Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: Trojan.sirefef removal?

  1. 2012-03-15, 15:08 #11
    ibuddie
    ibuddie is offline
    Junior Member
    Join Date
    Mar 2012
    Posts
    11

    Default

    Hi,

    Please see attached regExp.txt file... I donīt understand much of this but is it looking better?
  2. 2012-03-15, 16:36 #12
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Yes, we're making some progress there.

    Please download attached .zip file to your desktop and extract its contents. Double-click regfix.reg file and allow merging. Reboot and run ComboFix again like earlier. Post back its log.

    Note: the attachment is to be used on this specific case only.
    Last edited by Blade81; 2012-04-10 at 11:07. Reason: Removed the regfix to avoid abuse of it.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  3. 2012-03-15, 18:15 #13
    ibuddie
    ibuddie is offline
    Junior Member
    Join Date
    Mar 2012
    Posts
    11

    Default

    Hi,

    It detected the rootkit again. Here is the log:

    ComboFix 12-03-13.01 - Sacha J 03/15/2012 17:53:27.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1033.18.2046.1527 [GMT 2:00]
    Running from: c:\documents and settings\Sacha Jurva\desktop\ComboFix.exe
    Command switches used :: /nombr
    AV: F-Secure Internet Security 2011 10.51 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
    AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    FW: F-Secure Internet Security 2011 10.51 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-15 to 2012-03-15 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-14 14:55 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
    2012-03-14 14:55 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\dllcache\ipsec.sys
    2012-03-12 17:13 . 2012-03-12 17:14 -------- d-----w- c:\program files\ERUNT
    2012-03-12 10:14 . 2012-03-12 10:14 -------- d-----w- C:\SWTOOLS
    2012-03-12 10:01 . 2012-03-12 10:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERSetup
    2012-03-12 08:42 . 2011-09-21 08:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
    2012-03-12 08:42 . 2012-03-12 08:42 -------- d-----w- c:\program files\CPUID
    2012-03-06 14:22 . 2012-03-06 14:22 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
    2012-03-06 11:39 . 2012-03-06 11:39 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\IObit
    2012-03-06 11:36 . 2012-03-06 11:36 -------- d-----w- C:\found.002
    2012-03-06 10:14 . 2011-12-30 15:03 21336 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
    2012-03-06 09:40 . 2012-03-06 09:40 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
    2012-03-06 09:39 . 2012-03-06 09:40 -------- d-----w- c:\documents and settings\Sacha Jurva\Application Data\IObit
    2012-03-06 09:39 . 2012-03-06 09:39 -------- d-----w- c:\program files\IObit
    2012-02-15 11:33 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
    2012-02-15 11:33 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-17 19:00 . 2012-01-17 19:00 444952 ----a-w- c:\windows\system32\wrap_oal.dll
    2012-01-17 19:00 . 2012-01-17 19:00 109080 ----a-w- c:\windows\system32\OpenAL32.dll
    2012-01-12 16:53 . 2004-08-10 11:51 1859968 ----a-w- c:\windows\system32\win32k.sys
    2011-12-17 19:46 . 2004-08-10 11:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-12-17 19:46 . 2004-08-10 11:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-12-17 19:46 . 2004-08-10 11:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2006-11-19 20:20 . 2006-11-28 19:03 909312 ----a-w- c:\program files\GSpot.exe
    2004-08-04 04:00 94784 -csh--w- c:\windows\twain.dll
    2008-04-14 00:12 50688 -csh--w- c:\windows\twain_32.dll
    2011-02-08 13:33 978944 --sha-w- c:\windows\system32\mfc42.dll
    2008-04-14 00:12 57344 --sh--w- c:\windows\system32\msvcirt.dll
    2008-04-14 00:12 413696 --sha-w- c:\windows\system32\msvcp60.dll
    2010-12-20 17:32 551936 --sh--w- c:\windows\system32\oleaut32.dll
    2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-03-14_14.58.45 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-03-15 15:50 . 2012-03-15 15:50 16384 c:\windows\Temp\Perflib_Perfdata_698.dat
    + 2012-03-15 15:50 . 2012-03-15 15:50 16384 c:\windows\Temp\Perflib_Perfdata_208.dat
    + 2006-07-29 09:59 . 2012-03-14 18:05 28409 c:\windows\system32\nvModes.dat
    - 2006-07-29 09:59 . 2012-01-17 21:25 28409 c:\windows\system32\nvModes.dat
    + 2012-03-15 15:27 . 2012-03-15 15:28 655360 c:\windows\ERDNT\AutoBackup\3-15-2012\Users\00000002\UsrClass.dat
    + 2012-03-15 15:28 . 2005-10-20 10:02 163328 c:\windows\ERDNT\AutoBackup\3-15-2012\ERDNT.EXE
    + 2012-03-15 15:27 . 2012-03-15 15:27 16957440 c:\windows\ERDNT\AutoBackup\3-15-2012\Users\00000001\NTUSER.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-30 39408]
    "Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
    "nwiz"="nwiz.exe" [2008-02-22 1626112]
    "NVHotkey"="nvHotkey.dll" [2008-02-22 86016]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
    "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
    "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 1117184]
    "F-Secure Manager"="c:\program files\F-Secure Internet Security\Common\FSM32.EXE" [2010-10-29 201384]
    "F-Secure TNB"="c:\program files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2010-10-29 1655464]
    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 188416]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-10-21 29696]
    "sclauncher"="c:\program files\SimpleCenter\bin\win\sclauncher.exe" [2007-01-30 94208]
    "tsnp2std"="c:\windows\tsnp2std.exe" [2006-06-19 262144]
    "snp2std"="c:\windows\vsnp2std.exe" [2006-05-15 675840]
    "NvMediaCenter"="NvMCTray.dll" [2008-02-22 86016]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-11 37232]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-04 202256]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\Sacha Jurva\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-29 24576]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    Moveslink.lnk - c:\windows\Installer\{0ED016B2-C009-4253-9DDD-BDB8DA9CE181}\_E02D80CCF13FCD5A87F526.exe [2011-7-19 15086]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^F-Secure 2006.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\F-Secure 2006.lnk
    backup=c:\windows\pss\F-Secure 2006.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "21157:TCP"= 21157:TCP:BitComet 21157 TCP
    "21157:UDP"= 21157:UDP:BitComet 21157 UDP
    .
    R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [3/17/2009 8:14 PM 42672]
    R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [8/4/2006 10:09 AM 82824]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/22/2007 8:17 PM 646392]
    R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure Internet Security\HIPS\drivers\fshs.sys [3/17/2009 8:05 PM 72520]
    R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2/24/2010 12:22 PM 185472]
    R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [3/6/2012 11:39 AM 497496]
    R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [3/12/2012 10:42 AM 21992]
    R2 F3EJTHDD;HandyDrive Password Lock Tool Service;c:\program files\Fujitsu HandyDrive\Password\F3EJTHDD.EXE [3/8/2008 9:18 AM 45056]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [8/4/2006 10:09 AM 148632]
    R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure Internet Security\ORSP Client\fsorsp.exe [3/17/2009 8:05 PM 61088]
    S2 gupdate1c9b61d11a26d5d;Google Update Service (gupdate1c9b61d11a26d5d);c:\program files\Google\Update\GoogleUpdate.exe [4/5/2009 8:33 PM 133104]
    S3 avera800;AVerMedia DVB-T BDA Video Capture(A800);c:\windows\system32\drivers\avera800.sys [8/4/2006 7:11 PM 41600]
    S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [5/14/2010 11:58 PM 20704]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/5/2009 8:33 PM 133104]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-14 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 12:57]
    .
    2012-03-15 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-14 13:22]
    .
    2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 18:33]
    .
    2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 18:33]
    .
    2012-03-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3338972828-3241488432-1645712057-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 18:09]
    .
    2012-02-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3338972828-3241488432-1645712057-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 18:09]
    .
    2012-03-15 c:\windows\Tasks\Scheduled scanning task.job
    - c:\progra~1\F-SECU~1\ANTI-V~1\fsav.exe [2006-08-04 19:26]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.hs.fi/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyServer = wtcproxy:8080
    uInternet Settings,ProxyOverride = wtc.msk.ru;<local>;*.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-03-15 18:08
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3338972828-3241488432-1645712057-1006\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-3338972828-3241488432-1645712057-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-3338972828-3241488432-1645712057-1006\Software\SecuROM\License information*]
    "datasecu"=hex:6d,c4,7e,b1,b0,34,ce,8a,f8,02,2f,17,07,d7,a2,89,46,16,6f,2f,7e,
    41,bb,35,34,d9,f1,56,33,ce,05,18,8f,ee,15,0f,b8,79,50,8f,0d,e9,a5,98,5c,63,\
    "rkeysecu"=hex:77,df,be,8a,dc,f5,e8,06,b5,be,d3,b7,93,95,3e,ec
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(884)
    c:\program files\f-secure internet security\hips\fshook32.dll
    c:\program files\F-Secure Internet Security\FWES\Program\fsdc32.dll
    .
    - - - - - - - > 'lsass.exe'(940)
    c:\program files\f-secure internet security\hips\fshook32.dll
    c:\program files\F-Secure Internet Security\FWES\Program\fsdc32.dll
    .
    - - - - - - - > 'csrss.exe'(852)
    c:\program files\F-Secure Internet Security\FWES\Program\fsdc32.dll
    .
    Completion time: 2012-03-15 18:11:10
    ComboFix-quarantined-files.txt 2012-03-15 16:11
    ComboFix2.txt 2012-03-14 15:05
    .
    Pre-Run: 27,612,209,152 bytes free
    Post-Run: 27,604,787,200 bytes free
    .
    - - End Of File - - 80817AFE7C957C50696055074A4156AC
  4. 2012-03-15, 18:20 #14
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
    2. Execute the file TDSSKiller.exe.
    3. Click Start Scan. If threats are found, select skip and click Continue (tool may prompt for a reboot).
    4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  5. 2012-03-15, 19:26 #15
    ibuddie
    ibuddie is offline
    Junior Member
    Join Date
    Mar 2012
    Posts
    11

    Default

    I did number 1 as instructed but nothing happens when i double click on tdsskiller.exe. Can I start the program from cmd somehow, or what should I do?
  6. 2012-03-16, 14:38 #16
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Please see if it runs from safe mode.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  7. 2012-03-16, 15:19 #17
    ibuddie
    ibuddie is offline
    Junior Member
    Join Date
    Mar 2012
    Posts
    11

    Default

    It didnīt work so i downloaded it from the webpage and installed it again.

