A2-7BC8-4878-AF05-A1E6545991F4;c:\program files\m-files\7.0.2589.6\bin\x86\MFVDD.sys [2010-9-20 16312]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-6-23 167424]R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2009-6-11 48128]R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\trend micro\client server security agent\TmPfw.exe [2009-7-15 497008]R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\trend micro\client server security agent\TmProxy.exe [2009-7-15 689416]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-5 136176]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-6-29 7168]S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-25 1343400]=============== Created Last 30 ================2010-12-14 01:04:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-12-14 01:04:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-12-13 22:23:39 6084944 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{632b12f7-5f40-4904-8df0-315e11631976}\mpengine.dll2010-12-11 06:10:39 -------- d-----w- c:\program files\Enigma Software Group2010-12-11 06:05:45 -------- d-----w- c:\windows\3636C9237AD64DE3978A09609AEE8ECF.TMP2010-12-11 06:05:37 -------- d-----w- c:\program files\common files\Wise Installation Wizard2010-12-11 05:08:56 -------- d-----w- c:\users\dfethers\appdata\local\Sunbelt Software2010-12-10 23:05:26 -------- d-----w- c:\program files\Spybot - Search & Destroy2010-12-10 23:05:26 -------- d-----w- c:\progra~2\Spybot - Search & Destroy2010-12-10 09:43:02 -------- d-----w- c:\users\dfethers\appdata\roaming\Malwarebytes2010-12-10 09:42:38 -------- d-----w- c:\progra~2\Malwarebytes2010-12-10 09:42:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-12-10 02:09:59 -------- d-----w- c:\program files\Emsisoft Anti-Malware2010-11-27 04:16:13 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition2010-11-27 03:45:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll2010-11-27 03:45:43 515416 ----a-w- c:\windows\system32\XAudio2_5.dll2010-11-27 03:45:42 453456 ----a-w- c:\windows\system32\d3dx10_42.dll2010-11-27 03:44:54 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll2010-11-27 03:43:22 2983424 ----a-w- c:\windows\system32\UIRibbon.dll2010-11-27 03:43:21 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll2010-11-27 03:39:03 94040 ----a-w- c:\program files\common files\windows live\.cache\9fc641671cb8de404\DSETUP.dll2010-11-27 03:39:03 525656 ----a-w- c:\program files\common files\windows live\.cache\9fc641671cb8de404\DXSETUP.exe2010-11-27 03:39:03 1691480 ----a-w- c:\program files\common files\windows live\.cache\9fc641671cb8de404\dsetup32.dll2010-11-27 03:38:54 196608 ----a-w- c:\windows\system32\mfreadwrite.dll2010-11-27 03:38:53 3181568 ----a-w- c:\windows\system32\mf.dll2010-11-27 03:38:52 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL2010-11-27 03:38:50 94040 ----a-w- c:\program files\common files\windows live\.cache\9352eed81cb8de403\DSETUP.dll2010-11-27 03:38:50 525656 ----a-w- c:\program files\common files\windows live\.cache\9352eed81cb8de403\DXSETUP.exe2010-11-27 03:38:50 1691480 ----a-w- c:\program files\common files\windows live\.cache\9352eed81cb8de403\dsetup32.dll2010-11-27 03:36:14 -------- d-----w- c:\users\dfethers\appdata\local\Windows Live2010-11-27 03:36:13 -------- d-----w- c:\program files\common files\Windows Live==================== Find3M ====================2010-09-21 03:03:14 208768 ----a-w- c:\windows\system32\LIVESSP.DLL2010-09-20 12:44:12 777216 ----a-w- c:\windows\MFRes33D469B7-CFB7-41fc-A94A-A83BEBE59D46.dll2010-09-15 09:19:10 135168 ----a-w- c:\windows\system32\kaseyasp.dll2009-04-08 00:31:56 106496 ----a-w- c:\program files\common files\CPInstallAction.dll2008-08-11 11:45:20 155648 ----a-w- c:\program files\common files\MSIactionall.dll=================== ROOTKIT ====================Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.netWindows 6.1.7600 Disk: ST9250320AS rev.0303 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-1device: opened successfullyuser: MBR read successfullyDisk trace:called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85E64555]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85e6a7b0]; MOV EAX, [0x85e6a82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }1 ntkrnlpa!IofCallDriver[0x82E57458] -> \Device\Harddisk0\DR0[0x85E3F030]3 CLASSPNP[0x891A959E] -> ntkrnlpa!IofCallDriver[0x82E57458] -> [0x859E0830]5 ACPI[0x836AD3B2] -> ntkrnlpa!IofCallDriver[0x82E57458] -> \IdeDeviceP1T0L0-1[0x85996030]\Driver\atapi[0x85E40C20] -> IRP_MJ_CREATE -> 0x85E64555kernel: MBR read successfully_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [bP+0x0], CL; INC BP; }detected disk devices:\Device\Ide\IdeDeviceP1T0L0-1 -> \??\IDE#DiskST9250320AS_____________________________0303____#5&2f6688ee&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not founddetected hooks:user != kernel MBR !!! sectors 488397166 (+255): user != kernelWarning: possible TDL4 rootkit infection !TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.============= FINISH: 19:49:23.45 ===============Malwarebytes' Anti-Malware 1.50www.malwarebytes.orgDatabase version: 5309Windows 6.1.7600Internet Explorer 8.0.7600.1638514/12/2010 13:13:52mbam-log-2010-12-14 (13-13-52).txtScan type: Quick scanObjects scanned: 181048Time elapsed: 28 minute(s), 7 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)protection_log_2010_12_14.txtattach.zip Link to post Share on other sites More sharing options...
Kenny94 Posted December 14, 2010 ID:360784 Share Posted December 14, 2010 Hi dfethers and Welcome to Malwarebytes!Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete. Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.---------------------------------------------------------------------------------------------Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.Click the Report button and copy/paste the contents of it into your next replyNote:It will also create a log in the C:\ directory. Link to post Share on other sites More sharing options...
dfethers Posted December 14, 2010 Author ID:361016 Share Posted December 14, 2010 Thanks for helping with this.2010/12/15 08:23:05.0514 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:402010/12/15 08:23:05.0514 ================================================================================2010/12/15 08:23:05.0514 SystemInfo:2010/12/15 08:23:05.0514 2010/12/15 08:23:05.0514 OS Version: 6.1.7600 ServicePack: 0.02010/12/15 08:23:05.0514 Product type: Workstation2010/12/15 08:23:05.0514 ComputerName: INCSYDLT112010/12/15 08:23:05.0545 UserName: dfethers2010/12/15 08:23:05.0545 Windows directory: C:\Windows2010/12/15 08:23:05.0545 System windows directory: C:\Windows2010/12/15 08:23:05.0545 Processor architecture: Intel x862010/12/15 08:23:05.0545 Number of processors: 22010/12/15 08:23:05.0545 Page size: 0x10002010/12/15 08:23:05.0545 Boot type: Normal boot2010/12/15 08:23:05.0545 ================================================================================2010/12/15 08:23:07.0121 Initialize success2010/12/15 08:23:12.0924 ================================================================================2010/12/15 08:23:12.0924 Scan started2010/12/15 08:23:12.0924 Mode: Manual; 2010/12/15 08:23:12.0924 ================================================================================2010/12/15 08:23:19.0929 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys2010/12/15 08:23:20.0287 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys2010/12/15 08:23:20.0568 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys2010/12/15 08:23:20.0958 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys2010/12/15 08:23:21.0395 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys2010/12/15 08:23:21.0941 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys2010/12/15 08:23:22.0440 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys2010/12/15 08:23:22.0627 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys2010/12/15 08:23:22.0815 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys2010/12/15 08:23:23.0314 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys2010/12/15 08:23:23.0454 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys2010/12/15 08:23:23.0517 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys2010/12/15 08:23:23.0657 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys2010/12/15 08:23:23.0735 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys2010/12/15 08:23:23.0891 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys2010/12/15 08:23:24.0016 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys2010/12/15 08:23:24.0219 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys2010/12/15 08:23:24.0312 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys2010/12/15 08:23:25.0077 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys2010/12/15 08:23:25.0357 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys2010/12/15 08:23:25.0623 AsDsm (104db777372411c55850c4a2ae6877ef) C:\Windows\system32\drivers\AsDsm.sys2010/12/15 08:23:25.0763 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys2010/12/15 08:23:26.0091 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys2010/12/15 08:23:26.0153 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys2010/12/15 08:23:26.0340 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys2010/12/15 08:23:26.0964 atikmdag (65e22aa757601fb497ef495b202fb1a9) C:\Windows\system32\DRIVERS\atikmdag.sys2010/12/15 08:23:27.0916 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys2010/12/15 08:23:28.0259 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys2010/12/15 08:23:28.0493 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys2010/12/15 08:23:28.0743 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys2010/12/15 08:23:28.0852 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys2010/12/15 08:23:28.0914 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys2010/12/15 08:23:28.0977 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys2010/12/15 08:23:29.0101 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys2010/12/15 08:23:29.0335 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys2010/12/15 08:23:29.0382 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys2010/12/15 08:23:29.0445 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys2010/12/15 08:23:29.0507 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys2010/12/15 08:23:29.0601 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys2010/12/15 08:23:29.0803 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys2010/12/15 08:23:30.0022 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys2010/12/15 08:23:30.0147 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys2010/12/15 08:23:30.0942 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys2010/12/15 08:23:31.0051 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys2010/12/15 08:23:31.0129 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys2010/12/15 08:23:31.0223 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys2010/12/15 08:23:31.0395 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys2010/12/15 08:23:31.0488 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys2010/12/15 08:23:31.0769 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys2010/12/15 08:23:32.0050 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys2010/12/15 08:23:32.0143 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys2010/12/15 08:23:32.0393 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys2010/12/15 08:23:33.0204 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys2010/12/15 08:23:33.0345 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys2010/12/15 08:23:34.0218 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys2010/12/15 08:23:34.0827 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys2010/12/15 08:23:34.0983 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys2010/12/15 08:23:35.0139 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys2010/12/15 08:23:35.0232 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys2010/12/15 08:23:35.0419 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys2010/12/15 08:23:35.0513 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys2010/12/15 08:23:35.0591 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys2010/12/15 08:23:35.0669 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys2010/12/15 08:23:36.0324 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys2010/12/15 08:23:36.0543 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys2010/12/15 08:23:36.0699 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys2010/12/15 08:23:37.0182 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys2010/12/15 08:23:37.0369 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys2010/12/15 08:23:37.0572 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys2010/12/15 08:23:37.0869 ghaio (31b40f40e09513addc460f6a297ad474) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys2010/12/15 08:23:38.0071 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys2010/12/15 08:23:38.0352 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys2010/12/15 08:23:38.0742 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys2010/12/15 08:23:38.0820 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys2010/12/15 08:23:38.0898 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys2010/12/15 08:23:39.0023 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys2010/12/15 08:23:39.0241 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys2010/12/15 08:23:39.0663 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys2010/12/15 08:23:39.0787 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys2010/12/15 08:23:40.0224 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys2010/12/15 08:23:40.0443 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys2010/12/15 08:23:40.0552 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys2010/12/15 08:23:40.0895 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys2010/12/15 08:23:41.0238 IntcAzAudAddService (aee99ecf06cd1cea95816ccb5bf73ec8) C:\Windows\system32\drivers\RTKVHDA.sys2010/12/15 08:23:41.0940 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys2010/12/15 08:23:42.0034 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys2010/12/15 08:23:42.0112 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys2010/12/15 08:23:42.0299 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys2010/12/15 08:23:42.0377 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys2010/12/15 08:23:42.0564 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys2010/12/15 08:23:42.0642 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys2010/12/15 08:23:42.0720 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys2010/12/15 08:23:43.0017 KAPFA (14fa46806ddc1a2db571891324c68688) C:\Windows\system32\drivers\KAPFA.SYS2010/12/15 08:23:43.0126 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys2010/12/15 08:23:43.0204 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys2010/12/15 08:23:43.0469 kbfiltr (3eb803312987ff44265c87cb960df6ab) C:\Windows\system32\DRIVERS\kbfiltr.sys2010/12/15 08:23:43.0578 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys2010/12/15 08:23:43.0656 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys2010/12/15 08:23:43.0875 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys2010/12/15 08:23:44.0546 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys2010/12/15 08:23:44.0670 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys2010/12/15 08:23:44.0780 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys2010/12/15 08:23:44.0858 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys2010/12/15 08:23:44.0967 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys2010/12/15 08:23:45.0154 lullaby (969d61d7463d78037dc6b020a435fc0c) C:\Windows\system32\DRIVERS\lullaby.sys2010/12/15 08:23:45.0357 massfilter (6490fe1b088c7199a9b6ce0e04a98a8b) C:\Windows\system32\drivers\massfilter.sys2010/12/15 08:23:45.0669 MBAMProtector (9b5cc6c481bdd00a963829b892623247) C:\Windows\system32\drivers\mbam.sys2010/12/15 08:23:45.0981 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys2010/12/15 08:23:46.0106 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys2010/12/15 08:23:46.0480 MFFSD6320733A-D907-4287-B5CD-A96EE25D9C08 (d9e5a7466f1b76e0e62e15710e0c00ff) C:\Program Files\M-Files\7.0.2589.6\Bin\x86\mffsd.sys2010/12/15 08:23:46.0714 MFVDDC45894A2-7BC8-4878-AF05-A1E6545991F4 (d21790b35f5ab70fda5d67334371f02f) C:\Program Files\M-Files\7.0.2589.6\Bin\x86\mfvdd.sys2010/12/15 08:23:47.0120 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys2010/12/15 08:23:47.0291 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys2010/12/15 08:23:47.0572 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys2010/12/15 08:23:47.0681 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys2010/12/15 08:23:47.0790 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys2010/12/15 08:23:47.0868 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys2010/12/15 08:23:47.0946 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys2010/12/15 08:23:48.0024 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys2010/12/15 08:23:48.0134 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys2010/12/15 08:23:48.0227 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys2010/12/15 08:23:48.0336 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys2010/12/15 08:23:48.0461 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys2010/12/15 08:23:48.0633 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys2010/12/15 08:23:49.0335 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys2010/12/15 08:23:49.0491 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys2010/12/15 08:23:49.0569 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys2010/12/15 08:23:49.0787 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys2010/12/15 08:23:49.0865 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys2010/12/15 08:23:49.0959 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys2010/12/15 08:23:50.0084 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys2010/12/15 08:23:50.0177 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys2010/12/15 08:23:50.0286 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys2010/12/15 08:23:50.0396 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys2010/12/15 08:23:50.0645 MTsensor (2e71504a74be4e3d4ea94568eff7556e) C:\Windows\system32\DRIVERS\ATKACPI.sys2010/12/15 08:23:50.0801 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys2010/12/15 08:23:50.0942 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys2010/12/15 08:23:51.0254 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys2010/12/15 08:23:51.0441 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys2010/12/15 08:23:51.0581 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys2010/12/15 08:23:51.0706 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys2010/12/15 08:23:51.0987 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys2010/12/15 08:23:53.0126 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys2010/12/15 08:23:54.0374 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys2010/12/15 08:23:54.0966 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys2010/12/15 08:23:55.0934 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys2010/12/15 08:23:56.0714 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys2010/12/15 08:23:57.0462 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys2010/12/15 08:23:57.0665 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys2010/12/15 08:23:58.0118 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys2010/12/15 08:23:58.0258 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys2010/12/15 08:23:58.0430 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys2010/12/15 08:23:58.0539 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys2010/12/15 08:23:58.0820 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys2010/12/15 08:23:58.0991 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys2010/12/15 08:23:59.0132 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys2010/12/15 08:23:59.0210 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys2010/12/15 08:23:59.0397 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys2010/12/15 08:23:59.0615 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys2010/12/15 08:23:59.0693 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys2010/12/15 08:23:59.0802 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys2010/12/15 08:23:59.0896 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys2010/12/15 08:24:00.0099 pelmouse (e541a80cdffd6077c761b4578efc0450) C:\Windows\system32\DRIVERS\pelmouse.sys2010/12/15 08:24:00.0255 pelusblf (6432858a4493e906a7d61b9b17a0672a) C:\Windows\system32\DRIVERS\pelusblf.sys2010/12/15 08:24:00.0707 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys2010/12/15 08:24:00.0770 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys2010/12/15 08:24:01.0113 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys2010/12/15 08:24:01.0503 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys2010/12/15 08:24:01.0862 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys2010/12/15 08:24:01.0971 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys2010/12/15 08:24:02.0033 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys2010/12/15 08:24:02.0158 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys2010/12/15 08:24:02.0236 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys2010/12/15 08:24:02.0330 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys2010/12/15 08:24:02.0501 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys2010/12/15 08:24:02.0626 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys2010/12/15 08:24:02.0954 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys2010/12/15 08:24:03.0032 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys2010/12/15 08:24:03.0125 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys2010/12/15 08:24:03.0250 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys2010/12/15 08:24:03.0312 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys2010/12/15 08:24:03.0375 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys2010/12/15 08:24:03.0531 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys2010/12/15 08:24:03.0734 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys2010/12/15 08:24:03.0843 RSUSBSTOR (96f8dd546677aa5102150acc140377b3) C:\Windows\system32\Drivers\RtsUStor.sys2010/12/15 08:24:03.0936 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys2010/12/15 08:24:04.0061 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys2010/12/15 08:24:04.0139 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys2010/12/15 08:24:04.0295 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys2010/12/15 08:24:04.0514 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys2010/12/15 08:24:04.0826 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys2010/12/15 08:24:05.0013 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys2010/12/15 08:24:05.0247 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys2010/12/15 08:24:05.0325 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys2010/12/15 08:24:05.0387 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys2010/12/15 08:24:05.0450 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys2010/12/15 08:24:05.0543 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys2010/12/15 08:24:05.0637 SiSGbeLH (6f0c643c7f49f2091b01d014eae72e1a) C:\Windows\system32\DRIVERS\SiSGB6.sys2010/12/15 08:24:05.0730 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys2010/12/15 08:24:05.0793 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys2010/12/15 08:24:05.0886 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys2010/12/15 08:24:05.0996 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys2010/12/15 08:24:06.0370 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys2010/12/15 08:24:06.0557 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys2010/12/15 08:24:06.0729 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys2010/12/15 08:24:06.0854 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys2010/12/15 08:24:06.0994 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys2010/12/15 08:24:07.0103 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys2010/12/15 08:24:07.0181 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys2010/12/15 08:24:07.0337 SynTP (3f4982de07d89a1084861e9d59f7ebb1) C:\Windows\system32\DRIVERS\SynTP.sys2010/12/15 08:24:07.0883 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys2010/12/15 08:24:08.0226 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys2010/12/15 08:24:08.0320 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys2010/12/15 08:24:08.0414 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys2010/12/15 08:24:08.0492 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys2010/12/15 08:24:08.0554 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys2010/12/15 08:24:08.0648 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys2010/12/15 08:24:08.0819 tmactmon (582f43830daa5d9aad7aa514843d8905) C:\Windows\system32\DRIVERS\tmactmon.sys2010/12/15 08:24:09.0022 tmcomm (c4ddce6124bf6a711ab14d8153eac61d) C:\Windows\system32\DRIVERS\tmcomm.sys2010/12/15 08:24:09.0396 tmevtmgr (9d38ac83d56f9b5274a65d2666da9779) C:\Windows\system32\DRIVERS\tmevtmgr.sys2010/12/15 08:24:10.0223 TmFilter (3e615f370f0c7db414b6bcd1c18399d4) C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys2010/12/15 08:24:10.0504 tmlwf (4e87d02e56e9b1af831c5d521597d629) C:\Windows\system32\DRIVERS\tmlwf.sys2010/12/15 08:24:10.0847 TmPreFilter (c7c7959ec0940e0eddfc881fed8ec214) C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys2010/12/15 08:24:11.0112 tmtdi (44c262c1b2412ded35078b6166d2acc2) C:\Windows\system32\DRIVERS\tmtdi.sys2010/12/15 08:24:11.0237 tmwfp (d9882fd91b7c4c35acaa8498d1f3cd68) C:\Windows\system32\DRIVERS\tmwfp.sys2010/12/15 08:24:11.0534 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys2010/12/15 08:24:11.0814 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys2010/12/15 08:24:11.0924 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys2010/12/15 08:24:12.0220 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys2010/12/15 08:24:12.0594 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys2010/12/15 08:24:12.0922 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys2010/12/15 08:24:13.0250 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys2010/12/15 08:24:13.0562 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys2010/12/15 08:24:13.0858 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys2010/12/15 08:24:14.0591 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys2010/12/15 08:24:15.0028 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys2010/12/15 08:24:15.0933 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys2010/12/15 08:24:17.0306 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys2010/12/15 08:24:18.0616 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys2010/12/15 08:24:19.0256 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS2010/12/15 08:24:19.0443 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys2010/12/15 08:24:19.0568 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys2010/12/15 08:24:20.0472 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys2010/12/15 08:24:20.0628 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys2010/12/15 08:24:20.0722 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys2010/12/15 08:24:20.0831 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys2010/12/15 08:24:20.0972 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys2010/12/15 08:24:21.0174 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys2010/12/15 08:24:21.0252 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys2010/12/15 08:24:21.0377 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys2010/12/15 08:24:21.0533 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys2010/12/15 08:24:21.0627 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys2010/12/15 08:24:21.0752 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys2010/12/15 08:24:21.0970 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys2010/12/15 08:24:22.0251 VSApiNt (60dfbc34228ca36221b03460789f5d4e) C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys2010/12/15 08:24:22.0578 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys2010/12/15 08:24:22.0750 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys2010/12/15 08:24:23.0109 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys2010/12/15 08:24:23.0296 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys2010/12/15 08:24:23.0452 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys2010/12/15 08:24:23.0530 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys2010/12/15 08:24:23.0873 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys2010/12/15 08:24:24.0185 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys2010/12/15 08:24:24.0840 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys2010/12/15 08:24:24.0934 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys2010/12/15 08:24:25.0215 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys2010/12/15 08:24:25.0355 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys2010/12/15 08:24:25.0480 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys2010/12/15 08:24:25.0605 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys2010/12/15 08:24:25.0714 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys2010/12/15 08:24:26.0151 ZTEusbmdm6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys2010/12/15 08:24:26.0291 ZTEusbnmea (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys2010/12/15 08:24:26.0494 ZTEusbser6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys2010/12/15 08:24:26.0634 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)2010/12/15 08:24:26.0650 ================================================================================2010/12/15 08:24:26.0650 Scan finished2010/12/15 08:24:26.0650 ================================================================================2010/12/15 08:24:26.0697 Detected object count: 12010/12/15 08:25:06.0305 \HardDisk0 - will be cured after reboot2010/12/15 08:25:06.0321 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2010/12/15 08:25:19.0327 Deinitialize success Link to post Share on other sites More sharing options...
Kenny94 Posted December 14, 2010 ID:361019 Share Posted December 14, 2010 The search redirections and IP warnings should have stopped now. We still have work to do. Download ComboFix from below:Combofix download* IMPORTANT !!! Place combofix.exe on your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.You can get help on disabling your protection programs hereDouble click on combofix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:The Recovery Console was successfully installed.Click on Yes, to continue scanning for malware.Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next replyNote:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.---------------------------------------------------------------------------------------------Ensure your AntiVirus and AntiSpyware applications are re-enabled.--------------------------------------------------------------------------------------------- Link to post Share on other sites More sharing options...
dfethers Posted December 16, 2010 Author ID:361725 Share Posted December 16, 2010 Hi, thanks for your help so far. Yes the redirections and IP warnings have stopped.This computer is running Trend Micro Client/Server Security Agent which I can't turn off (password protected). Is it OK to run Combofix? Link to post Share on other sites More sharing options...
Kenny94 Posted December 21, 2010 ID:363824 Share Posted December 21, 2010 Sorry for the delay as I'm not receiving notifications on some of the topics. This computer is running Trend Micro Client/Server Security Agent which I can't turn off (password protected). Is it OK to run Combofix?Yes but, any warnings from Combofix just click continue. Link to post Share on other sites More sharing options...
LDTate Posted January 3, 2011 ID:369216 Share Posted January 3, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts