Jump to content

i think i have the redirect virus


Recommended Posts

hi my laptop has started to direct me to web pages from 100searches.com i cannot get to any of the web pages i want.

i have tried to run my virus checker but it disappears shortly after starting, same thing with spyware doctor and Avira.

i have managed to get mbam to load and update successfully in safe mode, but it stops running the scan a short while after i start it.

i dont want to try anything else as i may cause more harm than good.

thanks for the help.

Link to post
Share on other sites

Hi and :welcome:

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Link to post
Share on other sites

thanks for your help.

i should say that i am having to use my desktop pc to download and post as the laptop is not able to get to a lot of the sites i need.

hope this is the correct way to post these files

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by ste at 16:42:15 on 2011-07-10

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2039.1281 [GMT 1:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

"\\.\globalroot\Device\svchost.exe\svchost.exe"

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\STacSV.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k NetworkService

C:\Windows\system32\taskhost.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\aestsrv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\crypserv.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Users\ste\AppData\Local\TVersity\Media Server\MediaServer.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\ste\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\Program Files\Common Files\Teleca Shared\logger.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\WUDFHost.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

mStart Page = about:blank

uURLSearchHooks: H - No File

mWinlogon: Userinit=c:\windows\system32\userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

uRun: [Google Update] "c:\users\ste\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRunOnce: [bitDefenderURL] "c:\program files\common files\bitdefender\LinkInstaller.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

mPolicies-explorer: NoThemesTab = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: NoDispAppearancePage = 0 (0x0)

mPolicies-system: NoColorChoice = 0 (0x0)

mPolicies-system: NoSizeChoice = 0 (0x0)

mPolicies-system: NoVisualStyleChoice = 0 (0x0)

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{00EE4C1D-3068-4AFE-9603-D56FD09D5D90} : DhcpNameServer = 192.168.100.254

TCP: Interfaces\{06889F56-6D6E-4CB4-85D8-093DFDD3DBAD} : DhcpNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{06889F56-6D6E-4CB4-85D8-093DFDD3DBAD}\16C65656A716 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{06889F56-6D6E-4CB4-85D8-093DFDD3DBAD}\8445340205F627471626C6560284F6473707F647 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{06889F56-6D6E-4CB4-85D8-093DFDD3DBAD}\84453402E6564777F627B6 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{9724EE72-7657-4F7D-B144-CFBD0FEF652F} : DhcpNameServer = 192.168.100.254

TCP: Interfaces\{BF9A15C4-C789-41D3-878E-A85C850445EA} : DhcpNameServer = 192.168.100.254

Notify: igfxcui - igfxdev.dll

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_fa0513b7754bf240\AEstSrv.exe [2009-3-2 81920]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2009-11-13 58368]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]

RUnknown BDVEDISK;BDVEDISK; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-3-22 29472]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-3-23 54632]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-3-20 15872]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-4-6 96488]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-4-6 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-4-6 121576]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-20 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-28 1343400]

.

=============== Created Last 30 ================

.

2011-07-09 15:22:13 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-07-09 15:11:02 3510 ----a-w- c:\windows\system32\tmp.reg

2011-06-30 05:59:18 -------- d-----w- c:\program files\common files\PC Tools

2011-06-29 21:50:51 -------- d-----w- c:\windows\system32\appmgmt

2011-06-29 19:57:23 -------- d-----w- c:\programdata\PC Tools

2011-06-29 19:21:01 -------- d-----w- c:\programdata\IObit

2011-06-29 18:52:20 -------- d-----w- c:\users\ste\appdata\roaming\Malwarebytes

2011-06-29 18:52:05 -------- d-----w- c:\programdata\Malwarebytes

2011-06-29 18:41:49 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-06-29 18:41:31 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe

2011-06-29 18:41:31 666624 ----a-w- c:\windows\system32\mssvp.dll

2011-06-29 18:41:31 59392 ----a-w- c:\windows\system32\msscntrs.dll

2011-06-29 18:41:31 427520 ----a-w- c:\windows\system32\SearchIndexer.exe

2011-06-29 18:41:31 337408 ----a-w- c:\windows\system32\mssph.dll

2011-06-29 18:41:31 197120 ----a-w- c:\windows\system32\mssphtb.dll

2011-06-29 18:41:31 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe

2011-06-29 18:41:31 1549312 ----a-w- c:\windows\system32\tquery.dll

2011-06-29 18:41:31 1401344 ----a-w- c:\windows\system32\mssrch.dll

2011-06-29 17:43:36 -------- d-----w- c:\program files\IObit

2011-06-29 17:29:23 -------- d-----w- c:\users\ste\appdata\roaming\IObit

2011-06-29 16:31:18 -------- d-----w- c:\program files\common files\Scanner

2011-06-29 02:53:16 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{359be00e-5a90-4241-aa5b-11ee5dec5d4e}\mpengine.dll

2011-06-28 20:39:57 -------- d--h--w- c:\programdata\Common Files

2011-06-28 20:34:08 -------- d-----w- c:\programdata\MFAData

2011-06-28 17:16:15 -------- d-----w- c:\windows\system32\Wat

2011-06-28 16:59:40 15872 ----a-w- c:\windows\system32\drivers\1251060398.sys

2011-06-26 19:23:25 175616 ----a-w- c:\windows\system32\unrar.dll

2011-06-26 18:02:42 -------- d-----w- c:\users\ste\appdata\local\QuickPar

2011-06-26 18:01:39 -------- d-----w- c:\program files\QuickPar

2011-06-25 19:09:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-21 20:01:37 56832 ------w- c:\windows\system32\iyvu9_32.dll

2011-06-21 20:01:36 143872 ------w- c:\windows\system32\iacenc.dll

2011-06-21 20:01:14 1622016 ------w- c:\program files\microsoft games\age of empires\EMPIRES.EXE

2011-06-21 20:01:12 1513984 ------w- c:\program files\microsoft games\age of empires\EMPIRESX.EXE

2011-06-21 20:01:08 319553 ------w- c:\program files\microsoft games\age of empires\Uninstal.Exe

2011-06-21 20:01:08 2744320 ------w- c:\program files\microsoft games\age of empires\SETUPENU.DLL

2011-06-21 20:00:42 160256 ------w- c:\program files\microsoft games\age of empires\languagex.dll

2011-06-21 20:00:41 174080 ------w- c:\program files\microsoft games\age of empires\language.dll

2011-06-21 20:00:14 29184 ------w- c:\program files\microsoft games\age of empires\data2\closedpw.exe

2011-06-21 19:59:47 29184 ------w- c:\program files\microsoft games\age of empires\data\closedpw.exe

2011-06-21 19:59:43 32768 ------w- c:\program files\microsoft games\age of empires\AoEHlp.dll

2011-06-21 19:59:43 32768 ------w- c:\program files\microsoft games\age of empires\aelaunch.dll

2011-06-19 19:17:58 310272 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-19 19:17:58 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-19 19:17:57 311808 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-19 19:17:54 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-19 19:17:53 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-19 19:17:46 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-19 19:17:39 741376 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-19 19:10:53 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-06-19 19:08:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-19 19:08:29 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-19 19:08:29 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.

==================== Find3M ====================

.

2011-05-24 18:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7601 Disk: FUJITSU_MJA2160BH_G2 rev.8919 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8CDEA890]<<

_asm { PUSH ECX; MOV EAX, [ESP+0x8]; PUSH EBX; PUSH EBP; PUSH ESI; PUSH EDI; CMP EAX, [0x8cdf0964]; JNZ 0x22; MOV EBX, [ESP+0x1c]; CALL 0xfffffffffffffcc0; }

1 ntkrnlpa!IofCallDriver[0x81C8652F] -> \Device\Harddisk0\DR0[0x84CAE528]

3 CLASSPNP[0x8878359E] -> ntkrnlpa!IofCallDriver[0x81C8652F] -> [0x85060A90]

\Driver\Disk[0x85049870] -> IRP_MJ_CREATE -> 0x8CDEA890

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; }

user & kernel MBR OK

.

============= FINISH: 16:43:20.76 ===============

Link to post
Share on other sites

You have a nasty rootkit on your computer. Please read the following information first.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

i have run the tdss for now, but may have to reinstall.

thanks for the speedy reply.

2011/07/10 17:15:21.0646 3636 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21

2011/07/10 17:15:21.0693 3636 ================================================================================

2011/07/10 17:15:21.0693 3636 SystemInfo:

2011/07/10 17:15:21.0693 3636

2011/07/10 17:15:21.0693 3636 OS Version: 6.1.7601 ServicePack: 1.0

2011/07/10 17:15:21.0693 3636 Product type: Workstation

2011/07/10 17:15:21.0693 3636 ComputerName: STE-LAPTOP

2011/07/10 17:15:21.0693 3636 UserName: ste

2011/07/10 17:15:21.0693 3636 Windows directory: C:\Windows

2011/07/10 17:15:21.0693 3636 System windows directory: C:\Windows

2011/07/10 17:15:21.0693 3636 Processor architecture: Intel x86

2011/07/10 17:15:21.0693 3636 Number of processors: 2

2011/07/10 17:15:21.0693 3636 Page size: 0x1000

2011/07/10 17:15:21.0693 3636 Boot type: Normal boot

2011/07/10 17:15:21.0693 3636 ================================================================================

2011/07/10 17:15:23.0565 3636 Initialize success

2011/07/10 17:17:03.0998 2848 ================================================================================

2011/07/10 17:17:03.0998 2848 Scan started

2011/07/10 17:17:03.0998 2848 Mode: Manual;

2011/07/10 17:17:03.0998 2848 ================================================================================

2011/07/10 17:17:04.0669 2848 Suspicious service (NoAccess): 1251060398

2011/07/10 17:17:04.0856 2848 1251060398 (53c3a9bbd1eb737fa89ff86750c47cc4) C:\Windows\system32\drivers\1251060398.sys

2011/07/10 17:17:04.0856 2848 Suspicious file (NoAccess): C:\Windows\system32\drivers\1251060398.sys. md5: 53c3a9bbd1eb737fa89ff86750c47cc4

2011/07/10 17:17:04.0872 2848 1251060398 - detected LockedService.Multi.Generic (1)

2011/07/10 17:17:04.0996 2848 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

2011/07/10 17:17:05.0215 2848 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

2011/07/10 17:17:05.0324 2848 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

2011/07/10 17:17:05.0589 2848 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/07/10 17:17:05.0854 2848 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/07/10 17:17:06.0104 2848 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/07/10 17:17:06.0400 2848 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

2011/07/10 17:17:06.0510 2848 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

2011/07/10 17:17:06.0728 2848 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/07/10 17:17:06.0884 2848 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

2011/07/10 17:17:07.0071 2848 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

2011/07/10 17:17:07.0196 2848 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

2011/07/10 17:17:07.0414 2848 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/07/10 17:17:07.0524 2848 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/07/10 17:17:07.0711 2848 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys

2011/07/10 17:17:07.0867 2848 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/07/10 17:17:08.0070 2848 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys

2011/07/10 17:17:08.0210 2848 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

2011/07/10 17:17:08.0475 2848 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/07/10 17:17:08.0538 2848 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/07/10 17:17:08.0756 2848 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/07/10 17:17:08.0881 2848 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

2011/07/10 17:17:09.0146 2848 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/07/10 17:17:09.0427 2848 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/07/10 17:17:09.0723 2848 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\Windows\system32\DRIVERS\bcmwl6.sys

2011/07/10 17:17:09.0973 2848 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/07/10 17:17:10.0098 2848 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/07/10 17:17:10.0285 2848 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

2011/07/10 17:17:10.0410 2848 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/07/10 17:17:10.0550 2848 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/07/10 17:17:10.0706 2848 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/07/10 17:17:10.0878 2848 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/07/10 17:17:11.0018 2848 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/07/10 17:17:11.0174 2848 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/07/10 17:17:11.0408 2848 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys

2011/07/10 17:17:11.0486 2848 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/07/10 17:17:11.0704 2848 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys

2011/07/10 17:17:11.0923 2848 BTHPORT (195c41cc67e9e1cedd960ccb74925920) C:\Windows\System32\Drivers\BTHport.sys

2011/07/10 17:17:12.0141 2848 BTHUSB (43b3206dd654e783aa7e4ead340a43b8) C:\Windows\System32\Drivers\BTHUSB.sys

2011/07/10 17:17:12.0375 2848 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys

2011/07/10 17:17:12.0609 2848 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys

2011/07/10 17:17:12.0828 2848 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\drivers\btwavdt.sys

2011/07/10 17:17:13.0077 2848 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys

2011/07/10 17:17:13.0186 2848 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys

2011/07/10 17:17:13.0420 2848 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/07/10 17:17:13.0654 2848 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys

2011/07/10 17:17:13.0904 2848 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/07/10 17:17:14.0029 2848 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/07/10 17:17:14.0294 2848 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/07/10 17:17:14.0403 2848 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

2011/07/10 17:17:14.0622 2848 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/07/10 17:17:14.0856 2848 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/07/10 17:17:14.0965 2848 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

2011/07/10 17:17:15.0168 2848 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/07/10 17:17:15.0433 2848 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

2011/07/10 17:17:15.0729 2848 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

2011/07/10 17:17:15.0854 2848 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/07/10 17:17:16.0057 2848 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/07/10 17:17:16.0338 2848 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/07/10 17:17:16.0494 2848 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

2011/07/10 17:17:16.0837 2848 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/07/10 17:17:17.0211 2848 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/07/10 17:17:17.0461 2848 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

2011/07/10 17:17:17.0617 2848 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/07/10 17:17:17.0804 2848 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/07/10 17:17:17.0929 2848 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/07/10 17:17:18.0147 2848 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/07/10 17:17:18.0256 2848 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/07/10 17:17:18.0397 2848 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/07/10 17:17:18.0584 2848 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/07/10 17:17:18.0771 2848 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/07/10 17:17:18.0958 2848 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys

2011/07/10 17:17:19.0161 2848 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/07/10 17:17:19.0333 2848 FTDIBUS (b7aa8283ec551d3a3b924e520e0621a7) C:\Windows\system32\drivers\opcomusb.sys

2011/07/10 17:17:19.0520 2848 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

2011/07/10 17:17:19.0754 2848 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/07/10 17:17:19.0832 2848 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/07/10 17:17:20.0066 2848 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

2011/07/10 17:17:20.0300 2848 HDAudBus (058a5bb36c8d4db6dad77a32ffa437b5) C:\Windows\system32\drivers\HDAudBus.sys

2011/07/10 17:17:20.0316 2848 Suspicious file (Forged): C:\Windows\system32\drivers\HDAudBus.sys. Real md5: 058a5bb36c8d4db6dad77a32ffa437b5, Fake md5: 9036377b8a6c15dc2eec53e489d159b5

2011/07/10 17:17:20.0331 2848 HDAudBus - detected Rootkit.Win32.ZAccess.c (0)

2011/07/10 17:17:20.0409 2848 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/07/10 17:17:20.0565 2848 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/07/10 17:17:20.0690 2848 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/07/10 17:17:20.0924 2848 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys

2011/07/10 17:17:21.0111 2848 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

2011/07/10 17:17:21.0345 2848 HTCAND32 (950cc1e6ae3a6cd23e0945cde089b02c) C:\Windows\system32\Drivers\ANDROIDUSB.sys

2011/07/10 17:17:21.0501 2848 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

2011/07/10 17:17:21.0704 2848 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

2011/07/10 17:17:21.0907 2848 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

2011/07/10 17:17:22.0203 2848 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys

2011/07/10 17:17:22.0624 2848 igfx (a79416044080f5ade931517c45be9d58) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/07/10 17:17:22.0983 2848 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/07/10 17:17:23.0139 2848 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

2011/07/10 17:17:23.0358 2848 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/07/10 17:17:23.0560 2848 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/07/10 17:17:23.0716 2848 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

2011/07/10 17:17:23.0904 2848 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/07/10 17:17:23.0997 2848 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/07/10 17:17:24.0184 2848 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

2011/07/10 17:17:24.0340 2848 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

2011/07/10 17:17:24.0528 2848 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

2011/07/10 17:17:24.0668 2848 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

2011/07/10 17:17:24.0949 2848 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

2011/07/10 17:17:25.0058 2848 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

2011/07/10 17:17:25.0276 2848 L1C (3705b2273e8efc9a707864ab7324b614) C:\Windows\system32\DRIVERS\L1C62x86.sys

2011/07/10 17:17:25.0542 2848 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/07/10 17:17:25.0666 2848 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/07/10 17:17:25.0869 2848 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/07/10 17:17:26.0088 2848 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/07/10 17:17:26.0181 2848 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/07/10 17:17:26.0400 2848 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/07/10 17:17:26.0493 2848 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/07/10 17:17:26.0712 2848 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/07/10 17:17:26.0961 2848 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/07/10 17:17:27.0055 2848 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/07/10 17:17:27.0273 2848 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys

2011/07/10 17:17:27.0523 2848 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/07/10 17:17:27.0663 2848 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

2011/07/10 17:17:27.0866 2848 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

2011/07/10 17:17:27.0960 2848 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/07/10 17:17:28.0178 2848 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

2011/07/10 17:17:28.0303 2848 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/07/10 17:17:28.0474 2848 mrxsmb10 (a70c828a93cce4c11617f6249f4d87fc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/07/10 17:17:28.0615 2848 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/07/10 17:17:28.0818 2848 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

2011/07/10 17:17:28.0927 2848 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

2011/07/10 17:17:29.0192 2848 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/07/10 17:17:29.0270 2848 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/07/10 17:17:29.0473 2848 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

2011/07/10 17:17:29.0613 2848 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/07/10 17:17:29.0769 2848 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/07/10 17:17:29.0941 2848 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/07/10 17:17:30.0112 2848 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/07/10 17:17:30.0268 2848 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

2011/07/10 17:17:30.0502 2848 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/07/10 17:17:30.0580 2848 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/07/10 17:17:30.0814 2848 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/07/10 17:17:31.0080 2848 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/07/10 17:17:31.0220 2848 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

2011/07/10 17:17:31.0485 2848 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/07/10 17:17:31.0610 2848 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/07/10 17:17:31.0797 2848 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/07/10 17:17:31.0953 2848 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/07/10 17:17:32.0125 2848 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

2011/07/10 17:17:32.0328 2848 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/07/10 17:17:32.0484 2848 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

2011/07/10 17:17:32.0749 2848 NetworkX (ae980fce2581e45dfe1cd187af4838f0) C:\Windows\system32\ckldrv.sys

2011/07/10 17:17:32.0874 2848 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/07/10 17:17:33.0045 2848 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/07/10 17:17:33.0170 2848 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/07/10 17:17:33.0373 2848 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys

2011/07/10 17:17:33.0591 2848 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/07/10 17:17:33.0716 2848 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys

2011/07/10 17:17:33.0919 2848 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys

2011/07/10 17:17:34.0153 2848 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

2011/07/10 17:17:34.0262 2848 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

2011/07/10 17:17:34.0512 2848 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2011/07/10 17:17:34.0621 2848 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

2011/07/10 17:17:34.0808 2848 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2011/07/10 17:17:34.0980 2848 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

2011/07/10 17:17:35.0136 2848 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

2011/07/10 17:17:35.0260 2848 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/07/10 17:17:35.0432 2848 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/07/10 17:17:35.0572 2848 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/07/10 17:17:36.0056 2848 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/07/10 17:17:36.0118 2848 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2011/07/10 17:17:36.0368 2848 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/07/10 17:17:36.0477 2848 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2011/07/10 17:17:36.0711 2848 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/07/10 17:17:36.0820 2848 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/07/10 17:17:37.0023 2848 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/07/10 17:17:37.0148 2848 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/07/10 17:17:37.0366 2848 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/07/10 17:17:37.0522 2848 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/07/10 17:17:37.0725 2848 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/07/10 17:17:37.0850 2848 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

2011/07/10 17:17:38.0068 2848 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/07/10 17:17:38.0193 2848 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/07/10 17:17:38.0427 2848 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

2011/07/10 17:17:38.0630 2848 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/07/10 17:17:38.0708 2848 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/07/10 17:17:38.0958 2848 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys

2011/07/10 17:17:39.0036 2848 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

2011/07/10 17:17:39.0254 2848 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

2011/07/10 17:17:39.0519 2848 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys

2011/07/10 17:17:39.0816 2848 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/07/10 17:17:40.0299 2848 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

2011/07/10 17:17:40.0533 2848 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

2011/07/10 17:17:40.0658 2848 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

2011/07/10 17:17:40.0954 2848 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/07/10 17:17:41.0235 2848 Ser2pl (8b80a722cce8e16f495fcaeb43d863d1) C:\Windows\system32\DRIVERS\ser2pl.sys

2011/07/10 17:17:41.0469 2848 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/07/10 17:17:41.0532 2848 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/07/10 17:17:41.0719 2848 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2011/07/10 17:17:41.0890 2848 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

2011/07/10 17:17:42.0031 2848 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

2011/07/10 17:17:42.0171 2848 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

2011/07/10 17:17:42.0358 2848 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/07/10 17:17:42.0608 2848 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

2011/07/10 17:17:42.0733 2848 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/07/10 17:17:42.0904 2848 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/07/10 17:17:43.0060 2848 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/07/10 17:17:43.0326 2848 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/07/10 17:17:43.0606 2848 sptd (87b5595eb1c623ff5887e36a35e51ba2) C:\Windows\system32\Drivers\sptd.sys

2011/07/10 17:17:43.0606 2848 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 87b5595eb1c623ff5887e36a35e51ba2

2011/07/10 17:17:43.0638 2848 sptd - detected LockedFile.Multi.Generic (1)

2011/07/10 17:17:43.0762 2848 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

2011/07/10 17:17:43.0981 2848 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

2011/07/10 17:17:44.0059 2848 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

2011/07/10 17:17:44.0262 2848 ssadbus (406776fe3c2b66796bac1a7afb9ac8a1) C:\Windows\system32\DRIVERS\ssadbus.sys

2011/07/10 17:17:44.0386 2848 ssadmdfl (b19532d015a5d295e2aa34bb521202cf) C:\Windows\system32\DRIVERS\ssadmdfl.sys

2011/07/10 17:17:44.0620 2848 ssadmdm (2aebf9108e6f435458b9499c27394da4) C:\Windows\system32\DRIVERS\ssadmdm.sys

2011/07/10 17:17:44.0839 2848 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\Windows\system32\DRIVERS\sscdbus.sys

2011/07/10 17:17:45.0073 2848 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\Windows\system32\DRIVERS\sscdmdfl.sys

2011/07/10 17:17:45.0166 2848 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\Windows\system32\DRIVERS\sscdmdm.sys

2011/07/10 17:17:45.0369 2848 sscdserd (d04bd59f28c78e2e66632092cafc0a2b) C:\Windows\system32\DRIVERS\sscdserd.sys

2011/07/10 17:17:45.0541 2848 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2011/07/10 17:17:45.0759 2848 STHDA (ffe2d0a09c9c806b005c97076cc1034c) C:\Windows\system32\DRIVERS\stwrt.sys

2011/07/10 17:17:46.0009 2848 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

2011/07/10 17:17:46.0149 2848 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

2011/07/10 17:17:46.0352 2848 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

2011/07/10 17:17:46.0711 2848 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys

2011/07/10 17:17:46.0992 2848 Tcpip (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\drivers\tcpip.sys

2011/07/10 17:17:47.0304 2848 TCPIP6 (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\DRIVERS\tcpip.sys

2011/07/10 17:17:47.0444 2848 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

2011/07/10 17:17:47.0678 2848 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

2011/07/10 17:17:47.0740 2848 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

2011/07/10 17:17:47.0850 2848 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

2011/07/10 17:17:48.0052 2848 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

2011/07/10 17:17:48.0255 2848 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/07/10 17:17:48.0458 2848 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

2011/07/10 17:17:48.0723 2848 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

2011/07/10 17:17:48.0942 2848 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2011/07/10 17:17:49.0051 2848 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

2011/07/10 17:17:49.0332 2848 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

2011/07/10 17:17:49.0456 2848 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys

2011/07/10 17:17:49.0675 2848 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2011/07/10 17:17:49.0815 2848 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/07/10 17:17:50.0143 2848 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

2011/07/10 17:17:50.0377 2848 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys

2011/07/10 17:17:50.0658 2848 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys

2011/07/10 17:17:50.0845 2848 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

2011/07/10 17:17:50.0970 2848 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/07/10 17:17:51.0110 2848 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/07/10 17:17:51.0344 2848 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/07/10 17:17:51.0516 2848 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys

2011/07/10 17:17:51.0750 2848 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys

2011/07/10 17:17:51.0953 2848 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

2011/07/10 17:17:52.0140 2848 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/07/10 17:17:52.0280 2848 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/07/10 17:17:52.0530 2848 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

2011/07/10 17:17:52.0701 2848 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

2011/07/10 17:17:52.0842 2848 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2011/07/10 17:17:53.0060 2848 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

2011/07/10 17:17:53.0185 2848 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

2011/07/10 17:17:53.0341 2848 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

2011/07/10 17:17:53.0466 2848 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

2011/07/10 17:17:53.0669 2848 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/07/10 17:17:53.0856 2848 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

2011/07/10 17:17:54.0059 2848 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/07/10 17:17:54.0246 2848 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

2011/07/10 17:17:54.0386 2848 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/07/10 17:17:54.0573 2848 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys

2011/07/10 17:17:54.0761 2848 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2011/07/10 17:17:54.0963 2848 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/10 17:17:55.0026 2848 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/10 17:17:55.0369 2848 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2011/07/10 17:17:55.0463 2848 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/07/10 17:17:55.0868 2848 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/07/10 17:17:56.0087 2848 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/07/10 17:17:56.0445 2848 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/07/10 17:17:56.0648 2848 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

2011/07/10 17:17:56.0882 2848 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/07/10 17:17:57.0194 2848 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

2011/07/10 17:17:57.0288 2848 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/07/10 17:17:57.0522 2848 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

2011/07/10 17:17:57.0584 2848 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR3

2011/07/10 17:17:57.0818 2848 Boot (0x1200) (7588588f077ed5dd98b13767a11b62e9) \Device\Harddisk0\DR0\Partition0

2011/07/10 17:17:57.0865 2848 Boot (0x1200) (ef8f6611176a7e2cff3dfc56a3f2d338) \Device\Harddisk1\DR3\Partition0

2011/07/10 17:17:57.0881 2848 ================================================================================

2011/07/10 17:17:57.0881 2848 Scan finished

2011/07/10 17:17:57.0881 2848 ================================================================================

2011/07/10 17:17:57.0943 3272 Detected object count: 3

2011/07/10 17:17:57.0943 3272 Actual detected object count: 3

2011/07/10 17:20:29.0794 3272 LockedService.Multi.Generic(1251060398) - User select action: Skip

2011/07/10 17:20:30.0012 3272 HDAudBus (058a5bb36c8d4db6dad77a32ffa437b5) C:\Windows\system32\drivers\HDAudBus.sys

2011/07/10 17:20:30.0012 3272 Suspicious file (Forged): C:\Windows\system32\drivers\HDAudBus.sys. Real md5: 058a5bb36c8d4db6dad77a32ffa437b5, Fake md5: 9036377b8a6c15dc2eec53e489d159b5

2011/07/10 17:20:30.0480 3272 Backup copy found, using it..

2011/07/10 17:20:30.0496 3272 C:\Windows\system32\drivers\HDAudBus.sys - will be cured after reboot

2011/07/10 17:20:30.0496 3272 Rootkit.Win32.ZAccess.c(HDAudBus) - User select action: Cure

2011/07/10 17:20:30.0496 3272 LockedFile.Multi.Generic(sptd) - User select action: Skip

2011/07/10 17:20:40.0870 1264 Deinitialize success

Link to post
Share on other sites

no problem

2011/07/10 19:36:02.0164 4016 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21

2011/07/10 19:36:02.0351 4016 ================================================================================

2011/07/10 19:36:02.0351 4016 SystemInfo:

2011/07/10 19:36:02.0351 4016

2011/07/10 19:36:02.0351 4016 OS Version: 6.1.7601 ServicePack: 1.0

2011/07/10 19:36:02.0351 4016 Product type: Workstation

2011/07/10 19:36:02.0351 4016 ComputerName: STE-LAPTOP

2011/07/10 19:36:02.0351 4016 UserName: ste

2011/07/10 19:36:02.0367 4016 Windows directory: C:\Windows

2011/07/10 19:36:02.0367 4016 System windows directory: C:\Windows

2011/07/10 19:36:02.0367 4016 Processor architecture: Intel x86

2011/07/10 19:36:02.0367 4016 Number of processors: 2

2011/07/10 19:36:02.0367 4016 Page size: 0x1000

2011/07/10 19:36:02.0367 4016 Boot type: Normal boot

2011/07/10 19:36:02.0367 4016 ================================================================================

2011/07/10 19:36:11.0009 4016 Initialize success

2011/07/10 19:36:15.0252 1352 ================================================================================

2011/07/10 19:36:15.0252 1352 Scan started

2011/07/10 19:36:15.0252 1352 Mode: Manual;

2011/07/10 19:36:15.0252 1352 ================================================================================

2011/07/10 19:36:17.0218 1352 Suspicious service (NoAccess): 1251060398

2011/07/10 19:36:17.0655 1352 1251060398 (53c3a9bbd1eb737fa89ff86750c47cc4) C:\Windows\system32\drivers\1251060398.sys

2011/07/10 19:36:17.0655 1352 Suspicious file (NoAccess): C:\Windows\system32\drivers\1251060398.sys. md5: 53c3a9bbd1eb737fa89ff86750c47cc4

2011/07/10 19:36:17.0686 1352 1251060398 - detected LockedService.Multi.Generic (1)

2011/07/10 19:36:18.0123 1352 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

2011/07/10 19:36:18.0528 1352 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

2011/07/10 19:36:19.0028 1352 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

2011/07/10 19:36:19.0667 1352 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/07/10 19:36:20.0073 1352 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/07/10 19:36:20.0588 1352 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/07/10 19:36:21.0056 1352 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

2011/07/10 19:36:21.0430 1352 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

2011/07/10 19:36:21.0898 1352 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/07/10 19:36:22.0366 1352 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

2011/07/10 19:36:22.0725 1352 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

2011/07/10 19:36:23.0084 1352 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

2011/07/10 19:36:23.0505 1352 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/07/10 19:36:23.0817 1352 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/07/10 19:36:24.0160 1352 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys

2011/07/10 19:36:24.0581 1352 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/07/10 19:36:24.0971 1352 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys

2011/07/10 19:36:25.0502 1352 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

2011/07/10 19:36:26.0110 1352 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/07/10 19:36:27.0311 1352 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/07/10 19:36:27.0717 1352 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/07/10 19:36:28.0076 1352 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

2011/07/10 19:36:28.0575 1352 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/07/10 19:36:28.0949 1352 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/07/10 19:36:29.0698 1352 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\Windows\system32\DRIVERS\bcmwl6.sys

2011/07/10 19:36:30.0104 1352 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/07/10 19:36:30.0478 1352 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/07/10 19:36:30.0806 1352 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

2011/07/10 19:36:31.0133 1352 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/07/10 19:36:31.0492 1352 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/07/10 19:36:31.0944 1352 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/07/10 19:36:32.0288 1352 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/07/10 19:36:32.0646 1352 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/07/10 19:36:32.0990 1352 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/07/10 19:36:33.0504 1352 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys

2011/07/10 19:36:33.0785 1352 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/07/10 19:36:34.0222 1352 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys

2011/07/10 19:36:34.0659 1352 BTHPORT (195c41cc67e9e1cedd960ccb74925920) C:\Windows\System32\Drivers\BTHport.sys

2011/07/10 19:36:35.0065 1352 BTHUSB (43b3206dd654e783aa7e4ead340a43b8) C:\Windows\System32\Drivers\BTHUSB.sys

2011/07/10 19:36:35.0533 1352 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys

2011/07/10 19:36:35.0907 1352 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys

2011/07/10 19:36:36.0328 1352 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\drivers\btwavdt.sys

2011/07/10 19:36:36.0796 1352 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys

2011/07/10 19:36:37.0264 1352 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys

2011/07/10 19:36:37.0654 1352 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/07/10 19:36:38.0185 1352 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys

2011/07/10 19:36:38.0606 1352 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/07/10 19:36:38.0933 1352 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/07/10 19:36:39.0401 1352 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/07/10 19:36:39.0667 1352 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

2011/07/10 19:36:39.0963 1352 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/07/10 19:36:40.0291 1352 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/07/10 19:36:40.0681 1352 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

2011/07/10 19:36:41.0024 1352 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/07/10 19:36:41.0539 1352 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

2011/07/10 19:36:41.0944 1352 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

2011/07/10 19:36:42.0412 1352 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/07/10 19:36:42.0802 1352 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/07/10 19:36:43.0255 1352 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/07/10 19:36:43.0629 1352 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

2011/07/10 19:36:44.0518 1352 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/07/10 19:36:45.0095 1352 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/07/10 19:36:45.0439 1352 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

2011/07/10 19:36:45.0891 1352 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/07/10 19:36:46.0125 1352 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/07/10 19:36:46.0453 1352 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/07/10 19:36:46.0811 1352 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/07/10 19:36:47.0123 1352 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/07/10 19:36:47.0451 1352 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/07/10 19:36:47.0810 1352 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/07/10 19:36:48.0200 1352 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/07/10 19:36:48.0590 1352 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys

2011/07/10 19:36:48.0964 1352 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/07/10 19:36:49.0323 1352 FTDIBUS (b7aa8283ec551d3a3b924e520e0621a7) C:\Windows\system32\drivers\opcomusb.sys

2011/07/10 19:36:49.0682 1352 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

2011/07/10 19:36:50.0009 1352 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/07/10 19:36:50.0368 1352 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/07/10 19:36:50.0727 1352 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

2011/07/10 19:36:51.0133 1352 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

2011/07/10 19:36:51.0445 1352 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/07/10 19:36:51.0788 1352 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/07/10 19:36:52.0115 1352 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/07/10 19:36:52.0552 1352 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys

2011/07/10 19:36:52.0927 1352 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

2011/07/10 19:36:53.0254 1352 HTCAND32 (950cc1e6ae3a6cd23e0945cde089b02c) C:\Windows\system32\Drivers\ANDROIDUSB.sys

2011/07/10 19:36:53.0582 1352 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

2011/07/10 19:36:53.0941 1352 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

2011/07/10 19:36:54.0315 1352 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

2011/07/10 19:36:54.0689 1352 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys

2011/07/10 19:36:55.0719 1352 igfx (a79416044080f5ade931517c45be9d58) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/07/10 19:36:56.0218 1352 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/07/10 19:36:56.0515 1352 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

2011/07/10 19:36:56.0858 1352 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/07/10 19:36:57.0248 1352 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/07/10 19:36:57.0700 1352 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

2011/07/10 19:36:58.0059 1352 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/07/10 19:36:58.0449 1352 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/07/10 19:36:58.0792 1352 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

2011/07/10 19:36:59.0213 1352 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

2011/07/10 19:36:59.0588 1352 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

2011/07/10 19:36:59.0978 1352 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

2011/07/10 19:37:00.0321 1352 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

2011/07/10 19:37:01.0070 1352 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

2011/07/10 19:37:01.0569 1352 L1C (3705b2273e8efc9a707864ab7324b614) C:\Windows\system32\DRIVERS\L1C62x86.sys

2011/07/10 19:37:02.0131 1352 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/07/10 19:37:02.0661 1352 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/07/10 19:37:03.0129 1352 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/07/10 19:37:03.0597 1352 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/07/10 19:37:04.0034 1352 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/07/10 19:37:04.0798 1352 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/07/10 19:37:05.0859 1352 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/07/10 19:37:06.0717 1352 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/07/10 19:37:07.0201 1352 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/07/10 19:37:07.0747 1352 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/07/10 19:37:08.0324 1352 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys

2011/07/10 19:37:08.0745 1352 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/07/10 19:37:09.0088 1352 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

2011/07/10 19:37:09.0416 1352 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

2011/07/10 19:37:09.0790 1352 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/07/10 19:37:10.0180 1352 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

2011/07/10 19:37:10.0555 1352 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/07/10 19:37:10.0867 1352 mrxsmb10 (a70c828a93cce4c11617f6249f4d87fc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/07/10 19:37:11.0132 1352 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/07/10 19:37:11.0428 1352 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

2011/07/10 19:37:11.0803 1352 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

2011/07/10 19:37:12.0224 1352 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/07/10 19:37:12.0520 1352 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/07/10 19:37:12.0895 1352 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

2011/07/10 19:37:13.0331 1352 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/07/10 19:37:13.0643 1352 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/07/10 19:37:14.0065 1352 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/07/10 19:37:14.0439 1352 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/07/10 19:37:14.0735 1352 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

2011/07/10 19:37:15.0094 1352 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/07/10 19:37:15.0375 1352 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/07/10 19:37:15.0796 1352 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/07/10 19:37:16.0171 1352 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/07/10 19:37:16.0561 1352 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

2011/07/10 19:37:17.0075 1352 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/07/10 19:37:17.0497 1352 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/07/10 19:37:17.0855 1352 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/07/10 19:37:18.0323 1352 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/07/10 19:37:18.0698 1352 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

2011/07/10 19:37:19.0135 1352 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/07/10 19:37:19.0369 1352 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

2011/07/10 19:37:19.0852 1352 NetworkX (ae980fce2581e45dfe1cd187af4838f0) C:\Windows\system32\ckldrv.sys

2011/07/10 19:37:20.0289 1352 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/07/10 19:37:20.0570 1352 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/07/10 19:37:21.0147 1352 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/07/10 19:37:21.0709 1352 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys

2011/07/10 19:37:21.0974 1352 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/07/10 19:37:22.0301 1352 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys

2011/07/10 19:37:22.0691 1352 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys

2011/07/10 19:37:23.0113 1352 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

2011/07/10 19:37:23.0378 1352 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

2011/07/10 19:37:23.0939 1352 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2011/07/10 19:37:24.0392 1352 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

2011/07/10 19:37:24.0829 1352 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2011/07/10 19:37:25.0499 1352 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

2011/07/10 19:37:26.0123 1352 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

2011/07/10 19:37:26.0576 1352 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/07/10 19:37:27.0106 1352 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/07/10 19:37:27.0730 1352 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/07/10 19:37:28.0354 1352 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/07/10 19:37:28.0573 1352 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2011/07/10 19:37:29.0119 1352 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/07/10 19:37:29.0680 1352 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2011/07/10 19:37:30.0242 1352 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/07/10 19:37:30.0601 1352 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/07/10 19:37:30.0897 1352 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/07/10 19:37:31.0334 1352 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/07/10 19:37:31.0677 1352 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/07/10 19:37:32.0098 1352 RasPppoe (65c1f102b9037d6ed80210d5aa02821b) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/07/10 19:37:32.0098 1352 Suspicious file (Forged): C:\Windows\system32\DRIVERS\raspppoe.sys. Real md5: 65c1f102b9037d6ed80210d5aa02821b, Fake md5: 0fe8b15916307a6ac12bfb6a63e45507

2011/07/10 19:37:32.0114 1352 RasPppoe - detected Rootkit.Win32.ZAccess.c (0)

2011/07/10 19:37:32.0379 1352 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/07/10 19:37:32.0894 1352 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

2011/07/10 19:37:33.0393 1352 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/07/10 19:37:33.0845 1352 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/07/10 19:37:34.0095 1352 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

2011/07/10 19:37:34.0329 1352 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/07/10 19:37:34.0672 1352 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/07/10 19:37:35.0062 1352 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys

2011/07/10 19:37:35.0515 1352 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

2011/07/10 19:37:35.0889 1352 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

2011/07/10 19:37:36.0295 1352 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys

2011/07/10 19:37:36.0669 1352 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/07/10 19:37:37.0621 1352 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

2011/07/10 19:37:38.0057 1352 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

2011/07/10 19:37:38.0354 1352 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

2011/07/10 19:37:38.0666 1352 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/07/10 19:37:39.0149 1352 Ser2pl (8b80a722cce8e16f495fcaeb43d863d1) C:\Windows\system32\DRIVERS\ser2pl.sys

2011/07/10 19:37:39.0680 1352 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/07/10 19:37:39.0961 1352 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/07/10 19:37:40.0210 1352 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2011/07/10 19:37:40.0585 1352 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

2011/07/10 19:37:40.0819 1352 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

2011/07/10 19:37:41.0099 1352 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

2011/07/10 19:37:41.0427 1352 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/07/10 19:37:41.0801 1352 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

2011/07/10 19:37:42.0176 1352 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/07/10 19:37:42.0425 1352 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/07/10 19:37:42.0722 1352 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/07/10 19:37:43.0034 1352 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/07/10 19:37:43.0408 1352 sptd (87b5595eb1c623ff5887e36a35e51ba2) C:\Windows\system32\Drivers\sptd.sys

2011/07/10 19:37:43.0408 1352 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 87b5595eb1c623ff5887e36a35e51ba2

2011/07/10 19:37:43.0424 1352 sptd - detected LockedFile.Multi.Generic (1)

2011/07/10 19:37:43.0673 1352 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

2011/07/10 19:37:44.0110 1352 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

2011/07/10 19:37:44.0500 1352 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

2011/07/10 19:37:44.0968 1352 ssadbus (406776fe3c2b66796bac1a7afb9ac8a1) C:\Windows\system32\DRIVERS\ssadbus.sys

2011/07/10 19:37:45.0327 1352 ssadmdfl (b19532d015a5d295e2aa34bb521202cf) C:\Windows\system32\DRIVERS\ssadmdfl.sys

2011/07/10 19:37:45.0717 1352 ssadmdm (2aebf9108e6f435458b9499c27394da4) C:\Windows\system32\DRIVERS\ssadmdm.sys

2011/07/10 19:37:46.0091 1352 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\Windows\system32\DRIVERS\sscdbus.sys

2011/07/10 19:37:46.0419 1352 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\Windows\system32\DRIVERS\sscdmdfl.sys

2011/07/10 19:37:46.0762 1352 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\Windows\system32\DRIVERS\sscdmdm.sys

2011/07/10 19:37:47.0199 1352 sscdserd (d04bd59f28c78e2e66632092cafc0a2b) C:\Windows\system32\DRIVERS\sscdserd.sys

2011/07/10 19:37:47.0589 1352 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2011/07/10 19:37:48.0010 1352 STHDA (ffe2d0a09c9c806b005c97076cc1034c) C:\Windows\system32\DRIVERS\stwrt.sys

2011/07/10 19:37:48.0353 1352 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

2011/07/10 19:37:48.0712 1352 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

2011/07/10 19:37:49.0040 1352 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

2011/07/10 19:37:49.0617 1352 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys

2011/07/10 19:37:50.0303 1352 Tcpip (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\drivers\tcpip.sys

2011/07/10 19:37:50.0740 1352 TCPIP6 (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\DRIVERS\tcpip.sys

2011/07/10 19:37:51.0068 1352 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

2011/07/10 19:37:51.0380 1352 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

2011/07/10 19:37:51.0598 1352 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

2011/07/10 19:37:52.0019 1352 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

2011/07/10 19:37:52.0394 1352 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

2011/07/10 19:37:52.0815 1352 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/07/10 19:37:53.0299 1352 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

2011/07/10 19:37:54.0125 1352 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

2011/07/10 19:37:54.0469 1352 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2011/07/10 19:37:54.0781 1352 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

2011/07/10 19:37:55.0358 1352 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

2011/07/10 19:37:55.0763 1352 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys

2011/07/10 19:37:56.0153 1352 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2011/07/10 19:37:56.0419 1352 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/07/10 19:37:56.0855 1352 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

2011/07/10 19:37:57.0011 1352 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys

2011/07/10 19:37:57.0245 1352 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys

2011/07/10 19:37:57.0760 1352 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

2011/07/10 19:37:57.0869 1352 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/07/10 19:37:58.0041 1352 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/07/10 19:37:58.0244 1352 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/07/10 19:37:58.0447 1352 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys

2011/07/10 19:37:58.0696 1352 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys

2011/07/10 19:37:59.0289 1352 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

2011/07/10 19:37:59.0445 1352 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/07/10 19:37:59.0570 1352 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/07/10 19:37:59.0897 1352 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

2011/07/10 19:38:00.0085 1352 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

2011/07/10 19:38:00.0287 1352 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2011/07/10 19:38:00.0521 1352 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

2011/07/10 19:38:00.0724 1352 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

2011/07/10 19:38:00.0974 1352 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

2011/07/10 19:38:01.0270 1352 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

2011/07/10 19:38:01.0411 1352 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/07/10 19:38:01.0645 1352 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

2011/07/10 19:38:01.0894 1352 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/07/10 19:38:02.0113 1352 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

2011/07/10 19:38:02.0315 1352 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/07/10 19:38:02.0612 1352 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys

2011/07/10 19:38:02.0924 1352 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2011/07/10 19:38:03.0017 1352 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/10 19:38:03.0080 1352 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/10 19:38:03.0423 1352 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2011/07/10 19:38:03.0501 1352 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/07/10 19:38:03.0891 1352 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/07/10 19:38:04.0000 1352 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/07/10 19:38:04.0406 1352 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/07/10 19:38:04.0562 1352 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

2011/07/10 19:38:04.0858 1352 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/07/10 19:38:05.0155 1352 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

2011/07/10 19:38:05.0217 1352 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/07/10 19:38:05.0451 1352 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

2011/07/10 19:38:05.0513 1352 Boot (0x1200) (7588588f077ed5dd98b13767a11b62e9) \Device\Harddisk0\DR0\Partition0

2011/07/10 19:38:05.0545 1352 ================================================================================

2011/07/10 19:38:05.0545 1352 Scan finished

2011/07/10 19:38:05.0545 1352 ================================================================================

2011/07/10 19:38:05.0576 1368 Detected object count: 3

2011/07/10 19:38:05.0576 1368 Actual detected object count: 3

2011/07/10 19:39:05.0402 1368 HKLM\SYSTEM\ControlSet001\services\1251060398 - will be deleted after reboot

2011/07/10 19:39:05.0449 1368 HKLM\SYSTEM\ControlSet002\services\1251060398 - will be deleted after reboot

2011/07/10 19:39:05.0464 1368 C:\Windows\system32\drivers\1251060398.sys - will be deleted after reboot

2011/07/10 19:39:05.0464 1368 LockedService.Multi.Generic(1251060398) - User select action: Delete

2011/07/10 19:39:05.0683 1368 RasPppoe (65c1f102b9037d6ed80210d5aa02821b) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/07/10 19:39:05.0683 1368 Suspicious file (Forged): C:\Windows\system32\DRIVERS\raspppoe.sys. Real md5: 65c1f102b9037d6ed80210d5aa02821b, Fake md5: 0fe8b15916307a6ac12bfb6a63e45507

2011/07/10 19:39:05.0964 1368 Backup copy found, using it..

2011/07/10 19:39:05.0979 1368 C:\Windows\system32\DRIVERS\raspppoe.sys - will be cured after reboot

2011/07/10 19:39:05.0979 1368 Rootkit.Win32.ZAccess.c(RasPppoe) - User select action: Cure

2011/07/10 19:39:05.0995 1368 LockedFile.Multi.Generic(sptd) - User select action: Skip

2011/07/10 19:39:19.0848 4012 Deinitialize success

Link to post
Share on other sites

have clicked on tdss on desktop but system is not responding. just get the windows spinning/in use icon.

i have tried to restart but not responding.

ps

when i clicked on the tdss icon for the previous log file i got the blue screen of death. but just rebooted and then ran the test.

looks like i will have to do a hard reboot as nothing is moving on the laptop.

back in a few minutes.

Link to post
Share on other sites

ok here you go

2011/07/10 20:40:44.0279 3708 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21

2011/07/10 20:40:44.0310 3708 ================================================================================

2011/07/10 20:40:44.0310 3708 SystemInfo:

2011/07/10 20:40:44.0310 3708

2011/07/10 20:40:44.0310 3708 OS Version: 6.1.7601 ServicePack: 1.0

2011/07/10 20:40:44.0310 3708 Product type: Workstation

2011/07/10 20:40:44.0310 3708 ComputerName: STE-LAPTOP

2011/07/10 20:40:44.0310 3708 UserName: ste

2011/07/10 20:40:44.0310 3708 Windows directory: C:\Windows

2011/07/10 20:40:44.0310 3708 System windows directory: C:\Windows

2011/07/10 20:40:44.0310 3708 Processor architecture: Intel x86

2011/07/10 20:40:44.0310 3708 Number of processors: 2

2011/07/10 20:40:44.0310 3708 Page size: 0x1000

2011/07/10 20:40:44.0310 3708 Boot type: Normal boot

2011/07/10 20:40:44.0310 3708 ================================================================================

2011/07/10 20:40:52.0531 3708 Initialize success

2011/07/10 20:41:08.0662 3800 ================================================================================

2011/07/10 20:41:08.0662 3800 Scan started

2011/07/10 20:41:08.0662 3800 Mode: Manual;

2011/07/10 20:41:08.0662 3800 ================================================================================

2011/07/10 20:41:10.0565 3800 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

2011/07/10 20:41:11.0033 3800 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

2011/07/10 20:41:11.0345 3800 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

2011/07/10 20:41:11.0735 3800 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/07/10 20:41:12.0078 3800 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/07/10 20:41:12.0499 3800 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/07/10 20:41:12.0796 3800 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

2011/07/10 20:41:13.0061 3800 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

2011/07/10 20:41:13.0311 3800 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/07/10 20:41:13.0435 3800 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

2011/07/10 20:41:13.0638 3800 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

2011/07/10 20:41:13.0763 3800 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

2011/07/10 20:41:14.0028 3800 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/07/10 20:41:14.0293 3800 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/07/10 20:41:14.0527 3800 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys

2011/07/10 20:41:14.0668 3800 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/07/10 20:41:14.0980 3800 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys

2011/07/10 20:41:15.0198 3800 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

2011/07/10 20:41:15.0541 3800 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/07/10 20:41:15.0775 3800 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/07/10 20:41:16.0212 3800 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/07/10 20:41:16.0477 3800 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

2011/07/10 20:41:16.0883 3800 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/07/10 20:41:17.0195 3800 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/07/10 20:41:17.0569 3800 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\Windows\system32\DRIVERS\bcmwl6.sys

2011/07/10 20:41:17.0928 3800 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/07/10 20:41:18.0131 3800 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/07/10 20:41:18.0256 3800 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

2011/07/10 20:41:18.0505 3800 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/07/10 20:41:18.0693 3800 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/07/10 20:41:18.0911 3800 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/07/10 20:41:19.0098 3800 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/07/10 20:41:19.0332 3800 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/07/10 20:41:19.0566 3800 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/07/10 20:41:19.0831 3800 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys

2011/07/10 20:41:20.0050 3800 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/07/10 20:41:20.0471 3800 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys

2011/07/10 20:41:20.0830 3800 BTHPORT (195c41cc67e9e1cedd960ccb74925920) C:\Windows\System32\Drivers\BTHport.sys

2011/07/10 20:41:21.0313 3800 BTHUSB (43b3206dd654e783aa7e4ead340a43b8) C:\Windows\System32\Drivers\BTHUSB.sys

2011/07/10 20:41:21.0703 3800 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys

2011/07/10 20:41:22.0078 3800 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys

2011/07/10 20:41:22.0530 3800 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\drivers\btwavdt.sys

2011/07/10 20:41:22.0795 3800 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys

2011/07/10 20:41:23.0045 3800 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys

2011/07/10 20:41:23.0310 3800 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/07/10 20:41:23.0622 3800 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys

2011/07/10 20:41:23.0919 3800 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/07/10 20:41:24.0199 3800 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/07/10 20:41:24.0527 3800 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/07/10 20:41:24.0777 3800 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

2011/07/10 20:41:25.0182 3800 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/07/10 20:41:25.0588 3800 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/07/10 20:41:25.0947 3800 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

2011/07/10 20:41:26.0165 3800 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/07/10 20:41:26.0571 3800 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

2011/07/10 20:41:27.0007 3800 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

2011/07/10 20:41:27.0304 3800 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/07/10 20:41:27.0569 3800 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/07/10 20:41:27.0881 3800 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/07/10 20:41:28.0115 3800 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

2011/07/10 20:41:28.0801 3800 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/07/10 20:41:29.0316 3800 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/07/10 20:41:29.0597 3800 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

2011/07/10 20:41:29.0940 3800 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/07/10 20:41:30.0221 3800 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/07/10 20:41:30.0517 3800 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/07/10 20:41:30.0861 3800 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/07/10 20:41:31.0141 3800 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/07/10 20:41:31.0422 3800 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/07/10 20:41:31.0765 3800 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/07/10 20:41:32.0857 3800 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/07/10 20:41:33.0263 3800 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys

2011/07/10 20:41:33.0622 3800 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/07/10 20:41:33.0949 3800 FTDIBUS (b7aa8283ec551d3a3b924e520e0621a7) C:\Windows\system32\drivers\opcomusb.sys

2011/07/10 20:41:34.0261 3800 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

2011/07/10 20:41:34.0620 3800 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/07/10 20:41:34.0979 3800 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/07/10 20:41:35.0369 3800 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

2011/07/10 20:41:35.0759 3800 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

2011/07/10 20:41:36.0040 3800 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/07/10 20:41:36.0336 3800 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/07/10 20:41:36.0648 3800 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/07/10 20:41:37.0116 3800 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys

2011/07/10 20:41:37.0803 3800 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

2011/07/10 20:41:38.0193 3800 HTCAND32 (950cc1e6ae3a6cd23e0945cde089b02c) C:\Windows\system32\Drivers\ANDROIDUSB.sys

2011/07/10 20:41:38.0614 3800 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

2011/07/10 20:41:39.0035 3800 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

2011/07/10 20:41:39.0316 3800 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

2011/07/10 20:41:39.0721 3800 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys

2011/07/10 20:41:40.0392 3800 igfx (a79416044080f5ade931517c45be9d58) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/07/10 20:41:40.0891 3800 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/07/10 20:41:41.0203 3800 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

2011/07/10 20:41:41.0656 3800 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/07/10 20:41:42.0046 3800 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/07/10 20:41:42.0420 3800 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

2011/07/10 20:41:42.0795 3800 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/07/10 20:41:43.0138 3800 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/07/10 20:41:43.0403 3800 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

2011/07/10 20:41:43.0653 3800 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

2011/07/10 20:41:44.0027 3800 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

2011/07/10 20:41:44.0245 3800 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

2011/07/10 20:41:44.0901 3800 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

2011/07/10 20:41:45.0213 3800 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

2011/07/10 20:41:45.0571 3800 L1C (3705b2273e8efc9a707864ab7324b614) C:\Windows\system32\DRIVERS\L1C62x86.sys

2011/07/10 20:41:45.0915 3800 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/07/10 20:41:46.0367 3800 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/07/10 20:41:46.0663 3800 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/07/10 20:41:47.0209 3800 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/07/10 20:41:47.0506 3800 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/07/10 20:41:47.0787 3800 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/07/10 20:41:48.0114 3800 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/07/10 20:41:48.0333 3800 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/07/10 20:41:48.0582 3800 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/07/10 20:41:48.0847 3800 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/07/10 20:41:49.0097 3800 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys

2011/07/10 20:41:49.0300 3800 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/07/10 20:41:49.0409 3800 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

2011/07/10 20:41:49.0737 3800 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

2011/07/10 20:41:50.0017 3800 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/07/10 20:41:50.0283 3800 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

2011/07/10 20:41:50.0641 3800 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/07/10 20:41:50.0907 3800 mrxsmb10 (a70c828a93cce4c11617f6249f4d87fc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/07/10 20:41:51.0125 3800 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/07/10 20:41:51.0390 3800 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

2011/07/10 20:41:51.0546 3800 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

2011/07/10 20:41:51.0874 3800 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/07/10 20:41:52.0155 3800 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/07/10 20:41:52.0357 3800 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

2011/07/10 20:41:52.0638 3800 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/07/10 20:41:52.0966 3800 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/07/10 20:41:53.0184 3800 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/07/10 20:41:53.0481 3800 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/07/10 20:41:53.0699 3800 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

2011/07/10 20:41:54.0027 3800 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/07/10 20:41:54.0229 3800 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/07/10 20:41:54.0573 3800 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/07/10 20:41:54.0916 3800 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/07/10 20:41:55.0306 3800 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

2011/07/10 20:41:55.0633 3800 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/07/10 20:41:56.0195 3800 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/07/10 20:41:56.0445 3800 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/07/10 20:41:56.0725 3800 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/07/10 20:41:57.0084 3800 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

2011/07/10 20:41:57.0318 3800 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/07/10 20:41:57.0583 3800 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

2011/07/10 20:41:57.0895 3800 NetworkX (ae980fce2581e45dfe1cd187af4838f0) C:\Windows\system32\ckldrv.sys

2011/07/10 20:41:58.0176 3800 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/07/10 20:41:58.0441 3800 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/07/10 20:41:58.0816 3800 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/07/10 20:41:59.0253 3800 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys

2011/07/10 20:41:59.0502 3800 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/07/10 20:41:59.0767 3800 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys

2011/07/10 20:42:00.0017 3800 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys

2011/07/10 20:42:00.0220 3800 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

2011/07/10 20:42:00.0407 3800 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

2011/07/10 20:42:00.0594 3800 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2011/07/10 20:42:00.0813 3800 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

2011/07/10 20:42:00.0984 3800 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2011/07/10 20:42:01.0343 3800 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

2011/07/10 20:42:01.0827 3800 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

2011/07/10 20:42:02.0061 3800 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/07/10 20:42:02.0295 3800 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/07/10 20:42:02.0497 3800 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/07/10 20:42:03.0168 3800 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/07/10 20:42:03.0262 3800 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2011/07/10 20:42:03.0511 3800 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/07/10 20:42:03.0621 3800 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2011/07/10 20:42:04.0042 3800 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/07/10 20:42:04.0323 3800 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/07/10 20:42:04.0541 3800 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/07/10 20:42:04.0744 3800 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/07/10 20:42:05.0103 3800 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/07/10 20:42:05.0446 3800 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/07/10 20:42:05.0773 3800 RasSstp (b9854a53f5fd981ff9d362ed3d7f50b4) C:\Windows\system32\DRIVERS\rassstp.sys

2011/07/10 20:42:05.0773 3800 Suspicious file (Forged): C:\Windows\system32\DRIVERS\rassstp.sys. Real md5: b9854a53f5fd981ff9d362ed3d7f50b4, Fake md5: 44101f495a83ea6401d886e7fd70096b

2011/07/10 20:42:05.0805 3800 RasSstp - detected Rootkit.Win32.ZAccess.c (0)

2011/07/10 20:42:06.0023 3800 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

2011/07/10 20:42:06.0273 3800 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/07/10 20:42:06.0569 3800 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/07/10 20:42:06.0694 3800 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

2011/07/10 20:42:06.0959 3800 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/07/10 20:42:07.0037 3800 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/07/10 20:42:07.0271 3800 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys

2011/07/10 20:42:07.0427 3800 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

2011/07/10 20:42:07.0599 3800 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

2011/07/10 20:42:07.0879 3800 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys

2011/07/10 20:42:08.0129 3800 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/07/10 20:42:08.0597 3800 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

2011/07/10 20:42:08.0909 3800 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

2011/07/10 20:42:09.0081 3800 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

2011/07/10 20:42:09.0315 3800 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/07/10 20:42:09.0595 3800 Ser2pl (8b80a722cce8e16f495fcaeb43d863d1) C:\Windows\system32\DRIVERS\ser2pl.sys

2011/07/10 20:42:09.0736 3800 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/07/10 20:42:09.0970 3800 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/07/10 20:42:10.0141 3800 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2011/07/10 20:42:10.0375 3800 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

2011/07/10 20:42:10.0516 3800 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

2011/07/10 20:42:10.0578 3800 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

2011/07/10 20:42:10.0765 3800 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/07/10 20:42:10.0968 3800 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

2011/07/10 20:42:11.0124 3800 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/07/10 20:42:11.0280 3800 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/07/10 20:42:11.0436 3800 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/07/10 20:42:11.0686 3800 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/07/10 20:42:12.0013 3800 sptd (87b5595eb1c623ff5887e36a35e51ba2) C:\Windows\system32\Drivers\sptd.sys

2011/07/10 20:42:12.0013 3800 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 87b5595eb1c623ff5887e36a35e51ba2

2011/07/10 20:42:12.0045 3800 sptd - detected LockedFile.Multi.Generic (1)

2011/07/10 20:42:12.0216 3800 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

2011/07/10 20:42:12.0325 3800 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

2011/07/10 20:42:12.0513 3800 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

2011/07/10 20:42:12.0747 3800 ssadbus (406776fe3c2b66796bac1a7afb9ac8a1) C:\Windows\system32\DRIVERS\ssadbus.sys

2011/07/10 20:42:12.0949 3800 ssadmdfl (b19532d015a5d295e2aa34bb521202cf) C:\Windows\system32\DRIVERS\ssadmdfl.sys

2011/07/10 20:42:13.0059 3800 ssadmdm (2aebf9108e6f435458b9499c27394da4) C:\Windows\system32\DRIVERS\ssadmdm.sys

2011/07/10 20:42:13.0261 3800 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\Windows\system32\DRIVERS\sscdbus.sys

2011/07/10 20:42:13.0386 3800 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\Windows\system32\DRIVERS\sscdmdfl.sys

2011/07/10 20:42:13.0542 3800 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\Windows\system32\DRIVERS\sscdmdm.sys

2011/07/10 20:42:13.0667 3800 sscdserd (d04bd59f28c78e2e66632092cafc0a2b) C:\Windows\system32\DRIVERS\sscdserd.sys

2011/07/10 20:42:14.0010 3800 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2011/07/10 20:42:14.0119 3800 STHDA (ffe2d0a09c9c806b005c97076cc1034c) C:\Windows\system32\DRIVERS\stwrt.sys

2011/07/10 20:42:14.0353 3800 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

2011/07/10 20:42:14.0431 3800 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

2011/07/10 20:42:14.0619 3800 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

2011/07/10 20:42:15.0024 3800 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys

2011/07/10 20:42:15.0289 3800 Tcpip (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\drivers\tcpip.sys

2011/07/10 20:42:15.0570 3800 TCPIP6 (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\DRIVERS\tcpip.sys

2011/07/10 20:42:15.0726 3800 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

2011/07/10 20:42:15.0929 3800 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

2011/07/10 20:42:16.0085 3800 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

2011/07/10 20:42:16.0210 3800 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

2011/07/10 20:42:16.0413 3800 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

2011/07/10 20:42:16.0725 3800 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/07/10 20:42:16.0990 3800 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

2011/07/10 20:42:17.0255 3800 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

2011/07/10 20:42:17.0473 3800 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2011/07/10 20:42:17.0583 3800 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

2011/07/10 20:42:17.0895 3800 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

2011/07/10 20:42:18.0004 3800 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys

2011/07/10 20:42:18.0191 3800 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2011/07/10 20:42:18.0378 3800 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/07/10 20:42:18.0675 3800 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

2011/07/10 20:42:18.0877 3800 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys

2011/07/10 20:42:19.0096 3800 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys

2011/07/10 20:42:19.0283 3800 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

2011/07/10 20:42:19.0361 3800 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/07/10 20:42:19.0564 3800 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/07/10 20:42:19.0767 3800 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/07/10 20:42:19.0969 3800 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys

2011/07/10 20:42:20.0188 3800 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys

2011/07/10 20:42:20.0437 3800 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

2011/07/10 20:42:20.0656 3800 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/07/10 20:42:20.0890 3800 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/07/10 20:42:21.0280 3800 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

2011/07/10 20:42:21.0405 3800 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

2011/07/10 20:42:21.0561 3800 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2011/07/10 20:42:21.0717 3800 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

2011/07/10 20:42:21.0888 3800 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

2011/07/10 20:42:22.0013 3800 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

2011/07/10 20:42:22.0153 3800 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

2011/07/10 20:42:22.0309 3800 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/07/10 20:42:22.0465 3800 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

2011/07/10 20:42:22.0637 3800 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/07/10 20:42:22.0840 3800 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

2011/07/10 20:42:23.0089 3800 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/07/10 20:42:23.0323 3800 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys

2011/07/10 20:42:23.0542 3800 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2011/07/10 20:42:23.0729 3800 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/10 20:42:23.0776 3800 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/10 20:42:24.0103 3800 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2011/07/10 20:42:24.0166 3800 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/07/10 20:42:24.0509 3800 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/07/10 20:42:24.0571 3800 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/07/10 20:42:24.0961 3800 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/07/10 20:42:25.0227 3800 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

2011/07/10 20:42:25.0476 3800 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/07/10 20:42:25.0663 3800 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

2011/07/10 20:42:25.0913 3800 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/07/10 20:42:26.0131 3800 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

2011/07/10 20:42:26.0241 3800 Boot (0x1200) (7588588f077ed5dd98b13767a11b62e9) \Device\Harddisk0\DR0\Partition0

2011/07/10 20:42:26.0256 3800 ================================================================================

2011/07/10 20:42:26.0256 3800 Scan finished

2011/07/10 20:42:26.0256 3800 ================================================================================

2011/07/10 20:42:26.0287 3792 Detected object count: 2

2011/07/10 20:42:26.0287 3792 Actual detected object count: 2

2011/07/10 20:43:10.0202 3792 RasSstp (b9854a53f5fd981ff9d362ed3d7f50b4) C:\Windows\system32\DRIVERS\rassstp.sys

2011/07/10 20:43:10.0202 3792 Suspicious file (Forged): C:\Windows\system32\DRIVERS\rassstp.sys. Real md5: b9854a53f5fd981ff9d362ed3d7f50b4, Fake md5: 44101f495a83ea6401d886e7fd70096b

2011/07/10 20:43:10.0560 3792 Backup copy found, using it..

2011/07/10 20:43:10.0576 3792 C:\Windows\system32\DRIVERS\rassstp.sys - will be cured after reboot

2011/07/10 20:43:10.0576 3792 Rootkit.Win32.ZAccess.c(RasSstp) - User select action: Cure

2011/07/10 20:43:10.0576 3792 LockedFile.Multi.Generic(sptd) - User select action: Skip

2011/07/10 20:43:20.0420 3700 Deinitialize success

Link to post
Share on other sites

Hi again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

combo log thanks

ComboFix 11-07-10.03 - ste 10/07/2011 21:26:56.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2039.1125 [GMT 1:00]

Running from: c:\users\ste\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

/wow section - STAGE 17

'.0.\\.' is not recognized as an internal or external command

Access is denied.

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\no

c:\windows\system32\no\AuthFWSnapIn.Resources.dll

c:\windows\system32\no\AuthFWWizFwk.Resources.dll

c:\windows\system32\no\Narrator.resources.dll

c:\windows\system32\SV

c:\windows\system32\SV\AuthFWSnapIn.Resources.dll

c:\windows\system32\SV\AuthFWWizFwk.Resources.dll

c:\windows\system32\SV\Narrator.resources.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-06-10 to 2011-07-10 )))))))))))))))))))))))))))))))

.

.

2011-07-10 20:23 . 2011-07-10 20:23 -------- d-----w- C:\32788R22FWJFW

2011-07-09 15:22 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-07-09 15:11 . 2011-07-09 15:11 3510 ----a-w- c:\windows\system32\tmp.reg

2011-07-09 13:18 . 2009-06-02 10:17 75776 ----a-w- c:\windows\system32\WS2Fix.exe

2011-07-09 13:18 . 2008-12-12 00:57 78336 ----a-w- c:\windows\system32\Agent.OMZ.Fix.exe

2011-07-09 13:18 . 2008-11-29 17:58 82944 ----a-w- c:\windows\system32\IEDFix.C.exe

2011-07-09 13:18 . 2008-10-01 14:51 87552 ----a-w- c:\windows\system32\VACFix.exe

2011-07-09 13:18 . 2008-09-20 11:45 80384 ----a-w- c:\windows\system32\o4Patch.exe

2011-07-09 13:18 . 2008-08-18 11:19 82432 ----a-w- c:\windows\system32\404Fix.exe

2011-07-09 13:18 . 2008-05-18 20:40 82944 ----a-w- c:\windows\system32\IEDFix.exe

2011-07-09 13:18 . 2007-09-05 23:22 289144 ----a-w- c:\windows\system32\VCCLSID.exe

2011-07-09 13:18 . 2006-04-27 16:49 288417 ----a-w- c:\windows\system32\SrchSTS.exe

2011-07-09 13:18 . 2004-07-31 17:50 51200 ----a-w- c:\windows\system32\dumphive.exe

2011-07-09 13:18 . 2003-06-05 20:13 53248 ----a-w- c:\windows\system32\Process.exe

2011-06-30 05:59 . 2011-07-09 16:05 -------- d-----w- c:\program files\Common Files\PC Tools

2011-06-29 19:57 . 2011-07-09 16:05 -------- d-----w- c:\programdata\PC Tools

2011-06-29 19:21 . 2011-06-29 19:25 -------- d-----w- c:\programdata\IObit

2011-06-29 18:52 . 2011-06-29 18:52 -------- d-----w- c:\users\ste\AppData\Roaming\Malwarebytes

2011-06-29 18:52 . 2011-06-29 18:52 -------- d-----w- c:\programdata\Malwarebytes

2011-06-29 18:41 . 2011-06-29 18:41 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-06-29 18:41 . 2011-06-29 18:41 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe

2011-06-29 18:41 . 2011-06-29 18:41 666624 ----a-w- c:\windows\system32\mssvp.dll

2011-06-29 18:41 . 2011-06-29 18:41 59392 ----a-w- c:\windows\system32\msscntrs.dll

2011-06-29 18:41 . 2011-06-29 18:41 427520 ----a-w- c:\windows\system32\SearchIndexer.exe

2011-06-29 18:41 . 2011-06-29 18:41 337408 ----a-w- c:\windows\system32\mssph.dll

2011-06-29 18:41 . 2011-06-29 18:41 197120 ----a-w- c:\windows\system32\mssphtb.dll

2011-06-29 18:41 . 2011-06-29 18:41 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe

2011-06-29 18:41 . 2011-06-29 18:41 1549312 ----a-w- c:\windows\system32\tquery.dll

2011-06-29 18:41 . 2011-06-29 18:41 1401344 ----a-w- c:\windows\system32\mssrch.dll

2011-06-29 17:43 . 2011-06-29 19:24 -------- d-----w- c:\program files\IObit

2011-06-29 17:29 . 2011-06-29 19:23 -------- d-----w- c:\users\ste\AppData\Roaming\IObit

2011-06-29 16:31 . 2011-06-29 16:31 -------- d-----w- c:\program files\Common Files\Scanner

2011-06-29 02:53 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{359BE00E-5A90-4241-AA5B-11EE5DEC5D4E}\mpengine.dll

2011-06-28 20:39 . 2011-06-28 20:39 -------- d--h--w- c:\programdata\Common Files

2011-06-28 20:34 . 2011-06-29 17:17 -------- d-----w- c:\programdata\MFAData

2011-06-28 17:16 . 2011-06-28 17:16 -------- d-----w- c:\windows\system32\Wat

2011-06-26 19:23 . 2011-03-02 10:43 175616 ----a-w- c:\windows\system32\unrar.dll

2011-06-26 18:02 . 2011-06-26 18:10 -------- d-----w- c:\users\ste\AppData\Local\QuickPar

2011-06-26 18:01 . 2011-06-26 18:01 -------- d-----w- c:\program files\QuickPar

2011-06-25 19:09 . 2011-06-25 19:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-21 20:01 . 1997-06-13 15:56 56832 ------w- c:\windows\system32\iyvu9_32.dll

2011-06-21 20:01 . 1998-05-07 17:57 143872 ------w- c:\windows\system32\iacenc.dll

2011-06-21 20:01 . 2011-06-21 20:01 1622016 ------w- c:\program files\Microsoft Games\Age of Empires\EMPIRES.EXE

2011-06-21 20:01 . 2011-06-21 20:01 1513984 ------w- c:\program files\Microsoft Games\Age of Empires\EMPIRESX.EXE

2011-06-21 20:01 . 2011-06-21 20:01 319553 ------w- c:\program files\Microsoft Games\Age of Empires\Uninstal.Exe

2011-06-21 20:01 . 2011-06-21 20:01 2744320 ------w- c:\program files\Microsoft Games\Age of Empires\SETUPENU.DLL

2011-06-21 20:00 . 2011-06-21 20:00 160256 ------w- c:\program files\Microsoft Games\Age of Empires\languagex.dll

2011-06-21 20:00 . 2011-06-21 20:00 174080 ------w- c:\program files\Microsoft Games\Age of Empires\language.dll

2011-06-21 20:00 . 2011-06-21 20:00 29184 ------w- c:\program files\Microsoft Games\Age of Empires\data2\closedpw.exe

2011-06-21 19:59 . 2011-06-21 19:59 29184 ------w- c:\program files\Microsoft Games\Age of Empires\data\closedpw.exe

2011-06-21 19:59 . 2011-06-21 19:59 32768 ------w- c:\program files\Microsoft Games\Age of Empires\AoEHlp.dll

2011-06-21 19:59 . 2011-06-21 19:59 32768 ------w- c:\program files\Microsoft Games\Age of Empires\aelaunch.dll

2011-06-19 19:17 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-19 19:17 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-19 19:17 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-19 19:17 . 2011-04-25 04:31 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-19 19:17 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-19 19:17 . 2011-02-25 05:34 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-19 19:17 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-19 19:10 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-06-19 19:08 . 2011-04-27 02:17 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-19 19:08 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-19 19:08 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-10 19:43 . 2009-07-13 23:54 75264 ----a-w- c:\windows\system32\drivers\rassstp.sys

2011-07-10 18:39 . 2009-07-13 23:54 77824 ----a-w- c:\windows\system32\drivers\raspppoe.sys

2011-07-10 16:21 . 2011-03-20 15:19 108544 ----a-w- c:\windows\system32\drivers\hdaudbus.sys

2011-05-24 18:14 . 2010-03-21 18:07 222080 ------w- c:\windows\system32\MpSigStub.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2011-04-06 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll

[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-13 467036]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-11 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-11 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-11 150552]

"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-20 23:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-16 22:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-06-21 96488]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-06-21 12776]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-06-21 121576]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-28 1343400]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-05 420920]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\aestsrv.exe [2009-03-02 81920]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 08034809

*Deregistered* - 08034809

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ sysagent

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2474524648-1628938145-4249705166-1001Core.job

- c:\users\ste\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-21 18:35]

.

2011-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2474524648-1628938145-4249705166-1001UA.job

- c:\users\ste\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-21 18:35]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

mStart Page = about:blank

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-Advanced SystemCare 4 - c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe

SafeBoot-08034809.sys

SafeBoot-31466044.sys

SafeBoot-32217486.sys

MSConfigStartUp-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTAgent.exe

AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe

AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\*PNP1fc0\0000]

@DACL=(02 0000)

"Service"="1251060398"

"ClassGUID"="{4D36E97D-E325-11CE-BFC1-08002BE10318}"

"Class"="System"

"DeviceDesc"="PCI bus"

"Mfg"="Technologies Inc"

"LocationInformation"="on Microsoft ACPI-Compliant System"

"ConfigFlags"=dword:00000000

"Capabilities"=dword:00000000

"ContainerID"="{00000000-0000-0000-FFFF-FFFFFFFFFFFF}"

.

Completion time: 2011-07-10 22:03:15

ComboFix-quarantined-files.txt 2011-07-10 21:03

.

Pre-Run: 34,804,981,760 bytes free

Post-Run: 34,904,477,696 bytes free

.

- - End Of File - - 4831503E3B2A0AD8D5D0A8A180B9F6EF

Link to post
Share on other sites

Hi again, please run the following script, followed by a new run of TDSSkiller. Post me both logs.

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it. Note, the codebox below has a scroll bar, be sure to copy all text!:



FCopy::
c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll | c:\windows\System32\user32.dll


Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

ComboFix 11-07-10.03 - ste 11/07/2011 9:23.3.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2039.1314 [GMT 1:00]

Running from: c:\users\ste\Desktop\ComboFix.exe

Command switches used :: c:\users\ste\Desktop\CFScript.txt,.txt

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

--------------- FCopy ---------------

.

c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll --> c:\windows\System32\user32.dll

.

((((((((((((((((((((((((( Files Created from 2011-06-11 to 2011-07-11 )))))))))))))))))))))))))))))))

.

.

2011-07-11 08:54 . 2011-07-11 08:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-10 21:03 . 2011-07-11 08:54 -------- d-----w- c:\users\ste\AppData\Local\temp

2011-07-09 15:22 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-07-09 15:11 . 2011-07-09 15:11 3510 ----a-w- c:\windows\system32\tmp.reg

2011-07-09 13:18 . 2009-06-02 10:17 75776 ----a-w- c:\windows\system32\WS2Fix.exe

2011-07-09 13:18 . 2008-12-12 00:57 78336 ----a-w- c:\windows\system32\Agent.OMZ.Fix.exe

2011-07-09 13:18 . 2008-11-29 17:58 82944 ----a-w- c:\windows\system32\IEDFix.C.exe

2011-07-09 13:18 . 2008-10-01 14:51 87552 ----a-w- c:\windows\system32\VACFix.exe

2011-07-09 13:18 . 2008-09-20 11:45 80384 ----a-w- c:\windows\system32\o4Patch.exe

2011-07-09 13:18 . 2008-08-18 11:19 82432 ----a-w- c:\windows\system32\404Fix.exe

2011-07-09 13:18 . 2008-05-18 20:40 82944 ----a-w- c:\windows\system32\IEDFix.exe

2011-07-09 13:18 . 2007-09-05 23:22 289144 ----a-w- c:\windows\system32\VCCLSID.exe

2011-07-09 13:18 . 2006-04-27 16:49 288417 ----a-w- c:\windows\system32\SrchSTS.exe

2011-07-09 13:18 . 2004-07-31 17:50 51200 ----a-w- c:\windows\system32\dumphive.exe

2011-07-09 13:18 . 2003-06-05 20:13 53248 ----a-w- c:\windows\system32\Process.exe

2011-06-30 05:59 . 2011-07-09 16:05 -------- d-----w- c:\program files\Common Files\PC Tools

2011-06-29 19:57 . 2011-07-09 16:05 -------- d-----w- c:\programdata\PC Tools

2011-06-29 19:21 . 2011-06-29 19:25 -------- d-----w- c:\programdata\IObit

2011-06-29 18:52 . 2011-06-29 18:52 -------- d-----w- c:\users\ste\AppData\Roaming\Malwarebytes

2011-06-29 18:52 . 2011-06-29 18:52 -------- d-----w- c:\programdata\Malwarebytes

2011-06-29 18:41 . 2011-06-29 18:41 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-06-29 18:41 . 2011-06-29 18:41 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe

2011-06-29 18:41 . 2011-06-29 18:41 666624 ----a-w- c:\windows\system32\mssvp.dll

2011-06-29 18:41 . 2011-06-29 18:41 59392 ----a-w- c:\windows\system32\msscntrs.dll

2011-06-29 18:41 . 2011-06-29 18:41 427520 ----a-w- c:\windows\system32\SearchIndexer.exe

2011-06-29 18:41 . 2011-06-29 18:41 337408 ----a-w- c:\windows\system32\mssph.dll

2011-06-29 18:41 . 2011-06-29 18:41 197120 ----a-w- c:\windows\system32\mssphtb.dll

2011-06-29 18:41 . 2011-06-29 18:41 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe

2011-06-29 18:41 . 2011-06-29 18:41 1549312 ----a-w- c:\windows\system32\tquery.dll

2011-06-29 18:41 . 2011-06-29 18:41 1401344 ----a-w- c:\windows\system32\mssrch.dll

2011-06-29 17:43 . 2011-06-29 19:24 -------- d-----w- c:\program files\IObit

2011-06-29 17:29 . 2011-06-29 19:23 -------- d-----w- c:\users\ste\AppData\Roaming\IObit

2011-06-29 16:31 . 2011-06-29 16:31 -------- d-----w- c:\program files\Common Files\Scanner

2011-06-29 02:53 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{359BE00E-5A90-4241-AA5B-11EE5DEC5D4E}\mpengine.dll

2011-06-28 20:39 . 2011-06-28 20:39 -------- d--h--w- c:\programdata\Common Files

2011-06-28 20:34 . 2011-06-29 17:17 -------- d-----w- c:\programdata\MFAData

2011-06-28 17:16 . 2011-06-28 17:16 -------- d-----w- c:\windows\system32\Wat

2011-06-26 19:23 . 2011-03-02 10:43 175616 ----a-w- c:\windows\system32\unrar.dll

2011-06-26 18:02 . 2011-06-26 18:10 -------- d-----w- c:\users\ste\AppData\Local\QuickPar

2011-06-26 18:01 . 2011-06-26 18:01 -------- d-----w- c:\program files\QuickPar

2011-06-25 19:09 . 2011-06-25 19:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-21 20:01 . 1997-06-13 15:56 56832 ------w- c:\windows\system32\iyvu9_32.dll

2011-06-21 20:01 . 1998-05-07 17:57 143872 ------w- c:\windows\system32\iacenc.dll

2011-06-21 20:01 . 2011-06-21 20:01 1622016 ------w- c:\program files\Microsoft Games\Age of Empires\EMPIRES.EXE

2011-06-21 20:01 . 2011-06-21 20:01 1513984 ------w- c:\program files\Microsoft Games\Age of Empires\EMPIRESX.EXE

2011-06-21 20:01 . 2011-06-21 20:01 319553 ------w- c:\program files\Microsoft Games\Age of Empires\Uninstal.Exe

2011-06-21 20:01 . 2011-06-21 20:01 2744320 ------w- c:\program files\Microsoft Games\Age of Empires\SETUPENU.DLL

2011-06-21 20:00 . 2011-06-21 20:00 160256 ------w- c:\program files\Microsoft Games\Age of Empires\languagex.dll

2011-06-21 20:00 . 2011-06-21 20:00 174080 ------w- c:\program files\Microsoft Games\Age of Empires\language.dll

2011-06-21 20:00 . 2011-06-21 20:00 29184 ------w- c:\program files\Microsoft Games\Age of Empires\data2\closedpw.exe

2011-06-21 19:59 . 2011-06-21 19:59 29184 ------w- c:\program files\Microsoft Games\Age of Empires\data\closedpw.exe

2011-06-21 19:59 . 2011-06-21 19:59 32768 ------w- c:\program files\Microsoft Games\Age of Empires\AoEHlp.dll

2011-06-21 19:59 . 2011-06-21 19:59 32768 ------w- c:\program files\Microsoft Games\Age of Empires\aelaunch.dll

2011-06-19 19:17 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-19 19:17 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-19 19:17 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-19 19:17 . 2011-04-25 04:31 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-19 19:17 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-19 19:17 . 2011-02-25 05:34 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-19 19:17 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-19 19:10 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-06-19 19:08 . 2011-04-27 02:17 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-19 19:08 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-19 19:08 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-10 19:43 . 2009-07-13 23:54 75264 ----a-w- c:\windows\system32\drivers\rassstp.sys

2011-07-10 18:39 . 2009-07-13 23:54 77824 ----a-w- c:\windows\system32\drivers\raspppoe.sys

2011-07-10 16:21 . 2011-03-20 15:19 108544 ----a-w- c:\windows\system32\drivers\hdaudbus.sys

2011-05-24 18:14 . 2010-03-21 18:07 222080 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-13 467036]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-11 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-11 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-11 150552]

"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-20 23:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-16 22:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-06-21 96488]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-06-21 12776]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-06-21 121576]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-28 1343400]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-05 420920]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\aestsrv.exe [2009-03-02 81920]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ sysagent

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2474524648-1628938145-4249705166-1001Core.job

- c:\users\ste\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-21 18:35]

.

2011-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2474524648-1628938145-4249705166-1001UA.job

- c:\users\ste\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-21 18:35]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

mStart Page = about:blank

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\*PNP1fc0\0000]

@DACL=(02 0000)

"Service"="1251060398"

"ClassGUID"="{4D36E97D-E325-11CE-BFC1-08002BE10318}"

"Class"="System"

"DeviceDesc"="PCI bus"

"Mfg"="Technologies Inc"

"LocationInformation"="on Microsoft ACPI-Compliant System"

"ConfigFlags"=dword:00000000

"Capabilities"=dword:00000000

"ContainerID"="{00000000-0000-0000-FFFF-FFFFFFFFFFFF}"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(1988)

c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll

.

Completion time: 2011-07-11 09:59:37

ComboFix-quarantined-files.txt 2011-07-11 08:59

ComboFix2.txt 2011-07-11 08:07

ComboFix3.txt 2011-07-10 21:03

.

Pre-Run: 35,094,220,800 bytes free

Post-Run: 34,908,532,736 bytes free

.

- - End Of File - - 20B31D12905D7A77A8684E9245BE0CD4

when i try to run tdss as admin, i get the message that it is an illegal operation attempted on a registry key marked for deletion.

any ideas, keeping in mind i am having to transfer the logs and files from laptop to pc via flash drive, and visa versa.

Link to post
Share on other sites

2011/07/11 15:55:56.0630 2232 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21

2011/07/11 15:55:56.0661 2232 ================================================================================

2011/07/11 15:55:56.0661 2232 SystemInfo:

2011/07/11 15:55:56.0661 2232

2011/07/11 15:55:56.0661 2232 OS Version: 6.1.7601 ServicePack: 1.0

2011/07/11 15:55:56.0661 2232 Product type: Workstation

2011/07/11 15:55:56.0661 2232 ComputerName: STE-LAPTOP

2011/07/11 15:55:56.0661 2232 UserName: ste

2011/07/11 15:55:56.0661 2232 Windows directory: C:\Windows

2011/07/11 15:55:56.0661 2232 System windows directory: C:\Windows

2011/07/11 15:55:56.0661 2232 Processor architecture: Intel x86

2011/07/11 15:55:56.0661 2232 Number of processors: 2

2011/07/11 15:55:56.0661 2232 Page size: 0x1000

2011/07/11 15:55:56.0661 2232 Boot type: Normal boot

2011/07/11 15:55:56.0661 2232 ================================================================================

2011/07/11 15:55:58.0205 2232 Initialize success

2011/07/11 15:56:02.0168 3684 ================================================================================

2011/07/11 15:56:02.0168 3684 Scan started

2011/07/11 15:56:02.0168 3684 Mode: Manual;

2011/07/11 15:56:02.0168 3684 ================================================================================

2011/07/11 15:56:02.0776 3684 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

2011/07/11 15:56:02.0995 3684 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

2011/07/11 15:56:03.0197 3684 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

2011/07/11 15:56:03.0447 3684 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/07/11 15:56:03.0697 3684 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/07/11 15:56:03.0931 3684 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/07/11 15:56:04.0196 3684 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

2011/07/11 15:56:04.0289 3684 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

2011/07/11 15:56:04.0539 3684 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/07/11 15:56:04.0664 3684 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

2011/07/11 15:56:04.0851 3684 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

2011/07/11 15:56:04.0976 3684 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

2011/07/11 15:56:05.0179 3684 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/07/11 15:56:05.0350 3684 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/07/11 15:56:05.0475 3684 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys

2011/07/11 15:56:05.0678 3684 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/07/11 15:56:05.0803 3684 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys

2011/07/11 15:56:05.0990 3684 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

2011/07/11 15:56:06.0255 3684 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/07/11 15:56:06.0333 3684 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/07/11 15:56:06.0551 3684 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/07/11 15:56:06.0832 3684 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

2011/07/11 15:56:07.0144 3684 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/07/11 15:56:07.0394 3684 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/07/11 15:56:07.0675 3684 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\Windows\system32\DRIVERS\bcmwl6.sys

2011/07/11 15:56:07.0955 3684 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/07/11 15:56:08.0189 3684 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/07/11 15:56:08.0408 3684 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

2011/07/11 15:56:08.0486 3684 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/07/11 15:56:08.0626 3684 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/07/11 15:56:08.0751 3684 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/07/11 15:56:08.0907 3684 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/07/11 15:56:09.0016 3684 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/07/11 15:56:09.0157 3684 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/07/11 15:56:09.0375 3684 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys

2011/07/11 15:56:09.0469 3684 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/07/11 15:56:09.0703 3684 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys

2011/07/11 15:56:09.0921 3684 BTHPORT (195c41cc67e9e1cedd960ccb74925920) C:\Windows\System32\Drivers\BTHport.sys

2011/07/11 15:56:10.0139 3684 BTHUSB (43b3206dd654e783aa7e4ead340a43b8) C:\Windows\System32\Drivers\BTHUSB.sys

2011/07/11 15:56:10.0373 3684 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys

2011/07/11 15:56:10.0561 3684 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys

2011/07/11 15:56:10.0685 3684 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\drivers\btwavdt.sys

2011/07/11 15:56:10.0904 3684 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys

2011/07/11 15:56:10.0982 3684 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys

2011/07/11 15:56:11.0419 3684 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/07/11 15:56:11.0668 3684 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys

2011/07/11 15:56:11.0902 3684 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/07/11 15:56:12.0089 3684 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/07/11 15:56:12.0308 3684 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/07/11 15:56:12.0401 3684 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

2011/07/11 15:56:12.0604 3684 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/07/11 15:56:12.0745 3684 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/07/11 15:56:12.0947 3684 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

2011/07/11 15:56:13.0072 3684 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/07/11 15:56:13.0369 3684 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

2011/07/11 15:56:13.0649 3684 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

2011/07/11 15:56:13.0759 3684 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/07/11 15:56:13.0946 3684 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/07/11 15:56:14.0227 3684 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/07/11 15:56:14.0336 3684 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

2011/07/11 15:56:14.0679 3684 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/07/11 15:56:15.0069 3684 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/07/11 15:56:15.0287 3684 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

2011/07/11 15:56:15.0443 3684 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/07/11 15:56:15.0599 3684 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/07/11 15:56:15.0709 3684 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/07/11 15:56:15.0896 3684 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/07/11 15:56:16.0005 3684 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/07/11 15:56:16.0161 3684 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/07/11 15:56:16.0286 3684 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/07/11 15:56:16.0504 3684 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/07/11 15:56:16.0613 3684 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys

2011/07/11 15:56:16.0832 3684 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/07/11 15:56:16.0957 3684 FTDIBUS (b7aa8283ec551d3a3b924e520e0621a7) C:\Windows\system32\drivers\opcomusb.sys

2011/07/11 15:56:17.0144 3684 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

2011/07/11 15:56:17.0331 3684 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/07/11 15:56:17.0440 3684 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/07/11 15:56:17.0643 3684 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

2011/07/11 15:56:17.0877 3684 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

2011/07/11 15:56:17.0971 3684 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/07/11 15:56:18.0142 3684 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/07/11 15:56:18.0236 3684 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/07/11 15:56:18.0485 3684 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys

2011/07/11 15:56:18.0751 3684 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

2011/07/11 15:56:18.0953 3684 HTCAND32 (950cc1e6ae3a6cd23e0945cde089b02c) C:\Windows\system32\Drivers\ANDROIDUSB.sys

2011/07/11 15:56:19.0078 3684 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

2011/07/11 15:56:19.0281 3684 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

2011/07/11 15:56:19.0437 3684 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

2011/07/11 15:56:19.0671 3684 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys

2011/07/11 15:56:20.0014 3684 igfx (a79416044080f5ade931517c45be9d58) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/07/11 15:56:20.0264 3684 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/07/11 15:56:20.0482 3684 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

2011/07/11 15:56:20.0607 3684 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/07/11 15:56:20.0779 3684 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/07/11 15:56:20.0919 3684 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

2011/07/11 15:56:21.0106 3684 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/07/11 15:56:21.0215 3684 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/07/11 15:56:21.0387 3684 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

2011/07/11 15:56:21.0512 3684 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

2011/07/11 15:56:21.0668 3684 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

2011/07/11 15:56:21.0777 3684 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

2011/07/11 15:56:21.0980 3684 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

2011/07/11 15:56:22.0105 3684 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

2011/07/11 15:56:22.0339 3684 L1C (3705b2273e8efc9a707864ab7324b614) C:\Windows\system32\DRIVERS\L1C62x86.sys

2011/07/11 15:56:22.0510 3684 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/07/11 15:56:22.0744 3684 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/07/11 15:56:22.0853 3684 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/07/11 15:56:23.0025 3684 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/07/11 15:56:23.0150 3684 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/07/11 15:56:23.0306 3684 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/07/11 15:56:23.0446 3684 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/07/11 15:56:23.0618 3684 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/07/11 15:56:23.0743 3684 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/07/11 15:56:23.0914 3684 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/07/11 15:56:24.0070 3684 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys

2011/07/11 15:56:24.0289 3684 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/07/11 15:56:24.0429 3684 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

2011/07/11 15:56:24.0601 3684 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

2011/07/11 15:56:24.0725 3684 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/07/11 15:56:24.0897 3684 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

2011/07/11 15:56:25.0084 3684 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/07/11 15:56:25.0178 3684 mrxsmb10 (a70c828a93cce4c11617f6249f4d87fc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/07/11 15:56:25.0365 3684 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/07/11 15:56:25.0474 3684 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

2011/07/11 15:56:25.0677 3684 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

2011/07/11 15:56:25.0849 3684 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/07/11 15:56:25.0989 3684 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/07/11 15:56:26.0114 3684 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

2011/07/11 15:56:26.0410 3684 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/07/11 15:56:26.0473 3684 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/07/11 15:56:26.0675 3684 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/07/11 15:56:26.0753 3684 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/07/11 15:56:26.0956 3684 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

2011/07/11 15:56:27.0050 3684 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/07/11 15:56:27.0206 3684 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/07/11 15:56:27.0268 3684 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/07/11 15:56:27.0502 3684 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/07/11 15:56:27.0627 3684 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

2011/07/11 15:56:27.0861 3684 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/07/11 15:56:27.0908 3684 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/07/11 15:56:28.0126 3684 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/07/11 15:56:28.0251 3684 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/07/11 15:56:28.0516 3684 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

2011/07/11 15:56:28.0703 3684 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/07/11 15:56:28.0813 3684 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

2011/07/11 15:56:29.0093 3684 NetworkX (ae980fce2581e45dfe1cd187af4838f0) C:\Windows\system32\ckldrv.sys

2011/07/11 15:56:29.0218 3684 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/07/11 15:56:29.0390 3684 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/07/11 15:56:29.0483 3684 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/07/11 15:56:29.0717 3684 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys

2011/07/11 15:56:29.0967 3684 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/07/11 15:56:30.0061 3684 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys

2011/07/11 15:56:30.0232 3684 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys

2011/07/11 15:56:30.0357 3684 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

2011/07/11 15:56:30.0544 3684 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

2011/07/11 15:56:30.0685 3684 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2011/07/11 15:56:30.0887 3684 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

2011/07/11 15:56:30.0997 3684 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2011/07/11 15:56:31.0199 3684 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

2011/07/11 15:56:31.0277 3684 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

2011/07/11 15:56:31.0387 3684 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/07/11 15:56:31.0543 3684 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/07/11 15:56:31.0683 3684 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/07/11 15:56:32.0182 3684 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/07/11 15:56:32.0260 3684 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2011/07/11 15:56:32.0510 3684 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/07/11 15:56:32.0603 3684 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2011/07/11 15:56:32.0837 3684 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/07/11 15:56:32.0931 3684 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/07/11 15:56:33.0149 3684 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/07/11 15:56:33.0259 3684 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/07/11 15:56:33.0461 3684 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/07/11 15:56:33.0524 3684 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/07/11 15:56:33.0727 3684 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/07/11 15:56:33.0836 3684 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

2011/07/11 15:56:34.0023 3684 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/07/11 15:56:34.0132 3684 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/07/11 15:56:34.0351 3684 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

2011/07/11 15:56:34.0553 3684 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/07/11 15:56:34.0631 3684 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/07/11 15:56:34.0850 3684 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys

2011/07/11 15:56:34.0928 3684 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

2011/07/11 15:56:35.0146 3684 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

2011/07/11 15:56:35.0380 3684 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys

2011/07/11 15:56:35.0630 3684 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/07/11 15:56:35.0989 3684 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

2011/07/11 15:56:36.0207 3684 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

2011/07/11 15:56:36.0332 3684 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

2011/07/11 15:56:36.0597 3684 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/07/11 15:56:36.0894 3684 Ser2pl (8b80a722cce8e16f495fcaeb43d863d1) C:\Windows\system32\DRIVERS\ser2pl.sys

2011/07/11 15:56:37.0096 3684 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/07/11 15:56:37.0174 3684 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/07/11 15:56:37.0377 3684 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2011/07/11 15:56:37.0533 3684 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

2011/07/11 15:56:37.0674 3684 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

2011/07/11 15:56:37.0752 3684 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

2011/07/11 15:56:37.0861 3684 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/07/11 15:56:38.0079 3684 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

2011/07/11 15:56:38.0235 3684 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/07/11 15:56:38.0391 3684 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/07/11 15:56:38.0547 3684 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/07/11 15:56:38.0750 3684 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/07/11 15:56:38.0953 3684 sptd (87b5595eb1c623ff5887e36a35e51ba2) C:\Windows\system32\Drivers\sptd.sys

2011/07/11 15:56:38.0953 3684 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 87b5595eb1c623ff5887e36a35e51ba2

2011/07/11 15:56:38.0984 3684 sptd - detected LockedFile.Multi.Generic (1)

2011/07/11 15:56:39.0171 3684 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

2011/07/11 15:56:39.0280 3684 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

2011/07/11 15:56:39.0483 3684 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

2011/07/11 15:56:39.0655 3684 ssadbus (406776fe3c2b66796bac1a7afb9ac8a1) C:\Windows\system32\DRIVERS\ssadbus.sys

2011/07/11 15:56:39.0842 3684 ssadmdfl (b19532d015a5d295e2aa34bb521202cf) C:\Windows\system32\DRIVERS\ssadmdfl.sys

2011/07/11 15:56:39.0982 3684 ssadmdm (2aebf9108e6f435458b9499c27394da4) C:\Windows\system32\DRIVERS\ssadmdm.sys

2011/07/11 15:56:40.0185 3684 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\Windows\system32\DRIVERS\sscdbus.sys

2011/07/11 15:56:40.0341 3684 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\Windows\system32\DRIVERS\sscdmdfl.sys

2011/07/11 15:56:40.0482 3684 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\Windows\system32\DRIVERS\sscdmdm.sys

2011/07/11 15:56:40.0638 3684 sscdserd (d04bd59f28c78e2e66632092cafc0a2b) C:\Windows\system32\DRIVERS\sscdserd.sys

2011/07/11 15:56:40.0887 3684 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2011/07/11 15:56:41.0059 3684 STHDA (ffe2d0a09c9c806b005c97076cc1034c) C:\Windows\system32\DRIVERS\stwrt.sys

2011/07/11 15:56:41.0277 3684 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

2011/07/11 15:56:41.0324 3684 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

2011/07/11 15:56:41.0527 3684 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

2011/07/11 15:56:41.0854 3684 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys

2011/07/11 15:56:42.0057 3684 Tcpip (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\drivers\tcpip.sys

2011/07/11 15:56:42.0354 3684 TCPIP6 (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\DRIVERS\tcpip.sys

2011/07/11 15:56:42.0510 3684 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

2011/07/11 15:56:42.0697 3684 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

2011/07/11 15:56:42.0790 3684 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

2011/07/11 15:56:42.0962 3684 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

2011/07/11 15:56:43.0071 3684 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

2011/07/11 15:56:43.0508 3684 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/07/11 15:56:43.0602 3684 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

2011/07/11 15:56:43.0882 3684 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

2011/07/11 15:56:44.0101 3684 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2011/07/11 15:56:44.0194 3684 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

2011/07/11 15:56:44.0475 3684 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

2011/07/11 15:56:44.0600 3684 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys

2011/07/11 15:56:44.0803 3684 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2011/07/11 15:56:44.0943 3684 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/07/11 15:56:45.0208 3684 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

2011/07/11 15:56:45.0427 3684 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys

2011/07/11 15:56:45.0583 3684 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys

2011/07/11 15:56:45.0723 3684 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

2011/07/11 15:56:45.0817 3684 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/07/11 15:56:46.0004 3684 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/07/11 15:56:46.0222 3684 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/07/11 15:56:46.0347 3684 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys

2011/07/11 15:56:46.0566 3684 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys

2011/07/11 15:56:46.0815 3684 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

2011/07/11 15:56:46.0956 3684 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/07/11 15:56:47.0127 3684 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/07/11 15:56:47.0299 3684 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

2011/07/11 15:56:47.0502 3684 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

2011/07/11 15:56:47.0611 3684 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2011/07/11 15:56:47.0814 3684 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

2011/07/11 15:56:47.0907 3684 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

2011/07/11 15:56:48.0063 3684 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

2011/07/11 15:56:48.0172 3684 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

2011/07/11 15:56:48.0375 3684 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/07/11 15:56:48.0484 3684 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

2011/07/11 15:56:48.0703 3684 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/07/11 15:56:48.0781 3684 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

2011/07/11 15:56:48.0984 3684 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/07/11 15:56:49.0186 3684 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys

2011/07/11 15:56:49.0405 3684 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2011/07/11 15:56:49.0530 3684 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/11 15:56:49.0576 3684 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/11 15:56:49.0888 3684 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2011/07/11 15:56:49.0982 3684 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/07/11 15:56:50.0310 3684 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/07/11 15:56:50.0388 3684 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/07/11 15:56:50.0731 3684 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/07/11 15:56:50.0949 3684 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

2011/07/11 15:56:51.0136 3684 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/07/11 15:56:51.0402 3684 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

2011/07/11 15:56:51.0573 3684 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/07/11 15:56:51.0807 3684 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

2011/07/11 15:56:51.0854 3684 Boot (0x1200) (7588588f077ed5dd98b13767a11b62e9) \Device\Harddisk0\DR0\Partition0

2011/07/11 15:56:51.0870 3684 ================================================================================

2011/07/11 15:56:51.0870 3684 Scan finished

2011/07/11 15:56:51.0870 3684 ================================================================================

2011/07/11 15:56:51.0916 3792 Detected object count: 1

2011/07/11 15:56:51.0916 3792 Actual detected object count: 1

2011/07/11 15:57:07.0594 3792 LockedFile.Multi.Generic(sptd) - User select action: Skip

now sending from laptop, not being redirected on browser.

can you advise me on security as i have disabled it all?

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 7071

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

11/07/2011 19:18:40

mbam-log-2011-07-11 (19-18-40).txt

Scan type: Full scan (C:\|)

Objects scanned: 432456

Time elapsed: 2 hour(s), 40 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

looks like its done the trick :)

Link to post
Share on other sites

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by ste at 7:03:30 on 2011-07-12

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2039.1186 [GMT 1:00]

.

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\STacSV.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k NetworkService

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\crypserv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Users\ste\AppData\Local\TVersity\Media Server\MediaServer.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Teleca Shared\logger.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe

C:\Users\ste\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe

C:\Users\ste\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ste\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\rundll32.exe

C:\Users\ste\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\program files\avira\antivir desktop\avcenter.exe

C:\Users\ste\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\taskhost.exe

C:\Windows\system32\RunDll32.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

mStart Page = about:blank

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{00EE4C1D-3068-4AFE-9603-D56FD09D5D90} : DhcpNameServer = 192.168.100.254

TCP: Interfaces\{06889F56-6D6E-4CB4-85D8-093DFDD3DBAD} : DhcpNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{06889F56-6D6E-4CB4-85D8-093DFDD3DBAD}\16C65656A716 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{06889F56-6D6E-4CB4-85D8-093DFDD3DBAD}\6796277696E6D65646961683638383036393 : DhcpNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{06889F56-6D6E-4CB4-85D8-093DFDD3DBAD}\8445340205F627471626C6560284F6473707F647 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{06889F56-6D6E-4CB4-85D8-093DFDD3DBAD}\84453402E6564777F627B6 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{9724EE72-7657-4F7D-B144-CFBD0FEF652F} : DhcpNameServer = 192.168.100.254

TCP: Interfaces\{BF9A15C4-C789-41D3-878E-A85C850445EA} : DhcpNameServer = 192.168.100.254

Notify: igfxcui - igfxdev.dll

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-7-11 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-7-11 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-7-11 66616]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2009-11-13 58368]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-3-22 29472]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-3-23 54632]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-3-20 15872]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-4-6 96488]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-4-6 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-4-6 121576]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-20 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-28 1343400]

.

=============== Created Last 30 ================

.

2011-07-11 20:46:44 -------- d-----w- c:\users\ste\appdata\roaming\Avira

2011-07-11 20:44:41 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-07-11 20:44:40 -------- d-----w- c:\programdata\Avira

2011-07-11 20:44:39 -------- d-----w- c:\program files\Avira

2011-07-11 15:36:50 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-11 15:36:45 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-11 15:36:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-11 15:01:51 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{352890b3-654e-44de-9734-873322d17b31}\mpengine.dll

2011-07-11 08:57:52 -------- d-sh--w- C:\$RECYCLE.BIN

2011-07-11 08:20:56 -------- d-----w- C:\ComboFix

2011-07-10 21:03:18 -------- d-----w- c:\users\ste\appdata\local\temp

2011-07-10 20:23:42 98816 ----a-w- c:\windows\sed.exe

2011-07-10 20:23:42 518144 ----a-w- c:\windows\SWREG.exe

2011-07-10 20:23:42 256000 ----a-w- c:\windows\PEV.exe

2011-07-10 20:23:42 208896 ----a-w- c:\windows\MBR.exe

2011-07-09 15:22:13 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-07-09 15:11:02 3510 ----a-w- c:\windows\system32\tmp.reg

2011-07-09 13:18:54 87552 ----a-w- c:\windows\system32\VACFix.exe

2011-07-09 13:18:54 82944 ----a-w- c:\windows\system32\IEDFix.exe

2011-07-09 13:18:54 82944 ----a-w- c:\windows\system32\IEDFix.C.exe

2011-07-09 13:18:54 82432 ----a-w- c:\windows\system32\404Fix.exe

2011-07-09 13:18:54 80384 ----a-w- c:\windows\system32\o4Patch.exe

2011-07-09 13:18:54 78336 ----a-w- c:\windows\system32\Agent.OMZ.Fix.exe

2011-07-09 13:18:54 75776 ----a-w- c:\windows\system32\WS2Fix.exe

2011-07-09 13:18:53 53248 ----a-w- c:\windows\system32\Process.exe

2011-07-09 13:18:53 51200 ----a-w- c:\windows\system32\dumphive.exe

2011-07-09 13:18:53 289144 ----a-w- c:\windows\system32\VCCLSID.exe

2011-07-09 13:18:53 288417 ----a-w- c:\windows\system32\SrchSTS.exe

2011-06-30 05:59:18 -------- d-----w- c:\program files\common files\PC Tools

2011-06-29 21:50:51 -------- d-----w- c:\windows\system32\appmgmt

2011-06-29 19:57:23 -------- d-----w- c:\programdata\PC Tools

2011-06-29 19:21:01 -------- d-----w- c:\programdata\IObit

2011-06-29 18:52:20 -------- d-----w- c:\users\ste\appdata\roaming\Malwarebytes

2011-06-29 18:52:05 -------- d-----w- c:\programdata\Malwarebytes

2011-06-29 18:41:49 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-06-29 18:41:31 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe

2011-06-29 18:41:31 666624 ----a-w- c:\windows\system32\mssvp.dll

2011-06-29 18:41:31 59392 ----a-w- c:\windows\system32\msscntrs.dll

2011-06-29 18:41:31 427520 ----a-w- c:\windows\system32\SearchIndexer.exe

2011-06-29 18:41:31 337408 ----a-w- c:\windows\system32\mssph.dll

2011-06-29 18:41:31 197120 ----a-w- c:\windows\system32\mssphtb.dll

2011-06-29 18:41:31 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe

2011-06-29 18:41:31 1549312 ----a-w- c:\windows\system32\tquery.dll

2011-06-29 18:41:31 1401344 ----a-w- c:\windows\system32\mssrch.dll

2011-06-29 17:43:36 -------- d-----w- c:\program files\IObit

2011-06-29 17:29:23 -------- d-----w- c:\users\ste\appdata\roaming\IObit

2011-06-29 16:31:18 -------- d-----w- c:\program files\common files\Scanner

2011-06-28 20:39:57 -------- d--h--w- c:\programdata\Common Files

2011-06-28 20:34:08 -------- d-----w- c:\programdata\MFAData

2011-06-28 17:16:15 -------- d-----w- c:\windows\system32\Wat

2011-06-26 19:23:25 175616 ----a-w- c:\windows\system32\unrar.dll

2011-06-26 18:02:42 -------- d-----w- c:\users\ste\appdata\local\QuickPar

2011-06-26 18:01:39 -------- d-----w- c:\program files\QuickPar

2011-06-25 19:09:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-21 20:01:37 56832 ------w- c:\windows\system32\iyvu9_32.dll

2011-06-21 20:01:36 143872 ------w- c:\windows\system32\iacenc.dll

2011-06-21 20:01:14 1622016 ------w- c:\program files\microsoft games\age of empires\EMPIRES.EXE

2011-06-21 20:01:12 1513984 ------w- c:\program files\microsoft games\age of empires\EMPIRESX.EXE

2011-06-21 20:01:08 319553 ------w- c:\program files\microsoft games\age of empires\Uninstal.Exe

2011-06-21 20:01:08 2744320 ------w- c:\program files\microsoft games\age of empires\SETUPENU.DLL

2011-06-21 20:00:42 160256 ------w- c:\program files\microsoft games\age of empires\languagex.dll

2011-06-21 20:00:41 174080 ------w- c:\program files\microsoft games\age of empires\language.dll

2011-06-21 20:00:14 29184 ------w- c:\program files\microsoft games\age of empires\data2\closedpw.exe

2011-06-21 19:59:47 29184 ------w- c:\program files\microsoft games\age of empires\data\closedpw.exe

2011-06-21 19:59:43 32768 ------w- c:\program files\microsoft games\age of empires\AoEHlp.dll

2011-06-21 19:59:43 32768 ------w- c:\program files\microsoft games\age of empires\aelaunch.dll

2011-06-19 19:17:58 310272 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-19 19:17:58 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-19 19:17:57 311808 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-19 19:17:54 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-19 19:17:53 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-19 19:17:46 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-19 19:17:39 741376 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-19 19:10:53 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-06-19 19:08:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-19 19:08:29 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-19 19:08:29 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.

==================== Find3M ====================

.

2011-07-10 19:43:58 75264 ----a-w- c:\windows\system32\drivers\rassstp.sys

2011-07-10 18:39:59 77824 ----a-w- c:\windows\system32\drivers\raspppoe.sys

2011-07-10 16:21:17 108544 ----a-w- c:\windows\system32\drivers\hdaudbus.sys

2011-05-24 18:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe

.

============= FINISH: 7:04:50.76 ===============

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.