    Here is the log:

    15:14:15.0093 1952 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
    15:14:15.0187 1952 ============================================================
    15:14:15.0187 1952 Current date / time: 2012/03/16 15:14:15.0187
    15:14:15.0187 1952 SystemInfo:
    15:14:15.0187 1952
    15:14:15.0187 1952 OS Version: 5.1.2600 ServicePack: 3.0
    15:14:15.0187 1952 Product type: Workstation
    15:14:15.0187 1952 ComputerName: SACHA
    15:14:15.0187 1952 UserName: Sacha J
    15:14:15.0187 1952 Windows directory: C:\WINDOWS
    15:14:15.0187 1952 System windows directory: C:\WINDOWS
    15:14:15.0187 1952 Processor architecture: Intel x86
    15:14:15.0187 1952 Number of processors: 2
    15:14:15.0187 1952 Page size: 0x1000
    15:14:15.0187 1952 Boot type: Normal boot
    15:14:15.0187 1952 ============================================================
    15:14:16.0265 1952 Drive \Device\Harddisk0\DR0 - Size: 0x16F0649400 (91.76 Gb), SectorSize: 0x200, Cylinders: 0x2ECA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    15:14:16.0265 1952 Drive \Device\Harddisk1\DR5 - Size: 0x3D200000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    15:14:16.0265 1952 \Device\Harddisk0\DR0:
    15:14:16.0265 1952 MBR used
    15:14:16.0265 1952 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0xB75027D
    15:14:16.0265 1952 \Device\Harddisk1\DR5:
    15:14:16.0265 1952 MBR used
    15:14:16.0265 1952 \Device\Harddisk1\DR5\Partition0: MBR, Type 0x6, StartLBA 0x40, BlocksNum 0x1E8FC0
    15:14:16.0359 1952 Initialize success
    15:14:16.0359 1952 ============================================================
    15:14:38.0484 3800 ============================================================
    15:14:38.0484 3800 Scan started
    15:14:38.0484 3800 Mode: Manual;
    15:14:38.0484 3800 ============================================================
    15:14:38.0765 3800 Abiosdsk - ok
    15:14:38.0828 3800 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    15:14:38.0828 3800 abp480n5 - ok
    15:14:38.0875 3800 acedrv11 (e6f53d6c0dea3d375362265e175ca638) C:\WINDOWS\system32\drivers\acedrv11.sys
    15:14:38.0875 3800 acedrv11 - ok
    15:14:38.0921 3800 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    15:14:38.0921 3800 ACPI - ok
    15:14:38.0953 3800 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    15:14:38.0953 3800 ACPIEC - ok
    15:14:38.0968 3800 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    15:14:38.0984 3800 adpu160m - ok
    15:14:39.0031 3800 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    15:14:39.0031 3800 aec - ok
    15:14:39.0093 3800 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    15:14:39.0125 3800 AegisP - ok
    15:14:39.0203 3800 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    15:14:39.0218 3800 AFD - ok
    15:14:39.0250 3800 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    15:14:39.0250 3800 agp440 - ok
    15:14:39.0281 3800 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    15:14:39.0281 3800 agpCPQ - ok
    15:14:39.0296 3800 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    15:14:39.0296 3800 Aha154x - ok
    15:14:39.0328 3800 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    15:14:39.0328 3800 aic78u2 - ok
    15:14:39.0359 3800 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    15:14:39.0359 3800 aic78xx - ok
    15:14:39.0390 3800 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    15:14:39.0390 3800 AliIde - ok
    15:14:39.0421 3800 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    15:14:39.0437 3800 alim1541 - ok
    15:14:39.0453 3800 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    15:14:39.0453 3800 amdagp - ok
    15:14:39.0468 3800 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    15:14:39.0468 3800 amsint - ok
    15:14:39.0515 3800 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
    15:14:39.0515 3800 APPDRV - ok
    15:14:39.0578 3800 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    15:14:39.0578 3800 Arp1394 - ok
    15:14:39.0593 3800 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    15:14:39.0609 3800 asc - ok
    15:14:39.0625 3800 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    15:14:39.0625 3800 asc3350p - ok
    15:14:39.0640 3800 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    15:14:39.0656 3800 asc3550 - ok
    15:14:39.0703 3800 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    15:14:39.0703 3800 AsyncMac - ok
    15:14:39.0734 3800 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    15:14:39.0734 3800 atapi - ok
    15:14:39.0750 3800 Atdisk - ok
    15:14:39.0796 3800 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys
    15:14:39.0796 3800 atksgt - ok
    15:14:39.0843 3800 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    15:14:39.0843 3800 Atmarpc - ok
    15:14:39.0875 3800 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    15:14:39.0875 3800 audstub - ok
    15:14:39.0921 3800 avera800 (f014b6116260e02e0a958e921966e748) C:\WINDOWS\system32\Drivers\avera800.sys
    15:14:39.0921 3800 avera800 - ok
    15:14:39.0953 3800 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    15:14:39.0953 3800 b57w2k - ok
    15:14:39.0968 3800 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    15:14:39.0968 3800 Beep - ok
    15:14:40.0125 3800 catchme - ok
    15:14:40.0218 3800 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    15:14:40.0218 3800 cbidf - ok
    15:14:40.0234 3800 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    15:14:40.0234 3800 cbidf2k - ok
    15:14:40.0281 3800 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    15:14:40.0281 3800 CCDECODE - ok
    15:14:40.0296 3800 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    15:14:40.0296 3800 cd20xrnt - ok
    15:14:40.0312 3800 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    15:14:40.0312 3800 Cdaudio - ok
    15:14:40.0343 3800 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    15:14:40.0343 3800 Cdfs - ok
    15:14:40.0390 3800 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    15:14:40.0390 3800 Cdrom - ok
    15:14:40.0406 3800 Changer - ok
    15:14:40.0453 3800 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    15:14:40.0453 3800 CmBatt - ok
    15:14:40.0484 3800 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    15:14:40.0484 3800 CmdIde - ok
    15:14:40.0500 3800 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    15:14:40.0500 3800 Compbatt - ok
    15:14:40.0546 3800 CompFilter (13612d5107c9b65bef347f449bcaf54d) C:\WINDOWS\system32\DRIVERS\lvbusflt.sys
    15:14:40.0546 3800 CompFilter - ok
    15:14:40.0578 3800 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    15:14:40.0578 3800 Cpqarray - ok
    15:14:40.0640 3800 cpuz135 (3411fdf098aa20193eee5ffa36ba43b2) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
    15:14:40.0640 3800 cpuz135 - ok
    15:14:40.0671 3800 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    15:14:40.0671 3800 dac2w2k - ok
    15:14:40.0703 3800 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    15:14:40.0703 3800 dac960nt - ok
    15:14:40.0750 3800 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    15:14:40.0750 3800 Disk - ok
    15:14:40.0843 3800 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
    15:14:40.0859 3800 DLABOIOM - ok
    15:14:40.0921 3800 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    15:14:40.0937 3800 DLACDBHM - ok
    15:14:40.0953 3800 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
    15:14:40.0953 3800 DLADResN - ok
    15:14:40.0984 3800 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
    15:14:40.0984 3800 DLAIFS_M - ok
    15:14:41.0031 3800 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
    15:14:41.0031 3800 DLAOPIOM - ok
    15:14:41.0031 3800 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
    15:14:41.0046 3800 DLAPoolM - ok
    15:14:41.0093 3800 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
    15:14:41.0109 3800 DLARTL_N - ok
    15:14:41.0125 3800 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
    15:14:41.0156 3800 DLAUDFAM - ok
    15:14:41.0171 3800 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
    15:14:41.0312 3800 DLAUDF_M - ok
    15:14:41.0500 3800 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    15:14:41.0562 3800 dmboot - ok
    15:14:41.0656 3800 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    15:14:41.0656 3800 dmio - ok
    15:14:41.0671 3800 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    15:14:41.0687 3800 dmload - ok
    15:14:41.0703 3800 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    15:14:41.0703 3800 DMusic - ok
    15:14:41.0734 3800 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    15:14:41.0734 3800 dpti2o - ok
    15:14:41.0765 3800 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    15:14:41.0765 3800 drmkaud - ok
    15:14:41.0812 3800 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    15:14:41.0828 3800 DRVMCDB - ok
    15:14:41.0843 3800 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    15:14:41.0843 3800 DRVNDDM - ok
    15:14:41.0875 3800 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    15:14:41.0875 3800 E100B - ok
    15:14:42.0078 3800 F-Secure Gatekeeper (29d12e1e45d93b45d2598e2663bbeff4) C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys
    15:14:42.0078 3800 F-Secure Gatekeeper - ok
    15:14:42.0156 3800 F-Secure HIPS (91fc6a3c01a771a5aa65959a361c22c5) C:\Program Files\F-Secure Internet Security\HIPS\drivers\fshs.sys
    15:14:42.0156 3800 F-Secure HIPS - ok
    15:14:42.0328 3800 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    15:14:42.0328 3800 Fastfat - ok
    15:14:42.0359 3800 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    15:14:42.0375 3800 Fdc - ok
    15:14:42.0390 3800 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    15:14:42.0390 3800 Fips - ok
    15:14:42.0406 3800 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    15:14:42.0421 3800 Flpydisk - ok
    15:14:42.0453 3800 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    15:14:42.0468 3800 FltMgr - ok
    15:14:42.0515 3800 fsbts (343786e182b9c9ae3066e00dec650f50) C:\WINDOWS\system32\Drivers\fsbts.sys
    15:14:42.0515 3800 fsbts - ok
    15:14:42.0562 3800 FSFW (b7feb06217a421ffd9eee6604e60f903) C:\WINDOWS\system32\drivers\fsdfw.sys
    15:14:42.0578 3800 FSFW - ok
    15:14:42.0640 3800 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    15:14:42.0640 3800 Fs_Rec - ok
    15:14:42.0703 3800 FTDIBUS (8142d5d886829b9876cb93af59475c09) C:\WINDOWS\system32\drivers\ftdibus.sys
    15:14:42.0703 3800 FTDIBUS - ok
    15:14:42.0765 3800 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    15:14:42.0765 3800 Ftdisk - ok
    15:14:42.0812 3800 FTSER2K (63d72a4cf9f163b59db0ceed940a7d76) C:\WINDOWS\system32\drivers\ftser2k.sys
    15:14:42.0828 3800 FTSER2K - ok
    15:14:42.0859 3800 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    15:14:42.0859 3800 GEARAspiWDM - ok
    15:14:42.0906 3800 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    15:14:42.0906 3800 Gpc - ok
    15:14:42.0953 3800 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    15:14:42.0953 3800 HDAudBus - ok
    15:14:43.0000 3800 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    15:14:43.0000 3800 HidUsb - ok
    15:14:43.0234 3800 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    15:14:43.0250 3800 hpn - ok
    15:14:43.0328 3800 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
    15:14:43.0484 3800 HSF_DPV - ok
    15:14:43.0625 3800 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
    15:14:43.0640 3800 HSXHWAZL - ok
    15:14:43.0687 3800 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    15:14:43.0687 3800 HTTP - ok
    15:14:43.0734 3800 hwdatacard (2310ca92d37d97c9231adf1796b47b9d) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
    15:14:43.0750 3800 hwdatacard - ok
    15:14:43.0781 3800 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    15:14:43.0781 3800 i2omgmt - ok
    15:14:43.0812 3800 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    15:14:43.0812 3800 i2omp - ok
    15:14:43.0828 3800 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    15:14:43.0828 3800 i8042prt - ok
    15:14:43.0890 3800 ICM10USB (dc6cd5bbfa5e89824783b4140a6d4abe) C:\WINDOWS\system32\Drivers\ICM10USB.sys
    15:14:43.0906 3800 ICM10USB - ok
    15:14:43.0937 3800 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    15:14:43.0937 3800 Imapi - ok
    15:14:43.0984 3800 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    15:14:43.0984 3800 ini910u - ok
    15:14:44.0015 3800 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    15:14:44.0015 3800 IntelIde - ok
    15:14:44.0062 3800 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    15:14:44.0062 3800 intelppm - ok
    15:14:44.0109 3800 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    15:14:44.0109 3800 Ip6Fw - ok
    15:14:44.0140 3800 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    15:14:44.0140 3800 IpFilterDriver - ok
    15:14:44.0203 3800 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    15:14:44.0203 3800 IpInIp - ok
    15:14:44.0250 3800 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    15:14:44.0250 3800 IpNat - ok
    15:14:44.0312 3800 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    15:14:44.0312 3800 IPSec - ok
    15:14:44.0343 3800 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    15:14:44.0343 3800 IRENUM - ok
    15:14:44.0375 3800 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    15:14:44.0375 3800 isapnp - ok
    15:14:44.0390 3800 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    15:14:44.0390 3800 Kbdclass - ok
    15:14:44.0421 3800 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    15:14:44.0421 3800 kbdhid - ok
    15:14:44.0453 3800 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    15:14:44.0453 3800 kmixer - ok
    15:14:44.0500 3800 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    15:14:44.0500 3800 KSecDD - ok
    15:14:44.0515 3800 lbrtfdc - ok
    15:14:44.0593 3800 LHidKE (452ecfc32a4b5d9a761e113f149e1b9e) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
    15:14:44.0593 3800 LHidKE - ok
    15:14:44.0625 3800 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
    15:14:44.0640 3800 lirsgt - ok
    15:14:44.0656 3800 LMouKE (95871e8c4aecfed95f884d2d10b8bcfb) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
    15:14:44.0656 3800 LMouKE - ok
    15:14:44.0734 3800 LVRS (e52f5a2cadcf08d07f559962f807a0a2) C:\WINDOWS\system32\DRIVERS\lvrs.sys
    15:14:44.0750 3800 LVRS - ok
    15:14:45.0062 3800 LVUVC (c3d02260beb2b48dea1efdfca91e4b69) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
    15:14:45.0328 3800 LVUVC - ok
    15:14:45.0390 3800 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    15:14:45.0406 3800 mdmxsdk - ok
    15:14:45.0437 3800 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    15:14:45.0437 3800 mnmdd - ok
    15:14:45.0484 3800 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    15:14:45.0484 3800 Modem - ok
    15:14:45.0500 3800 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    15:14:45.0500 3800 Mouclass - ok
    15:14:45.0531 3800 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    15:14:45.0531 3800 mouhid - ok
    15:14:45.0562 3800 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    15:14:45.0562 3800 MountMgr - ok
    15:14:45.0593 3800 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
    15:14:45.0593 3800 MPE - ok
    15:14:45.0625 3800 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    15:14:45.0625 3800 mraid35x - ok
    15:14:45.0671 3800 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    15:14:45.0671 3800 MRxDAV - ok
    15:14:45.0734 3800 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    15:14:45.0750 3800 MRxSmb - ok
    15:14:45.0781 3800 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    15:14:45.0781 3800 Msfs - ok
    15:14:45.0828 3800 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    15:14:45.0828 3800 MSKSSRV - ok
    15:14:45.0843 3800 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    15:14:45.0843 3800 MSPCLOCK - ok
    15:14:45.0859 3800 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    15:14:45.0859 3800 MSPQM - ok
    15:14:45.0921 3800 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    15:14:45.0921 3800 mssmbios - ok
    15:14:45.0953 3800 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    15:14:45.0953 3800 MSTEE - ok
    15:14:46.0015 3800 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    15:14:46.0031 3800 Mup - ok
    15:14:46.0046 3800 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    15:14:46.0046 3800 NABTSFEC - ok
    15:14:46.0093 3800 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    15:14:46.0093 3800 NDIS - ok
    15:14:46.0125 3800 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    15:14:46.0125 3800 NdisIP - ok
    15:14:46.0171 3800 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    15:14:46.0171 3800 NdisTapi - ok
    15:14:46.0203 3800 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    15:14:46.0203 3800 Ndisuio - ok
    15:14:46.0234 3800 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    15:14:46.0234 3800 NdisWan - ok
    15:14:46.0281 3800 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    15:14:46.0281 3800 NDProxy - ok
    15:14:46.0312 3800 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    15:14:46.0328 3800 NetBIOS - ok
    15:14:46.0359 3800 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    15:14:46.0359 3800 NetBT - ok
    15:14:46.0406 3800 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    15:14:46.0421 3800 NIC1394 - ok
    15:14:46.0437 3800 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    15:14:46.0437 3800 Npfs - ok
    15:14:46.0484 3800 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    15:14:46.0484 3800 Ntfs - ok
    15:14:46.0531 3800 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
    15:14:46.0531 3800 NuidFltr - ok
    15:14:46.0562 3800 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    15:14:46.0562 3800 Null - ok
    15:14:46.0859 3800 nv (0390b9368ea20dfb9e416a520b28a555) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    15:14:47.0109 3800 nv - ok
    15:14:47.0296 3800 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    15:14:47.0296 3800 NwlnkFlt - ok
    15:14:47.0359 3800 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    15:14:47.0359 3800 NwlnkFwd - ok
    15:14:47.0406 3800 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    15:14:47.0421 3800 ohci1394 - ok
    15:14:47.0453 3800 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    15:14:47.0453 3800 Parport - ok
    15:14:47.0484 3800 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    15:14:47.0484 3800 PartMgr - ok
    15:14:47.0515 3800 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    15:14:47.0515 3800 ParVdm - ok
    15:14:47.0578 3800 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
    15:14:47.0578 3800 pccsmcfd - ok
    15:14:47.0625 3800 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    15:14:47.0625 3800 PCI - ok
    15:14:47.0640 3800 PCIDump - ok
    15:14:47.0718 3800 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    15:14:47.0718 3800 PCIIde - ok
    15:14:47.0765 3800 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    15:14:47.0765 3800 Pcmcia - ok
    15:14:47.0781 3800 PDCOMP - ok
    15:14:47.0796 3800 PDFRAME - ok
    15:14:47.0812 3800 PDRELI - ok
    15:14:47.0828 3800 PDRFRAME - ok
    15:14:47.0859 3800 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    15:14:47.0859 3800 perc2 - ok
    15:14:47.0890 3800 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    15:14:47.0890 3800 perc2hib - ok
    15:14:47.0953 3800 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    15:14:47.0953 3800 PptpMiniport - ok
    15:14:47.0984 3800 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    15:14:47.0984 3800 PSched - ok
    15:14:48.0015 3800 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    15:14:48.0015 3800 Ptilink - ok
    15:14:48.0062 3800 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    15:14:48.0062 3800 PxHelp20 - ok
    15:14:48.0093 3800 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    15:14:48.0109 3800 ql1080 - ok
    15:14:48.0125 3800 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    15:14:48.0125 3800 Ql10wnt - ok
    15:14:48.0156 3800 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    15:14:48.0156 3800 ql12160 - ok
    15:14:48.0187 3800 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    15:14:48.0187 3800 ql1240 - ok
    15:14:48.0234 3800 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    15:14:48.0234 3800 ql1280 - ok
    15:14:48.0265 3800 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    15:14:48.0265 3800 RasAcd - ok
    15:14:48.0312 3800 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    15:14:48.0312 3800 Rasl2tp - ok
    15:14:48.0343 3800 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    15:14:48.0343 3800 RasPppoe - ok
    15:14:48.0359 3800 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    15:14:48.0359 3800 Raspti - ok
    15:14:48.0390 3800 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    15:14:48.0390 3800 Rdbss - ok
    15:14:48.0421 3800 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    15:14:48.0421 3800 RDPCDD - ok
    15:14:48.0484 3800 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    15:14:48.0484 3800 rdpdr - ok
    15:14:48.0640 3800 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    15:14:48.0640 3800 RDPWD - ok
    15:14:48.0687 3800 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    15:14:48.0687 3800 redbook - ok
    15:14:48.0750 3800 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
    15:14:48.0765 3800 rimmptsk - ok
    15:14:48.0781 3800 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
    15:14:48.0796 3800 rimsptsk - ok
    15:14:48.0828 3800 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
    15:14:48.0843 3800 rismxdp - ok
    15:14:48.0875 3800 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    15:14:48.0875 3800 ROOTMODEM - ok
    15:14:48.0953 3800 s24trans (2e4e912ce95f5ef4d4a5079f6ce367fc) C:\WINDOWS\system32\DRIVERS\s24trans.sys
    15:14:48.0953 3800 s24trans - ok
    15:14:49.0015 3800 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
    15:14:49.0015 3800 sdbus - ok
    15:14:49.0046 3800 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    15:14:49.0046 3800 Secdrv - ok
    15:14:49.0109 3800 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    15:14:49.0109 3800 serenum - ok
    15:14:49.0156 3800 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    15:14:49.0156 3800 Serial - ok
    15:14:49.0218 3800 sfdrv01 (9e7dee11fd5a4355941a45f13c0ed59a) C:\WINDOWS\system32\drivers\sfdrv01.sys
    15:14:49.0218 3800 sfdrv01 - ok
    15:14:49.0265 3800 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
    15:14:49.0265 3800 sffdisk - ok
    15:14:49.0281 3800 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
    15:14:49.0281 3800 sffp_sd - ok
    15:14:49.0328 3800 sfhlp02 (ecefb59d2206d281e6d317af0ea0d8bd) C:\WINDOWS\system32\drivers\sfhlp02.sys
    15:14:49.0328 3800 sfhlp02 - ok
    15:14:49.0375 3800 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
    15:14:49.0390 3800 Sfloppy - ok
    15:14:49.0437 3800 sfsync02 (798d918d8f20380008277ce3ce5319d1) C:\WINDOWS\system32\drivers\sfsync02.sys
    15:14:49.0437 3800 sfsync02 - ok
    15:14:49.0484 3800 sfsync04 (05e3038180cd846b0bca0e915163606a) C:\WINDOWS\system32\drivers\sfsync04.sys
    15:14:49.0484 3800 sfsync04 - ok
    15:14:49.0515 3800 Simbad - ok
    15:14:49.0578 3800 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    15:14:49.0593 3800 sisagp - ok
    15:14:49.0640 3800 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    15:14:49.0640 3800 SLIP - ok
    15:14:50.0078 3800 SNP2STD (d5c9643589313db08fd27a30d93e4146) C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
    15:14:50.0453 3800 SNP2STD - ok
    15:14:50.0609 3800 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    15:14:50.0609 3800 Sparrow - ok
    15:14:50.0656 3800 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    15:14:50.0656 3800 splitter - ok
    15:14:50.0734 3800 sptd (e8b705f9abe446aaf7a315ef8b4aea5a) C:\WINDOWS\system32\Drivers\sptd.sys
    15:14:50.0734 3800 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: e8b705f9abe446aaf7a315ef8b4aea5a
    15:14:50.0734 3800 sptd ( LockedFile.Multi.Generic ) - warning
    15:14:50.0734 3800 sptd - detected LockedFile.Multi.Generic (1)
    15:14:50.0765 3800 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    15:14:50.0781 3800 sr - ok
    15:14:50.0843 3800 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    15:14:50.0843 3800 Srv - ok
    15:14:50.0937 3800 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
    15:14:51.0031 3800 STHDA - ok
    15:14:51.0078 3800 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    15:14:51.0078 3800 streamip - ok
    15:14:51.0109 3800 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    15:14:51.0125 3800 swenum - ok
    15:14:51.0140 3800 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    15:14:51.0140 3800 swmidi - ok
    15:14:51.0171 3800 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    15:14:51.0187 3800 symc810 - ok
    15:14:51.0218 3800 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    15:14:51.0218 3800 symc8xx - ok
    15:14:51.0250 3800 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    15:14:51.0265 3800 sym_hi - ok
    15:14:51.0296 3800 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    15:14:51.0296 3800 sym_u3 - ok
    15:14:51.0359 3800 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    15:14:51.0406 3800 SynTP - ok
    15:14:51.0468 3800 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    15:14:51.0468 3800 sysaudio - ok
    15:14:51.0531 3800 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    15:14:51.0531 3800 Tcpip - ok
    15:14:51.0578 3800 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    15:14:51.0578 3800 TDPIPE - ok
    15:14:51.0593 3800 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    15:14:51.0593 3800 TDTCP - ok
    15:14:51.0640 3800 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    15:14:51.0640 3800 TermDD - ok
    15:14:51.0687 3800 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
    15:14:51.0687 3800 toshidpt - ok
    15:14:51.0718 3800 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    15:14:51.0718 3800 TosIde - ok
    15:14:51.0750 3800 tosporte (0470bf2d5f49ff98464ac2c838e6a080) C:\WINDOWS\system32\DRIVERS\tosporte.sys
    15:14:51.0750 3800 tosporte - ok
    15:14:51.0781 3800 Tosrfbd (077869082a635e8ff2c205dc95c78775) C:\WINDOWS\system32\Drivers\tosrfbd.sys
    15:14:51.0796 3800 Tosrfbd - ok
    15:14:51.0812 3800 Tosrfbnp (613e09572f4c5b92ca6be8bdc4cc5b7d) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
    15:14:51.0828 3800 Tosrfbnp - ok
    15:14:51.0859 3800 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
    15:14:51.0859 3800 Tosrfcom - ok
    15:14:51.0890 3800 Tosrfhid (f4e4795528d17ff8d1d6d98ebbb92655) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
    15:14:51.0906 3800 Tosrfhid - ok
    15:14:51.0937 3800 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
    15:14:51.0953 3800 tosrfnds - ok
    15:14:51.0984 3800 TosRfSnd (b5518adb2b0029ff95d22e8e7336f49f) C:\WINDOWS\system32\drivers\TosRfSnd.sys
    15:14:51.0984 3800 TosRfSnd - ok
    15:14:52.0015 3800 Tosrfusb (ac2123e788230c712d0919ed0fec9ddd) C:\WINDOWS\system32\Drivers\tosrfusb.sys
    15:14:52.0031 3800 Tosrfusb - ok
    15:14:52.0078 3800 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    15:14:52.0078 3800 Udfs - ok
    15:14:52.0265 3800 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    15:14:52.0265 3800 ultra - ok
    15:14:52.0312 3800 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    15:14:52.0312 3800 Update - ok
    15:14:52.0328 3800 upperdev - ok
    15:14:52.0390 3800 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
    15:14:52.0390 3800 USBAAPL - ok
    15:14:52.0437 3800 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    15:14:52.0437 3800 usbaudio - ok
    15:14:52.0484 3800 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    15:14:52.0484 3800 usbccgp - ok
    15:14:52.0515 3800 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys
    15:14:52.0531 3800 USBCCID - ok
    15:14:52.0562 3800 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    15:14:52.0562 3800 usbehci - ok
    15:14:52.0593 3800 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    15:14:52.0593 3800 usbhub - ok
    15:14:52.0625 3800 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    15:14:52.0625 3800 usbprint - ok
    15:14:52.0640 3800 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    15:14:52.0640 3800 usbscan - ok
    15:14:52.0656 3800 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    15:14:52.0656 3800 USBSTOR - ok
    15:14:52.0671 3800 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    15:14:52.0671 3800 usbuhci - ok
    15:14:52.0734 3800 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    15:14:52.0734 3800 usbvideo - ok
    15:14:52.0781 3800 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    15:14:52.0781 3800 VgaSave - ok
    15:14:52.0812 3800 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    15:14:52.0812 3800 viaagp - ok
    15:14:52.0859 3800 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    15:14:52.0859 3800 ViaIde - ok
    15:14:52.0890 3800 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    15:14:52.0890 3800 VolSnap - ok
    15:14:52.0984 3800 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
    15:14:53.0031 3800 w39n51 - ok
    15:14:53.0062 3800 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    15:14:53.0062 3800 Wanarp - ok
    15:14:53.0140 3800 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    15:14:53.0156 3800 Wdf01000 - ok
    15:14:53.0171 3800 WDICA - ok
    15:14:53.0203 3800 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    15:14:53.0203 3800 wdmaud - ok
    15:14:53.0281 3800 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
    15:14:53.0375 3800 winachsf - ok
    15:14:53.0515 3800 WmBEnum (bc3ecbcb40147bdae3ad2fd0b4b346d8) C:\WINDOWS\system32\drivers\WmBEnum.sys
    15:14:53.0531 3800 WmBEnum - ok
    15:14:53.0562 3800 WmFilter (19f9881d8b3484fedb605d0216876898) C:\WINDOWS\system32\drivers\WmFilter.sys
    15:14:53.0562 3800 WmFilter - ok
    15:14:53.0625 3800 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    15:14:53.0625 3800 WmiAcpi - ok
    15:14:53.0656 3800 WmVirHid (7a51545a6409a25eedbdbd97d019e8cc) C:\WINDOWS\system32\drivers\WmVirHid.sys
    15:14:53.0671 3800 WmVirHid - ok
    15:14:53.0703 3800 WmXlCore (1f083b3bc73017e60c3ca85cf4a70753) C:\WINDOWS\system32\drivers\WmXlCore.sys
    15:14:53.0703 3800 WmXlCore - ok
    15:14:53.0765 3800 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    15:14:53.0765 3800 WS2IFSL - ok
    15:14:53.0812 3800 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    15:14:53.0828 3800 WSTCODEC - ok
    15:14:53.0875 3800 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    15:14:53.0875 3800 WudfPf - ok
    15:14:53.0906 3800 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    15:14:53.0906 3800 WudfRd - ok
    15:14:53.0968 3800 MBR (0x1B8) (e4a73531e6fb4e8b44e27271e3540da0) \Device\Harddisk0\DR0
    15:14:53.0968 3800 \Device\Harddisk0\DR0 - ok
    15:14:53.0984 3800 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR5
    15:14:53.0984 3800 \Device\Harddisk1\DR5 - ok
    15:14:54.0031 3800 Boot (0x1200) (78802794cacaf1ffb62a181124030333) \Device\Harddisk0\DR0\Partition0
    15:14:54.0031 3800 \Device\Harddisk0\DR0\Partition0 - ok
    15:14:54.0031 3800 Boot (0x1200) (ae3bfae42852f7f7315f31bc6190226d) \Device\Harddisk1\DR5\Partition0
    15:14:54.0031 3800 \Device\Harddisk1\DR5\Partition0 - ok
    15:14:54.0031 3800 ============================================================
    15:14:54.0031 3800 Scan finished
    15:14:54.0031 3800 ============================================================
    15:14:54.0046 3900 Detected object count: 1
    15:14:54.0046 3900 Actual detected object count: 1
    15:15:10.0015 3900 sptd ( LockedFile.Multi.Generic ) - skipped by user
    15:15:10.0015 3900 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
    15:15:50.0828 3300 Deinitialize success
  8. 2012-03-16, 16:43 #18
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Ok, that log looks good. Any symptoms with the system left?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  9. 2012-03-19, 19:51 #19
    ibuddie
    ibuddie is offline
    Junior Member
    Join Date
    Mar 2012
    Posts
    11

    Default

    Hi,

    I ran all the scans and they found nothing on the computer. Sound and internet work also perfectly.

    I donīt know what you did but thank you very much Blade for taking time to help me.

    Next time I have a problem i certainly know where to ask immediately for help!


  10. 2012-03-19, 20:23 #20
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    You're welcome

    It's time to secure your system to prevent against further intrusions.


    THESE STEPS ARE VERY IMPORTANT

    Let's reset system restore
    Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

    1. Turn off System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    2. Reboot.

    3. Turn ON System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    UN-Check *Turn off System Restore*.
    Click Apply, and then click OK.
    NOTE: only do this ONCE,NOT on a regular basis


    Now lets uninstall ComboFix:
    • Click START then RUN
    • Now copy-paste Combofix /uninstall in the runbox and click OK



    UPDATING WINDOWS AND INTERNET EXPLORER

    IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

    If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


    Make your Internet Explorer more secure

    This can be done by following these simple instructions:
    From within Internet Explorer click on the Tools menu and then click on Options.
    Click once on the Security tab
    Click once on the Internet icon so it becomes highlighted.
    Click once on the Custom Level button.
    Change the Download signed ActiveX controls to Prompt
    Change the Download unsigned ActiveX controls to Disable
    Change the Initialize and script ActiveX controls not marked as safe to Disable
    Change the Installation of desktop items to Prompt
    Change the Launching programs and files in an IFRAME to Prompt
    Change the Navigate sub-frames across different domains to Prompt
    When all these settings have been made, click on the OK button.
    If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.



    Download and run Secunia Personal Software Inspector (PSI) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.


    Just a final reminder for you. I am trying to stress these two points.
    UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
    Make sure all of your security programs are up to date.
    Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


    Once again, please post and tell me how things are going with your system... problems etc.

    Have a great day,
    Blade
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules