Jump to content

Operating memory - Win32/Olmarik.TDL4 trojan - unable to clean


easeuk

Recommended Posts

Hello, and :welcome:

Lets do an additional rootkit scan here first.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

Thanks for the reply Elise.

Here's the results:

19:49:54.0559 4952	TDSS rootkit removing tool 2.6.16.0 Nov  7 2011 16:26:51
19:49:55.0538 4952 ============================================================
19:49:55.0538 4952 Current date / time: 2011/11/08 19:49:55.0538
19:49:55.0538 4952 SystemInfo:
19:49:55.0538 4952
19:49:55.0538 4952 OS Version: 6.1.7601 ServicePack: 1.0
19:49:55.0538 4952 Product type: Workstation
19:49:55.0538 4952 ComputerName: SEAN-PC
19:49:55.0538 4952 UserName: Sean
19:49:55.0538 4952 Windows directory: C:\Windows
19:49:55.0538 4952 System windows directory: C:\Windows
19:49:55.0538 4952 Running under WOW64
19:49:55.0538 4952 Processor architecture: Intel x64
19:49:55.0538 4952 Number of processors: 2
19:49:55.0538 4952 Page size: 0x1000
19:49:55.0538 4952 Boot type: Normal boot
19:49:55.0538 4952 ============================================================
19:49:56.0274 4952 Initialize success
19:49:57.0121 4932 ============================================================
19:49:57.0121 4932 Scan started
19:49:57.0121 4932 Mode: Manual;
19:49:57.0121 4932 ============================================================
19:49:57.0865 4932 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:49:57.0866 4932 1394ohci - ok
19:49:57.0907 4932 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:49:57.0909 4932 ACPI - ok
19:49:57.0947 4932 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:49:57.0948 4932 AcpiPmi - ok
19:49:58.0021 4932 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
19:49:58.0022 4932 adfs - ok
19:49:58.0066 4932 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:49:58.0068 4932 adp94xx - ok
19:49:58.0093 4932 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:49:58.0094 4932 adpahci - ok
19:49:58.0117 4932 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:49:58.0118 4932 adpu320 - ok
19:49:58.0177 4932 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
19:49:58.0180 4932 AFD - ok
19:49:58.0200 4932 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:49:58.0201 4932 agp440 - ok
19:49:58.0214 4932 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:49:58.0214 4932 aliide - ok
19:49:58.0244 4932 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:49:58.0245 4932 amdide - ok
19:49:58.0265 4932 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:49:58.0266 4932 AmdK8 - ok
19:49:58.0439 4932 amdkmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
19:49:58.0478 4932 amdkmdag - ok
19:49:58.0565 4932 amdkmdap (9deb889d152f9c9dba98be8986084535) C:\Windows\system32\DRIVERS\atikmpag.sys
19:49:58.0566 4932 amdkmdap - ok
19:49:58.0604 4932 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:49:58.0604 4932 AmdPPM - ok
19:49:58.0666 4932 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:49:58.0667 4932 amdsata - ok
19:49:58.0698 4932 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:49:58.0699 4932 amdsbs - ok
19:49:58.0745 4932 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:49:58.0745 4932 amdxata - ok
19:49:58.0831 4932 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:49:58.0832 4932 AppID - ok
19:49:58.0877 4932 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:49:58.0878 4932 arc - ok
19:49:58.0901 4932 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:49:58.0902 4932 arcsas - ok
19:49:58.0924 4932 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:49:58.0924 4932 AsyncMac - ok
19:49:58.0963 4932 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:49:58.0964 4932 atapi - ok
19:49:59.0029 4932 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
19:49:59.0030 4932 AtiHDAudioService - ok
19:49:59.0192 4932 atikmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
19:49:59.0230 4932 atikmdag - ok
19:49:59.0327 4932 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:49:59.0329 4932 b06bdrv - ok
19:49:59.0369 4932 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:49:59.0371 4932 b57nd60a - ok
19:49:59.0406 4932 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:49:59.0407 4932 Beep - ok
19:49:59.0434 4932 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:49:59.0434 4932 blbdrive - ok
19:49:59.0504 4932 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:49:59.0505 4932 bowser - ok
19:49:59.0523 4932 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:49:59.0523 4932 BrFiltLo - ok
19:49:59.0540 4932 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:49:59.0540 4932 BrFiltUp - ok
19:49:59.0564 4932 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:49:59.0565 4932 Brserid - ok
19:49:59.0582 4932 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:49:59.0583 4932 BrSerWdm - ok
19:49:59.0602 4932 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:49:59.0602 4932 BrUsbMdm - ok
19:49:59.0623 4932 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:49:59.0624 4932 BrUsbSer - ok
19:49:59.0648 4932 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:49:59.0649 4932 BTHMODEM - ok
19:49:59.0673 4932 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:49:59.0673 4932 cdfs - ok
19:49:59.0721 4932 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
19:49:59.0722 4932 cdrom - ok
19:49:59.0743 4932 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:49:59.0743 4932 circlass - ok
19:49:59.0772 4932 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:49:59.0774 4932 CLFS - ok
19:49:59.0811 4932 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:49:59.0812 4932 CmBatt - ok
19:49:59.0848 4932 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:49:59.0848 4932 cmdide - ok
19:49:59.0913 4932 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
19:49:59.0915 4932 CNG - ok
19:49:59.0939 4932 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:49:59.0939 4932 Compbatt - ok
19:49:59.0992 4932 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:49:59.0992 4932 CompositeBus - ok
19:50:00.0109 4932 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:50:00.0110 4932 crcdisk - ok
19:50:00.0170 4932 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
19:50:00.0173 4932 CSC - ok
19:50:00.0231 4932 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:50:00.0232 4932 DfsC - ok
19:50:00.0252 4932 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:50:00.0253 4932 discache - ok
19:50:00.0285 4932 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:50:00.0286 4932 Disk - ok
19:50:00.0327 4932 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:50:00.0327 4932 drmkaud - ok
19:50:00.0378 4932 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:50:00.0384 4932 DXGKrnl - ok
19:50:00.0446 4932 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
19:50:00.0448 4932 eamonm - ok
19:50:00.0525 4932 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:50:00.0543 4932 ebdrv - ok
19:50:00.0597 4932 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
19:50:00.0598 4932 ehdrv - ok
19:50:00.0657 4932 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:50:00.0659 4932 elxstor - ok
19:50:00.0723 4932 epfw (198c6fbc30bbd9632ea051203dccf204) C:\Windows\system32\DRIVERS\epfw.sys
19:50:00.0725 4932 epfw - ok
19:50:00.0811 4932 EpfwLWF (56de463f517710a8aa44eef82c35b3c9) C:\Windows\system32\DRIVERS\EpfwLWF.sys
19:50:00.0811 4932 EpfwLWF - ok
19:50:00.0823 4932 epfwwfp (710b0442bb2f99278d7b8e02a8849c11) C:\Windows\system32\DRIVERS\epfwwfp.sys
19:50:00.0823 4932 epfwwfp - ok
19:50:00.0864 4932 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:50:00.0864 4932 ErrDev - ok
19:50:00.0896 4932 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:50:00.0897 4932 exfat - ok
19:50:00.0918 4932 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:50:00.0919 4932 fastfat - ok
19:50:00.0943 4932 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:50:00.0944 4932 fdc - ok
19:50:00.0962 4932 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:50:00.0962 4932 FileInfo - ok
19:50:00.0976 4932 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:50:00.0977 4932 Filetrace - ok
19:50:00.0989 4932 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:50:00.0990 4932 flpydisk - ok
19:50:01.0048 4932 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:50:01.0049 4932 FltMgr - ok
19:50:01.0068 4932 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:50:01.0068 4932 FsDepends - ok
19:50:01.0085 4932 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:50:01.0086 4932 Fs_Rec - ok
19:50:01.0134 4932 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:50:01.0136 4932 fvevol - ok
19:50:01.0171 4932 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:50:01.0172 4932 gagp30kx - ok
19:50:01.0205 4932 gdrv (f51fb25e1328fa14f446a8b24ac52709) C:\Windows\gdrv.sys
19:50:01.0205 4932 gdrv - ok
19:50:01.0239 4932 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:50:01.0240 4932 GEARAspiWDM - ok
19:50:01.0263 4932 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:50:01.0264 4932 hcw85cir - ok
19:50:01.0348 4932 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:50:01.0350 4932 HdAudAddService - ok
19:50:01.0406 4932 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:50:01.0408 4932 HDAudBus - ok
19:50:01.0421 4932 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:50:01.0422 4932 HidBatt - ok
19:50:01.0441 4932 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:50:01.0442 4932 HidBth - ok
19:50:01.0466 4932 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:50:01.0466 4932 HidIr - ok
19:50:01.0497 4932 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:50:01.0498 4932 HidUsb - ok
19:50:01.0533 4932 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:50:01.0534 4932 HpSAMD - ok
19:50:01.0602 4932 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:50:01.0606 4932 HTTP - ok
19:50:01.0644 4932 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:50:01.0644 4932 hwpolicy - ok
19:50:01.0662 4932 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:50:01.0663 4932 i8042prt - ok
19:50:01.0704 4932 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:50:01.0706 4932 iaStorV - ok
19:50:01.0730 4932 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:50:01.0731 4932 iirsp - ok
19:50:01.0811 4932 IntcAzAudAddService (b3fb479a7c0626499eb5989bc087cf8d) C:\Windows\system32\drivers\RTKVHD64.sys
19:50:01.0820 4932 IntcAzAudAddService - ok
19:50:01.0838 4932 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:50:01.0839 4932 intelide - ok
19:50:01.0858 4932 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:50:01.0859 4932 intelppm - ok
19:50:01.0901 4932 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:50:01.0902 4932 IpFilterDriver - ok
19:50:01.0948 4932 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:50:01.0949 4932 IPMIDRV - ok
19:50:01.0977 4932 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:50:01.0978 4932 IPNAT - ok
19:50:02.0025 4932 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:50:02.0025 4932 IRENUM - ok
19:50:02.0050 4932 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:50:02.0051 4932 isapnp - ok
19:50:02.0073 4932 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:50:02.0075 4932 iScsiPrt - ok
19:50:02.0100 4932 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:50:02.0101 4932 kbdclass - ok
19:50:02.0135 4932 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:50:02.0136 4932 kbdhid - ok
19:50:02.0169 4932 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
19:50:02.0170 4932 KSecDD - ok
19:50:02.0206 4932 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
19:50:02.0207 4932 KSecPkg - ok
19:50:02.0230 4932 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:50:02.0231 4932 ksthunk - ok
19:50:02.0272 4932 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:50:02.0273 4932 lltdio - ok
19:50:02.0313 4932 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:50:02.0314 4932 LSI_FC - ok
19:50:02.0336 4932 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:50:02.0338 4932 LSI_SAS - ok
19:50:02.0361 4932 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:50:02.0362 4932 LSI_SAS2 - ok
19:50:02.0387 4932 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:50:02.0388 4932 LSI_SCSI - ok
19:50:02.0409 4932 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:50:02.0410 4932 luafv - ok
19:50:02.0455 4932 MBAMProtector - ok
19:50:02.0523 4932 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
19:50:02.0525 4932 mcdbus - ok
19:50:02.0549 4932 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:50:02.0551 4932 megasas - ok
19:50:02.0568 4932 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:50:02.0570 4932 MegaSR - ok
19:50:02.0642 4932 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:50:02.0642 4932 Modem - ok
19:50:02.0691 4932 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:50:02.0691 4932 monitor - ok
19:50:02.0761 4932 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:50:02.0762 4932 mouclass - ok
19:50:02.0796 4932 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:50:02.0796 4932 mouhid - ok
19:50:02.0830 4932 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:50:02.0831 4932 mountmgr - ok
19:50:02.0863 4932 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:50:02.0865 4932 mpio - ok
19:50:02.0897 4932 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:50:02.0898 4932 mpsdrv - ok
19:50:02.0942 4932 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:50:02.0944 4932 MRxDAV - ok
19:50:02.0986 4932 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:50:02.0987 4932 mrxsmb - ok
19:50:03.0002 4932 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:50:03.0004 4932 mrxsmb10 - ok
19:50:03.0041 4932 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:50:03.0042 4932 mrxsmb20 - ok
19:50:03.0058 4932 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:50:03.0059 4932 msahci - ok
19:50:03.0079 4932 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:50:03.0080 4932 msdsm - ok
19:50:03.0109 4932 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:50:03.0110 4932 Msfs - ok
19:50:03.0128 4932 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:50:03.0129 4932 mshidkmdf - ok
19:50:03.0139 4932 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:50:03.0140 4932 msisadrv - ok
19:50:03.0170 4932 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:50:03.0170 4932 MSKSSRV - ok
19:50:03.0190 4932 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:50:03.0190 4932 MSPCLOCK - ok
19:50:03.0202 4932 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:50:03.0203 4932 MSPQM - ok
19:50:03.0244 4932 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:50:03.0247 4932 MsRPC - ok
19:50:03.0262 4932 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:50:03.0262 4932 mssmbios - ok
19:50:03.0275 4932 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:50:03.0276 4932 MSTEE - ok
19:50:03.0289 4932 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:50:03.0290 4932 MTConfig - ok
19:50:03.0315 4932 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:50:03.0316 4932 Mup - ok
19:50:03.0352 4932 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:50:03.0354 4932 NativeWifiP - ok
19:50:03.0410 4932 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:50:03.0416 4932 NDIS - ok
19:50:03.0433 4932 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:50:03.0433 4932 NdisCap - ok
19:50:03.0459 4932 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:50:03.0460 4932 NdisTapi - ok
19:50:03.0501 4932 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:50:03.0502 4932 Ndisuio - ok
19:50:03.0551 4932 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:50:03.0552 4932 NdisWan - ok
19:50:03.0590 4932 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:50:03.0590 4932 NDProxy - ok
19:50:03.0613 4932 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:50:03.0614 4932 NetBIOS - ok
19:50:03.0632 4932 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:50:03.0634 4932 NetBT - ok
19:50:03.0685 4932 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:50:03.0686 4932 nfrd960 - ok
19:50:03.0714 4932 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:50:03.0715 4932 Npfs - ok
19:50:03.0730 4932 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:50:03.0731 4932 nsiproxy - ok
19:50:03.0790 4932 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:50:03.0799 4932 Ntfs - ok
19:50:03.0816 4932 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:50:03.0817 4932 Null - ok
19:50:03.0861 4932 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:50:03.0862 4932 nvraid - ok
19:50:03.0897 4932 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:50:03.0898 4932 nvstor - ok
19:50:03.0935 4932 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:50:03.0936 4932 nv_agp - ok
19:50:03.0979 4932 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:50:03.0980 4932 ohci1394 - ok
19:50:04.0048 4932 PAC207 (3a6dceb1848470320e4a3c12d7a35b1c) C:\Windows\system32\DRIVERS\PFC027.SYS
19:50:04.0051 4932 PAC207 - ok
19:50:04.0083 4932 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:50:04.0084 4932 Parport - ok
19:50:04.0125 4932 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:50:04.0126 4932 partmgr - ok
19:50:04.0147 4932 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:50:04.0149 4932 pci - ok
19:50:04.0168 4932 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:50:04.0169 4932 pciide - ok
19:50:04.0185 4932 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:50:04.0187 4932 pcmcia - ok
19:50:04.0235 4932 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
19:50:04.0236 4932 pcouffin - ok
19:50:04.0258 4932 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:50:04.0259 4932 pcw - ok
19:50:04.0282 4932 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:50:04.0286 4932 PEAUTH - ok
19:50:04.0357 4932 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
19:50:04.0357 4932 Point64 - ok
19:50:04.0388 4932 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:50:04.0388 4932 PptpMiniport - ok
19:50:04.0408 4932 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:50:04.0408 4932 Processor - ok
19:50:04.0474 4932 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:50:04.0475 4932 Psched - ok
19:50:04.0512 4932 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:50:04.0518 4932 ql2300 - ok
19:50:04.0541 4932 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:50:04.0542 4932 ql40xx - ok
19:50:04.0567 4932 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:50:04.0568 4932 QWAVEdrv - ok
19:50:04.0604 4932 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:50:04.0604 4932 RasAcd - ok
19:50:04.0645 4932 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:50:04.0646 4932 RasAgileVpn - ok
19:50:04.0683 4932 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:50:04.0684 4932 Rasl2tp - ok
19:50:04.0699 4932 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:50:04.0699 4932 RasPppoe - ok
19:50:04.0717 4932 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:50:04.0718 4932 RasSstp - ok
19:50:04.0766 4932 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:50:04.0767 4932 rdbss - ok
19:50:04.0780 4932 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:50:04.0780 4932 rdpbus - ok
19:50:04.0794 4932 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:50:04.0794 4932 RDPCDD - ok
19:50:04.0839 4932 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
19:50:04.0840 4932 RDPDR - ok
19:50:04.0854 4932 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:50:04.0855 4932 RDPENCDD - ok
19:50:04.0871 4932 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:50:04.0872 4932 RDPREFMP - ok
19:50:04.0905 4932 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
19:50:04.0906 4932 RdpVideoMiniport - ok
19:50:04.0945 4932 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
19:50:04.0946 4932 RDPWD - ok
19:50:04.0994 4932 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:50:04.0995 4932 rdyboost - ok
19:50:05.0014 4932 RimUsb - ok
19:50:05.0054 4932 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
19:50:05.0054 4932 RimVSerPort - ok
19:50:05.0075 4932 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
19:50:05.0075 4932 ROOTMODEM - ok
19:50:05.0117 4932 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:50:05.0118 4932 rspndr - ok
19:50:05.0155 4932 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:50:05.0156 4932 RTL8167 - ok
19:50:05.0187 4932 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
19:50:05.0187 4932 s3cap - ok
19:50:05.0222 4932 s716bus (e175faad62c69de9ebf7c1ae34350635) C:\Windows\system32\DRIVERS\s716bus.sys
19:50:05.0223 4932 s716bus - ok
19:50:05.0249 4932 s716mdfl (9a9f63cd32a2d61e3cd1b2b3a189d25b) C:\Windows\system32\DRIVERS\s716mdfl.sys
19:50:05.0250 4932 s716mdfl - ok
19:50:05.0276 4932 s716mdm (de0e9ea6a2ba47394d8deca50720f12f) C:\Windows\system32\DRIVERS\s716mdm.sys
19:50:05.0278 4932 s716mdm - ok
19:50:05.0332 4932 s716nd5 (8d1ea119f329204b195faa8e416546ff) C:\Windows\system32\DRIVERS\s716nd5.sys
19:50:05.0333 4932 s716nd5 - ok
19:50:05.0364 4932 s716unic (e3197832847019ce1b6cf6992457a5a4) C:\Windows\system32\DRIVERS\s716unic.sys
19:50:05.0365 4932 s716unic - ok
19:50:05.0413 4932 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:50:05.0414 4932 sbp2port - ok
19:50:05.0454 4932 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:50:05.0454 4932 scfilter - ok
19:50:05.0478 4932 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:50:05.0479 4932 secdrv - ok
19:50:05.0510 4932 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:50:05.0510 4932 Serenum - ok
19:50:05.0538 4932 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:50:05.0539 4932 Serial - ok
19:50:05.0580 4932 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:50:05.0580 4932 sermouse - ok
19:50:05.0625 4932 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:50:05.0625 4932 sffdisk - ok
19:50:05.0642 4932 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:50:05.0643 4932 sffp_mmc - ok
19:50:05.0659 4932 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:50:05.0660 4932 sffp_sd - ok
19:50:05.0679 4932 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:50:05.0680 4932 sfloppy - ok
19:50:05.0713 4932 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:50:05.0714 4932 SiSRaid2 - ok
19:50:05.0741 4932 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:50:05.0742 4932 SiSRaid4 - ok
19:50:05.0769 4932 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:50:05.0770 4932 Smb - ok
19:50:05.0811 4932 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:50:05.0812 4932 spldr - ok
19:50:05.0864 4932 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:50:05.0867 4932 srv - ok
19:50:05.0912 4932 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:50:05.0914 4932 srv2 - ok
19:50:05.0937 4932 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:50:05.0938 4932 srvnet - ok
19:50:05.0985 4932 StarOpen - ok
19:50:06.0008 4932 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:50:06.0008 4932 stexstor - ok
19:50:06.0063 4932 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
19:50:06.0064 4932 storflt - ok
19:50:06.0083 4932 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
19:50:06.0084 4932 storvsc - ok
19:50:06.0103 4932 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:50:06.0104 4932 swenum - ok
19:50:06.0144 4932 Synth3dVsc - ok
19:50:06.0218 4932 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
19:50:06.0229 4932 Tcpip - ok
19:50:06.0269 4932 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
19:50:06.0280 4932 TCPIP6 - ok
19:50:06.0297 4932 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:50:06.0298 4932 tcpipreg - ok
19:50:06.0313 4932 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:50:06.0314 4932 TDPIPE - ok
19:50:06.0326 4932 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:50:06.0326 4932 TDTCP - ok
19:50:06.0364 4932 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:50:06.0365 4932 tdx - ok
19:50:06.0376 4932 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:50:06.0377 4932 TermDD - ok
19:50:06.0422 4932 TrufosAlt (a51e66b06e405f9ab8e65532a255ff22) C:\Windows\system32\DRIVERS\TrufosAlt.sys
19:50:06.0423 4932 TrufosAlt - ok
19:50:06.0465 4932 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:50:06.0466 4932 tssecsrv - ok
19:50:06.0512 4932 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:50:06.0513 4932 TsUsbFlt - ok
19:50:06.0527 4932 tsusbhub - ok
19:50:06.0597 4932 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:50:06.0598 4932 tunnel - ok
19:50:06.0621 4932 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:50:06.0622 4932 uagp35 - ok
19:50:06.0678 4932 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:50:06.0680 4932 udfs - ok
19:50:06.0708 4932 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:50:06.0709 4932 uliagpkx - ok
19:50:06.0771 4932 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
19:50:06.0771 4932 umbus - ok
19:50:06.0790 4932 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:50:06.0791 4932 UmPass - ok
19:50:06.0839 4932 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
19:50:06.0840 4932 USBAAPL64 - ok
19:50:06.0902 4932 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
19:50:06.0903 4932 usbaudio - ok
19:50:06.0949 4932 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:50:06.0950 4932 usbccgp - ok
19:50:06.0976 4932 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:50:06.0977 4932 usbcir - ok
19:50:07.0025 4932 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:50:07.0027 4932 usbehci - ok
19:50:07.0044 4932 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:50:07.0046 4932 usbhub - ok
19:50:07.0063 4932 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
19:50:07.0064 4932 usbohci - ok
19:50:07.0082 4932 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:50:07.0083 4932 usbprint - ok
19:50:07.0124 4932 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:50:07.0125 4932 usbscan - ok
19:50:07.0169 4932 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:50:07.0170 4932 USBSTOR - ok
19:50:07.0210 4932 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
19:50:07.0210 4932 usbuhci - ok
19:50:07.0237 4932 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:50:07.0237 4932 vdrvroot - ok
19:50:07.0277 4932 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:50:07.0278 4932 vga - ok
19:50:07.0292 4932 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:50:07.0293 4932 VgaSave - ok
19:50:07.0300 4932 VGPU - ok
19:50:07.0324 4932 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:50:07.0325 4932 vhdmp - ok
19:50:07.0364 4932 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:50:07.0365 4932 viaide - ok
19:50:07.0387 4932 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
19:50:07.0388 4932 vmbus - ok
19:50:07.0402 4932 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
19:50:07.0402 4932 VMBusHID - ok
19:50:07.0419 4932 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:50:07.0420 4932 volmgr - ok
19:50:07.0467 4932 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:50:07.0469 4932 volmgrx - ok
19:50:07.0490 4932 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:50:07.0492 4932 volsnap - ok
19:50:07.0519 4932 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:50:07.0521 4932 vsmraid - ok
19:50:07.0543 4932 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:50:07.0544 4932 vwifibus - ok
19:50:07.0572 4932 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:50:07.0573 4932 WacomPen - ok
19:50:07.0604 4932 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:50:07.0605 4932 WANARP - ok
19:50:07.0609 4932 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:50:07.0610 4932 Wanarpv6 - ok
19:50:07.0659 4932 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:50:07.0659 4932 Wd - ok
19:50:07.0691 4932 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:50:07.0695 4932 Wdf01000 - ok
19:50:07.0725 4932 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:50:07.0725 4932 WfpLwf - ok
19:50:07.0749 4932 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:50:07.0749 4932 WIMMount - ok
19:50:07.0808 4932 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:50:07.0808 4932 WinUsb - ok
19:50:07.0858 4932 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:50:07.0859 4932 WmiAcpi - ok
19:50:07.0882 4932 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:50:07.0882 4932 ws2ifsl - ok
19:50:07.0930 4932 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:50:07.0931 4932 WudfPf - ok
19:50:07.0951 4932 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:50:07.0952 4932 WUDFRd - ok
19:50:07.0981 4932 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:50:07.0988 4932 \Device\Harddisk0\DR0 - ok
19:50:07.0993 4932 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
19:50:08.0448 4932 \Device\Harddisk1\DR1 - ok
19:50:08.0450 4932 Boot (0x1200) (cc76274de02db8a7f43fec59cfba19c3) \Device\Harddisk0\DR0\Partition0
19:50:08.0451 4932 \Device\Harddisk0\DR0\Partition0 - ok
19:50:08.0461 4932 Boot (0x1200) (285f823445e90a903e5d257a7ff1f8ea) \Device\Harddisk0\DR0\Partition1
19:50:08.0462 4932 \Device\Harddisk0\DR0\Partition1 - ok
19:50:08.0465 4932 Boot (0x1200) (19862a4d77f2e08f41e3d4acef0f993c) \Device\Harddisk1\DR1\Partition0
19:50:08.0465 4932 \Device\Harddisk1\DR1\Partition0 - ok
19:50:08.0466 4932 ============================================================
19:50:08.0466 4932 Scan finished
19:50:08.0466 4932 ============================================================
19:50:08.0471 1908 Detected object count: 0
19:50:08.0471 1908 Actual detected object count: 0
19:50:12.0480 4560 Deinitialize success

Link to post
Share on other sites

That looks good so far. Lets see what else is hiding there.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

That took a long time... sorry.

Here's the log:

ComboFix 11-11-08.02 - Sean 08/11/2011  20:26:30.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4094.2668 [GMT 0:00]
Running from: c:\users\Sean\Downloads\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sean\AppData\Roaming\inst.exe
c:\users\Sean\AppData\Roaming\vso_ts_preview.xml
c:\windows\7Loader.TAG
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2011-10-08 to 2011-11-08 )))))))))))))))))))))))))))))))
.
.
2011-11-08 21:01 . 2011-11-08 21:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-08 19:43 . 2011-11-08 19:43 111408 ----a-w- c:\windows\system32\drivers\43518516.sys
2011-11-07 19:28 . 2011-11-07 19:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-07 18:08 . 2011-11-07 18:08 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-11-07 17:15 . 2011-11-07 17:47 287304 ------w- c:\windows\system32\drivers\TrufosAlt.sys
2011-11-07 17:13 . 2011-11-07 17:58 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-07 16:47 . 2011-11-07 16:48 -------- d-----w- c:\programdata\Comodo Downloader
2011-11-07 16:35 . 2011-11-07 18:08 -------- d-----w- c:\programdata\Hitman Pro
2011-11-07 16:04 . 2011-11-07 17:48 -------- d-----w- c:\users\Sean\AppData\Roaming\Voosyxy
2011-11-07 16:04 . 2011-11-07 17:26 -------- d-----w- c:\users\Sean\AppData\Roaming\Oqqoo
2011-11-06 19:08 . 2011-11-06 19:33 -------- d-----w- c:\programdata\PC Tools
2011-11-04 19:28 . 2011-11-04 19:28 -------- d-----w- c:\users\Sean\AppData\Roaming\Malwarebytes
2011-11-04 19:26 . 2011-11-04 19:26 -------- d-----w- c:\programdata\Malwarebytes
2011-10-24 14:29 . 2011-10-24 14:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 14:29 . 2011-10-24 14:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-15 12:17 . 2011-10-15 12:17 -------- d-----w- c:\users\Sean\AppData\Roaming\BUFFALO
2011-10-15 12:16 . 2011-10-15 12:21 -------- d-----w- c:\program files\BUFFALO
2011-10-15 12:16 . 2010-09-27 05:12 456056 ----a-w- c:\windows\UN091222.EXE
2011-10-15 12:16 . 2010-09-27 05:12 456056 ----a-w- c:\windows\UN091114.EXE
2011-10-15 12:16 . 2010-09-27 05:12 456056 ----a-w- c:\windows\UN091111.EXE
2011-10-15 12:16 . 2010-09-27 05:12 456056 ----a-w- c:\windows\UN091201.EXE
2011-10-15 12:16 . 2011-10-15 12:21 -------- d-----w- c:\program files (x86)\BUFFALO
2011-10-12 19:49 . 2011-10-12 19:50 -------- d-----w- c:\program files\iTunes
2011-10-12 19:49 . 2011-10-12 19:50 -------- d-----w- c:\program files (x86)\iTunes
2011-10-12 19:49 . 2011-10-12 19:49 -------- d-----w- c:\program files\iPod
2011-10-12 19:47 . 2011-10-12 19:47 -------- d-----w- c:\program files\Bonjour
2011-10-12 19:47 . 2011-10-12 19:47 -------- d-----w- c:\program files (x86)\Bonjour
2011-10-12 15:55 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 15:55 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 15:55 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-12 15:55 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 15:55 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-12 15:55 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 15:55 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 15:55 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-12 15:55 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-08 21:06 . 2011-11-08 21:06 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{260B534F-6A84-40DD-9751-FB4D5254019D}\offreg.dll
2011-11-07 21:16 . 2011-05-29 23:11 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-07 04:16 . 2011-11-04 15:28 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{260B534F-6A84-40DD-9751-FB4D5254019D}\mpengine.dll
2011-08-30 22:05 . 2011-08-30 22:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 22:05 . 2011-08-30 22:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 22:05 . 2011-08-30 22:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-30 22:05 . 2011-08-30 22:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-23 21:35 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-23 14:59 . 2011-08-23 14:59 53248 ----a-r- c:\users\Sean\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TrufosAlt;TrufosAlt;c:\windows\system32\DRIVERS\TrufosAlt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-08-09 974944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4108230135-737405117-301441030-1000Core.job
- c:\users\Sean\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-06 12:03]
.
2011-11-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4108230135-737405117-301441030-1000UA.job
- c:\users\Sean\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-06 12:03]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4108230135-737405117-301441030-1000Core.job
- c:\users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-03 02:35]
.
2011-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4108230135-737405117-301441030-1000UA.job
- c:\users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-03 02:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"RtHDVCpl"="RAVCpl64.exe" [2008-06-27 6453760]
"Skytel"="Skytel.exe" [2008-06-25 1826816]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-08-09 4030008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6A7B0504-F0F0-4EBB-BEE3-D408FECBEC54}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{7D9EAEF9-5D69-4CD1-9A39-75086DB7AC2E}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\72lz4lbp.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-{D147FE78-5352-83E7-9C88-20FD4C1739B2} - c:\users\Sean\AppData\Roaming\Voosyxy\buuximy.exe
Wow6432Node-HKLM-Run-AgVQVkFpNfmITWf.exe - c:\programdata\AgVQVkFpNfmITWf.exe
AddRemove-{0886900B-B2F3-452C-B580-60F1253F7F80} - c:\programdata\{4E70D107-00B1-4793-A17B-C6B6D7EF3151}\Controller Editor Setup PC.exe
AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\programdata\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}\Service Center Setup.exe
AddRemove-{2AAC4085-DCBF-417B-AEBD-182197839240} - c:\programdata\{849DD083-B349-4E44-A4E6-B8E8DCED3B0A}\Traktor Setup PC.exe
AddRemove-{A8EC0CC0-AD8D-4244-B080-424EDF7A7634} - c:\programdata\{4A818508-3355-4FBC-B302-D53B599DD9D5}\Traktor 2 Setup PC.exe
AddRemove-Facebook Plug-In - c:\users\Sean\AppData\Roaming\Facebook\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CakewalkPlugIns\*!*]
"Description"="Cakewal"
"HelpFilePath"=""
"HelpFileTopic"=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-11-08 21:28:22 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-08 21:28
.
Pre-Run: 139,493,818,368 bytes free
Post-Run: 158,162,010,112 bytes free
.
- - End Of File - - A87D1A301585C9981C2A1D985A629999

Link to post
Share on other sites

Yeah NOD32 is still telling me about the TDL4.

I keep getting webpage re-directs too when I try to visit sites and also when I shut the computer down I get the warning saying that there are still some programs that need to close but it doesn't show anything in the list. Overall my PC is definitely running a bit slower too.. there's definitely something not right.

Link to post
Share on other sites

In that case, lets get an offline MBR dump.

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer

  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:
    dd if=/dev/sda of=mbr.bin bs=512 count=1
  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

Link to post
Share on other sites

That is clean, can you tell me exactly the message ESET gives you (especially the number of the harddisk is of interest here).

Please right click the following link and select "save target/link as": http://noahdfear.net/downloads/dumpit

Save the file to your usb drive.

Then boot xPUD, navigate to your USB drive and double click on dumpit to run it. When done, post me the created zip file as attachment.

Link to post
Share on other sites

Here is all I am getting from NOD32 sorry...

Scan Log
Version of virus signature database: 6619 (20111110)
Date: 11/11/2011 Time: 00:06:54
Scanned disks, folders and files: Operating memory
Operating memory - Win32/Olmarik.TDL4 trojan - unable to clean
Number of scanned objects: 250
Number of threats found: 1
Number of cleaned objects: 0
Time of completion: 00:06:57 Total scanning time: 3 sec (00:00:03)

Here's the other log though.

Still getting redirects and programs running in the background too, however I think after running combofix it's restored Windows Update possibly?

mbr.zip

Link to post
Share on other sites

In xPUD, can you please click File > mnt and tell me which device listed there contains your Windows folder (for example: sda1)

Also, is sdb1 your USB drive. Do you see your second harddisk in xPUD? (you can double click any device to see the files/folders on it).

Link to post
Share on other sites

sda2 contains my windows folder, sda1 contains "boot" and "system volume information" and there is also an sda3 which is empty. I don't have a second harddisk though, so I think the sda3 is just some unpartitioned space, it's only 40bytes in size.

sdb1 is my USB drive.

Link to post
Share on other sites

Attach.txt indeed shows only one harddisk, however TDSSkiller seems to see two. The second one might be your USB drive though, if that was plugged in during the scan.

Can you please rerun TDSSkiller and click Change Parameters.

Place a checkmark in front of "Check for TDLFS file system".

Click OK and then Start Scan. Do not remove any found object, just post me the log.

Link to post
Share on other sites

Updated TDSSkiller and here's the log:

16:36:46.0430 0936	TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
16:36:47.0301 0936 ============================================================
16:36:47.0301 0936 Current date / time: 2011/11/11 16:36:47.0301
16:36:47.0301 0936 SystemInfo:
16:36:47.0301 0936
16:36:47.0301 0936 OS Version: 6.1.7601 ServicePack: 1.0
16:36:47.0301 0936 Product type: Workstation
16:36:47.0302 0936 ComputerName: SEAN-PC
16:36:47.0302 0936 UserName: Sean
16:36:47.0302 0936 Windows directory: C:\Windows
16:36:47.0302 0936 System windows directory: C:\Windows
16:36:47.0302 0936 Running under WOW64
16:36:47.0302 0936 Processor architecture: Intel x64
16:36:47.0302 0936 Number of processors: 2
16:36:47.0302 0936 Page size: 0x1000
16:36:47.0302 0936 Boot type: Normal boot
16:36:47.0302 0936 ============================================================
16:36:48.0688 0936 Initialize success
16:36:53.0320 3740 ============================================================
16:36:53.0320 3740 Scan started
16:36:53.0320 3740 Mode: Manual; TDLFS;
16:36:53.0320 3740 ============================================================
16:36:54.0939 3740 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:36:54.0941 3740 1394ohci - ok
16:36:55.0056 3740 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:36:55.0058 3740 ACPI - ok
16:36:55.0130 3740 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:36:55.0130 3740 AcpiPmi - ok
16:36:55.0220 3740 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
16:36:55.0221 3740 adfs - ok
16:36:55.0273 3740 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:36:55.0275 3740 adp94xx - ok
16:36:55.0292 3740 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:36:55.0293 3740 adpahci - ok
16:36:55.0333 3740 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:36:55.0334 3740 adpu320 - ok
16:36:55.0476 3740 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
16:36:55.0478 3740 AFD - ok
16:36:55.0515 3740 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:36:55.0516 3740 agp440 - ok
16:36:55.0528 3740 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:36:55.0528 3740 aliide - ok
16:36:55.0559 3740 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:36:55.0560 3740 amdide - ok
16:36:55.0580 3740 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:36:55.0581 3740 AmdK8 - ok
16:36:57.0093 3740 amdkmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
16:36:57.0137 3740 amdkmdag - ok
16:36:57.0325 3740 amdkmdap (9deb889d152f9c9dba98be8986084535) C:\Windows\system32\DRIVERS\atikmpag.sys
16:36:57.0327 3740 amdkmdap - ok
16:36:57.0403 3740 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:36:57.0404 3740 AmdPPM - ok
16:36:57.0508 3740 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:36:57.0508 3740 amdsata - ok
16:36:57.0549 3740 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:36:57.0551 3740 amdsbs - ok
16:36:57.0603 3740 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:36:57.0604 3740 amdxata - ok
16:36:57.0698 3740 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:36:57.0699 3740 AppID - ok
16:36:57.0768 3740 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:36:57.0769 3740 arc - ok
16:36:57.0810 3740 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:36:57.0811 3740 arcsas - ok
16:36:57.0850 3740 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:36:57.0851 3740 AsyncMac - ok
16:36:57.0905 3740 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:36:57.0905 3740 atapi - ok
16:36:57.0979 3740 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
16:36:57.0980 3740 AtiHDAudioService - ok
16:36:59.0016 3740 atikmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
16:36:59.0059 3740 atikmdag - ok
16:36:59.0188 3740 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:36:59.0190 3740 b06bdrv - ok
16:36:59.0231 3740 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:36:59.0232 3740 b57nd60a - ok
16:36:59.0269 3740 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:36:59.0269 3740 Beep - ok
16:36:59.0303 3740 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:36:59.0303 3740 blbdrive - ok
16:36:59.0384 3740 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:36:59.0384 3740 bowser - ok
16:36:59.0401 3740 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:36:59.0402 3740 BrFiltLo - ok
16:36:59.0418 3740 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:36:59.0419 3740 BrFiltUp - ok
16:36:59.0543 3740 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:36:59.0545 3740 Brserid - ok
16:36:59.0577 3740 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:36:59.0578 3740 BrSerWdm - ok
16:36:59.0596 3740 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:36:59.0597 3740 BrUsbMdm - ok
16:36:59.0610 3740 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:36:59.0610 3740 BrUsbSer - ok
16:36:59.0718 3740 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:36:59.0718 3740 BTHMODEM - ok
16:37:00.0048 3740 catchme - ok
16:37:00.0114 3740 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:37:00.0115 3740 cdfs - ok
16:37:00.0195 3740 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:37:00.0197 3740 cdrom - ok
16:37:00.0242 3740 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:37:00.0243 3740 circlass - ok
16:37:00.0281 3740 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:37:00.0283 3740 CLFS - ok
16:37:00.0336 3740 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:37:00.0336 3740 CmBatt - ok
16:37:00.0397 3740 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:37:00.0398 3740 cmdide - ok
16:37:00.0463 3740 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
16:37:00.0466 3740 CNG - ok
16:37:00.0488 3740 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:37:00.0488 3740 Compbatt - ok
16:37:00.0571 3740 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:37:00.0571 3740 CompositeBus - ok
16:37:00.0609 3740 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:37:00.0610 3740 crcdisk - ok
16:37:00.0661 3740 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:37:00.0664 3740 CSC - ok
16:37:00.0723 3740 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:37:00.0724 3740 DfsC - ok
16:37:00.0760 3740 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:37:00.0760 3740 discache - ok
16:37:00.0801 3740 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:37:00.0802 3740 Disk - ok
16:37:00.0843 3740 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:37:00.0844 3740 drmkaud - ok
16:37:00.0902 3740 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:37:00.0906 3740 DXGKrnl - ok
16:37:00.0970 3740 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
16:37:00.0971 3740 eamonm - ok
16:37:01.0037 3740 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:37:01.0051 3740 ebdrv - ok
16:37:01.0097 3740 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
16:37:01.0100 3740 ehdrv - ok
16:37:01.0172 3740 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:37:01.0176 3740 elxstor - ok
16:37:01.0255 3740 epfw (198c6fbc30bbd9632ea051203dccf204) C:\Windows\system32\DRIVERS\epfw.sys
16:37:01.0256 3740 epfw - ok
16:37:01.0359 3740 EpfwLWF (56de463f517710a8aa44eef82c35b3c9) C:\Windows\system32\DRIVERS\EpfwLWF.sys
16:37:01.0360 3740 EpfwLWF - ok
16:37:01.0388 3740 epfwwfp (710b0442bb2f99278d7b8e02a8849c11) C:\Windows\system32\DRIVERS\epfwwfp.sys
16:37:01.0388 3740 epfwwfp - ok
16:37:01.0429 3740 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:37:01.0429 3740 ErrDev - ok
16:37:01.0511 3740 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:37:01.0512 3740 exfat - ok
16:37:01.0537 3740 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:37:01.0538 3740 fastfat - ok
16:37:01.0623 3740 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:37:01.0624 3740 fdc - ok
16:37:01.0683 3740 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:37:01.0684 3740 FileInfo - ok
16:37:01.0723 3740 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:37:01.0724 3740 Filetrace - ok
16:37:01.0744 3740 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:37:01.0744 3740 flpydisk - ok
16:37:01.0871 3740 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:37:01.0873 3740 FltMgr - ok
16:37:01.0914 3740 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:37:01.0914 3740 FsDepends - ok
16:37:01.0948 3740 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:37:01.0948 3740 Fs_Rec - ok
16:37:02.0014 3740 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:37:02.0015 3740 fvevol - ok
16:37:02.0051 3740 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:37:02.0052 3740 gagp30kx - ok
16:37:02.0076 3740 gdrv (f51fb25e1328fa14f446a8b24ac52709) C:\Windows\gdrv.sys
16:37:02.0077 3740 gdrv - ok
16:37:02.0117 3740 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:37:02.0117 3740 GEARAspiWDM - ok
16:37:02.0193 3740 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:37:02.0194 3740 hcw85cir - ok
16:37:02.0352 3740 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:37:02.0354 3740 HdAudAddService - ok
16:37:02.0443 3740 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:37:02.0444 3740 HDAudBus - ok
16:37:02.0491 3740 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:37:02.0491 3740 HidBatt - ok
16:37:02.0544 3740 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:37:02.0545 3740 HidBth - ok
16:37:02.0602 3740 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:37:02.0603 3740 HidIr - ok
16:37:02.0666 3740 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:37:02.0667 3740 HidUsb - ok
16:37:02.0760 3740 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:37:02.0761 3740 HpSAMD - ok
16:37:02.0838 3740 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:37:02.0842 3740 HTTP - ok
16:37:03.0710 3740 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:37:03.0710 3740 hwpolicy - ok
16:37:03.0794 3740 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:37:03.0795 3740 i8042prt - ok
16:37:03.0893 3740 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:37:03.0895 3740 iaStorV - ok
16:37:03.0937 3740 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:37:03.0939 3740 iirsp - ok
16:37:04.0069 3740 IntcAzAudAddService (b3fb479a7c0626499eb5989bc087cf8d) C:\Windows\system32\drivers\RTKVHD64.sys
16:37:04.0078 3740 IntcAzAudAddService - ok
16:37:04.0120 3740 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:37:04.0120 3740 intelide - ok
16:37:04.0164 3740 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:37:04.0165 3740 intelppm - ok
16:37:04.0224 3740 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:37:04.0225 3740 IpFilterDriver - ok
16:37:04.0346 3740 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:37:04.0347 3740 IPMIDRV - ok
16:37:04.0391 3740 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:37:04.0392 3740 IPNAT - ok
16:37:04.0480 3740 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:37:04.0481 3740 IRENUM - ok
16:37:04.0547 3740 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:37:04.0548 3740 isapnp - ok
16:37:04.0659 3740 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:37:04.0660 3740 iScsiPrt - ok
16:37:04.0754 3740 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:37:04.0755 3740 kbdclass - ok
16:37:04.0815 3740 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:37:04.0815 3740 kbdhid - ok
16:37:04.0943 3740 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
16:37:04.0944 3740 KSecDD - ok
16:37:05.0060 3740 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
16:37:05.0061 3740 KSecPkg - ok
16:37:05.0125 3740 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:37:05.0126 3740 ksthunk - ok
16:37:05.0200 3740 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:37:05.0201 3740 lltdio - ok
16:37:05.0241 3740 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:37:05.0242 3740 LSI_FC - ok
16:37:05.0265 3740 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:37:05.0265 3740 LSI_SAS - ok
16:37:05.0289 3740 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:37:05.0290 3740 LSI_SAS2 - ok
16:37:05.0315 3740 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:37:05.0315 3740 LSI_SCSI - ok
16:37:05.0354 3740 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:37:05.0355 3740 luafv - ok
16:37:05.0400 3740 MBAMProtector - ok
16:37:05.0493 3740 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
16:37:05.0494 3740 mcdbus - ok
16:37:05.0519 3740 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:37:05.0519 3740 megasas - ok
16:37:05.0546 3740 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:37:05.0548 3740 MegaSR - ok
16:37:05.0678 3740 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:37:05.0678 3740 Modem - ok
16:37:05.0727 3740 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:37:05.0727 3740 monitor - ok
16:37:05.0797 3740 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:37:05.0798 3740 mouclass - ok
16:37:05.0832 3740 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:37:05.0832 3740 mouhid - ok
16:37:05.0875 3740 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:37:05.0875 3740 mountmgr - ok
16:37:05.0949 3740 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:37:05.0950 3740 mpio - ok
16:37:06.0024 3740 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:37:06.0025 3740 mpsdrv - ok
16:37:06.0094 3740 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:37:06.0095 3740 MRxDAV - ok
16:37:06.0196 3740 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:37:06.0197 3740 mrxsmb - ok
16:37:06.0220 3740 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:37:06.0222 3740 mrxsmb10 - ok
16:37:06.0276 3740 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:37:06.0277 3740 mrxsmb20 - ok
16:37:06.0310 3740 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:37:06.0310 3740 msahci - ok
16:37:06.0364 3740 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:37:06.0365 3740 msdsm - ok
16:37:06.0390 3740 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:37:06.0390 3740 Msfs - ok
16:37:06.0430 3740 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:37:06.0430 3740 mshidkmdf - ok
16:37:06.0470 3740 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:37:06.0471 3740 msisadrv - ok
16:37:06.0504 3740 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:37:06.0505 3740 MSKSSRV - ok
16:37:06.0524 3740 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:37:06.0525 3740 MSPCLOCK - ok
16:37:06.0562 3740 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:37:06.0562 3740 MSPQM - ok
16:37:06.0662 3740 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:37:06.0664 3740 MsRPC - ok
16:37:06.0746 3740 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:37:06.0746 3740 mssmbios - ok
16:37:06.0759 3740 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:37:06.0760 3740 MSTEE - ok
16:37:06.0781 3740 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:37:06.0782 3740 MTConfig - ok
16:37:06.0807 3740 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:37:06.0808 3740 Mup - ok
16:37:06.0836 3740 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:37:06.0837 3740 NativeWifiP - ok
16:37:06.0893 3740 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:37:06.0897 3740 NDIS - ok
16:37:06.0916 3740 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:37:06.0917 3740 NdisCap - ok
16:37:06.0943 3740 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:37:06.0944 3740 NdisTapi - ok
16:37:06.0985 3740 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:37:06.0986 3740 Ndisuio - ok
16:37:07.0067 3740 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:37:07.0068 3740 NdisWan - ok
16:37:07.0197 3740 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:37:07.0198 3740 NDProxy - ok
16:37:07.0220 3740 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:37:07.0221 3740 NetBIOS - ok
16:37:07.0306 3740 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:37:07.0308 3740 NetBT - ok
16:37:07.0358 3740 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:37:07.0359 3740 nfrd960 - ok
16:37:07.0396 3740 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:37:07.0396 3740 Npfs - ok
16:37:07.0429 3740 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:37:07.0430 3740 nsiproxy - ok
16:37:07.0712 3740 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:37:07.0721 3740 Ntfs - ok
16:37:07.0747 3740 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:37:07.0748 3740 Null - ok
16:37:07.0841 3740 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:37:07.0842 3740 nvraid - ok
16:37:07.0968 3740 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:37:07.0970 3740 nvstor - ok
16:37:08.0057 3740 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:37:08.0058 3740 nv_agp - ok
16:37:08.0407 3740 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:37:08.0408 3740 ohci1394 - ok
16:37:08.0600 3740 PAC207 (3a6dceb1848470320e4a3c12d7a35b1c) C:\Windows\system32\DRIVERS\PFC027.SYS
16:37:08.0604 3740 PAC207 - ok
16:37:08.0727 3740 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:37:08.0728 3740 Parport - ok
16:37:08.0819 3740 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:37:08.0819 3740 partmgr - ok
16:37:09.0007 3740 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:37:09.0008 3740 pci - ok
16:37:09.0077 3740 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:37:09.0078 3740 pciide - ok
16:37:09.0277 3740 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:37:09.0279 3740 pcmcia - ok
16:37:09.0410 3740 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
16:37:09.0411 3740 pcouffin - ok
16:37:09.0499 3740 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:37:09.0500 3740 pcw - ok
16:37:09.0772 3740 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:37:09.0775 3740 PEAUTH - ok
16:37:09.0854 3740 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
16:37:09.0854 3740 Point64 - ok
16:37:09.0918 3740 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:37:09.0922 3740 PptpMiniport - ok
16:37:09.0971 3740 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:37:09.0972 3740 Processor - ok
16:37:10.0042 3740 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:37:10.0043 3740 Psched - ok
16:37:10.0235 3740 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:37:10.0245 3740 ql2300 - ok
16:37:10.0403 3740 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:37:10.0404 3740 ql40xx - ok
16:37:10.0446 3740 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:37:10.0447 3740 QWAVEdrv - ok
16:37:10.0482 3740 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:37:10.0483 3740 RasAcd - ok
16:37:10.0549 3740 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:37:10.0549 3740 RasAgileVpn - ok
16:37:10.0586 3740 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:37:10.0588 3740 Rasl2tp - ok
16:37:10.0602 3740 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:37:10.0603 3740 RasPppoe - ok
16:37:10.0620 3740 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:37:10.0621 3740 RasSstp - ok
16:37:10.0686 3740 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:37:10.0688 3740 rdbss - ok
16:37:10.0708 3740 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:37:10.0709 3740 rdpbus - ok
16:37:10.0730 3740 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:37:10.0731 3740 RDPCDD - ok
16:37:10.0858 3740 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:37:10.0860 3740 RDPDR - ok
16:37:10.0965 3740 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:37:10.0965 3740 RDPENCDD - ok
16:37:11.0032 3740 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:37:11.0032 3740 RDPREFMP - ok
16:37:11.0132 3740 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
16:37:11.0133 3740 RdpVideoMiniport - ok
16:37:11.0297 3740 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:37:11.0298 3740 RDPWD - ok
16:37:11.0337 3740 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:37:11.0338 3740 rdyboost - ok
16:37:11.0358 3740 RimUsb - ok
16:37:11.0413 3740 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
16:37:11.0414 3740 RimVSerPort - ok
16:37:11.0459 3740 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
16:37:11.0460 3740 ROOTMODEM - ok
16:37:11.0502 3740 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:37:11.0503 3740 rspndr - ok
16:37:11.0548 3740 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:37:11.0550 3740 RTL8167 - ok
16:37:11.0588 3740 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:37:11.0589 3740 s3cap - ok
16:37:11.0631 3740 s716bus (e175faad62c69de9ebf7c1ae34350635) C:\Windows\system32\DRIVERS\s716bus.sys
16:37:11.0632 3740 s716bus - ok
16:37:11.0650 3740 s716mdfl (9a9f63cd32a2d61e3cd1b2b3a189d25b) C:\Windows\system32\DRIVERS\s716mdfl.sys
16:37:11.0651 3740 s716mdfl - ok
16:37:11.0669 3740 s716mdm (de0e9ea6a2ba47394d8deca50720f12f) C:\Windows\system32\DRIVERS\s716mdm.sys
16:37:11.0670 3740 s716mdm - ok
16:37:11.0724 3740 s716nd5 (8d1ea119f329204b195faa8e416546ff) C:\Windows\system32\DRIVERS\s716nd5.sys
16:37:11.0725 3740 s716nd5 - ok
16:37:11.0773 3740 s716unic (e3197832847019ce1b6cf6992457a5a4) C:\Windows\system32\DRIVERS\s716unic.sys
16:37:11.0774 3740 s716unic - ok
16:37:11.0839 3740 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:37:11.0840 3740 sbp2port - ok
16:37:11.0913 3740 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:37:11.0913 3740 scfilter - ok
16:37:12.0011 3740 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:37:12.0012 3740 secdrv - ok
16:37:12.0042 3740 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:37:12.0043 3740 Serenum - ok
16:37:12.0071 3740 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:37:12.0072 3740 Serial - ok
16:37:12.0129 3740 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:37:12.0130 3740 sermouse - ok
16:37:12.0207 3740 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:37:12.0208 3740 sffdisk - ok
16:37:12.0283 3740 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:37:12.0283 3740 sffp_mmc - ok
16:37:12.0327 3740 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:37:12.0328 3740 sffp_sd - ok
16:37:12.0443 3740 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:37:12.0444 3740 sfloppy - ok
16:37:12.0495 3740 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:37:12.0496 3740 SiSRaid2 - ok
16:37:12.0530 3740 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:37:12.0531 3740 SiSRaid4 - ok
16:37:12.0558 3740 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:37:12.0559 3740 Smb - ok
16:37:12.0601 3740 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:37:12.0601 3740 spldr - ok
16:37:12.0720 3740 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:37:12.0723 3740 srv - ok
16:37:12.0917 3740 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:37:12.0919 3740 srv2 - ok
16:37:12.0983 3740 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:37:12.0984 3740 srvnet - ok
16:37:13.0040 3740 StarOpen - ok
16:37:13.0063 3740 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:37:13.0063 3740 stexstor - ok
16:37:13.0118 3740 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:37:13.0119 3740 storflt - ok
16:37:13.0238 3740 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:37:13.0238 3740 storvsc - ok
16:37:13.0266 3740 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:37:13.0266 3740 swenum - ok
16:37:13.0318 3740 Synth3dVsc - ok
16:37:13.0380 3740 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:37:13.0391 3740 Tcpip - ok
16:37:13.0432 3740 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:37:13.0442 3740 TCPIP6 - ok
16:37:13.0477 3740 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:37:13.0477 3740 tcpipreg - ok
16:37:13.0509 3740 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:37:13.0510 3740 TDPIPE - ok
16:37:13.0547 3740 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:37:13.0547 3740 TDTCP - ok
16:37:13.0626 3740 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:37:13.0627 3740 tdx - ok
16:37:13.0672 3740 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:37:13.0672 3740 TermDD - ok
16:37:13.0767 3740 TrufosAlt (a51e66b06e405f9ab8e65532a255ff22) C:\Windows\system32\DRIVERS\TrufosAlt.sys
16:37:13.0768 3740 TrufosAlt - ok
16:37:13.0860 3740 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:37:13.0861 3740 tssecsrv - ok
16:37:14.0081 3740 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:37:14.0082 3740 TsUsbFlt - ok
16:37:14.0104 3740 tsusbhub - ok
16:37:14.0166 3740 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:37:14.0167 3740 tunnel - ok
16:37:14.0240 3740 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:37:14.0241 3740 uagp35 - ok
16:37:14.0406 3740 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:37:14.0407 3740 udfs - ok
16:37:14.0468 3740 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:37:14.0469 3740 uliagpkx - ok
16:37:14.0539 3740 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:37:14.0539 3740 umbus - ok
16:37:14.0583 3740 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:37:14.0584 3740 UmPass - ok
16:37:14.0649 3740 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
16:37:14.0650 3740 USBAAPL64 - ok
16:37:14.0720 3740 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:37:14.0721 3740 usbaudio - ok
16:37:14.0767 3740 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:37:14.0768 3740 usbccgp - ok
16:37:14.0803 3740 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:37:14.0803 3740 usbcir - ok
16:37:14.0860 3740 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:37:14.0861 3740 usbehci - ok
16:37:14.0904 3740 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:37:14.0905 3740 usbhub - ok
16:37:14.0923 3740 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
16:37:14.0923 3740 usbohci - ok
16:37:14.0992 3740 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:37:14.0992 3740 usbprint - ok
16:37:15.0041 3740 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:37:15.0042 3740 usbscan - ok
16:37:15.0103 3740 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:37:15.0104 3740 USBSTOR - ok
16:37:15.0177 3740 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
16:37:15.0178 3740 usbuhci - ok
16:37:15.0213 3740 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:37:15.0213 3740 vdrvroot - ok
16:37:15.0228 3740 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:37:15.0228 3740 vga - ok
16:37:15.0251 3740 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:37:15.0252 3740 VgaSave - ok
16:37:15.0258 3740 VGPU - ok
16:37:15.0317 3740 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:37:15.0318 3740 vhdmp - ok
16:37:15.0348 3740 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:37:15.0349 3740 viaide - ok
16:37:15.0387 3740 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:37:15.0389 3740 vmbus - ok
16:37:15.0419 3740 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:37:15.0419 3740 VMBusHID - ok
16:37:15.0536 3740 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:37:15.0537 3740 volmgr - ok
16:37:15.0633 3740 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:37:15.0634 3740 volmgrx - ok
16:37:15.0664 3740 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:37:15.0665 3740 volsnap - ok
16:37:15.0712 3740 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:37:15.0713 3740 vsmraid - ok
16:37:15.0751 3740 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:37:15.0751 3740 vwifibus - ok
16:37:15.0796 3740 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:37:15.0797 3740 WacomPen - ok
16:37:15.0828 3740 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:37:15.0829 3740 WANARP - ok
16:37:15.0831 3740 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:37:15.0832 3740 Wanarpv6 - ok
16:37:15.0899 3740 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:37:15.0900 3740 Wd - ok
16:37:15.0931 3740 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:37:15.0934 3740 Wdf01000 - ok
16:37:15.0957 3740 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:37:15.0958 3740 WfpLwf - ok
16:37:15.0990 3740 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:37:15.0990 3740 WIMMount - ok
16:37:16.0082 3740 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:37:16.0082 3740 WinUsb - ok
16:37:16.0132 3740 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:37:16.0133 3740 WmiAcpi - ok
16:37:16.0189 3740 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:37:16.0190 3740 ws2ifsl - ok
16:37:16.0245 3740 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:37:16.0246 3740 WudfPf - ok
16:37:16.0283 3740 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:37:16.0284 3740 WUDFRd - ok
16:37:16.0313 3740 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:37:16.0371 3740 \Device\Harddisk0\DR0 - ok
16:37:16.0373 3740 Boot (0x1200) (cc76274de02db8a7f43fec59cfba19c3) \Device\Harddisk0\DR0\Partition0
16:37:16.0374 3740 \Device\Harddisk0\DR0\Partition0 - ok
16:37:16.0412 3740 Boot (0x1200) (285f823445e90a903e5d257a7ff1f8ea) \Device\Harddisk0\DR0\Partition1
16:37:16.0427 3740 \Device\Harddisk0\DR0\Partition1 - ok
16:37:16.0427 3740 ============================================================
16:37:16.0427 3740 Scan finished
16:37:16.0427 3740 ============================================================
16:37:16.0434 0320 Detected object count: 0
16:37:16.0434 0320 Actual detected object count: 0
16:37:26.0929 2880 Deinitialize success

Link to post
Share on other sites

Hi again,

Try this please. You will need a USB drive.

  • Download xPUDtestdisk.exe and save it to the USB device
  • Double click xPUDtestdisk.exe to extract the contents to your USB device
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type testdisk/testdisk_static
  • Press Enter

The first screen will present log options - press Enter to continue.

td1.gif

TestDisk will scan the system and show drive information.

If more than 1 drive, select the correct drive, make sure [Proceed] is selected then press Enter to continue.

td2.gif

Select [intel] partiton and press Enter to continue.

td3.gif

Select Analyse and press Enter.

Menus.gif

The next screen will list all found partitions. Press Enter to run a Quick Search.

Analyse.gif

When asked, say Yes to this screen:

Vista_check.gif

You'll now see a list of partitions; at this point press Q until you exit and then look on your USB drive for the testdisk log. Post it for my review.

Link to post
Share on other sites

Okay, so that didn't go so well. ha.

I have a log but its 192mb and my internet is real slow and im not even sure if the log should be that big?

Either way, my process didn't go like the one you posted above, when I got to the analyse stage it said something about "hidden sectors are present" and then somewhere else along the line it said that the number of cylinders are wrong, the current number was 255 and it should be 12 or something?

Anyway, now Windows wont boot up at all, I get error "0xc000000e". I have tried using my windows disk to repair it, but after windows has loaded the files the menu to repair doesn't show up at all, I just get the cursor and background. I have looked at a few guides to fix it using xPud but figured I'd be best asking in here.

I also have a load of college work building up as I cant do none at home as I dont want to use my external hdd with the infected PC, but I was wondering is there anyway I can just backup all of my files safely and then reinstall Windows without having to worry about the virus returning?

Sorry to be a pain, I really appreciate your help so far anyway, thank you.

Link to post
Share on other sites

Did you change anything at all using Testdisk? If so, please describe as detailed as possible what that was.

This is an extremely powerful tool and should never be used without a proper understanding of its functions.

I have indeed confirmed that this is a new TDL4 rootkit variant.

Link to post
Share on other sites

I have indeed confirmed that this is a new TDL4 rootkit variant.

Lucky me...

After it analysed everything and said about the cylinders it came up with my HDD highlighted green and a few options to do things such as partition etc, I didnt use any of those though, I think it then said something about the MBR code possibly, not too sure though. I then just pressed Q to exit the program.

Is there no way I can just back up my data safely and reinstall windows? Or do I definitely have to remove the infection first?

Thanks for the ongoing support.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.