Jump to content

Hi, could someone help

Logical1111
 Share

Recommended Posts

Logical1111

Logical1111

Posted
Posted

Hey there. Recently, I have been infected with a ZeroAccess Rootkit, and have been desperately trying to get rid of it. My friend introduced me to ComboFix, and I have used that, and help from hereto try and treat my PC. But I am still not convinced that I have gotten rid of it. So will someone look at these two logfiles and tell me what to do next?

COMBOFIX LOG FILE

ComboFix 11-07-24.03 - Qadri 24/07/2011 23:15:24.1.2 - x86 NETWORK

Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3317.2754 [GMT -4:00]

Running from: c:\users\Qadri\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\a.txt

c:\program files\ClickPotatoLite

c:\program files\ClickPotatoLite\bin\10.0.511.0\ClickPotatoLiteSAHook.dll

c:\program files\ClickPotatoLite\bin\10.0.511.0\firefox\extensions\chrome.manifest

c:\program files\ClickPotatoLite\bin\10.0.511.0\firefox\extensions\install.rdf

c:\program files\ClickPotatoLite\bin\10.0.511.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll

c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65

c:\programdata\ClickPotatoLiteSA

c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSA.dat

c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSA_hpk.dat

c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat

c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht

c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat

c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht

C:\test.txt

c:\users\Qadri\AppData\Roaming\chrtmp

c:\users\Qadri\AppData\Roaming\ClickPotatoLite

c:\users\Qadri\AppData\Roaming\Google Talk

c:\users\Qadri\AppData\Roaming\logs.dat

c:\users\Qadri\AppData\Roaming\Winbooterr

c:\windows\system32\bin

c:\windows\system32\drivers\1252368913.sys

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_1252368913

.

.

((((((((((((((((((((((((( Files Created from 2011-06-25 to 2011-07-25 )))))))))))))))))))))))))))))))

.

.

2011-07-25 02:32 . 2011-07-25 02:32 -------- d--h--w- c:\windows\PIF

2011-07-25 02:29 . 2011-07-25 02:29 39192 ----a-w- c:\windows\system32\Partizan.exe

2011-07-25 02:29 . 2011-07-25 02:29 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys

2011-07-25 02:29 . 2011-07-25 02:29 2 --shatr- c:\windows\winstart.bat

2011-07-25 01:54 . 2011-07-25 01:54 -------- d-----w- c:\programdata\PC Tools

2011-07-25 01:26 . 2011-07-25 01:26 -------- d-----w- c:\users\Qadri\AppData\Roaming\Malwarebytes

2011-07-25 01:26 . 2011-07-25 01:26 -------- d-----w- c:\programdata\Malwarebytes

2011-07-24 01:19 . 2011-07-24 02:18 -------- d-----w- c:\programdata\Panda Security

2011-07-24 01:17 . 2011-07-24 01:17 -------- d-----w- c:\program files\Common Files\Pd

2011-07-24 00:43 . 2011-07-24 00:43 -------- d-----w- c:\programdata\ErrorEND

2011-07-23 23:42 . 2011-07-23 23:42 -------- d-----w- c:\program files\Microsoft IntelliPoint

2011-07-23 22:48 . 2011-07-23 23:42 -------- d-----w- c:\programdata\AVAST Software

2011-07-23 22:48 . 2011-07-23 22:48 -------- d-----w- c:\program files\AVAST Software

2011-07-23 22:43 . 2011-07-23 22:43 -------- d--h--w- c:\programdata\Common Files

2011-07-23 22:42 . 2011-07-23 23:44 -------- d-----w- c:\programdata\MFAData

2011-07-13 00:43 . 2011-07-13 00:43 -------- d-----w- c:\users\Qadri\AppData\Local\TVU Networks

2011-07-13 00:43 . 2011-07-13 00:43 -------- d-----w- c:\programdata\TVU Networks

2011-07-09 18:55 . 2011-07-09 18:55 -------- d-----w- c:\users\Qadri\AppData\Local\SourceTec

2011-07-09 18:55 . 2011-07-09 18:55 -------- d-----w- c:\program files\Common Files\SourceTec

2011-07-09 18:55 . 2011-07-09 19:03 -------- d-----w- c:\program files\SourceTec

2011-07-08 10:02 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E4250F22-582F-40CC-B048-ADD23C0BA104}\mpengine.dll

2011-07-05 15:01 . 2011-07-05 15:01 -------- d-----w- c:\users\Qadri\AppData\Roaming\MathematicaPlayer

2011-07-05 15:01 . 2011-07-05 15:01 -------- d-----w- c:\users\Qadri\AppData\Local\MathematicaPlayer

2011-07-05 15:00 . 2011-07-05 15:00 -------- d-----w- c:\program files\Common Files\Wolfram Research

2011-07-05 15:00 . 2011-07-05 15:00 -------- d-----w- c:\programdata\Mathematica

2011-07-05 15:00 . 2011-07-05 15:00 -------- d-----w- c:\program files\Common Files\ResearchSoft

2011-07-05 15:00 . 2011-03-01 22:36 335888 ----a-w- c:\windows\system32\mltcpip32.mlp

2011-07-05 15:00 . 2011-03-01 22:36 93712 ----a-w- c:\windows\system32\mltcp32.mlp

2011-07-05 15:00 . 2011-03-01 22:36 88080 ----a-w- c:\windows\system32\mlshm32.mlp

2011-07-05 15:00 . 2011-03-01 22:36 167952 ----a-w- c:\windows\system32\mlmodule32.dll

2011-07-05 15:00 . 2011-03-01 22:36 79376 ----a-w- c:\windows\system32\mlmap32.mlp

2011-07-05 15:00 . 2011-03-01 22:36 369680 ----a-w- c:\windows\system32\ml32i3.dll

2011-07-05 15:00 . 2011-03-01 22:36 260112 ----a-w- c:\windows\system32\ml32i2.dll

2011-07-05 15:00 . 2011-03-01 22:36 253968 ----a-w- c:\windows\system32\ml32i1.dll

2011-07-05 14:59 . 2011-07-05 14:59 -------- d-----w- c:\program files\Wolfram Research

2011-06-29 10:11 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-06-29 10:10 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll

2011-06-29 10:10 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll

2011-06-29 10:10 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll

2011-06-29 10:10 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe

2011-06-29 10:10 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe

2011-06-29 10:10 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll

2011-06-29 10:10 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll

2011-06-29 10:10 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll

2011-06-29 10:10 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-24 23:43 . 2011-06-08 23:33 0 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-06-09 00:07 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-06-02 17:53 . 2011-06-02 17:53 94208 ----a-w- c:\windows\system32\dpl100.dll

2011-05-04 08:52 . 2010-04-23 00:17 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-03 04:30 . 2011-06-15 23:47 741376 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 02:46 . 2011-06-15 23:47 311808 ----a-w- c:\windows\system32\drivers\srv.sys

2011-04-29 02:46 . 2011-06-15 23:47 310272 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-04-29 02:46 . 2011-06-15 23:47 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-04-27 02:17 . 2011-06-15 23:46 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-04-27 02:17 . 2011-06-15 23:46 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-04-27 02:17 . 2011-06-15 23:46 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-23 22:43 . 2011-03-24 10:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]

"{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll" [2011-01-17 175912]

"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]

.

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

.

[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]

.

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-10-18 17:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

2011-01-17 14:54 175912 ----a-w- c:\program files\Softonic-Eng7\prxtbSof0.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

2010-10-18 17:26 3908192 ----a-w- c:\program files\BitTorrentBar\tbBitT.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2009-07-10 21:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]

2011-01-17 14:54 175912 ----a-w- c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]

"{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll" [2011-01-17 175912]

"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

.

[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]

.

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]

"{F999A48B-1950-4D81-9971-79018F807B4B}"= "c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll" [2011-01-17 175912]

"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

.

[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]

.

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2010-04-23 22:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2010-04-23 22:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2010-04-23 22:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2010-04-23 22:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2010-04-23 22:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2010-04-23 22:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2010-04-23 22:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2010-04-23 22:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2010-04-23 22:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-02-25 611712]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-12-22 274608]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-25 110592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKLM\~\startupfolder\C:^Users^Qadri^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\users\Qadri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-09-08 15:35 133104 ----atw- c:\users\Qadri\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-01-25 20:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-04-08 16:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 GarenaPEngine;GarenaPEngine;c:\users\Qadri\AppData\Local\Temp\UJYF262.tmp [x]

R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]

R3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2011-07-25 35816]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-07 1343400]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]

R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-09 691696]

S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-04-09 40448]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2250729775-3711007515-3092007561-1001Core.job

- c:\users\Qadri\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-08 15:35]

.

2011-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2250729775-3711007515-3092007561-1001UA.job

- c:\users\Qadri\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-08 15:35]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.ca/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Qadri\AppData\Roaming\Mozilla\Firefox\Profiles\thtlkd4j.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2857572&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Dictionary

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} - (no file)

MSConfigStartUp-B7GGEY1ZRR - c:\users\Qadri\AppData\Local\Temp\Snl.exe

MSConfigStartUp-googletalk - c:\users\Qadri\AppData\Roaming\Google Talk\googletalk.exe

MSConfigStartUp-HKCU - c:\users\Qadri\AppData\Roaming\Winbooterr\Svchost.exe

MSConfigStartUp-sXe Injected - c:\program files\sXe Injected\sXe Injected.exe

MSConfigStartUp-sysinfo - c:\users\Qadri\AppData\Local\Temp\335091028Wsy.dll

AddRemove-JEDI-SDL Full_is1 - g:\fpc\2.2.4\bin\JEDI\unins000.exe

AddRemove-Power Audio Extractor_is1 - c:\program files\Power Audio Extractor\unins000.exe

AddRemove-Power Burning Wizard_is1 - c:\program files\Power Burning Wizard\unins000.exe

AddRemove-Power YouTube to MP3 Converter_is1 - c:\program files\Power YouTube to MP3 Converter\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GarenaPEngine]

"ImagePath"="\??\c:\users\Qadri\AppData\Local\Temp\UJYF262.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,f4,1a,cd,01,35,9c,48,98,22,06,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,f4,1a,cd,01,35,9c,48,98,22,06,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\rundll32.exe

c:\windows\system32\taskhost.exe

c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

c:\program files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

c:\program files\Microsoft\BingBar\SeaPort.EXE

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\windows\system32\conhost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\TortoiseSVN\bin\TSVNCache.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\sppsvc.exe

c:\windows\system32\DllHost.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Completion time: 2011-07-24 23:27:26 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-25 03:27

.

Pre-Run: 215,159,816,192 bytes free

Post-Run: 215,160,410,112 bytes free

.

- - End Of File - - EA01732F1A6D87689D1FC50BD034D16A

MALWARE BYTES LOGFILE

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7272

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

25/07/2011 08:36:23 AM

mbam-log-2011-07-25 (08-36-23).txt

Scan type: Quick scan

Objects scanned: 175655

Time elapsed: 9 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\5SK3BLHWHC (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\B7GGEY1ZRR (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, grab a fresh copy of ComboFix, run it, and post its log.

-screen317

Link to post
Share on other sites
Logical1111

Logical1111

Posted
  • Author
Posted

TDSSKiller.2.5.13.0_02.08.2011_20.02.04_log.txt

2011/08/02 20:02:04.0846 3212 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11

2011/08/02 20:02:05.0169 3212 ================================================================================

2011/08/02 20:02:05.0169 3212 SystemInfo:

2011/08/02 20:02:05.0169 3212

2011/08/02 20:02:05.0170 3212 OS Version: 6.1.7601 ServicePack: 1.0

2011/08/02 20:02:05.0170 3212 Product type: Workstation

2011/08/02 20:02:05.0170 3212 ComputerName: QADRI-PC

2011/08/02 20:02:05.0170 3212 UserName: Qadri

2011/08/02 20:02:05.0170 3212 Windows directory: C:\Windows

2011/08/02 20:02:05.0170 3212 System windows directory: C:\Windows

2011/08/02 20:02:05.0170 3212 Processor architecture: Intel x86

2011/08/02 20:02:05.0170 3212 Number of processors: 2

2011/08/02 20:02:05.0170 3212 Page size: 0x1000

2011/08/02 20:02:05.0170 3212 Boot type: Normal boot

2011/08/02 20:02:05.0170 3212 ================================================================================

2011/08/02 20:02:13.0120 3212 Initialize success

2011/08/02 20:02:17.0176 5388 ================================================================================

2011/08/02 20:02:17.0176 5388 Scan started

2011/08/02 20:02:17.0176 5388 Mode: Manual;

2011/08/02 20:02:17.0176 5388 ================================================================================

2011/08/02 20:02:20.0534 5388 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

2011/08/02 20:02:20.0894 5388 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

2011/08/02 20:02:21.0170 5388 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

2011/08/02 20:02:21.0496 5388 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\Windows\system32\drivers\adfs.sys

2011/08/02 20:02:21.0816 5388 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/08/02 20:02:21.0956 5388 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/08/02 20:02:22.0046 5388 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/08/02 20:02:22.0245 5388 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

2011/08/02 20:02:22.0346 5388 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

2011/08/02 20:02:22.0469 5388 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/08/02 20:02:22.0700 5388 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

2011/08/02 20:02:22.0805 5388 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

2011/08/02 20:02:22.0934 5388 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

2011/08/02 20:02:23.0161 5388 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/08/02 20:02:23.0384 5388 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/08/02 20:02:23.0459 5388 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

2011/08/02 20:02:23.0489 5388 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/08/02 20:02:23.0531 5388 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

2011/08/02 20:02:23.0587 5388 AmFSM (36b58a8bafe100de90c87a3c0e56a3f2) C:\Windows\system32\DRIVERS\amm8660.sys

2011/08/02 20:02:23.0646 5388 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

2011/08/02 20:02:23.0732 5388 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/08/02 20:02:23.0784 5388 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/08/02 20:02:23.0833 5388 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/08/02 20:02:23.0858 5388 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

2011/08/02 20:02:23.0950 5388 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/08/02 20:02:24.0009 5388 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/08/02 20:02:24.0085 5388 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/08/02 20:02:24.0128 5388 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/08/02 20:02:24.0183 5388 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

2011/08/02 20:02:24.0215 5388 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/08/02 20:02:24.0234 5388 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/08/02 20:02:24.0273 5388 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/08/02 20:02:24.0312 5388 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/08/02 20:02:24.0333 5388 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/08/02 20:02:24.0355 5388 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/08/02 20:02:24.0383 5388 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/08/02 20:02:24.0544 5388 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/08/02 20:02:24.0610 5388 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys

2011/08/02 20:02:24.0652 5388 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/08/02 20:02:24.0700 5388 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/08/02 20:02:24.0745 5388 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/08/02 20:02:24.0798 5388 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

2011/08/02 20:02:24.0833 5388 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/08/02 20:02:24.0861 5388 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/08/02 20:02:24.0926 5388 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

2011/08/02 20:02:24.0963 5388 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/08/02 20:02:25.0040 5388 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

2011/08/02 20:02:25.0117 5388 dc3d (94010220445f181ade8e7ca9c3a98bf4) C:\Windows\system32\DRIVERS\dc3d.sys

2011/08/02 20:02:25.0253 5388 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/08/02 20:02:25.0292 5388 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/08/02 20:02:25.0343 5388 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/08/02 20:02:25.0409 5388 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

2011/08/02 20:02:25.0467 5388 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS\e1e6032.sys

2011/08/02 20:02:25.0746 5388 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/08/02 20:02:25.0881 5388 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/08/02 20:02:26.0161 5388 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

2011/08/02 20:02:26.0227 5388 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/08/02 20:02:26.0259 5388 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/08/02 20:02:26.0297 5388 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/08/02 20:02:26.0354 5388 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/08/02 20:02:26.0372 5388 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/08/02 20:02:26.0418 5388 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/08/02 20:02:26.0452 5388 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/08/02 20:02:26.0495 5388 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/08/02 20:02:26.0554 5388 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys

2011/08/02 20:02:26.0594 5388 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/08/02 20:02:26.0662 5388 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

2011/08/02 20:02:26.0693 5388 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/08/02 20:02:26.0855 5388 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/08/02 20:02:26.0948 5388 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys

2011/08/02 20:02:26.0975 5388 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/08/02 20:02:27.0053 5388 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

2011/08/02 20:02:27.0106 5388 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

2011/08/02 20:02:27.0137 5388 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/08/02 20:02:27.0167 5388 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/08/02 20:02:27.0207 5388 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/08/02 20:02:27.0275 5388 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys

2011/08/02 20:02:27.0319 5388 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

2011/08/02 20:02:27.0390 5388 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

2011/08/02 20:02:27.0700 5388 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

2011/08/02 20:02:27.0737 5388 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

2011/08/02 20:02:27.0821 5388 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

2011/08/02 20:02:28.0579 5388 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/08/02 20:02:28.0805 5388 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/08/02 20:02:28.0882 5388 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

2011/08/02 20:02:28.0914 5388 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/08/02 20:02:28.0950 5388 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/08/02 20:02:29.0033 5388 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

2011/08/02 20:02:29.0061 5388 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/08/02 20:02:29.0381 5388 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/08/02 20:02:29.0409 5388 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

2011/08/02 20:02:29.0468 5388 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

2011/08/02 20:02:29.0510 5388 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

2011/08/02 20:02:29.0568 5388 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

2011/08/02 20:02:29.0630 5388 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

2011/08/02 20:02:29.0728 5388 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

2011/08/02 20:02:29.0794 5388 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/08/02 20:02:29.0848 5388 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/08/02 20:02:29.0880 5388 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/08/02 20:02:29.0905 5388 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/08/02 20:02:29.0932 5388 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/08/02 20:02:29.0973 5388 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/08/02 20:02:30.0034 5388 LVRS (b6e1ccd6572984adcae68439afd07011) C:\Windows\system32\DRIVERS\lvrs.sys

2011/08/02 20:02:30.0206 5388 LVUVC (6c42815dd57e397f0cd988304b5eb4b3) C:\Windows\system32\DRIVERS\lvuvc.sys

2011/08/02 20:02:30.0390 5388 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys

2011/08/02 20:02:30.0443 5388 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/08/02 20:02:30.0484 5388 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/08/02 20:02:30.0546 5388 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/08/02 20:02:30.0584 5388 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/08/02 20:02:30.0651 5388 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2011/08/02 20:02:30.0689 5388 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/08/02 20:02:30.0756 5388 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

2011/08/02 20:02:30.0813 5388 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

2011/08/02 20:02:30.0858 5388 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/08/02 20:02:30.0904 5388 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

2011/08/02 20:02:30.0969 5388 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/08/02 20:02:30.0996 5388 mrxsmb10 (a70c828a93cce4c11617f6249f4d87fc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/08/02 20:02:31.0024 5388 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/08/02 20:02:31.0048 5388 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

2011/08/02 20:02:31.0107 5388 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

2011/08/02 20:02:31.0182 5388 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/08/02 20:02:31.0206 5388 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/08/02 20:02:31.0234 5388 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

2011/08/02 20:02:31.0304 5388 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/08/02 20:02:31.0343 5388 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/08/02 20:02:31.0363 5388 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/08/02 20:02:31.0431 5388 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/08/02 20:02:31.0492 5388 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

2011/08/02 20:02:31.0570 5388 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/08/02 20:02:31.0597 5388 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/08/02 20:02:31.0627 5388 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/08/02 20:02:31.0671 5388 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/08/02 20:02:31.0929 5388 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

2011/08/02 20:02:31.0983 5388 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/08/02 20:02:32.0032 5388 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/08/02 20:02:32.0084 5388 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/08/02 20:02:32.0144 5388 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/08/02 20:02:32.0202 5388 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

2011/08/02 20:02:32.0252 5388 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/08/02 20:02:32.0349 5388 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

2011/08/02 20:02:32.0437 5388 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/08/02 20:02:32.0481 5388 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/08/02 20:02:32.0512 5388 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/08/02 20:02:32.0601 5388 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

2011/08/02 20:02:32.0684 5388 NuidFltr (37be10ff10a92031fc5a01e8363925cc) C:\Windows\system32\DRIVERS\NuidFltr.sys

2011/08/02 20:02:32.0717 5388 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/08/02 20:02:32.0773 5388 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

2011/08/02 20:02:32.0826 5388 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

2011/08/02 20:02:32.0861 5388 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

2011/08/02 20:02:32.0914 5388 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

2011/08/02 20:02:32.0977 5388 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2011/08/02 20:02:33.0031 5388 Partizan (6ddcf3f801ec15fe698f6a215cf30a1f) C:\Windows\system32\drivers\Partizan.sys

2011/08/02 20:02:33.0096 5388 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

2011/08/02 20:02:33.0119 5388 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2011/08/02 20:02:33.0163 5388 pavboot (55d654258a9c509b671310c314bd30b4) C:\Windows\system32\Drivers\pavboot.sys

2011/08/02 20:02:33.0223 5388 PavProc (a110035fdc4b8f8f0cd5e71d031274e1) C:\Windows\system32\DRIVERS\PavProc.sys

2011/08/02 20:02:33.0333 5388 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

2011/08/02 20:02:33.0358 5388 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

2011/08/02 20:02:33.0421 5388 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/08/02 20:02:33.0481 5388 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/08/02 20:02:33.0517 5388 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/08/02 20:02:33.0632 5388 Point32 (7d7a9c17d5455203dea11e5ef886cc59) C:\Windows\system32\DRIVERS\point32.sys

2011/08/02 20:02:33.0689 5388 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/08/02 20:02:33.0720 5388 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2011/08/02 20:02:33.0778 5388 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/08/02 20:02:33.0896 5388 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2011/08/02 20:02:34.0037 5388 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/08/02 20:02:34.0105 5388 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/08/02 20:02:34.0141 5388 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/08/02 20:02:34.0194 5388 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/08/02 20:02:34.0227 5388 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/08/02 20:02:34.0278 5388 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/08/02 20:02:34.0317 5388 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/08/02 20:02:34.0385 5388 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

2011/08/02 20:02:34.0412 5388 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/08/02 20:02:34.0471 5388 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/08/02 20:02:34.0548 5388 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

2011/08/02 20:02:34.0588 5388 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/08/02 20:02:34.0648 5388 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/08/02 20:02:34.0759 5388 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

2011/08/02 20:02:34.0853 5388 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

2011/08/02 20:02:34.0954 5388 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\Windows\system32\DRIVERS\RsFx0102.sys

2011/08/02 20:02:34.0997 5388 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/08/02 20:02:35.0047 5388 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

2011/08/02 20:02:35.0119 5388 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

2011/08/02 20:02:35.0156 5388 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

2011/08/02 20:02:35.0216 5388 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/08/02 20:02:35.0280 5388 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/08/02 20:02:35.0312 5388 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/08/02 20:02:35.0376 5388 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2011/08/02 20:02:35.0455 5388 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

2011/08/02 20:02:35.0486 5388 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

2011/08/02 20:02:35.0514 5388 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

2011/08/02 20:02:35.0541 5388 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/08/02 20:02:35.0594 5388 ShldDrv (32d6f7632234f0354c79e915ca4613d4) C:\Windows\system32\DRIVERS\ShlDrv51.sys

2011/08/02 20:02:35.0652 5388 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

2011/08/02 20:02:35.0685 5388 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/08/02 20:02:35.0716 5388 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/08/02 20:02:35.0752 5388 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/08/02 20:02:35.0798 5388 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/08/02 20:02:35.0876 5388 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys

2011/08/02 20:02:35.0876 5388 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

2011/08/02 20:02:35.0883 5388 sptd - detected LockedFile.Multi.Generic (1)

2011/08/02 20:02:36.0036 5388 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

2011/08/02 20:02:36.0097 5388 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

2011/08/02 20:02:36.0133 5388 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

2011/08/02 20:02:36.0173 5388 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2011/08/02 20:02:36.0239 5388 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

2011/08/02 20:02:36.0285 5388 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

2011/08/02 20:02:36.0341 5388 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

2011/08/02 20:02:36.0494 5388 Tcpip (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\drivers\tcpip.sys

2011/08/02 20:02:36.0573 5388 TCPIP6 (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\DRIVERS\tcpip.sys

2011/08/02 20:02:36.0633 5388 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

2011/08/02 20:02:36.0708 5388 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

2011/08/02 20:02:36.0749 5388 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

2011/08/02 20:02:36.0808 5388 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

2011/08/02 20:02:36.0840 5388 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

2011/08/02 20:02:36.0964 5388 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/08/02 20:02:37.0046 5388 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

2011/08/02 20:02:37.0122 5388 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

2011/08/02 20:02:37.0165 5388 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2011/08/02 20:02:37.0244 5388 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

2011/08/02 20:02:37.0336 5388 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

2011/08/02 20:02:37.0409 5388 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys

2011/08/02 20:02:37.0448 5388 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2011/08/02 20:02:37.0538 5388 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys

2011/08/02 20:02:37.0595 5388 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/08/02 20:02:37.0652 5388 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

2011/08/02 20:02:37.0689 5388 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/08/02 20:02:37.0729 5388 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

2011/08/02 20:02:37.0790 5388 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys

2011/08/02 20:02:37.0836 5388 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/08/02 20:02:37.0863 5388 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS

2011/08/02 20:02:37.0907 5388 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/08/02 20:02:37.0958 5388 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

2011/08/02 20:02:37.0989 5388 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/08/02 20:02:38.0029 5388 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/08/02 20:02:38.0066 5388 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

2011/08/02 20:02:38.0114 5388 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

2011/08/02 20:02:38.0147 5388 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2011/08/02 20:02:38.0188 5388 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

2011/08/02 20:02:38.0226 5388 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

2011/08/02 20:02:38.0256 5388 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

2011/08/02 20:02:38.0287 5388 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

2011/08/02 20:02:38.0322 5388 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/08/02 20:02:38.0352 5388 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

2011/08/02 20:02:38.0396 5388 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/08/02 20:02:38.0434 5388 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

2011/08/02 20:02:38.0495 5388 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2011/08/02 20:02:38.0596 5388 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/08/02 20:02:38.0635 5388 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/08/02 20:02:38.0708 5388 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2011/08/02 20:02:38.0755 5388 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/08/02 20:02:38.0832 5388 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/08/02 20:02:38.0863 5388 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/08/02 20:02:39.0088 5388 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

2011/08/02 20:02:39.0173 5388 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/08/02 20:02:39.0261 5388 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

2011/08/02 20:02:39.0365 5388 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/08/02 20:02:39.0426 5388 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

2011/08/02 20:02:39.0456 5388 Boot (0x1200) (9585fc50a0664d3c09ec276a775f0d83) \Device\Harddisk0\DR0\Partition0

2011/08/02 20:02:39.0478 5388 Boot (0x1200) (8600ed37a04f281fb5da24a8774c0f0a) \Device\Harddisk0\DR0\Partition1

2011/08/02 20:02:39.0488 5388 ================================================================================

2011/08/02 20:02:39.0488 5388 Scan finished

2011/08/02 20:02:39.0488 5388 ================================================================================

2011/08/02 20:02:39.0506 8812 Detected object count: 1

2011/08/02 20:02:39.0507 8812 Actual detected object count: 1

2011/08/02 20:02:53.0191 8812 LockedFile.Multi.Generic(sptd) - User select action: Skip

2011/08/02 20:03:13.0305 3008 ================================================================================

2011/08/02 20:03:13.0305 3008 Scan started

2011/08/02 20:03:13.0305 3008 Mode: Manual;

2011/08/02 20:03:13.0305 3008 ================================================================================

2011/08/02 20:03:13.0667 3008 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

2011/08/02 20:03:13.0762 3008 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

2011/08/02 20:03:13.0822 3008 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

2011/08/02 20:03:13.0883 3008 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\Windows\system32\drivers\adfs.sys

2011/08/02 20:03:13.0936 3008 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/08/02 20:03:13.0962 3008 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/08/02 20:03:13.0984 3008 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/08/02 20:03:14.0043 3008 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

2011/08/02 20:03:14.0093 3008 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

2011/08/02 20:03:14.0116 3008 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/08/02 20:03:14.0140 3008 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

2011/08/02 20:03:14.0187 3008 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

2011/08/02 20:03:14.0209 3008 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

2011/08/02 20:03:14.0228 3008 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/08/02 20:03:14.0252 3008 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/08/02 20:03:14.0302 3008 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

2011/08/02 20:03:14.0324 3008 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/08/02 20:03:14.0349 3008 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

2011/08/02 20:03:14.0389 3008 AmFSM (36b58a8bafe100de90c87a3c0e56a3f2) C:\Windows\system32\DRIVERS\amm8660.sys

2011/08/02 20:03:14.0439 3008 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

2011/08/02 20:03:14.0477 3008 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/08/02 20:03:14.0502 3008 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/08/02 20:03:14.0534 3008 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/08/02 20:03:14.0561 3008 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

2011/08/02 20:03:14.0659 3008 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/08/02 20:03:14.0685 3008 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/08/02 20:03:14.0728 3008 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/08/02 20:03:14.0762 3008 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/08/02 20:03:14.0799 3008 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

2011/08/02 20:03:14.0833 3008 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/08/02 20:03:14.0850 3008 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/08/02 20:03:14.0891 3008 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/08/02 20:03:14.0921 3008 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/08/02 20:03:14.0937 3008 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/08/02 20:03:14.0960 3008 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/08/02 20:03:14.0984 3008 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/08/02 20:03:15.0112 3008 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/08/02 20:03:15.0161 3008 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys

2011/08/02 20:03:15.0187 3008 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/08/02 20:03:15.0226 3008 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/08/02 20:03:15.0254 3008 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/08/02 20:03:15.0308 3008 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

2011/08/02 20:03:15.0343 3008 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/08/02 20:03:15.0371 3008 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/08/02 20:03:15.0420 3008 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

2011/08/02 20:03:15.0443 3008 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/08/02 20:03:15.0508 3008 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

2011/08/02 20:03:15.0553 3008 dc3d (94010220445f181ade8e7ca9c3a98bf4) C:\Windows\system32\DRIVERS\dc3d.sys

2011/08/02 20:03:15.0663 3008 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/08/02 20:03:15.0686 3008 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/08/02 20:03:15.0737 3008 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/08/02 20:03:15.0795 3008 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

2011/08/02 20:03:15.0836 3008 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS\e1e6032.sys

2011/08/02 20:03:15.0939 3008 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/08/02 20:03:16.0010 3008 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/08/02 20:03:16.0065 3008 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

2011/08/02 20:03:16.0106 3008 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/08/02 20:03:16.0130 3008 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/08/02 20:03:16.0160 3008 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/08/02 20:03:16.0193 3008 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/08/02 20:03:16.0227 3008 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/08/02 20:03:16.0256 3008 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/08/02 20:03:16.0282 3008 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/08/02 20:03:16.0316 3008 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/08/02 20:03:16.0367 3008 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys

2011/08/02 20:03:16.0389 3008 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/08/02 20:03:16.0450 3008 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

2011/08/02 20:03:16.0482 3008 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/08/02 20:03:16.0619 3008 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/08/02 20:03:16.0687 3008 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys

2011/08/02 20:03:16.0706 3008 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/08/02 20:03:16.0760 3008 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

2011/08/02 20:03:16.0787 3008 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

2011/08/02 20:03:16.0810 3008 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/08/02 20:03:16.0831 3008 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/08/02 20:03:16.0855 3008 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/08/02 20:03:16.0907 3008 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys

2011/08/02 20:03:16.0951 3008 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

2011/08/02 20:03:16.0988 3008 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

2011/08/02 20:03:17.0041 3008 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

2011/08/02 20:03:17.0070 3008 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

2011/08/02 20:03:17.0137 3008 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

2011/08/02 20:03:17.0289 3008 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/08/02 20:03:17.0344 3008 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/08/02 20:03:17.0401 3008 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

2011/08/02 20:03:17.0426 3008 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/08/02 20:03:17.0453 3008 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/08/02 20:03:17.0478 3008 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

2011/08/02 20:03:17.0506 3008 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/08/02 20:03:17.0535 3008 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/08/02 20:03:17.0564 3008 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

2011/08/02 20:03:17.0589 3008 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

2011/08/02 20:03:17.0614 3008 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

2011/08/02 20:03:17.0639 3008 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

2011/08/02 20:03:17.0693 3008 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

2011/08/02 20:03:17.0719 3008 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

2011/08/02 20:03:17.0765 3008 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/08/02 20:03:17.0812 3008 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/08/02 20:03:17.0835 3008 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/08/02 20:03:17.0861 3008 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/08/02 20:03:17.0888 3008 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/08/02 20:03:17.0912 3008 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/08/02 20:03:17.0956 3008 LVRS (b6e1ccd6572984adcae68439afd07011) C:\Windows\system32\DRIVERS\lvrs.sys

2011/08/02 20:03:18.0248 3008 LVUVC (6c42815dd57e397f0cd988304b5eb4b3) C:\Windows\system32\DRIVERS\lvuvc.sys

2011/08/02 20:03:18.0312 3008 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys

2011/08/02 20:03:18.0349 3008 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/08/02 20:03:18.0381 3008 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/08/02 20:03:18.0418 3008 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/08/02 20:03:18.0439 3008 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/08/02 20:03:18.0490 3008 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2011/08/02 20:03:18.0512 3008 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/08/02 20:03:18.0562 3008 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

2011/08/02 20:03:18.0611 3008 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

2011/08/02 20:03:18.0629 3008 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/08/02 20:03:18.0685 3008 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

2011/08/02 20:03:18.0734 3008 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/08/02 20:03:18.0761 3008 mrxsmb10 (a70c828a93cce4c11617f6249f4d87fc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/08/02 20:03:18.0788 3008 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/08/02 20:03:18.0813 3008 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

2011/08/02 20:03:18.0872 3008 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

2011/08/02 20:03:18.0913 3008 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/08/02 20:03:18.0937 3008 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/08/02 20:03:18.0982 3008 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

2011/08/02 20:03:19.0019 3008 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/08/02 20:03:19.0043 3008 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/08/02 20:03:19.0061 3008 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/08/02 20:03:19.0095 3008 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/08/02 20:03:19.0132 3008 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

2011/08/02 20:03:19.0168 3008 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/08/02 20:03:19.0187 3008 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/08/02 20:03:19.0218 3008 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/08/02 20:03:19.0253 3008 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/08/02 20:03:19.0295 3008 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

2011/08/02 20:03:19.0325 3008 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/08/02 20:03:19.0348 3008 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/08/02 20:03:19.0400 3008 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/08/02 20:03:19.0452 3008 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/08/02 20:03:19.0501 3008 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

2011/08/02 20:03:19.0527 3008 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/08/02 20:03:19.0574 3008 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

2011/08/02 20:03:19.0621 3008 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/08/02 20:03:19.0648 3008 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/08/02 20:03:19.0679 3008 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/08/02 20:03:19.0760 3008 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

2011/08/02 20:03:19.0818 3008 NuidFltr (37be10ff10a92031fc5a01e8363925cc) C:\Windows\system32\DRIVERS\NuidFltr.sys

2011/08/02 20:03:19.0851 3008 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/08/02 20:03:19.0906 3008 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

2011/08/02 20:03:19.0935 3008 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

2011/08/02 20:03:19.0962 3008 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

2011/08/02 20:03:20.0015 3008 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

2011/08/02 20:03:20.0069 3008 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2011/08/02 20:03:20.0106 3008 Partizan (6ddcf3f801ec15fe698f6a215cf30a1f) C:\Windows\system32\drivers\Partizan.sys

2011/08/02 20:03:20.0155 3008 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

2011/08/02 20:03:20.0178 3008 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2011/08/02 20:03:20.0222 3008 pavboot (55d654258a9c509b671310c314bd30b4) C:\Windows\system32\Drivers\pavboot.sys

2011/08/02 20:03:20.0274 3008 PavProc (a110035fdc4b8f8f0cd5e71d031274e1) C:\Windows\system32\DRIVERS\PavProc.sys

2011/08/02 20:03:20.0360 3008 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

2011/08/02 20:03:20.0384 3008 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

2011/08/02 20:03:20.0414 3008 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/08/02 20:03:20.0441 3008 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/08/02 20:03:20.0477 3008 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/08/02 20:03:20.0575 3008 Point32 (7d7a9c17d5455203dea11e5ef886cc59) C:\Windows\system32\DRIVERS\point32.sys

2011/08/02 20:03:20.0615 3008 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/08/02 20:03:20.0638 3008 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2011/08/02 20:03:20.0680 3008 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/08/02 20:03:20.0739 3008 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2011/08/02 20:03:20.0781 3008 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/08/02 20:03:20.0809 3008 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/08/02 20:03:20.0834 3008 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/08/02 20:03:20.0863 3008 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/08/02 20:03:20.0896 3008 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/08/02 20:03:20.0931 3008 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/08/02 20:03:20.0961 3008 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/08/02 20:03:21.0021 3008 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

2011/08/02 20:03:21.0048 3008 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/08/02 20:03:21.0107 3008 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/08/02 20:03:21.0176 3008 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

2011/08/02 20:03:21.0209 3008 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/08/02 20:03:21.0242 3008 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/08/02 20:03:21.0295 3008 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

2011/08/02 20:03:21.0347 3008 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

2011/08/02 20:03:21.0432 3008 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\Windows\system32\DRIVERS\RsFx0102.sys

2011/08/02 20:03:21.0458 3008 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/08/02 20:03:21.0508 3008 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

2011/08/02 20:03:21.0564 3008 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

2011/08/02 20:03:21.0624 3008 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

2011/08/02 20:03:21.0669 3008 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/08/02 20:03:21.0709 3008 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/08/02 20:03:21.0733 3008 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/08/02 20:03:21.0779 3008 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2011/08/02 20:03:21.0851 3008 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

2011/08/02 20:03:21.0874 3008 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

2011/08/02 20:03:21.0901 3008 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

2011/08/02 20:03:21.0928 3008 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/08/02 20:03:21.0973 3008 ShldDrv (32d6f7632234f0354c79e915ca4613d4) C:\Windows\system32\DRIVERS\ShlDrv51.sys

2011/08/02 20:03:22.0023 3008 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

2011/08/02 20:03:22.0047 3008 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/08/02 20:03:22.0078 3008 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/08/02 20:03:22.0106 3008 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/08/02 20:03:22.0143 3008 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/08/02 20:03:22.0221 3008 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys

2011/08/02 20:03:22.0222 3008 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

2011/08/02 20:03:22.0228 3008 sptd - detected LockedFile.Multi.Generic (1)

2011/08/02 20:03:22.0297 3008 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

2011/08/02 20:03:22.0328 3008 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

2011/08/02 20:03:22.0354 3008 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

2011/08/02 20:03:22.0392 3008 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2011/08/02 20:03:22.0452 3008 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

2011/08/02 20:03:22.0481 3008 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

2011/08/02 20:03:22.0537 3008 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

2011/08/02 20:03:22.0645 3008 Tcpip (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\drivers\tcpip.sys

2011/08/02 20:03:22.0702 3008 TCPIP6 (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\DRIVERS\tcpip.sys

2011/08/02 20:03:22.0763 3008 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

2011/08/02 20:03:22.0821 3008 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

2011/08/02 20:03:22.0845 3008 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

2011/08/02 20:03:22.0913 3008 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

2011/08/02 20:03:22.0942 3008 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

2011/08/02 20:03:23.0036 3008 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/08/02 20:03:23.0093 3008 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

2011/08/02 20:03:23.0128 3008 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

2011/08/02 20:03:23.0170 3008 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2011/08/02 20:03:23.0224 3008 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

2011/08/02 20:03:23.0291 3008 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

2011/08/02 20:03:23.0340 3008 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys

2011/08/02 20:03:23.0378 3008 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2011/08/02 20:03:23.0444 3008 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys

2011/08/02 20:03:23.0492 3008 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/08/02 20:03:23.0541 3008 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

2011/08/02 20:03:23.0585 3008 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/08/02 20:03:23.0618 3008 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

2011/08/02 20:03:23.0646 3008 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys

2011/08/02 20:03:23.0691 3008 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/08/02 20:03:23.0719 3008 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS

2011/08/02 20:03:23.0741 3008 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/08/02 20:03:23.0781 3008 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

2011/08/02 20:03:23.0811 3008 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/08/02 20:03:23.0843 3008 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/08/02 20:03:23.0876 3008 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

2011/08/02 20:03:23.0903 3008 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

2011/08/02 20:03:23.0929 3008 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2011/08/02 20:03:23.0952 3008 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

2011/08/02 20:03:24.0008 3008 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

2011/08/02 20:03:24.0063 3008 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

2011/08/02 20:03:24.0093 3008 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

2011/08/02 20:03:24.0128 3008 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/08/02 20:03:24.0159 3008 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

2011/08/02 20:03:24.0186 3008 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/08/02 20:03:24.0232 3008 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

2011/08/02 20:03:24.0276 3008 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2011/08/02 20:03:24.0336 3008 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/08/02 20:03:24.0348 3008 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/08/02 20:03:24.0406 3008 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2011/08/02 20:03:24.0444 3008 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/08/02 20:03:24.0506 3008 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/08/02 20:03:24.0528 3008 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/08/02 20:03:24.0612 3008 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

2011/08/02 20:03:24.0663 3008 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/08/02 20:03:24.0735 3008 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

2011/08/02 20:03:24.0770 3008 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/08/02 20:03:24.0817 3008 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

2011/08/02 20:03:24.0847 3008 Boot (0x1200) (9585fc50a0664d3c09ec276a775f0d83) \Device\Harddisk0\DR0\Partition0

2011/08/02 20:03:24.0858 3008 Boot (0x1200) (8600ed37a04f281fb5da24a8774c0f0a) \Device\Harddisk0\DR0\Partition1

2011/08/02 20:03:24.0868 3008 ================================================================================

2011/08/02 20:03:24.0868 3008 Scan finished

2011/08/02 20:03:24.0868 3008 ================================================================================

2011/08/02 20:03:24.0883 9600 Detected object count: 1

2011/08/02 20:03:24.0883 9600 Actual detected object count: 1

2011/08/02 20:03:28.0872 9600 LockedFile.Multi.Generic(sptd) - User select action: Skip

2011/08/02 20:04:29.0368 10304 Deinitialize success

Link to post
Share on other sites
Logical1111

Logical1111

Posted
  • Author
Posted

TDSSKiller.2.5.13.0_02.08.2011_20.16.57_log.txt

Sorry, deleted the file this time. then rebooted.

2011/08/02 20:16:57.0528 4356 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11

2011/08/02 20:16:57.0809 4356 ================================================================================

2011/08/02 20:16:57.0809 4356 SystemInfo:

2011/08/02 20:16:57.0809 4356

2011/08/02 20:16:57.0809 4356 OS Version: 6.1.7601 ServicePack: 1.0

2011/08/02 20:16:57.0810 4356 Product type: Workstation

2011/08/02 20:16:57.0810 4356 ComputerName: QADRI-PC

2011/08/02 20:16:57.0810 4356 UserName: Qadri

2011/08/02 20:16:57.0810 4356 Windows directory: C:\Windows

2011/08/02 20:16:57.0810 4356 System windows directory: C:\Windows

2011/08/02 20:16:57.0810 4356 Processor architecture: Intel x86

2011/08/02 20:16:57.0810 4356 Number of processors: 2

2011/08/02 20:16:57.0810 4356 Page size: 0x1000

2011/08/02 20:16:57.0810 4356 Boot type: Normal boot

2011/08/02 20:16:57.0810 4356 ================================================================================

2011/08/02 20:16:59.0305 4356 Initialize success

2011/08/02 20:17:01.0369 2668 ================================================================================

2011/08/02 20:17:01.0369 2668 Scan started

2011/08/02 20:17:01.0369 2668 Mode: Manual;

2011/08/02 20:17:01.0369 2668 ================================================================================

2011/08/02 20:17:02.0412 2668 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

2011/08/02 20:17:02.0824 2668 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

2011/08/02 20:17:03.0099 2668 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

2011/08/02 20:17:03.0251 2668 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\Windows\system32\drivers\adfs.sys

2011/08/02 20:17:03.0454 2668 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/08/02 20:17:03.0561 2668 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/08/02 20:17:03.0766 2668 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/08/02 20:17:03.0984 2668 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

2011/08/02 20:17:04.0132 2668 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

2011/08/02 20:17:04.0215 2668 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/08/02 20:17:04.0322 2668 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

2011/08/02 20:17:04.0410 2668 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

2011/08/02 20:17:04.0505 2668 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

2011/08/02 20:17:04.0584 2668 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/08/02 20:17:04.0626 2668 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/08/02 20:17:04.0707 2668 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

2011/08/02 20:17:04.0779 2668 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/08/02 20:17:04.0804 2668 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

2011/08/02 20:17:05.0010 2668 AmFSM (36b58a8bafe100de90c87a3c0e56a3f2) C:\Windows\system32\DRIVERS\amm8660.sys

2011/08/02 20:17:05.0201 2668 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

2011/08/02 20:17:05.0395 2668 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/08/02 20:17:05.0488 2668 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/08/02 20:17:05.0753 2668 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/08/02 20:17:05.0895 2668 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

2011/08/02 20:17:06.0235 2668 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/08/02 20:17:06.0353 2668 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/08/02 20:17:06.0453 2668 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/08/02 20:17:06.0570 2668 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/08/02 20:17:06.0642 2668 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

2011/08/02 20:17:06.0682 2668 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/08/02 20:17:06.0719 2668 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/08/02 20:17:06.0834 2668 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/08/02 20:17:06.0870 2668 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/08/02 20:17:06.0914 2668 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/08/02 20:17:06.0939 2668 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/08/02 20:17:06.0974 2668 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/08/02 20:17:07.0202 2668 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/08/02 20:17:07.0284 2668 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys

2011/08/02 20:17:07.0335 2668 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/08/02 20:17:07.0416 2668 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/08/02 20:17:07.0485 2668 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/08/02 20:17:07.0530 2668 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

2011/08/02 20:17:07.0607 2668 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/08/02 20:17:07.0635 2668 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/08/02 20:17:07.0725 2668 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

2011/08/02 20:17:07.0753 2668 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/08/02 20:17:08.0147 2668 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

2011/08/02 20:17:08.0414 2668 dc3d (94010220445f181ade8e7ca9c3a98bf4) C:\Windows\system32\DRIVERS\dc3d.sys

2011/08/02 20:17:08.0732 2668 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/08/02 20:17:08.0780 2668 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/08/02 20:17:08.0889 2668 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/08/02 20:17:08.0997 2668 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

2011/08/02 20:17:09.0121 2668 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS\e1e6032.sys

2011/08/02 20:17:09.0436 2668 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/08/02 20:17:09.0535 2668 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/08/02 20:17:09.0615 2668 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

2011/08/02 20:17:09.0681 2668 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/08/02 20:17:09.0707 2668 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/08/02 20:17:09.0736 2668 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/08/02 20:17:09.0817 2668 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/08/02 20:17:09.0851 2668 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/08/02 20:17:09.0906 2668 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/08/02 20:17:09.0932 2668 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/08/02 20:17:09.0966 2668 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/08/02 20:17:10.0025 2668 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys

2011/08/02 20:17:10.0050 2668 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/08/02 20:17:10.0107 2668 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

2011/08/02 20:17:10.0147 2668 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/08/02 20:17:10.0309 2668 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/08/02 20:17:10.0485 2668 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys

2011/08/02 20:17:10.0539 2668 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/08/02 20:17:10.0672 2668 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

2011/08/02 20:17:10.0760 2668 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

2011/08/02 20:17:10.0782 2668 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/08/02 20:17:10.0803 2668 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/08/02 20:17:10.0835 2668 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/08/02 20:17:10.0895 2668 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys

2011/08/02 20:17:10.0948 2668 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

2011/08/02 20:17:11.0019 2668 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

2011/08/02 20:17:11.0072 2668 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

2011/08/02 20:17:11.0100 2668 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

2011/08/02 20:17:11.0176 2668 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

2011/08/02 20:17:11.0344 2668 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/08/02 20:17:11.0397 2668 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/08/02 20:17:11.0457 2668 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

2011/08/02 20:17:11.0539 2668 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/08/02 20:17:11.0575 2668 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/08/02 20:17:11.0633 2668 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

2011/08/02 20:17:11.0653 2668 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/08/02 20:17:11.0699 2668 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/08/02 20:17:11.0743 2668 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

2011/08/02 20:17:11.0793 2668 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

2011/08/02 20:17:11.0827 2668 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

2011/08/02 20:17:11.0885 2668 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

2011/08/02 20:17:11.0939 2668 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

2011/08/02 20:17:11.0965 2668 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

2011/08/02 20:17:12.0020 2668 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/08/02 20:17:12.0074 2668 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/08/02 20:17:12.0098 2668 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/08/02 20:17:12.0123 2668 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/08/02 20:17:12.0150 2668 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/08/02 20:17:12.0174 2668 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/08/02 20:17:12.0235 2668 LVRS (b6e1ccd6572984adcae68439afd07011) C:\Windows\system32\DRIVERS\lvrs.sys

2011/08/02 20:17:12.0378 2668 LVUVC (6c42815dd57e397f0cd988304b5eb4b3) C:\Windows\system32\DRIVERS\lvuvc.sys

2011/08/02 20:17:12.0442 2668 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys

2011/08/02 20:17:12.0522 2668 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys

2011/08/02 20:17:12.0553 2668 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/08/02 20:17:12.0585 2668 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/08/02 20:17:12.0631 2668 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/08/02 20:17:12.0669 2668 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/08/02 20:17:12.0728 2668 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2011/08/02 20:17:12.0775 2668 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/08/02 20:17:12.0866 2668 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

2011/08/02 20:17:12.0932 2668 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

2011/08/02 20:17:12.0996 2668 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/08/02 20:17:13.0056 2668 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

2011/08/02 20:17:13.0105 2668 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/08/02 20:17:13.0131 2668 mrxsmb10 (a70c828a93cce4c11617f6249f4d87fc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/08/02 20:17:13.0159 2668 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/08/02 20:17:13.0208 2668 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

2011/08/02 20:17:13.0259 2668 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

2011/08/02 20:17:13.0308 2668 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/08/02 20:17:13.0333 2668 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/08/02 20:17:13.0377 2668 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

2011/08/02 20:17:13.0422 2668 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/08/02 20:17:13.0445 2668 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/08/02 20:17:13.0463 2668 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/08/02 20:17:13.0491 2668 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/08/02 20:17:13.0519 2668 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

2011/08/02 20:17:13.0572 2668 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/08/02 20:17:13.0591 2668 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/08/02 20:17:13.0621 2668 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/08/02 20:17:13.0682 2668 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/08/02 20:17:14.0233 2668 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

2011/08/02 20:17:14.0334 2668 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/08/02 20:17:14.0407 2668 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/08/02 20:17:14.0476 2668 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/08/02 20:17:14.0528 2668 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/08/02 20:17:14.0594 2668 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

2011/08/02 20:17:14.0678 2668 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/08/02 20:17:14.0741 2668 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

2011/08/02 20:17:14.0838 2668 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/08/02 20:17:14.0882 2668 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/08/02 20:17:14.0929 2668 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/08/02 20:17:15.0001 2668 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

2011/08/02 20:17:15.0143 2668 NuidFltr (37be10ff10a92031fc5a01e8363925cc) C:\Windows\system32\DRIVERS\NuidFltr.sys

2011/08/02 20:17:15.0226 2668 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/08/02 20:17:15.0281 2668 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

2011/08/02 20:17:15.0326 2668 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

2011/08/02 20:17:15.0370 2668 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

2011/08/02 20:17:15.0423 2668 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

2011/08/02 20:17:15.0494 2668 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2011/08/02 20:17:15.0597 2668 Partizan (6ddcf3f801ec15fe698f6a215cf30a1f) C:\Windows\system32\drivers\Partizan.sys

2011/08/02 20:17:15.0671 2668 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

2011/08/02 20:17:15.0719 2668 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2011/08/02 20:17:15.0780 2668 pavboot (55d654258a9c509b671310c314bd30b4) C:\Windows\system32\Drivers\pavboot.sys

2011/08/02 20:17:15.0864 2668 PavProc (a110035fdc4b8f8f0cd5e71d031274e1) C:\Windows\system32\DRIVERS\PavProc.sys

2011/08/02 20:17:16.0015 2668 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

2011/08/02 20:17:16.0041 2668 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

2011/08/02 20:17:16.0071 2668 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/08/02 20:17:16.0099 2668 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/08/02 20:17:16.0195 2668 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/08/02 20:17:16.0340 2668 Point32 (7d7a9c17d5455203dea11e5ef886cc59) C:\Windows\system32\DRIVERS\point32.sys

2011/08/02 20:17:16.0430 2668 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/08/02 20:17:16.0478 2668 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2011/08/02 20:17:16.0610 2668 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/08/02 20:17:16.0703 2668 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2011/08/02 20:17:16.0769 2668 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/08/02 20:17:16.0805 2668 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/08/02 20:17:16.0831 2668 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/08/02 20:17:16.0860 2668 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/08/02 20:17:16.0893 2668 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/08/02 20:17:16.0944 2668 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/08/02 20:17:16.0983 2668 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/08/02 20:17:17.0043 2668 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

2011/08/02 20:17:17.0065 2668 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/08/02 20:17:17.0129 2668 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/08/02 20:17:17.0215 2668 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

2011/08/02 20:17:17.0345 2668 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/08/02 20:17:17.0438 2668 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/08/02 20:17:17.0632 2668 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

2011/08/02 20:17:17.0734 2668 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

2011/08/02 20:17:17.0878 2668 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\Windows\system32\DRIVERS\RsFx0102.sys

2011/08/02 20:17:17.0937 2668 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/08/02 20:17:17.0995 2668 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

2011/08/02 20:17:18.0076 2668 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

2011/08/02 20:17:18.0169 2668 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

2011/08/02 20:17:18.0255 2668 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/08/02 20:17:18.0319 2668 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/08/02 20:17:18.0370 2668 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/08/02 20:17:18.0432 2668 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2011/08/02 20:17:18.0520 2668 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

2011/08/02 20:17:18.0567 2668 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

2011/08/02 20:17:18.0611 2668 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

2011/08/02 20:17:18.0639 2668 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/08/02 20:17:18.0708 2668 ShldDrv (32d6f7632234f0354c79e915ca4613d4) C:\Windows\system32\DRIVERS\ShlDrv51.sys

2011/08/02 20:17:18.0775 2668 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

2011/08/02 20:17:18.0824 2668 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/08/02 20:17:18.0880 2668 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/08/02 20:17:18.0941 2668 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/08/02 20:17:19.0012 2668 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/08/02 20:17:19.0098 2668 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys

2011/08/02 20:17:19.0098 2668 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

2011/08/02 20:17:19.0106 2668 sptd - detected LockedFile.Multi.Generic (1)

2011/08/02 20:17:19.0198 2668 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

2011/08/02 20:17:19.0247 2668 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

2011/08/02 20:17:19.0288 2668 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

2011/08/02 20:17:19.0559 2668 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2011/08/02 20:17:19.0660 2668 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

2011/08/02 20:17:19.0773 2668 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

2011/08/02 20:17:19.0862 2668 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

2011/08/02 20:17:20.0015 2668 Tcpip (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\drivers\tcpip.sys

2011/08/02 20:17:20.0090 2668 TCPIP6 (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\DRIVERS\tcpip.sys

2011/08/02 20:17:20.0172 2668 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

2011/08/02 20:17:20.0229 2668 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

2011/08/02 20:17:20.0271 2668 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

2011/08/02 20:17:20.0338 2668 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

2011/08/02 20:17:20.0401 2668 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

2011/08/02 20:17:20.0528 2668 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/08/02 20:17:20.0643 2668 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

2011/08/02 20:17:20.0718 2668 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

2011/08/02 20:17:20.0761 2668 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2011/08/02 20:17:20.0823 2668 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

2011/08/02 20:17:20.0907 2668 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

2011/08/02 20:17:20.0981 2668 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys

2011/08/02 20:17:21.0012 2668 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2011/08/02 20:17:21.0168 2668 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys

2011/08/02 20:17:21.0233 2668 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/08/02 20:17:21.0290 2668 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

2011/08/02 20:17:21.0350 2668 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/08/02 20:17:21.0383 2668 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

2011/08/02 20:17:21.0411 2668 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys

2011/08/02 20:17:21.0457 2668 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/08/02 20:17:21.0518 2668 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS

2011/08/02 20:17:21.0550 2668 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/08/02 20:17:21.0599 2668 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

2011/08/02 20:17:21.0660 2668 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/08/02 20:17:21.0708 2668 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/08/02 20:17:21.0758 2668 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

2011/08/02 20:17:21.0843 2668 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

2011/08/02 20:17:21.0910 2668 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2011/08/02 20:17:21.0950 2668 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

2011/08/02 20:17:22.0076 2668 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

2011/08/02 20:17:22.0193 2668 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

2011/08/02 20:17:22.0315 2668 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

2011/08/02 20:17:22.0383 2668 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/08/02 20:17:22.0455 2668 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

2011/08/02 20:17:22.0515 2668 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/08/02 20:17:22.0570 2668 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

2011/08/02 20:17:22.0623 2668 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2011/08/02 20:17:22.0699 2668 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/08/02 20:17:22.0714 2668 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/08/02 20:17:22.0819 2668 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2011/08/02 20:17:22.0923 2668 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/08/02 20:17:23.0012 2668 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/08/02 20:17:23.0065 2668 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/08/02 20:17:23.0207 2668 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

2011/08/02 20:17:23.0283 2668 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/08/02 20:17:23.0372 2668 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

2011/08/02 20:17:23.0426 2668 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/08/02 20:17:23.0487 2668 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

2011/08/02 20:17:23.0517 2668 Boot (0x1200) (9585fc50a0664d3c09ec276a775f0d83) \Device\Harddisk0\DR0\Partition0

2011/08/02 20:17:23.0535 2668 Boot (0x1200) (8600ed37a04f281fb5da24a8774c0f0a) \Device\Harddisk0\DR0\Partition1

2011/08/02 20:17:23.0541 2668 ================================================================================

2011/08/02 20:17:23.0541 2668 Scan finished

2011/08/02 20:17:23.0541 2668 ================================================================================

2011/08/02 20:17:23.0563 5400 Detected object count: 1

2011/08/02 20:17:23.0563 5400 Actual detected object count: 1

2011/08/02 20:17:28.0895 5400 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot

2011/08/02 20:17:28.0925 5400 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot

2011/08/02 20:17:28.0960 5400 C:\Windows\system32\Drivers\sptd.sys - will be deleted after reboot

2011/08/02 20:17:28.0960 5400 LockedFile.Multi.Generic(sptd) - User select action: Delete

2011/08/02 20:17:32.0720 4076 Deinitialize success

Link to post
Share on other sites
Logical1111

Logical1111

Posted
  • Author
Posted

Here is the Malwarebytes.

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7360

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

02/08/2011 08:30:12 PM

mbam-log-2011-08-02 (20-30-12).txt

Scan type: Quick scan

Objects scanned: 178494

Time elapsed: 6 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites
Logical1111

Logical1111

Posted
  • Author
Posted

Here: ComboFix.txt

ComboFix 11-08-02.03 - Qadri 02/08/2011 20:38:49.2.2 - x86 NETWORK

Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3317.2412 [GMT -4:00]

Running from: c:\users\Qadri\Desktop\ComboFix.exe

AV: Panda Antivirus Pro 2012 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}

SP: Panda Antivirus Pro 2012 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Qadri\Documents\~WRL0005.tmp

c:\users\Qadri\Documents\~WRL3719.tmp

.

.

((((((((((((((((((((((((( Files Created from 2011-07-03 to 2011-08-03 )))))))))))))))))))))))))))))))

.

.

2011-08-03 00:46 . 2011-08-03 00:46 -------- d-----w- c:\users\Qadri\AppData\Local\temp

2011-08-03 00:46 . 2011-08-03 00:46 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-31 07:00 . 2011-07-31 07:00 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2011-07-30 16:34 . 2011-08-03 00:19 -------- d-----w- c:\users\Qadri\AppData\Roaming\Skype

2011-07-30 16:34 . 2011-07-30 16:34 -------- d-----r- c:\program files\Skype

2011-07-30 16:34 . 2011-07-30 16:34 -------- d-----w- c:\programdata\Skype

2011-07-30 16:24 . 2011-07-30 16:24 -------- d-----w- c:\programdata\LogiShrd

2011-07-30 16:22 . 2011-07-30 16:22 -------- d-----w- c:\users\Qadri\AppData\Local\LogiShrd

2011-07-30 16:18 . 2011-07-30 16:18 53248 ----a-r- c:\users\Qadri\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-07-30 16:18 . 2011-07-30 16:18 -------- d-----w- c:\users\Qadri\AppData\Roaming\Leadertech

2011-07-30 16:18 . 2011-07-30 16:18 -------- d-----w- c:\programdata\Logitech

2011-07-30 16:18 . 2011-07-30 16:18 -------- d-----w- c:\program files\Common Files\LWS

2011-07-30 16:17 . 2011-07-30 16:19 -------- d-----w- c:\program files\Logitech

2011-07-30 16:09 . 2011-07-30 16:20 -------- d-----w- c:\program files\Common Files\logishrd

2011-07-25 12:17 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-25 12:17 . 2011-07-25 12:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-25 12:17 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-25 12:15 . 2011-07-25 12:15 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files

2011-07-25 11:20 . 2011-07-25 11:20 -------- d-----w- c:\users\Qadri\AppData\Local\ElevatedDiagnostics

2011-07-25 10:56 . 2011-07-25 10:56 388096 ----a-r- c:\users\Qadri\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-07-25 10:56 . 2011-07-25 10:56 -------- d-----w- c:\program files\Trend Micro

2011-07-25 10:49 . 2011-07-25 10:49 -------- d-----w- c:\program files\CCleaner

2011-07-25 10:22 . 2011-07-25 10:22 -------- d-----w- c:\users\Qadri\AppData\Local\Panda Security

2011-07-25 02:32 . 2011-07-25 02:32 -------- d--h--w- c:\windows\PIF

2011-07-25 02:29 . 2011-07-25 02:29 39192 ----a-w- c:\windows\system32\Partizan.exe

2011-07-25 02:29 . 2011-07-25 02:29 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys

2011-07-25 02:29 . 2011-07-25 02:29 2 --shatr- c:\windows\winstart.bat

2011-07-25 01:54 . 2011-07-25 01:54 -------- d-----w- c:\programdata\PC Tools

2011-07-25 01:26 . 2011-07-25 01:26 -------- d-----w- c:\users\Qadri\AppData\Roaming\Malwarebytes

2011-07-25 01:26 . 2011-07-25 01:26 -------- d-----w- c:\programdata\Malwarebytes

2011-07-24 01:19 . 2011-07-25 10:21 -------- d-----w- c:\programdata\Panda Security

2011-07-24 01:17 . 2011-07-24 01:17 -------- d-----w- c:\program files\Common Files\Pd

2011-07-24 00:43 . 2011-07-24 00:43 -------- d-----w- c:\programdata\ErrorEND

2011-07-23 23:42 . 2011-07-23 23:42 -------- d-----w- c:\program files\Microsoft IntelliPoint

2011-07-23 22:48 . 2011-07-23 23:42 -------- d-----w- c:\programdata\AVAST Software

2011-07-23 22:48 . 2011-07-23 22:48 -------- d-----w- c:\program files\AVAST Software

2011-07-23 22:43 . 2011-07-23 22:43 -------- d--h--w- c:\programdata\Common Files

2011-07-23 22:42 . 2011-07-23 23:44 -------- d-----w- c:\programdata\MFAData

2011-07-13 00:43 . 2011-07-13 00:43 -------- d-----w- c:\users\Qadri\AppData\Local\TVU Networks

2011-07-13 00:43 . 2011-07-13 00:43 -------- d-----w- c:\programdata\TVU Networks

2011-07-11 15:13 . 2011-07-11 15:13 3727360 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2011-07-09 18:55 . 2011-07-09 18:55 -------- d-----w- c:\users\Qadri\AppData\Local\SourceTec

2011-07-08 10:02 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E4250F22-582F-40CC-B048-ADD23C0BA104}\mpengine.dll

2011-07-05 15:01 . 2011-07-05 15:01 -------- d-----w- c:\users\Qadri\AppData\Roaming\MathematicaPlayer

2011-07-05 15:01 . 2011-07-05 15:01 -------- d-----w- c:\users\Qadri\AppData\Local\MathematicaPlayer

2011-07-05 15:00 . 2011-07-05 15:00 -------- d-----w- c:\program files\Common Files\Wolfram Research

2011-07-05 15:00 . 2011-07-05 15:00 -------- d-----w- c:\programdata\Mathematica

2011-07-05 15:00 . 2011-07-05 15:00 -------- d-----w- c:\program files\Common Files\ResearchSoft

2011-07-05 15:00 . 2011-03-01 22:36 335888 ----a-w- c:\windows\system32\mltcpip32.mlp

2011-07-05 15:00 . 2011-03-01 22:36 93712 ----a-w- c:\windows\system32\mltcp32.mlp

2011-07-05 15:00 . 2011-03-01 22:36 88080 ----a-w- c:\windows\system32\mlshm32.mlp

2011-07-05 15:00 . 2011-03-01 22:36 167952 ----a-w- c:\windows\system32\mlmodule32.dll

2011-07-05 15:00 . 2011-03-01 22:36 79376 ----a-w- c:\windows\system32\mlmap32.mlp

2011-07-05 15:00 . 2011-03-01 22:36 369680 ----a-w- c:\windows\system32\ml32i3.dll

2011-07-05 15:00 . 2011-03-01 22:36 260112 ----a-w- c:\windows\system32\ml32i2.dll

2011-07-05 15:00 . 2011-03-01 22:36 253968 ----a-w- c:\windows\system32\ml32i1.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-24 23:43 . 2011-06-08 23:33 0 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-06-09 00:07 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-06-02 17:53 . 2011-06-02 17:53 94208 ----a-w- c:\windows\system32\dpl100.dll

2011-05-24 10:44 . 2011-06-29 10:11 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-06-23 22:43 . 2011-03-24 10:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]

"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-07-21 17357448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-02-25 611712]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-12-22 274608]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]

"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE" [2011-04-13 1000768]

"SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2012\Inicio.exe" [2011-02-02 70464]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]

.

c:\users\Qadri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech . Product Registration.lnk - c:\program files\Logitech\Ereg\eReg.exe [2009-11-16 517384]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-25 110592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

2010-03-24 16:55 55552 ----a-w- c:\windows\System32\avldr.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

@="Service"

.

[HKLM\~\startupfolder\C:^Users^Qadri^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\users\Qadri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-09-08 15:35 133104 ----atw- c:\users\Qadri\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-01-25 20:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

R0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2010-06-22 26696]

R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2011-02-21 37448]

R2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm8660.sys [2010-05-21 54344]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

R2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2010-05-06 163848]

R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe [2010-08-16 28992]

R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]

R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys [x]

R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 GarenaPEngine;GarenaPEngine;c:\users\Qadri\AppData\Local\Temp\UJYF262.tmp [x]

R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]

R3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2011-07-25 35816]

R3 PavSRK.sys;PavSRK.sys;c:\windows\system32\PavSRK.sys [x]

R3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-07 1343400]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]

R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-04-09 40448]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2250729775-3711007515-3092007561-1001Core.job

- c:\users\Qadri\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-08 15:35]

.

2011-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2250729775-3711007515-3092007561-1001UA.job

- c:\users\Qadri\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-08 15:35]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.ca/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Qadri\AppData\Roaming\Mozilla\Firefox\Profiles\thtlkd4j.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2857572&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Dictionary

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - (no file)

WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file)

WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

SafeBoot-05017349.sys

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GarenaPEngine]

"ImagePath"="\??\c:\users\Qadri\AppData\Local\Temp\UJYF262.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,f4,1a,cd,01,35,9c,48,98,22,06,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,f4,1a,cd,01,35,9c,48,98,22,06,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-08-02 20:47:55

ComboFix-quarantined-files.txt 2011-08-03 00:47

ComboFix2.txt 2011-07-25 17:50

.

Pre-Run: 213,646,761,984 bytes free

Post-Run: 213,779,365,888 bytes free

.

- - End Of File - - DE83276F295E23BBA99564DAC5896BF4

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites
Logical1111

Logical1111

Posted
  • Author
Posted

This is the Security Check Log. I lost the other log upon closing the window for some reason, but will do the scan again (it deleted an infected file).

Results of screen317's Security Check version 0.99.18

Windows 7 Service Pack 1 (UAC is disabled!)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

Panda Antivirus Pro 2012

McAfee Security Scan Plus

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Adobe Flash Player 10.3.181.34

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Panda Security Panda Antivirus Pro 2012 PskSvc.exe

Panda Security Panda Antivirus Pro 2012 TPSrv.exe

PANDA SECURITY PANDA ANTIVIRUS PRO 2012 WebProxy.exe

Panda Security Panda Antivirus Pro 2012 PsCtrls.exe

Panda Security Panda Antivirus Pro 2012 PavFnSvr.exe

Panda Security Panda Antivirus Pro 2012 pavsrvx86.exe

Panda Security Panda Antivirus Pro 2012 AVENGINE.EXE

Panda Security Panda Antivirus Pro 2012 PsImSvc.exe

ESET ESET Online Scanner OnlineCmdLineScanner.exe

``````````End of Log````````````

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

ESET Online Scanner v3

Restart your computer.

Let me know what issues remain.

-screen317

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

Great!

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites
  • 2 weeks later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.