Jump to content

Malwarebytes & combofix not working


Recommended Posts

Hi all,

My name is Leonie and would love some help. Thank you in advance to any one willing!

My sister has been having problems with her PC and I said I would take a look at it for her.

I have run:

CClean

Rkill: Which shows \\.\globalroot\Device\svchost.exe\svchost.exe

TDSS: Which keeps showing a file name vbmaf29c.sys I have done the skip like it says and then reboot, but it is still there and have also tried deleting it but its still there.

I have tried malwarebytes but everytime I go to do a scan it shuts down after a few secs in to the scan.

I have also tried combofix but it will not even open.

Everthing I have done so far I have tried in normal mode and safe mode but both end the same.

Again, thank you in advance!!!!

Regards Leonie

Link to post
Share on other sites

Hi,

Download DDS and save it to your desktop from here or here or here.

Disable any script blocker, and then double click dds file to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

Link to post
Share on other sites

Thanks so much for your fast reply!

Attached is a zip copy of attach and Below is DDS:

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Edward's family at 21:07:57.42 on Sun 20/03/2011

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.2046.1085 [GMT 11:00]

.

AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Realtek\Audio\HDA\AERTSrv.EXE

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskeng.exe

c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe

"\\.\globalroot\Device\svchost.exe\svchost.exe"

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\hp\HP Software Update\hpwuschd2.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Edward's family\Desktop\dds.com

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.au/

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Pavilion&pf=cndt

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Pavilion&pf=cndt

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Pavilion&pf=cndt

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [hpsysdrv] c:\program files\hewlett-packard\hp odometer\hpsysdrv.exe

mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [HPCam_Menu] "c:\program files\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\media\webcam" updatewithcreateonce "software\hewlett-packard\media\Webcam"

mRun: [smartMenu] c:\program files\hewlett-packard\hp mediasmart\SmartMenu.exe /background

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [updatePRCShortCut] "c:\program files\hewlett-packard\recovery\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\recovery" updatewithcreateonce "software\cyberlink\PowerRecover"

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [WorksFUD] c:\program files\microsoft works\wkfud.exe

mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\edward~1\appdata\roaming\mozilla\firefox\profiles\45b5yuix.default\

FF - prefs.js: browser.startup.homepage - www.google.com.au

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2009-8-21 86016]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-8-21 115552]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-8-21 185344]

R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-8-20 27320]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-25 135664]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2010-10-14 92216]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-17 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]

S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\2.0.181\mcchsvc.exe" --> c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [?]

S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-19 18432]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 PCDSRVC{4F253FFC-7957E8FC-06000000}_0;PCDSRVC{4F253FFC-7957E8FC-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc.pkms [2009-6-11 20848]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-26 1343400]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2011-03-20 09:22:00 -------- d-----w- c:\program files\ESET

2011-03-20 09:06:52 48000 ----a-w- c:\windows\system32\drivers\vbmaf29c.sys

2011-03-20 09:05:14 -------- d-----w- C:\TDSSKiller_Quarantine

2011-03-20 08:29:50 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{a2236f4b-611d-463e-b842-518a43e4bf7a}\mpengine.dll

2011-03-20 07:56:48 42576 ----a-w- c:\windows\system32\drivers\tsk24ED.tmp

2011-03-07 08:38:04 41552 ----a-w- c:\windows\system32\drivers\tskBF1A.tmp

2011-03-07 08:11:37 41472 ----a-w- c:\windows\system32\drivers\tskCC53.tmp

2011-03-07 07:41:36 36352 ----a-w- c:\windows\system32\drivers\tskC86C.tmp

2011-03-07 01:54:31 -------- d-----w- c:\users\edward~1\appdata\local\{90FDC653-65C2-485E-B4E0-D139A400A4BA}

2011-03-07 01:54:30 -------- d-----w- c:\users\edward~1\appdata\local\{BE731757-F0E2-461F-AD01-52787DF3FC69}

2011-03-07 00:48:29 -------- d-----w- c:\users\edward~1\appdata\roaming\Malwarebytes

2011-03-07 00:48:24 -------- d-----w- c:\progra~2\Malwarebytes

.

==================== Find3M ====================

.

2011-02-02 07:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll

2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll

2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys

2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll

2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll

2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll

2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll

2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll

2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll

2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll

2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll

2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll

2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll

.

============= FINISH: 21:08:26.76 ===============

Attach.zip

Link to post
Share on other sites

Hi,

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).

2. It will open a black window, please do not fix anything (if it gives you an option).

3. Exit that window and it will produce a log (MBRCheck_date_time).

4. Please post that log in your reply. Also, please look for TDSSKiller log in root of c: drive (name should be in UtilityName.Version_Date_Time_log.txt format).

Link to post
Share on other sites

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: (build 7600), 32-bit

Base Board Manufacturer: Hewlett-Packard

BIOS Manufacturer: Phoenix Technologies LTD

System Manufacturer: HP-Pavilion

System Product Name: NY757AA-ABG MS214a

Logical Drives Mask: 0x0000001c

Kernel Drivers (total 187):

0x82C40000 \SystemRoot\system32\ntkrnlpa.exe

0x82C09000 \SystemRoot\system32\halmacpi.dll

0x80B99000 \SystemRoot\system32\kdcom.dll

0x8321A000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll

0x83225000 \SystemRoot\system32\PSHED.dll

0x83236000 \SystemRoot\system32\BOOTVID.dll

0x8323E000 \SystemRoot\system32\CLFS.SYS

0x83280000 \SystemRoot\system32\CI.dll

0x8332B000 \SystemRoot\system32\drivers\klmdb.sys

0x8333D000 \SystemRoot\system32\drivers\Wdf01000.sys

0x833AE000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x88A2E000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x88A76000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x88A7F000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x88A87000 \SystemRoot\system32\DRIVERS\pci.sys

0x88AB1000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x88ABC000 \SystemRoot\System32\drivers\partmgr.sys

0x88ACD000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x88ADD000 \SystemRoot\System32\drivers\volmgrx.sys

0x88B28000 \SystemRoot\System32\drivers\mountmgr.sys

0x88B3E000 \SystemRoot\system32\DRIVERS\amdsata.sys

0x88B50000 \SystemRoot\system32\DRIVERS\storport.sys

0x88B97000 \SystemRoot\system32\DRIVERS\amdxata.sys

0x88BA1000 \SystemRoot\system32\drivers\fltmgr.sys

0x88BD5000 \SystemRoot\system32\drivers\fileinfo.sys

0x88C23000 \SystemRoot\System32\Drivers\Ntfs.sys

0x88D52000 \SystemRoot\System32\Drivers\msrpc.sys

0x88D7D000 \SystemRoot\System32\Drivers\ksecdd.sys

0x88D90000 \SystemRoot\System32\Drivers\cng.sys

0x88DED000 \SystemRoot\System32\drivers\pcw.sys

0x88C00000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x88E22000 \SystemRoot\system32\drivers\ndis.sys

0x88ED9000 \SystemRoot\system32\drivers\NETIO.SYS

0x88F17000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x89006000 \SystemRoot\System32\drivers\tcpip.sys

0x8914F000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x89180000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x891BF000 \SystemRoot\System32\Drivers\spldr.sys

0x891C7000 \SystemRoot\System32\drivers\rdyboost.sys

0x88F3C000 \SystemRoot\System32\Drivers\mup.sys

0x891F4000 \SystemRoot\System32\drivers\hwpolicy.sys

0x88F4C000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x88F7E000 \SystemRoot\system32\DRIVERS\disk.sys

0x88F8F000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x88FB4000 \SystemRoot\system32\DRIVERS\AtiPcie.sys

0x88E00000 \SystemRoot\system32\drivers\tskC763.tmp

0x88FF6000 \SystemRoot\System32\Drivers\Null.SYS

0x88C09000 \SystemRoot\System32\Drivers\Beep.SYS

0x88C10000 \SystemRoot\System32\drivers\vga.sys

0x88A00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x88A21000 \SystemRoot\System32\drivers\watchdog.sys

0x88BE6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x88BEE000 \SystemRoot\system32\drivers\rdpencdd.sys

0x88BF6000 \SystemRoot\system32\drivers\rdprefmp.sys

0x833BC000 \SystemRoot\System32\Drivers\Msfs.SYS

0x833C7000 \SystemRoot\System32\Drivers\Npfs.SYS

0x833D5000 \SystemRoot\system32\DRIVERS\tdx.sys

0x833EC000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x8D816000 \SystemRoot\system32\drivers\afd.sys

0x8D870000 \SystemRoot\System32\DRIVERS\netbt.sys

0x8D8A2000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x8D8A9000 \SystemRoot\system32\DRIVERS\pacer.sys

0x8D8C8000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x8D8D9000 \SystemRoot\system32\drivers\tskC86C.tmp

0x8D8E7000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x8D8FA000 \SystemRoot\system32\DRIVERS\termdd.sys

0x8D90A000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x8D94B000 \SystemRoot\system32\drivers\nsiproxy.sys

0x8D955000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x8D95F000 \SystemRoot\System32\drivers\discache.sys

0x8D96B000 \SystemRoot\System32\Drivers\dfsc.sys

0x8D983000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x8D991000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x8D9B2000 \SystemRoot\system32\DRIVERS\amdk8.sys

0x9440F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x94D6D000 \SystemRoot\system32\DRIVERS\nvBridge.kmd

0x8E237000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x8E2EE000 \SystemRoot\System32\drivers\dxgmms1.sys

0x94E0A000 \SystemRoot\system32\DRIVERS\athr.sys

0x94F2C000 \SystemRoot\system32\DRIVERS\vwifibus.sys

0x94F36000 \SystemRoot\system32\DRIVERS\Rt86win7.sys

0x94F67000 \SystemRoot\system32\DRIVERS\jmcr.sys

0x94F85000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS

0x94FAB000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x94FB1000 \SystemRoot\system32\DRIVERS\usbohci.sys

0x8E327000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x94FBB000 \SystemRoot\system32\DRIVERS\usbfilter.sys

0x94FC1000 \SystemRoot\system32\drivers\tskCC53.tmp

0x94FD0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x94FEF000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x8E372000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x8E384000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x8E39C000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x8E3A7000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x8E3C9000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x8E3E1000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x8E200000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x8E217000 \SystemRoot\system32\drivers\tsk24ED.tmp

0x8E224000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x94FFC000 \SystemRoot\system32\DRIVERS\swenum.sys

0x94D6F000 \SystemRoot\system32\DRIVERS\ks.sys

0x94DA3000 \SystemRoot\system32\DRIVERS\umbus.sys

0x94DB1000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x8D9C4000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x8220C000 \SystemRoot\system32\drivers\RTKVHDA.sys

0x82495000 \SystemRoot\system32\drivers\portcls.sys

0x824C4000 \SystemRoot\system32\drivers\drmk.sys

0x96030000 \SystemRoot\System32\win32k.sys

0x824DD000 \SystemRoot\System32\drivers\Dxapi.sys

0x824E7000 \SystemRoot\system32\DRIVERS\udfs.sys

0x82527000 \SystemRoot\System32\Drivers\crashdmp.sys

0x82534000 \SystemRoot\System32\Drivers\dump_diskdump.sys

0x8253E000 \SystemRoot\System32\Drivers\dump_amdsata.sys

0x82550000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x82561000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x82578000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x8257A000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x82585000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x82598000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x8259F000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x825AB000 \SystemRoot\System32\Drivers\usbvideo.sys

0x825CF000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x825DA000 \SystemRoot\system32\DRIVERS\monitor.sys

0x96290000 \SystemRoot\System32\TSDDD.dll

0x962A0000 \SystemRoot\System32\ATMFD.DLL

0x825E5000 \SystemRoot\system32\drivers\luafv.sys

0x8D9D5000 \SystemRoot\system32\drivers\WudfPf.sys

0x96310000 \SystemRoot\System32\cdd.dll

0x8D9EF000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x9420C000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x94252000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x94262000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x94275000 \SystemRoot\system32\DRIVERS\vwifimp.sys

0x9427E000 \SystemRoot\system32\drivers\HTTP.sys

0x94303000 \SystemRoot\system32\DRIVERS\bowser.sys

0x9431C000 \SystemRoot\System32\drivers\mpsdrv.sys

0x9432E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x94351000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x9438C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x9E429000 \SystemRoot\system32\drivers\peauth.sys

0x9E4C0000 \SystemRoot\System32\Drivers\secdrv.SYS

0x9E4CA000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x9E4EB000 \SystemRoot\System32\drivers\tcpipreg.sys

0x9E4F8000 \SystemRoot\System32\Drivers\vbmaf29c.SYS

0x9E504000 \SystemRoot\System32\DRIVERS\srv2.sys

0x9E553000 \SystemRoot\System32\DRIVERS\srv.sys

0xAB89B000 \??\C:\Windows\system32\drivers\mbamswissarmy.sys

0xAB8B5000 \??\C:\Users\EDWARD~1\AppData\Local\Temp\mbr.sys

0x77650000 \Windows\System32\ntdll.dll

0x47B70000 \Windows\System32\smss.exe

0x77890000 \Windows\System32\apisetschema.dll

0x00510000 \Windows\System32\autochk.exe

0x777E0000 \Windows\System32\advapi32.dll

0x775C0000 \Windows\System32\clbcatq.dll

0x77510000 \Windows\System32\rpcrt4.dll

0x77430000 \Windows\System32\kernel32.dll

0x77290000 \Windows\System32\setupapi.dll

0x77210000 \Windows\System32\comdlg32.dll

0x77110000 \Windows\System32\wininet.dll

0x777D0000 \Windows\System32\psapi.dll

0x777C0000 \Windows\System32\lpk.dll

0x770C0000 \Windows\System32\Wldap32.dll

0x76EC0000 \Windows\System32\iertutil.dll

0x76E30000 \Windows\System32\oleaut32.dll

0x76DD0000 \Windows\System32\difxapi.dll

0x76D20000 \Windows\System32\msvcrt.dll

0x760D0000 \Windows\System32\shell32.dll

0x76090000 \Windows\System32\ws2_32.dll

0x777A0000 \Windows\System32\sechost.dll

0x76030000 \Windows\System32\shlwapi.dll

0x75ED0000 \Windows\System32\ole32.dll

0x75EB0000 \Windows\System32\imm32.dll

0x75DE0000 \Windows\System32\msctf.dll

0x75D10000 \Windows\System32\user32.dll

0x75C70000 \Windows\System32\usp10.dll

0x77790000 \Windows\System32\nsi.dll

0x75C40000 \Windows\System32\imagehlp.dll

0x75C30000 \Windows\System32\normaliz.dll

0x75BE0000 \Windows\System32\gdi32.dll

0x75AA0000 \Windows\System32\urlmon.dll

0x75A70000 \Windows\System32\cfgmgr32.dll

0x759E0000 \Windows\System32\comctl32.dll

0x758C0000 \Windows\System32\crypt32.dll

0x75890000 \Windows\System32\wintrust.dll

0x75870000 \Windows\System32\devobj.dll

0x75820000 \Windows\System32\KernelBase.dll

0x75810000 \Windows\System32\msasn1.dll

Processes (total 60):

0 System Idle Process

4 System

268 C:\Windows\System32\smss.exe

412 csrss.exe

468 C:\Windows\System32\wininit.exe

484 csrss.exe

524 C:\Windows\System32\services.exe

540 C:\Windows\System32\lsass.exe

548 C:\Windows\System32\lsm.exe

636 C:\Windows\System32\svchost.exe

704 C:\Windows\System32\nvvsvc.exe

752 C:\Windows\System32\svchost.exe

808 C:\Windows\System32\svchost.exe

840 C:\Windows\System32\svchost.exe

876 C:\Windows\System32\svchost.exe

980 C:\Windows\System32\svchost.exe

1036 C:\Windows\System32\winlogon.exe

1160 C:\Windows\System32\svchost.exe

1308 C:\Windows\System32\spoolsv.exe

1348 C:\Windows\System32\svchost.exe

1456 C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe

1576 C:\Windows\System32\nvvsvc.exe

1752 C:\Windows\System32\taskhost.exe

1832 C:\Windows\System32\dwm.exe

768 C:\Program Files\Canon\IJPLM\ijplmsvc.exe

488 C:\Program Files\Common Files\LightScribe\LSSrvc.exe

1112 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe

1424 C:\Windows\System32\svchost.exe

1948 C:\Windows\System32\taskeng.exe

1968 C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

1944 C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe

1584 \Device\svchost.exe

2196 C:\Windows\System32\svchost.exe

2284 C:\Windows\System32\svchost.exe

3132 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

3144 C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe

3160 C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

3188 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

3196 C:\Program Files\hp\HP Software Update\hpwuschd2.exe

3212 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

3372 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

3392 C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe

3708 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

3832 C:\Windows\System32\SearchIndexer.exe

3752 C:\Program Files\Windows Media Player\wmpnetwk.exe

3536 C:\Windows\System32\svchost.exe

5220 dllhost.exe

5524 C:\Windows\System32\svchost.exe

3540 C:\Program Files\Internet Explorer\iexplore.exe

3060 C:\Program Files\Internet Explorer\iexplore.exe

3520 C:\Windows\explorer.exe

2556 C:\Program Files\Internet Explorer\iexplore.exe

4316 C:\Windows\System32\audiodg.exe

5628 MpCmdRun.exe

5544 C:\Windows\System32\prevhost.exe

3312 C:\Windows\System32\notepad.exe

4744 C:\Windows\System32\SearchProtocolHost.exe

4580 C:\Windows\System32\SearchFilterHost.exe

4364 C:\Users\Edward's family\Desktop\MBRCheck.exe

2928 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`ab200000 (NTFS)

PhysicalDrive0 Model Number: ST3500418AS, Rev: HP34

Size Device Name MBR Status

--------------------------------------------

465 GB \\.\PhysicalDrive0 Unknown MBR code

SHA1: B3AC932CF575E423018E5060F0B2D485EC6CAE90

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

..............................................................................................................................................................

2011/03/20 20:36:28.0702 6044 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30

2011/03/20 20:36:30.0823 6044 ================================================================================

2011/03/20 20:36:30.0823 6044 SystemInfo:

2011/03/20 20:36:30.0823 6044

2011/03/20 20:36:30.0823 6044 OS Version: 6.1.7600 ServicePack: 0.0

2011/03/20 20:36:30.0823 6044 Product type: Workstation

2011/03/20 20:36:30.0823 6044 ComputerName: EDWARDSFAMILY

2011/03/20 20:36:30.0823 6044 UserName: Edward's family

2011/03/20 20:36:30.0823 6044 Windows directory: C:\Windows

2011/03/20 20:36:30.0823 6044 System windows directory: C:\Windows

2011/03/20 20:36:30.0823 6044 Processor architecture: Intel x86

2011/03/20 20:36:30.0823 6044 Number of processors: 2

2011/03/20 20:36:30.0823 6044 Page size: 0x1000

2011/03/20 20:36:30.0823 6044 Boot type: Normal boot

2011/03/20 20:36:30.0823 6044 ================================================================================

2011/03/20 20:36:31.0104 6044 Initialize success

2011/03/20 20:36:32.0149 5420 ================================================================================

2011/03/20 20:36:32.0149 5420 Scan started

2011/03/20 20:36:32.0149 5420 Mode: Manual;

2011/03/20 20:36:32.0149 5420 ================================================================================

2011/03/20 20:36:33.0132 5420 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

2011/03/20 20:36:33.0179 5420 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

2011/03/20 20:36:33.0226 5420 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

2011/03/20 20:36:33.0288 5420 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/03/20 20:36:33.0335 5420 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/03/20 20:36:33.0397 5420 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/03/20 20:36:33.0475 5420 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys

2011/03/20 20:36:33.0507 5420 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

2011/03/20 20:36:33.0553 5420 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/03/20 20:36:33.0616 5420 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

2011/03/20 20:36:33.0647 5420 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

2011/03/20 20:36:33.0663 5420 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

2011/03/20 20:36:33.0694 5420 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/03/20 20:36:33.0741 5420 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/03/20 20:36:33.0787 5420 amdsata (b36ab127a99d6f57e7ac9ea359ecf2bc) C:\Windows\system32\DRIVERS\amdsata.sys

2011/03/20 20:36:33.0850 5420 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/03/20 20:36:33.0897 5420 amdxata (3da0c67e814ef434bca19a12cf1281b9) C:\Windows\system32\DRIVERS\amdxata.sys

2011/03/20 20:36:33.0975 5420 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

2011/03/20 20:36:34.0068 5420 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/03/20 20:36:34.0115 5420 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/03/20 20:36:34.0162 5420 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/03/20 20:36:34.0240 5420 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

2011/03/20 20:36:34.0318 5420 athr (cf3f2e0fd33a784c8c66a3c5b3cf2d27) C:\Windows\system32\DRIVERS\athr.sys

2011/03/20 20:36:34.0380 5420 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys

2011/03/20 20:36:34.0458 5420 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/03/20 20:36:34.0505 5420 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/03/20 20:36:34.0552 5420 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/03/20 20:36:34.0599 5420 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/03/20 20:36:34.0645 5420 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys

2011/03/20 20:36:34.0692 5420 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/03/20 20:36:34.0723 5420 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/03/20 20:36:34.0755 5420 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/03/20 20:36:34.0786 5420 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/03/20 20:36:34.0817 5420 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/03/20 20:36:34.0848 5420 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/03/20 20:36:34.0879 5420 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/03/20 20:36:34.0942 5420 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/03/20 20:36:34.0989 5420 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\drivers\tskC763.tmp

2011/03/20 20:36:35.0035 5420 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/03/20 20:36:35.0067 5420 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/03/20 20:36:35.0160 5420 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/03/20 20:36:35.0176 5420 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

2011/03/20 20:36:35.0223 5420 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/03/20 20:36:35.0269 5420 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/03/20 20:36:35.0316 5420 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

2011/03/20 20:36:35.0363 5420 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/03/20 20:36:35.0425 5420 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys

2011/03/20 20:36:35.0457 5420 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/03/20 20:36:35.0503 5420 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/03/20 20:36:35.0566 5420 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/03/20 20:36:35.0613 5420 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys

2011/03/20 20:36:35.0706 5420 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/03/20 20:36:35.0878 5420 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/03/20 20:36:35.0925 5420 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

2011/03/20 20:36:36.0018 5420 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/03/20 20:36:36.0034 5420 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/03/20 20:36:36.0112 5420 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/03/20 20:36:36.0143 5420 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/03/20 20:36:36.0174 5420 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/03/20 20:36:36.0190 5420 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/03/20 20:36:36.0252 5420 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/03/20 20:36:36.0299 5420 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/03/20 20:36:36.0346 5420 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys

2011/03/20 20:36:36.0377 5420 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/03/20 20:36:36.0424 5420 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

2011/03/20 20:36:36.0471 5420 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/03/20 20:36:36.0549 5420 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/03/20 20:36:36.0595 5420 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/03/20 20:36:36.0642 5420 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/03/20 20:36:36.0673 5420 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/03/20 20:36:36.0705 5420 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/03/20 20:36:36.0751 5420 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/03/20 20:36:37.0110 5420 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

2011/03/20 20:36:37.0188 5420 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

2011/03/20 20:36:37.0251 5420 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

2011/03/20 20:36:37.0282 5420 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

2011/03/20 20:36:37.0313 5420 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/03/20 20:36:37.0360 5420 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys

2011/03/20 20:36:37.0407 5420 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/03/20 20:36:37.0500 5420 IntcAzAudAddService (e345ec27c8dff8728f5c6f0413699dc5) C:\Windows\system32\drivers\RTKVHDA.sys

2011/03/20 20:36:37.0547 5420 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

2011/03/20 20:36:37.0594 5420 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/03/20 20:36:37.0641 5420 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/03/20 20:36:37.0687 5420 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2011/03/20 20:36:37.0703 5420 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/03/20 20:36:37.0750 5420 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/03/20 20:36:37.0781 5420 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

2011/03/20 20:36:37.0812 5420 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/03/20 20:36:37.0859 5420 JMCR (96c4439a37ee719769d446dd430e9a33) C:\Windows\system32\DRIVERS\jmcr.sys

2011/03/20 20:36:37.0937 5420 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\tsk24ED.tmp

2011/03/20 20:36:37.0999 5420 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/03/20 20:36:38.0077 5420 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

2011/03/20 20:36:38.0140 5420 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

2011/03/20 20:36:38.0202 5420 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/03/20 20:36:38.0280 5420 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/03/20 20:36:38.0311 5420 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/03/20 20:36:38.0343 5420 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/03/20 20:36:38.0374 5420 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/03/20 20:36:38.0421 5420 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/03/20 20:36:38.0577 5420 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/03/20 20:36:38.0639 5420 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/03/20 20:36:38.0670 5420 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/03/20 20:36:38.0701 5420 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/03/20 20:36:38.0764 5420 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2011/03/20 20:36:38.0826 5420 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/03/20 20:36:38.0842 5420 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

2011/03/20 20:36:38.0873 5420 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

2011/03/20 20:36:38.0904 5420 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/03/20 20:36:38.0935 5420 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

2011/03/20 20:36:38.0982 5420 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/03/20 20:36:39.0013 5420 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/03/20 20:36:39.0045 5420 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/03/20 20:36:39.0076 5420 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

2011/03/20 20:36:39.0107 5420 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

2011/03/20 20:36:39.0185 5420 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/03/20 20:36:39.0216 5420 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/03/20 20:36:39.0263 5420 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

2011/03/20 20:36:39.0310 5420 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/03/20 20:36:39.0325 5420 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/03/20 20:36:39.0357 5420 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/03/20 20:36:39.0388 5420 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/03/20 20:36:39.0419 5420 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/03/20 20:36:39.0450 5420 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/03/20 20:36:39.0481 5420 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/03/20 20:36:39.0513 5420 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/03/20 20:36:39.0575 5420 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/03/20 20:36:39.0622 5420 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

2011/03/20 20:36:39.0653 5420 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/03/20 20:36:39.0715 5420 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/03/20 20:36:39.0762 5420 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/03/20 20:36:39.0793 5420 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/03/20 20:36:39.0825 5420 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

2011/03/20 20:36:39.0887 5420 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\Windows\system32\DRIVERS\netaapl.sys

2011/03/20 20:36:39.0965 5420 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\drivers\tskC86C.tmp

2011/03/20 20:36:40.0027 5420 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

2011/03/20 20:36:40.0090 5420 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/03/20 20:36:40.0137 5420 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/03/20 20:36:40.0183 5420 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/03/20 20:36:40.0246 5420 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys

2011/03/20 20:36:40.0293 5420 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/03/20 20:36:40.0511 5420 nvlddmkm (b71077e8b72b2abf4a6f9c4242f600bb) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2011/03/20 20:36:40.0745 5420 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys

2011/03/20 20:36:40.0776 5420 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys

2011/03/20 20:36:40.0839 5420 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

2011/03/20 20:36:40.0885 5420 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/03/20 20:36:40.0963 5420 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2011/03/20 20:36:40.0995 5420 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

2011/03/20 20:36:41.0026 5420 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2011/03/20 20:36:41.0119 5420 PCDSRVC{4F253FFC-7957E8FC-06000000}_0 (a88f42ad20418620d08a13ad1a70c083) c:\program files\pc-doctor for windows\pcdsrvc.pkms

2011/03/20 20:36:41.0197 5420 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

2011/03/20 20:36:41.0244 5420 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

2011/03/20 20:36:41.0275 5420 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/03/20 20:36:41.0307 5420 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/03/20 20:36:41.0353 5420 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/03/20 20:36:41.0447 5420 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/03/20 20:36:41.0478 5420 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2011/03/20 20:36:41.0541 5420 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/03/20 20:36:41.0587 5420 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2011/03/20 20:36:41.0650 5420 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/03/20 20:36:41.0681 5420 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/03/20 20:36:41.0712 5420 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/03/20 20:36:41.0759 5420 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/03/20 20:36:41.0806 5420 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/03/20 20:36:41.0853 5420 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/03/20 20:36:41.0868 5420 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/03/20 20:36:41.0899 5420 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

2011/03/20 20:36:41.0931 5420 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/03/20 20:36:41.0962 5420 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/03/20 20:36:42.0009 5420 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/03/20 20:36:42.0040 5420 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/03/20 20:36:42.0087 5420 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

2011/03/20 20:36:42.0133 5420 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

2011/03/20 20:36:42.0211 5420 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/03/20 20:36:42.0243 5420 RTL8167 (ae51516a7f70af7b5d9070fe41442e87) C:\Windows\system32\DRIVERS\Rt86win7.sys

2011/03/20 20:36:42.0289 5420 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

2011/03/20 20:36:42.0321 5420 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

2011/03/20 20:36:42.0383 5420 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/03/20 20:36:42.0445 5420 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/03/20 20:36:42.0492 5420 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/03/20 20:36:42.0523 5420 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2011/03/20 20:36:42.0570 5420 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

2011/03/20 20:36:42.0601 5420 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2011/03/20 20:36:42.0617 5420 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys

2011/03/20 20:36:42.0648 5420 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/03/20 20:36:42.0695 5420 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

2011/03/20 20:36:42.0711 5420 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/03/20 20:36:42.0742 5420 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/03/20 20:36:42.0804 5420 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/03/20 20:36:42.0867 5420 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/03/20 20:36:42.0929 5420 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys

2011/03/20 20:36:42.0960 5420 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys

2011/03/20 20:36:42.0991 5420 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys

2011/03/20 20:36:43.0038 5420 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2011/03/20 20:36:43.0085 5420 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

2011/03/20 20:36:43.0179 5420 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys

2011/03/20 20:36:43.0241 5420 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys

2011/03/20 20:36:43.0288 5420 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

2011/03/20 20:36:43.0319 5420 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

2011/03/20 20:36:43.0335 5420 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

2011/03/20 20:36:43.0381 5420 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

2011/03/20 20:36:43.0413 5420 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

2011/03/20 20:36:43.0491 5420 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/03/20 20:36:43.0537 5420 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

2011/03/20 20:36:43.0569 5420 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2011/03/20 20:36:43.0615 5420 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

2011/03/20 20:36:43.0662 5420 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

2011/03/20 20:36:43.0709 5420 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

2011/03/20 20:36:43.0740 5420 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2011/03/20 20:36:43.0787 5420 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys

2011/03/20 20:36:43.0818 5420 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/03/20 20:36:43.0865 5420 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

2011/03/20 20:36:43.0896 5420 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\drivers\tskCC53.tmp

2011/03/20 20:36:43.0959 5420 usbfilter (0150b06d3e73f6c27afcb963fd931820) C:\Windows\system32\DRIVERS\usbfilter.sys

2011/03/20 20:36:44.0005 5420 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys

2011/03/20 20:36:44.0037 5420 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

2011/03/20 20:36:44.0083 5420 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/03/20 20:36:44.0115 5420 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

2011/03/20 20:36:44.0146 5420 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/03/20 20:36:44.0177 5420 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/03/20 20:36:44.0239 5420 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys

2011/03/20 20:36:44.0317 5420 vbmaf29c (440bf10ed8877b6f9c80badd8b75a6a3) C:\Windows\system32\drivers\vbmaf29c.sys

2011/03/20 20:36:44.0317 5420 Suspicious file (NoAccess): C:\Windows\system32\drivers\vbmaf29c.sys. md5: 440bf10ed8877b6f9c80badd8b75a6a3

2011/03/20 20:36:44.0317 5420 vbmaf29c - detected Locked file (1)

2011/03/20 20:36:44.0364 5420 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

2011/03/20 20:36:44.0411 5420 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/03/20 20:36:44.0442 5420 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/03/20 20:36:44.0505 5420 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

2011/03/20 20:36:44.0536 5420 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

2011/03/20 20:36:44.0567 5420 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2011/03/20 20:36:44.0598 5420 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

2011/03/20 20:36:44.0629 5420 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

2011/03/20 20:36:44.0661 5420 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/03/20 20:36:44.0692 5420 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

2011/03/20 20:36:44.0739 5420 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/03/20 20:36:44.0801 5420 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

2011/03/20 20:36:44.0832 5420 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/03/20 20:36:44.0879 5420 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys

2011/03/20 20:36:44.0926 5420 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2011/03/20 20:36:44.0973 5420 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2011/03/20 20:36:44.0988 5420 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2011/03/20 20:36:45.0082 5420 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2011/03/20 20:36:45.0129 5420 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/03/20 20:36:45.0207 5420 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/03/20 20:36:45.0238 5420 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/03/20 20:36:45.0347 5420 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/03/20 20:36:45.0409 5420 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/03/20 20:36:45.0503 5420 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/03/20 20:36:45.0550 5420 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

2011/03/20 20:36:45.0597 5420 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/03/20 20:36:45.0846 5420 ================================================================================

2011/03/20 20:36:45.0846 5420 Scan finished

2011/03/20 20:36:45.0846 5420 ================================================================================

2011/03/20 20:36:45.0862 6128 Detected object count: 1

2011/03/20 20:36:55.0518 6128 Locked file(vbmaf29c) - User select action: Skip

2011/03/20 20:37:34.0627 1072 ================================================================================

2011/03/20 20:37:34.0627 1072 Scan started

2011/03/20 20:37:34.0627 1072 Mode: Manual;

2011/03/20 20:37:34.0627 1072 ================================================================================

2011/03/20 20:37:34.0908 1072 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

2011/03/20 20:37:34.0955 1072 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

2011/03/20 20:37:34.0971 1072 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

2011/03/20 20:37:35.0017 1072 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/03/20 20:37:35.0064 1072 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/03/20 20:37:35.0111 1072 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/03/20 20:37:35.0173 1072 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys

2011/03/20 20:37:35.0205 1072 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

2011/03/20 20:37:35.0236 1072 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/03/20 20:37:35.0283 1072 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

2011/03/20 20:37:35.0298 1072 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

2011/03/20 20:37:35.0329 1072 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

2011/03/20 20:37:35.0376 1072 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/03/20 20:37:35.0407 1072 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/03/20 20:37:35.0439 1072 amdsata (b36ab127a99d6f57e7ac9ea359ecf2bc) C:\Windows\system32\DRIVERS\amdsata.sys

2011/03/20 20:37:35.0470 1072 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/03/20 20:37:35.0517 1072 amdxata (3da0c67e814ef434bca19a12cf1281b9) C:\Windows\system32\DRIVERS\amdxata.sys

2011/03/20 20:37:35.0548 1072 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

2011/03/20 20:37:35.0595 1072 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/03/20 20:37:35.0626 1072 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/03/20 20:37:35.0657 1072 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/03/20 20:37:35.0673 1072 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

2011/03/20 20:37:35.0735 1072 athr (cf3f2e0fd33a784c8c66a3c5b3cf2d27) C:\Windows\system32\DRIVERS\athr.sys

2011/03/20 20:37:35.0766 1072 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys

2011/03/20 20:37:35.0829 1072 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/03/20 20:37:35.0860 1072 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/03/20 20:37:35.0907 1072 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/03/20 20:37:35.0953 1072 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/03/20 20:37:35.0985 1072 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys

2011/03/20 20:37:36.0031 1072 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/03/20 20:37:36.0047 1072 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/03/20 20:37:36.0094 1072 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/03/20 20:37:36.0125 1072 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/03/20 20:37:36.0156 1072 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/03/20 20:37:36.0172 1072 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/03/20 20:37:36.0203 1072 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/03/20 20:37:36.0265 1072 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/03/20 20:37:36.0297 1072 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\drivers\tskC763.tmp

2011/03/20 20:37:36.0343 1072 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/03/20 20:37:36.0375 1072 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/03/20 20:37:36.0421 1072 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/03/20 20:37:36.0468 1072 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

2011/03/20 20:37:36.0499 1072 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/03/20 20:37:36.0546 1072 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/03/20 20:37:36.0593 1072 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

2011/03/20 20:37:36.0640 1072 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/03/20 20:37:36.0702 1072 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys

2011/03/20 20:37:36.0765 1072 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/03/20 20:37:36.0796 1072 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/03/20 20:37:36.0858 1072 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/03/20 20:37:36.0905 1072 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys

2011/03/20 20:37:36.0999 1072 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/03/20 20:37:37.0077 1072 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/03/20 20:37:37.0123 1072 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

2011/03/20 20:37:37.0170 1072 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/03/20 20:37:37.0201 1072 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/03/20 20:37:37.0233 1072 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/03/20 20:37:37.0279 1072 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/03/20 20:37:37.0311 1072 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/03/20 20:37:37.0342 1072 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/03/20 20:37:37.0389 1072 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/03/20 20:37:37.0435 1072 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/03/20 20:37:37.0482 1072 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys

2011/03/20 20:37:37.0498 1072 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/03/20 20:37:37.0545 1072 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

2011/03/20 20:37:37.0576 1072 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/03/20 20:37:37.0638 1072 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/03/20 20:37:37.0779 1072 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/03/20 20:37:37.0810 1072 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/03/20 20:37:37.0841 1072 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/03/20 20:37:37.0903 1072 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/03/20 20:37:37.0950 1072 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/03/20 20:37:37.0981 1072 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

2011/03/20 20:37:38.0059 1072 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

2011/03/20 20:37:38.0122 1072 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

2011/03/20 20:37:38.0153 1072 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

2011/03/20 20:37:38.0200 1072 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/03/20 20:37:38.0231 1072 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys

2011/03/20 20:37:38.0278 1072 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/03/20 20:37:38.0356 1072 IntcAzAudAddService (e345ec27c8dff8728f5c6f0413699dc5) C:\Windows\system32\drivers\RTKVHDA.sys

2011/03/20 20:37:38.0403 1072 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

2011/03/20 20:37:38.0449 1072 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/03/20 20:37:38.0496 1072 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/03/20 20:37:38.0512 1072 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2011/03/20 20:37:38.0543 1072 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/03/20 20:37:38.0559 1072 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/03/20 20:37:38.0621 1072 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

2011/03/20 20:37:38.0652 1072 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/03/20 20:37:38.0683 1072 JMCR (96c4439a37ee719769d446dd430e9a33) C:\Windows\system32\DRIVERS\jmcr.sys

2011/03/20 20:37:38.0715 1072 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\tsk24ED.tmp

2011/03/20 20:37:38.0730 1072 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/03/20 20:37:38.0777 1072 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

2011/03/20 20:37:38.0808 1072 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

2011/03/20 20:37:38.0871 1072 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/03/20 20:37:38.0917 1072 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/03/20 20:37:38.0949 1072 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/03/20 20:37:38.0980 1072 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/03/20 20:37:39.0027 1072 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/03/20 20:37:39.0058 1072 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/03/20 20:37:39.0120 1072 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/03/20 20:37:39.0151 1072 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/03/20 20:37:39.0183 1072 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/03/20 20:37:39.0198 1072 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/03/20 20:37:39.0261 1072 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2011/03/20 20:37:39.0307 1072 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/03/20 20:37:39.0354 1072 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

2011/03/20 20:37:39.0385 1072 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

2011/03/20 20:37:39.0417 1072 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/03/20 20:37:39.0448 1072 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

2011/03/20 20:37:39.0495 1072 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/03/20 20:37:39.0526 1072 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/03/20 20:37:39.0557 1072 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/03/20 20:37:39.0604 1072 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

2011/03/20 20:37:39.0619 1072 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

2011/03/20 20:37:39.0682 1072 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/03/20 20:37:39.0729 1072 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/03/20 20:37:39.0760 1072 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

2011/03/20 20:37:39.0791 1072 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/03/20 20:37:39.0822 1072 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/03/20 20:37:39.0838 1072 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/03/20 20:37:39.0885 1072 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/03/20 20:37:39.0931 1072 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/03/20 20:37:39.0963 1072 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/03/20 20:37:39.0994 1072 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/03/20 20:37:40.0025 1072 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/03/20 20:37:40.0056 1072 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/03/20 20:37:40.0087 1072 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

2011/03/20 20:37:40.0119 1072 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/03/20 20:37:40.0181 1072 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/03/20 20:37:40.0197 1072 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/03/20 20:37:40.0259 1072 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/03/20 20:37:40.0290 1072 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

2011/03/20 20:37:40.0353 1072 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\Windows\system32\DRIVERS\netaapl.sys

2011/03/20 20:37:40.0399 1072 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\drivers\tskC86C.tmp

2011/03/20 20:37:40.0431 1072 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

2011/03/20 20:37:40.0493 1072 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/03/20 20:37:40.0524 1072 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/03/20 20:37:40.0540 1072 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/03/20 20:37:40.0618 1072 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys

2011/03/20 20:37:40.0649 1072 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/03/20 20:37:40.0852 1072 nvlddmkm (b71077e8b72b2abf4a6f9c4242f600bb) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2011/03/20 20:37:40.0961 1072 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys

2011/03/20 20:37:40.0992 1072 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys

2011/03/20 20:37:41.0023 1072 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

2011/03/20 20:37:41.0055 1072 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/03/20 20:37:41.0117 1072 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2011/03/20 20:37:41.0148 1072 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

2011/03/20 20:37:41.0179 1072 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2011/03/20 20:37:41.0242 1072 PCDSRVC{4F253FFC-7957E8FC-06000000}_0 (a88f42ad20418620d08a13ad1a70c083) c:\program files\pc-doctor for windows\pcdsrvc.pkms

2011/03/20 20:37:41.0304 1072 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

2011/03/20 20:37:41.0335 1072 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

2011/03/20 20:37:41.0382 1072 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/03/20 20:37:41.0413 1072 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/03/20 20:37:41.0445 1072 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/03/20 20:37:41.0554 1072 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/03/20 20:37:41.0585 1072 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2011/03/20 20:37:41.0632 1072 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/03/20 20:37:41.0679 1072 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2011/03/20 20:37:41.0725 1072 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/03/20 20:37:41.0772 1072 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/03/20 20:37:41.0788 1072 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/03/20 20:37:41.0819 1072 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/03/20 20:37:41.0866 1072 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/03/20 20:37:41.0897 1072 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/03/20 20:37:41.0959 1072 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/03/20 20:37:41.0975 1072 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

2011/03/20 20:37:42.0006 1072 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/03/20 20:37:42.0037 1072 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/03/20 20:37:42.0069 1072 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/03/20 20:37:42.0115 1072 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/03/20 20:37:42.0147 1072 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

2011/03/20 20:37:42.0178 1072 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

2011/03/20 20:37:42.0240 1072 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/03/20 20:37:42.0287 1072 RTL8167 (ae51516a7f70af7b5d9070fe41442e87) C:\Windows\system32\DRIVERS\Rt86win7.sys

2011/03/20 20:37:42.0334 1072 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

2011/03/20 20:37:42.0365 1072 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

2011/03/20 20:37:42.0412 1072 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/03/20 20:37:42.0459 1072 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/03/20 20:37:42.0490 1072 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/03/20 20:37:42.0521 1072 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2011/03/20 20:37:42.0568 1072 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

2011/03/20 20:37:42.0599 1072 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2011/03/20 20:37:42.0630 1072 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys

2011/03/20 20:37:42.0661 1072 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/03/20 20:37:42.0708 1072 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

2011/03/20 20:37:42.0739 1072 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/03/20 20:37:42.0786 1072 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/03/20 20:37:42.0849 1072 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/03/20 20:37:42.0895 1072 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/03/20 20:37:42.0958 1072 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys

2011/03/20 20:37:42.0973 1072 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys

2011/03/20 20:37:43.0005 1072 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys

2011/03/20 20:37:43.0067 1072 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2011/03/20 20:37:43.0114 1072 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

2011/03/20 20:37:43.0207 1072 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys

2011/03/20 20:37:43.0254 1072 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys

2011/03/20 20:37:43.0301 1072 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

2011/03/20 20:37:43.0332 1072 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

2011/03/20 20:37:43.0348 1072 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

2011/03/20 20:37:43.0395 1072 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

2011/03/20 20:37:43.0426 1072 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

2011/03/20 20:37:43.0488 1072 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/03/20 20:37:43.0504 1072 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

2011/03/20 20:37:43.0566 1072 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2011/03/20 20:37:43.0613 1072 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

2011/03/20 20:37:43.0660 1072 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

2011/03/20 20:37:43.0691 1072 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

2011/03/20 20:37:43.0738 1072 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2011/03/20 20:37:43.0769 1072 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys

2011/03/20 20:37:43.0800 1072 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/03/20 20:37:43.0847 1072 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

2011/03/20 20:37:43.0863 1072 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\drivers\tskCC53.tmp

2011/03/20 20:37:43.0909 1072 usbfilter (0150b06d3e73f6c27afcb963fd931820) C:\Windows\system32\DRIVERS\usbfilter.sys

2011/03/20 20:37:43.0956 1072 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys

2011/03/20 20:37:43.0972 1072 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

2011/03/20 20:37:44.0003 1072 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/03/20 20:37:44.0050 1072 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

2011/03/20 20:37:44.0081 1072 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/03/20 20:37:44.0112 1072 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/03/20 20:37:44.0159 1072 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys

2011/03/20 20:37:44.0206 1072 vbmaf29c (440bf10ed8877b6f9c80badd8b75a6a3) C:\Windows\system32\drivers\vbmaf29c.sys

2011/03/20 20:37:44.0206 1072 Suspicious file (NoAccess): C:\Windows\system32\drivers\vbmaf29c.sys. md5: 440bf10ed8877b6f9c80badd8b75a6a3

2011/03/20 20:37:44.0206 1072 vbmaf29c - detected Locked file (1)

2011/03/20 20:37:44.0237 1072 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

2011/03/20 20:37:44.0268 1072 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/03/20 20:37:44.0315 1072 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/03/20 20:37:44.0346 1072 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

2011/03/20 20:37:44.0393 1072 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

2011/03/20 20:37:44.0409 1072 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2011/03/20 20:37:44.0440 1072 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

2011/03/20 20:37:44.0487 1072 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

2011/03/20 20:37:44.0518 1072 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/03/20 20:37:44.0533 1072 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

2011/03/20 20:37:44.0580 1072 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/03/20 20:37:44.0627 1072 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

2011/03/20 20:37:44.0658 1072 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/03/20 20:37:44.0705 1072 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys

2011/03/20 20:37:44.0752 1072 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2011/03/20 20:37:44.0767 1072 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2011/03/20 20:37:44.0783 1072 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2011/03/20 20:37:44.0861 1072 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2011/03/20 20:37:44.0908 1072 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/03/20 20:37:44.0970 1072 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/03/20 20:37:45.0017 1072 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/03/20 20:37:45.0095 1072 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/03/20 20:37:45.0157 1072 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/03/20 20:37:45.0204 1072 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/03/20 20:37:45.0267 1072 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

2011/03/20 20:37:45.0298 1072 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/03/20 20:37:45.0594 1072 ================================================================================

2011/03/20 20:37:45.0594 1072 Scan finished

2011/03/20 20:37:45.0594 1072 ================================================================================

2011/03/20 20:37:45.0625 0920 Detected object count: 1

2011/03/20 20:44:53.0271 0920 Locked file(vbmaf29c) - User select action: Skip

2011/03/20 20:44:56.0250 4944 Deinitialize success

Link to post
Share on other sites

Download GMER here by clicking download exe -button and then saving it your desktop:

  • Double-click .exe that you downloaded
  • Click rootkit-tab, uncheck files option and then click scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

Link to post
Share on other sites

Hi again,

I downloaded it then went to run it but it shut down just like malwarebytes.

when i went to run it again i got a pop up saying

"Windows cannot access the specitied device, path, or file. You may not have the appropriate permission to access the item."

This is the same thing that pops up with malwarebytes.

Link to post
Share on other sites

Hi,

Run RKill

Click your start button, right click on Computer and select properties

Click Device manager (on the left side of the window)

Click View menu and click Show hidden devices if it doesn't have checkmark in front of it.

Click the arrow sign beside System Devices to expand branch contents

Under System Devices section look for something with cmz vmkd and virtual bus in its name.

Right click the entry and select uninstall.

Close Device manager window.

Rename ComboFix.exe file -> testing.exe and try to run it.

Link to post
Share on other sites

Hi,

I did as you said and combofix worked. However I can not use IE or firefox. I am on my PC at the moment.

The pop up is saying "Illegal operation attempted on a registry key that has been marked for deletion" When I try to open the browser.

Attached is the log for combofix.

log.txt

Link to post
Share on other sites

Hi,

That looks better but we still got some things left to do.

Open notepad and copy/paste the text in the quotebox below into it:


FileLook::
c:\windows\system32\drivers\tsk24ED.tmp
c:\windows\system32\drivers\tskBF1A.tmp

Save this as

CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe

Then post the resultant log.

Uninstall old Adobe Reader versions and get the latest one ((Adobe Reader X + 10.0.1 update for it)) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Link to post
Share on other sites

Hi,

Please run ComboFix with the following cfscript contents:

FCopy::
c:\windows\system32\drivers\tsk24ED.tmp|c:\windows\system32\drivers\kbdclass.sys
c:\windows\system32\drivers\tskBF1A.tmp|c:\windows\system32\drivers\mouclass.sys
c:\windows\system32\drivers\tskC86C.tmp|c:\windows\system32\drivers\netbios.sys
c:\windows\system32\drivers\tskCC53.tmp|c:\windows\system32\drivers\usbehci.sys

Post back the result log.

Link to post
Share on other sites

Good. Please run ComboFix now with this cfscript:

Registry::
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\cdrom]
"ImagePath"="system32\drivers\cdrom.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\kbdclass]
"ImagePath"="system32\drivers\kbdclass.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetBIOS]
"ImagePath"="system32\drivers\netbios.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbehci]
"ImagePath"="system32\drivers\usbehci.sys"

Post back the log.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.