PDA

View Full Version : dds cannot even finish running......


usedsoul
2011-10-23, 21:45
Hello,

So my pc contracted an STD yesterday that is becoming quite an issue for me.

I get a pop up internet add every 5 mins or so. (now I am assuming if it pops up by itself it can pretty much do anything to me)

Anyhow, Microsoft Secuirty Esseinatls, spybot, and SUPERAnti Spyware all think my PC is fine. RemoveIT Pro found over 40 issue but I am hesitant to clean what it found (seemly at random its saying tons of dlls and exes are infected on my pc).

I tried running DDS like the forum asks me to.....(see pic attached) it freezes here, waited for a few hours no activity.

The only thing I have found are new startup reg:
Yes HKCU:Run system_boot_qCE1YsfkoMCjIlzJ3r5l6UQgh8Y6apDM C:\Windows\system32\mshta

Yes HKCU:Run 9almRG3cs5L3Cmyus7bbb9cd53479438aefa18aca351c7f97 C:\Users\[username edited out]\Vgt

I went and looked for:C:\Users\[username edited out]\Vgt it cannot be found. When the pop up comes up I see VGT.exe in my task manger. But a search in my C drive cannot find a vgt.exe.

I am currently backing up all docs.....I would prefer not to have to reinstall.

Let me know what you think.

Thanks in advance.
usedsoul
2011-10-23, 21:48
Do not click on those hyper links they are part of the virus start up regs.

I would edit out the hyper links...but I honestly cannot find an edit post button....

Sorry for the double post.

Edit-tashi

FYI :)

Can I edit my own posts?


In the Malware Removal Forum, members may not edit their posts.
In the Spybot-S&D forum and others, there is a 15 minute time frame to edit one's post. It lessens the chance of an answer referring to things the original poster has deleted.
jeffce
2011-10-23, 22:00
Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

The fixes are specific to your problem and should only be used for the issues on this machine.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Having said that....Let's get going!! :thumbup:
----------

Print out these instructions as we may need to close every window that is open later in the fix.


It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Do not reboot your computer after running rkill as the malware programs will start again.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)


Do not reboot your computer after running rkill as the malware programs will start again.
---------

Attempt to run DDS again and post both of the logs that are created.
:)
----------

GMER

Download GMER Rootkit Scanner from here (http://www.gmer.net/gmer.zip) or here (http://www.majorgeeks.com/download.php?det=5198).

Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg)
Click the image to enlarge it

In the right panel, you will see several boxes that have been checked. Uncheck the following ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop, and attach it in your reply.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.
----------

In your next reply please post the logs created by DDS and GMER.
usedsoul
2011-10-23, 22:52
rkill.exe worked fine. It was a little tricky but after a few tried I got DDS to run (that vgt process likes to start up every so many minutes..which seemed to hammer DDS and make it freeze).

I cannot get gmer to run at all. I run the killer and what not but gmer does not seem to work. Double click exe, I see the process start in task manger but no install..nothing, restarted, ran rkill same result.


DDS gives me 2 files, attaching both

any thoughts on how to get gmer to install?
jeffce
2011-10-23, 23:34
Hi,

Try to run GMER in Safe Mode. Use whatever method you use to get into Safe Mode or use the following instructions. :)

Reboot Your System in Safe Mode

How to use the F8 method to Start Your Computer in Safe Mode
Restart the computer.
As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
Use the arrow keys to select the Safe mode with Networking menu item
Press Enter.
----------

In your next reply please post the GMER log or let me know if you still have problems with it. :)
usedsoul
2011-10-23, 23:59
>< so started in safe mode, the program start -- scan started -- windows said program ending and its unresponsive -- started again....blue screen of death....... I have not tried since. Should I keep trying running it?
jeffce
2011-10-24, 03:28
Hi usedsoul,

Lets try this instead...you can run it in Normal Mode or Safe Mode. :)

Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe ) to your desktop.

Double click the aswMBR icon to run it.
Click the Scan button to start scan.
When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

http://i1190.photobucket.com/albums/z454/Blottedisk/aswMBRscan-1.png (http://i1190.photobucket.com/albums/z454/Blottedisk/aswMBRscan.png )
Click the image to enlarge it
----------
usedsoul
2011-10-24, 04:46
Worked =)
jeffce
2011-10-24, 13:33
Hi usedsoul,

Great job getting those logs. In your future posts could you just copy/paste the logs into your replies instead of attaching them please? It helps me to read them more easily. Thanks. :)
----------

Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)

Extract it to your desktop
Right-click and Run as Administrator TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------

Download Combofix from either of the links below, and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts. When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.

In your next reply please post the logs created by TDSSKiller and ComboFix. :)
usedsoul
2011-10-25, 07:06
Combo fix won't run.. :( It just stops working after 2 mins when its scanning I have left it for hours, it stops using cpu. It also won't load in save mode...

Any thoughts?

TDSS worked. I deleted nothing.

17:49:31.0239 5140 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48
17:49:31.0271 5140 ============================================================
17:49:31.0271 5140 Current date / time: 2011/10/24 17:49:31.0271
17:49:31.0271 5140 SystemInfo:
17:49:31.0271 5140
17:49:31.0271 5140 OS Version: 6.1.7601 ServicePack: 1.0
17:49:31.0271 5140 Product type: Workstation
17:49:31.0271 5140 ComputerName: USEDSOUL-PC
17:49:31.0271 5140 UserName: USedSoul
17:49:31.0271 5140 Windows directory: C:\Windows
17:49:31.0271 5140 System windows directory: C:\Windows
17:49:31.0271 5140 Processor architecture: Intel x86
17:49:31.0271 5140 Number of processors: 4
17:49:31.0271 5140 Page size: 0x1000
17:49:31.0271 5140 Boot type: Normal boot
17:49:31.0271 5140 ============================================================
17:49:32.0129 5140 Initialize success
17:50:44.0481 4424 ============================================================
17:50:44.0481 4424 Scan started
17:50:44.0481 4424 Mode: Manual;
17:50:44.0481 4424 ============================================================
17:50:46.0338 4424 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
17:50:46.0338 4424 1394ohci - ok
17:50:46.0369 4424 ACEDRV05 (0a1e97197609f92d2425b67da0bb0a7f) C:\Windows\system32\drivers\ACEDRV05.sys
17:50:46.0385 4424 ACEDRV05 - ok
17:50:46.0400 4424 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
17:50:46.0416 4424 ACPI - ok
17:50:46.0431 4424 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
17:50:46.0431 4424 AcpiPmi - ok
17:50:46.0478 4424 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
17:50:46.0478 4424 adp94xx - ok
17:50:46.0541 4424 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
17:50:46.0541 4424 adpahci - ok
17:50:46.0556 4424 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
17:50:46.0556 4424 adpu320 - ok
17:50:46.0619 4424 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
17:50:46.0619 4424 AFD - ok
17:50:46.0650 4424 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
17:50:46.0650 4424 agp440 - ok
17:50:46.0665 4424 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
17:50:46.0665 4424 aic78xx - ok
17:50:46.0697 4424 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
17:50:46.0697 4424 aliide - ok
17:50:46.0712 4424 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
17:50:46.0712 4424 amdagp - ok
17:50:46.0728 4424 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
17:50:46.0728 4424 amdide - ok
17:50:46.0743 4424 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
17:50:46.0743 4424 AmdK8 - ok
17:50:46.0775 4424 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
17:50:46.0775 4424 AmdPPM - ok
17:50:46.0806 4424 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
17:50:46.0806 4424 amdsata - ok
17:50:46.0821 4424 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
17:50:46.0821 4424 amdsbs - ok
17:50:46.0837 4424 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
17:50:46.0837 4424 amdxata - ok
17:50:46.0868 4424 AnyDVD (dd786eccce7a58cac8171cbdb1415d7c) C:\Windows\system32\Drivers\AnyDVD.sys
17:50:46.0868 4424 AnyDVD - ok
17:50:46.0915 4424 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
17:50:46.0915 4424 AppID - ok
17:50:46.0946 4424 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
17:50:46.0946 4424 arc - ok
17:50:46.0962 4424 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
17:50:46.0962 4424 arcsas - ok
17:50:47.0009 4424 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
17:50:47.0009 4424 AsyncMac - ok
17:50:47.0024 4424 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
17:50:47.0024 4424 atapi - ok
17:50:47.0087 4424 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
17:50:47.0087 4424 atksgt - ok
17:50:47.0133 4424 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
17:50:47.0133 4424 b06bdrv - ok
17:50:47.0149 4424 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
17:50:47.0165 4424 b57nd60x - ok
17:50:47.0180 4424 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
17:50:47.0180 4424 Beep - ok
17:50:47.0211 4424 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
17:50:47.0211 4424 blbdrive - ok
17:50:47.0243 4424 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
17:50:47.0243 4424 bowser - ok
17:50:47.0258 4424 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:50:47.0258 4424 BrFiltLo - ok
17:50:47.0274 4424 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:50:47.0274 4424 BrFiltUp - ok
17:50:47.0305 4424 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
17:50:47.0321 4424 Brserid - ok
17:50:47.0336 4424 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
17:50:47.0336 4424 BrSerWdm - ok
17:50:47.0352 4424 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:50:47.0352 4424 BrUsbMdm - ok
17:50:47.0367 4424 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
17:50:47.0367 4424 BrUsbSer - ok
17:50:47.0383 4424 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
17:50:47.0383 4424 BTHMODEM - ok
17:50:47.0414 4424 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
17:50:47.0414 4424 cdfs - ok
17:50:47.0430 4424 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
17:50:47.0430 4424 cdrom - ok
17:50:47.0445 4424 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
17:50:47.0445 4424 circlass - ok
17:50:47.0477 4424 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
17:50:47.0477 4424 CLFS - ok
17:50:47.0508 4424 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
17:50:47.0508 4424 CmBatt - ok
17:50:47.0523 4424 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
17:50:47.0523 4424 cmdide - ok
17:50:47.0555 4424 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
17:50:47.0555 4424 CNG - ok
17:50:47.0586 4424 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
17:50:47.0586 4424 Compbatt - ok
17:50:47.0633 4424 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
17:50:47.0633 4424 CompositeBus - ok
17:50:47.0648 4424 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
17:50:47.0648 4424 crcdisk - ok
17:50:47.0711 4424 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
17:50:47.0711 4424 CSC - ok
17:50:47.0742 4424 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
17:50:47.0742 4424 DfsC - ok
17:50:47.0757 4424 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
17:50:47.0757 4424 discache - ok
17:50:47.0773 4424 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
17:50:47.0773 4424 Disk - ok
17:50:47.0820 4424 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
17:50:47.0820 4424 drmkaud - ok
17:50:47.0867 4424 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
17:50:47.0867 4424 DXGKrnl - ok
17:50:47.0913 4424 EagleNT - ok
17:50:47.0945 4424 EagleXNt - ok
17:50:48.0038 4424 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
17:50:48.0085 4424 ebdrv - ok
17:50:48.0132 4424 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
17:50:48.0132 4424 ElbyCDIO - ok
17:50:48.0163 4424 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
17:50:48.0163 4424 elxstor - ok
17:50:48.0210 4424 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
17:50:48.0210 4424 ErrDev - ok
17:50:48.0241 4424 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
17:50:48.0241 4424 exfat - ok
17:50:48.0257 4424 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
17:50:48.0257 4424 fastfat - ok
17:50:48.0288 4424 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
17:50:48.0288 4424 fdc - ok
17:50:48.0303 4424 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
17:50:48.0303 4424 FileInfo - ok
17:50:48.0335 4424 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
17:50:48.0335 4424 Filetrace - ok
17:50:48.0350 4424 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
17:50:48.0350 4424 flpydisk - ok
17:50:48.0366 4424 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
17:50:48.0366 4424 FltMgr - ok
17:50:48.0397 4424 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
17:50:48.0397 4424 FsDepends - ok
17:50:48.0413 4424 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
17:50:48.0413 4424 Fs_Rec - ok
17:50:48.0444 4424 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
17:50:48.0444 4424 fvevol - ok
17:50:48.0459 4424 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:50:48.0459 4424 gagp30kx - ok
17:50:48.0522 4424 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
17:50:48.0522 4424 hamachi - ok
17:50:48.0537 4424 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
17:50:48.0537 4424 hcw85cir - ok
17:50:48.0584 4424 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
17:50:48.0584 4424 HdAudAddService - ok
17:50:48.0615 4424 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
17:50:48.0615 4424 HDAudBus - ok
17:50:48.0615 4424 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
17:50:48.0631 4424 HidBatt - ok
17:50:48.0647 4424 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
17:50:48.0647 4424 HidBth - ok
17:50:48.0662 4424 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
17:50:48.0678 4424 HidIr - ok
17:50:48.0709 4424 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
17:50:48.0709 4424 HidUsb - ok
17:50:48.0740 4424 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
17:50:48.0740 4424 HpSAMD - ok
17:50:48.0771 4424 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
17:50:48.0771 4424 HTTP - ok
17:50:48.0803 4424 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
17:50:48.0803 4424 hwpolicy - ok
17:50:48.0834 4424 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
17:50:48.0834 4424 i8042prt - ok
17:50:48.0865 4424 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
17:50:48.0881 4424 iaStorV - ok
17:50:48.0896 4424 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
17:50:48.0896 4424 iirsp - ok
17:50:48.0927 4424 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
17:50:48.0927 4424 intelide - ok
17:50:48.0943 4424 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
17:50:48.0943 4424 intelppm - ok
17:50:48.0974 4424 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:50:48.0974 4424 IpFilterDriver - ok
17:50:49.0005 4424 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
17:50:49.0005 4424 IPMIDRV - ok
17:50:49.0037 4424 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
17:50:49.0037 4424 IPNAT - ok
17:50:49.0068 4424 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
17:50:49.0068 4424 IRENUM - ok
17:50:49.0083 4424 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
17:50:49.0083 4424 isapnp - ok
17:50:49.0099 4424 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
17:50:49.0115 4424 iScsiPrt - ok
17:50:49.0161 4424 JakNDis (fcfe5f566e01264643a3175beb4c8280) C:\Windows\system32\DRIVERS\JakNDis.sys
17:50:49.0161 4424 JakNDis - ok
17:50:49.0177 4424 JakNDisMP (fcfe5f566e01264643a3175beb4c8280) C:\Windows\system32\DRIVERS\JakNDis.sys
17:50:49.0177 4424 JakNDisMP - ok
17:50:49.0224 4424 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:50:49.0224 4424 kbdclass - ok
17:50:49.0239 4424 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
17:50:49.0239 4424 kbdhid - ok
17:50:49.0271 4424 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
17:50:49.0271 4424 KSecDD - ok
17:50:49.0302 4424 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
17:50:49.0302 4424 KSecPkg - ok
17:50:49.0364 4424 LGBusEnum (170e7093a77ad586f3a012a3db651d94) C:\Windows\system32\drivers\LGBusEnum.sys
17:50:49.0364 4424 LGBusEnum - ok
17:50:49.0380 4424 LGVirHid (d2dd04d1c8df65eecd1f2c7fb947d43e) C:\Windows\system32\drivers\LGVirHid.sys
17:50:49.0380 4424 LGVirHid - ok
17:50:49.0411 4424 LHidFilt (b68309f25c5787385da842eb5b496958) C:\Windows\system32\DRIVERS\LHidFilt.Sys
17:50:49.0411 4424 LHidFilt - ok
17:50:49.0442 4424 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
17:50:49.0442 4424 lirsgt - ok
17:50:49.0489 4424 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
17:50:49.0489 4424 lltdio - ok
17:50:49.0505 4424 LMouFilt (63d3b1d3cd267fcc186a0146b80d453b) C:\Windows\system32\DRIVERS\LMouFilt.Sys
17:50:49.0505 4424 LMouFilt - ok
17:50:49.0536 4424 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:50:49.0536 4424 LSI_FC - ok
17:50:49.0551 4424 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:50:49.0567 4424 LSI_SAS - ok
17:50:49.0567 4424 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:50:49.0567 4424 LSI_SAS2 - ok
17:50:49.0583 4424 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:50:49.0583 4424 LSI_SCSI - ok
17:50:49.0614 4424 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
17:50:49.0614 4424 luafv - ok
17:50:49.0661 4424 LUsbFilt (0c62957912d4df1e4ba9795e6be3ed38) C:\Windows\system32\Drivers\LUsbFilt.Sys
17:50:49.0661 4424 LUsbFilt - ok
17:50:49.0707 4424 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
17:50:49.0707 4424 LVPr2Mon - ok
17:50:49.0739 4424 LVRS (a1857fbb9b4930eeb2fd92386c45c529) C:\Windows\system32\DRIVERS\lvrs.sys
17:50:49.0754 4424 LVRS - ok
17:50:49.0879 4424 LVUVC (3703406af0726badd24c5e552493e5b1) C:\Windows\system32\DRIVERS\lvuvc.sys
17:50:49.0957 4424 LVUVC - ok
17:50:49.0988 4424 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
17:50:49.0988 4424 megasas - ok
17:50:50.0004 4424 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
17:50:50.0004 4424 MegaSR - ok
17:50:50.0019 4424 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
17:50:50.0019 4424 Modem - ok
17:50:50.0051 4424 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
17:50:50.0051 4424 monitor - ok
17:50:50.0066 4424 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
17:50:50.0066 4424 mouclass - ok
17:50:50.0082 4424 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
17:50:50.0097 4424 mouhid - ok
17:50:50.0113 4424 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
17:50:50.0113 4424 mountmgr - ok
17:50:50.0160 4424 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
17:50:50.0175 4424 MpFilter - ok
17:50:50.0207 4424 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
17:50:50.0207 4424 mpio - ok
17:50:50.0253 4424 MpKsl01313d3c - ok
17:50:50.0269 4424 MpKsl09d26f48 - ok
17:50:50.0285 4424 MpKsl0b4de932 - ok
17:50:50.0300 4424 MpKsl15b90dc7 - ok
17:50:50.0316 4424 MpKsl16ae123d - ok
17:50:50.0316 4424 MpKsl170b3eb7 - ok
17:50:50.0331 4424 MpKsl18f0aad8 - ok
17:50:50.0347 4424 MpKsl1d764559 - ok
17:50:50.0363 4424 MpKsl1e3c3790 - ok
17:50:50.0363 4424 MpKsl1f7df474 - ok
17:50:50.0378 4424 MpKsl1f9c04fd - ok
17:50:50.0378 4424 MpKsl20951de3 - ok
17:50:50.0394 4424 MpKsl28d6abfe - ok
17:50:50.0394 4424 MpKsl29db4815 - ok
17:50:50.0394 4424 MpKsl2d719635 - ok
17:50:50.0409 4424 MpKsl311cc557 - ok
17:50:50.0425 4424 MpKsl3306b272 - ok
17:50:50.0425 4424 MpKsl33507a7c - ok
17:50:50.0441 4424 MpKsl338e950f - ok
17:50:50.0456 4424 MpKsl3607805e - ok
17:50:50.0456 4424 MpKsl3906402d - ok
17:50:50.0472 4424 MpKsl3b9208e5 - ok
17:50:50.0472 4424 MpKsl403b6c48 - ok
17:50:50.0487 4424 MpKsl4047a9cc - ok
17:50:50.0487 4424 MpKsl43d5105e - ok
17:50:50.0503 4424 MpKsl4bbc0095 - ok
17:50:50.0503 4424 MpKsl4ce87953 - ok
17:50:50.0519 4424 MpKsl4dc13bc6 - ok
17:50:50.0519 4424 MpKsl4f160198 - ok
17:50:50.0534 4424 MpKsl5011453b - ok
17:50:50.0534 4424 MpKsl547bcea0 - ok
17:50:50.0550 4424 MpKsl58d25eb1 - ok
17:50:50.0565 4424 MpKsl59ae0d56 - ok
17:50:50.0565 4424 MpKsl5e65a124 - ok
17:50:50.0565 4424 MpKsl6431775a - ok
17:50:50.0581 4424 MpKsl66068249 - ok
17:50:50.0581 4424 MpKsl6801a865 - ok
17:50:50.0597 4424 MpKsl6be4753c - ok
17:50:50.0597 4424 MpKsl6c881a0f - ok
17:50:50.0612 4424 MpKsl6f0e6a37 - ok
17:50:50.0612 4424 MpKsl6fdeab16 - ok
17:50:50.0628 4424 MpKsl6febfa93 - ok
17:50:50.0628 4424 MpKsl6ff7028a - ok
17:50:50.0675 4424 MpKsl73e80e45 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{12A46FDF-9718-4F1A-AC5A-F4FEAC4376D3}\MpKsl73e80e45.sys
17:50:50.0675 4424 MpKsl73e80e45 - ok
17:50:50.0690 4424 MpKsl7be5809a - ok
17:50:50.0690 4424 MpKsl7e0862fe - ok
17:50:50.0706 4424 MpKsl7e5c397b - ok
17:50:50.0721 4424 MpKsl81a5e791 - ok
17:50:50.0721 4424 MpKsl85881295 - ok
17:50:50.0721 4424 MpKsl890f6c9a - ok
17:50:50.0737 4424 MpKsl8fabca0b - ok
17:50:50.0737 4424 MpKsl91931e2e - ok
17:50:50.0753 4424 MpKsl9256da76 - ok
17:50:50.0753 4424 MpKsl927df446 - ok
17:50:50.0768 4424 MpKsl945d8918 - ok
17:50:50.0768 4424 MpKsl95a181ea - ok
17:50:50.0784 4424 MpKsl9dc2ec32 - ok
17:50:50.0784 4424 MpKsl9f8cbe09 - ok
17:50:50.0799 4424 MpKsla057a91f - ok
17:50:50.0799 4424 MpKsla25e6bfd - ok
17:50:50.0799 4424 MpKsla2c82f00 - ok
17:50:50.0815 4424 MpKsla4de4a41 - ok
17:50:50.0815 4424 MpKslafc63a03 - ok
17:50:50.0831 4424 MpKslb45d4cef - ok
17:50:50.0831 4424 MpKslb559f8f0 - ok
17:50:50.0831 4424 MpKslb5e9f58a - ok
17:50:50.0846 4424 MpKslb96b6131 - ok
17:50:50.0846 4424 MpKslbd6ed1c6 - ok
17:50:50.0846 4424 MpKslbee62a8d - ok
17:50:50.0862 4424 MpKslc276fabc - ok
17:50:50.0862 4424 MpKslc699638d - ok
17:50:50.0877 4424 MpKslca34da37 - ok
17:50:50.0877 4424 MpKslcb394413 - ok
17:50:50.0893 4424 MpKslcda2fbf5 - ok
17:50:50.0893 4424 MpKsld4d22004 - ok
17:50:50.0893 4424 MpKsle0f92ccd - ok
17:50:50.0909 4424 MpKsle164ba37 - ok
17:50:50.0909 4424 MpKsle570db3a - ok
17:50:50.0924 4424 MpKsle826cc96 - ok
17:50:50.0924 4424 MpKsleb18184e - ok
17:50:50.0940 4424 MpKslec7a86d6 - ok
17:50:50.0940 4424 MpKslec7e9899 - ok
17:50:50.0955 4424 MpKslf122cf40 - ok
17:50:50.0955 4424 MpKslf1d9998c - ok
17:50:50.0955 4424 MpKslf6ed3a6d - ok
17:50:50.0987 4424 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
17:50:51.0002 4424 MpNWMon - ok
17:50:51.0018 4424 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
17:50:51.0018 4424 mpsdrv - ok
17:50:51.0049 4424 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
17:50:51.0049 4424 MRxDAV - ok
17:50:51.0096 4424 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:50:51.0111 4424 mrxsmb - ok
17:50:51.0143 4424 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:50:51.0143 4424 mrxsmb10 - ok
17:50:51.0174 4424 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:50:51.0174 4424 mrxsmb20 - ok
17:50:51.0189 4424 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
17:50:51.0189 4424 msahci - ok
17:50:51.0221 4424 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
17:50:51.0221 4424 msdsm - ok
17:50:51.0408 4424 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
17:50:51.0408 4424 Msfs - ok
17:50:51.0423 4424 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
17:50:51.0423 4424 mshidkmdf - ok
17:50:51.0455 4424 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
17:50:51.0455 4424 msisadrv - ok
17:50:51.0486 4424 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
17:50:51.0486 4424 MSKSSRV - ok
17:50:51.0501 4424 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
17:50:51.0501 4424 MSPCLOCK - ok
17:50:51.0533 4424 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
17:50:51.0533 4424 MSPQM - ok
17:50:51.0548 4424 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
17:50:51.0548 4424 MsRPC - ok
17:50:51.0579 4424 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
17:50:51.0579 4424 mssmbios - ok
17:50:51.0595 4424 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
17:50:51.0595 4424 MSTEE - ok
17:50:51.0611 4424 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
17:50:51.0611 4424 MTConfig - ok
17:50:51.0642 4424 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
17:50:51.0642 4424 Mup - ok
17:50:51.0673 4424 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
17:50:51.0673 4424 NativeWifiP - ok
17:50:51.0720 4424 ncvet.dll - ok
17:50:51.0767 4424 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
17:50:51.0767 4424 NDIS - ok
17:50:51.0782 4424 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
17:50:51.0782 4424 NdisCap - ok
17:50:51.0813 4424 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
17:50:51.0813 4424 NdisTapi - ok
17:50:51.0845 4424 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
17:50:51.0845 4424 Ndisuio - ok
17:50:51.0876 4424 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
17:50:51.0891 4424 NdisWan - ok
17:50:51.0923 4424 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
17:50:51.0923 4424 NDProxy - ok
17:50:51.0938 4424 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
17:50:51.0938 4424 NetBIOS - ok
17:50:51.0985 4424 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
17:50:51.0985 4424 NetBT - ok
17:50:52.0047 4424 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
17:50:52.0047 4424 nfrd960 - ok
17:50:52.0079 4424 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:50:52.0079 4424 NisDrv - ok
17:50:52.0125 4424 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
17:50:52.0125 4424 Npfs - ok
17:50:52.0157 4424 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
17:50:52.0157 4424 nsiproxy - ok
17:50:52.0219 4424 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
17:50:52.0266 4424 Ntfs - ok
17:50:52.0297 4424 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
17:50:52.0297 4424 Null - ok
17:50:52.0328 4424 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
17:50:52.0328 4424 NVENETFD - ok
17:50:52.0359 4424 NVHDA (0e616537f3e12d4c9fb71181c2f21bd5) C:\Windows\system32\drivers\nvhda32v.sys
17:50:52.0375 4424 NVHDA - ok
17:50:52.0640 4424 nvlddmkm (4152708c0c24e30dae7fa87d5afe1d7b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:50:52.0859 4424 nvlddmkm - ok
17:50:52.0890 4424 NVNET (5bf9c11586f4764446407f509f1beca8) C:\Windows\system32\DRIVERS\nvmf6232.sys
17:50:52.0905 4424 NVNET - ok
17:50:52.0937 4424 nvoclock (96c5900331bd17344f338d006888bae5) C:\Windows\system32\DRIVERS\nvoclock.sys
17:50:52.0937 4424 nvoclock - ok
17:50:52.0983 4424 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
17:50:52.0983 4424 nvraid - ok
17:50:53.0030 4424 nvsmu (f13618f0cb1e95232f4c2401592a59e9) C:\Windows\system32\DRIVERS\nvsmu.sys
17:50:53.0030 4424 nvsmu - ok
17:50:53.0061 4424 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
17:50:53.0061 4424 nvstor - ok
17:50:53.0093 4424 nvstor32 (3ff57a9a657c9690ecbc8b1e3b6e3979) C:\Windows\system32\DRIVERS\nvstor32.sys
17:50:53.0093 4424 nvstor32 - ok
17:50:53.0139 4424 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
17:50:53.0139 4424 nv_agp - ok
17:50:53.0171 4424 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
17:50:53.0171 4424 ohci1394 - ok
17:50:53.0217 4424 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
17:50:53.0217 4424 Parport - ok
17:50:53.0233 4424 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
17:50:53.0233 4424 partmgr - ok
17:50:53.0264 4424 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
17:50:53.0264 4424 Parvdm - ok
17:50:53.0280 4424 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
17:50:53.0280 4424 pci - ok
17:50:53.0295 4424 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
17:50:53.0295 4424 pciide - ok
17:50:53.0327 4424 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
17:50:53.0327 4424 pcmcia - ok
17:50:53.0342 4424 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
17:50:53.0342 4424 pcw - ok
17:50:53.0358 4424 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
17:50:53.0373 4424 PEAUTH - ok
17:50:53.0436 4424 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
17:50:53.0436 4424 PptpMiniport - ok
17:50:53.0451 4424 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
17:50:53.0451 4424 Processor - ok
17:50:53.0498 4424 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
17:50:53.0498 4424 Psched - ok
17:50:53.0545 4424 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
17:50:53.0561 4424 ql2300 - ok
17:50:53.0576 4424 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
17:50:53.0592 4424 ql40xx - ok
17:50:53.0607 4424 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
17:50:53.0607 4424 QWAVEdrv - ok
17:50:53.0623 4424 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
17:50:53.0623 4424 RasAcd - ok
17:50:53.0670 4424 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:50:53.0670 4424 RasAgileVpn - ok
17:50:53.0685 4424 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:50:53.0685 4424 Rasl2tp - ok
17:50:53.0717 4424 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
17:50:53.0717 4424 RasPppoe - ok
17:50:53.0748 4424 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
17:50:53.0748 4424 RasSstp - ok
17:50:53.0795 4424 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
17:50:53.0795 4424 rdbss - ok
17:50:53.0810 4424 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
17:50:53.0810 4424 rdpbus - ok
17:50:53.0841 4424 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:50:53.0857 4424 RDPCDD - ok
17:50:53.0873 4424 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
17:50:53.0888 4424 RDPDR - ok
17:50:53.0904 4424 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
17:50:53.0904 4424 RDPENCDD - ok
17:50:53.0935 4424 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
17:50:53.0935 4424 RDPREFMP - ok
17:50:53.0966 4424 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
17:50:53.0966 4424 RDPWD - ok
17:50:53.0997 4424 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
17:50:53.0997 4424 rdyboost - ok
17:50:54.0029 4424 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
17:50:54.0044 4424 rspndr - ok
17:50:54.0060 4424 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
17:50:54.0060 4424 s3cap - ok
17:50:54.0138 4424 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:50:54.0138 4424 SASDIFSV - ok
17:50:54.0169 4424 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:50:54.0185 4424 SASKUTIL - ok
17:50:54.0216 4424 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
17:50:54.0216 4424 sbp2port - ok
17:50:54.0247 4424 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
17:50:54.0247 4424 scfilter - ok
17:50:54.0278 4424 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:50:54.0278 4424 secdrv - ok
17:50:54.0309 4424 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
17:50:54.0309 4424 Serenum - ok
17:50:54.0325 4424 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
17:50:54.0341 4424 Serial - ok
17:50:54.0356 4424 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
17:50:54.0372 4424 sermouse - ok
17:50:54.0403 4424 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
17:50:54.0403 4424 sffdisk - ok
17:50:54.0419 4424 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
17:50:54.0419 4424 sffp_mmc - ok
17:50:54.0450 4424 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
17:50:54.0450 4424 sffp_sd - ok
17:50:54.0465 4424 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
17:50:54.0465 4424 sfloppy - ok
17:50:54.0497 4424 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
17:50:54.0497 4424 sisagp - ok
17:50:54.0512 4424 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:50:54.0528 4424 SiSRaid2 - ok
17:50:54.0543 4424 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
17:50:54.0543 4424 SiSRaid4 - ok
17:50:54.0559 4424 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
17:50:54.0559 4424 Smb - ok
17:50:54.0590 4424 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
17:50:54.0590 4424 spldr - ok
17:50:54.0653 4424 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
17:50:54.0653 4424 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
17:50:54.0668 4424 sptd ( LockedFile.Multi.Generic ) - warning
17:50:54.0668 4424 sptd - detected LockedFile.Multi.Generic (1)
17:50:54.0699 4424 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
17:50:54.0699 4424 srv - ok
17:50:54.0746 4424 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
17:50:54.0746 4424 srv2 - ok
17:50:54.0777 4424 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
17:50:54.0793 4424 srvnet - ok
17:50:54.0855 4424 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
17:50:54.0855 4424 stexstor - ok
17:50:54.0871 4424 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
17:50:54.0871 4424 storflt - ok
17:50:54.0902 4424 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
17:50:54.0902 4424 storvsc - ok
17:50:54.0933 4424 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
17:50:54.0933 4424 swenum - ok
17:50:54.0996 4424 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys
17:50:55.0011 4424 Tcpip - ok
17:50:55.0043 4424 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys
17:50:55.0058 4424 TCPIP6 - ok
17:50:55.0089 4424 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
17:50:55.0089 4424 tcpipreg - ok
17:50:55.0105 4424 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
17:50:55.0105 4424 TDPIPE - ok
17:50:55.0121 4424 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
17:50:55.0121 4424 TDTCP - ok
17:50:55.0152 4424 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
17:50:55.0152 4424 tdx - ok
17:50:55.0167 4424 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
17:50:55.0183 4424 TermDD - ok
17:50:55.0230 4424 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:50:55.0230 4424 tssecsrv - ok
17:50:55.0292 4424 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
17:50:55.0292 4424 TsUsbFlt - ok
17:50:55.0323 4424 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
17:50:55.0323 4424 tunnel - ok
17:50:55.0339 4424 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
17:50:55.0339 4424 uagp35 - ok
17:50:55.0386 4424 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
17:50:55.0386 4424 udfs - ok
17:50:55.0433 4424 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
17:50:55.0433 4424 uliagpkx - ok
17:50:55.0464 4424 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
17:50:55.0464 4424 umbus - ok
17:50:55.0479 4424 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
17:50:55.0479 4424 UmPass - ok
17:50:55.0526 4424 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
17:50:55.0526 4424 usbaudio - ok
17:50:55.0557 4424 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
17:50:55.0557 4424 usbccgp - ok
17:50:55.0604 4424 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
17:50:55.0604 4424 usbcir - ok
17:50:55.0635 4424 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
17:50:55.0635 4424 usbehci - ok
17:50:55.0667 4424 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
17:50:55.0682 4424 usbhub - ok
17:50:55.0698 4424 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
17:50:55.0713 4424 usbohci - ok
17:50:55.0745 4424 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
17:50:55.0745 4424 usbprint - ok
17:50:55.0776 4424 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
17:50:55.0776 4424 usbscan - ok
17:50:55.0807 4424 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:50:55.0823 4424 USBSTOR - ok
17:50:55.0838 4424 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
17:50:55.0838 4424 usbuhci - ok
17:50:55.0869 4424 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
17:50:55.0869 4424 usbvideo - ok
17:50:55.0901 4424 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
17:50:55.0901 4424 vdrvroot - ok
17:50:55.0916 4424 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
17:50:55.0932 4424 vga - ok
17:50:55.0932 4424 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
17:50:55.0947 4424 VgaSave - ok
17:50:55.0963 4424 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
17:50:55.0963 4424 vhdmp - ok
17:50:55.0994 4424 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
17:50:55.0994 4424 viaagp - ok
17:50:56.0010 4424 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
17:50:56.0010 4424 ViaC7 - ok
17:50:56.0041 4424 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
17:50:56.0041 4424 viaide - ok
17:50:56.0072 4424 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
17:50:56.0072 4424 vmbus - ok
17:50:56.0088 4424 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
17:50:56.0103 4424 VMBusHID - ok
17:50:56.0119 4424 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
17:50:56.0119 4424 volmgr - ok
17:50:56.0135 4424 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
17:50:56.0150 4424 volmgrx - ok
17:50:56.0166 4424 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
17:50:56.0181 4424 volsnap - ok
17:50:56.0213 4424 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
17:50:56.0213 4424 vsmraid - ok
17:50:56.0228 4424 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
17:50:56.0228 4424 vwifibus - ok
17:50:56.0259 4424 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
17:50:56.0259 4424 WacomPen - ok
17:50:56.0291 4424 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:50:56.0291 4424 WANARP - ok
17:50:56.0291 4424 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:50:56.0291 4424 Wanarpv6 - ok
17:50:56.0322 4424 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
17:50:56.0337 4424 Wd - ok
17:50:56.0353 4424 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
17:50:56.0353 4424 Wdf01000 - ok
17:50:56.0400 4424 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
17:50:56.0431 4424 WfpLwf - ok
17:50:56.0447 4424 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
17:50:56.0447 4424 WIMMount - ok
17:50:56.0525 4424 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
17:50:56.0525 4424 WinUsb - ok
17:50:56.0587 4424 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
17:50:56.0587 4424 WmiAcpi - ok
17:50:56.0618 4424 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
17:50:56.0618 4424 ws2ifsl - ok
17:50:56.0665 4424 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
17:50:56.0665 4424 WudfPf - ok
17:50:56.0712 4424 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:50:56.0712 4424 WUDFRd - ok
17:50:56.0759 4424 XDva359 - ok
17:50:56.0774 4424 XDva365 - ok
17:50:56.0790 4424 XDva370 - ok
17:50:56.0805 4424 XDva383 - ok
17:50:56.0821 4424 XDva385 - ok
17:50:56.0852 4424 XDva390 - ok
17:50:56.0899 4424 xnacc (ce0c846127d6abb1e2a22e59682b2527) C:\Windows\system32\DRIVERS\xnacc.sys
17:50:56.0915 4424 xnacc - ok
17:50:56.0930 4424 xusb21 (c26c68bcbac1f33f890c226769759209) C:\Windows\system32\DRIVERS\xusb21.sys
17:50:56.0930 4424 xusb21 - ok
17:50:56.0961 4424 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:50:56.0977 4424 \Device\Harddisk0\DR0 - ok
17:50:56.0993 4424 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
17:50:57.0008 4424 \Device\Harddisk1\DR1 - ok
17:50:57.0024 4424 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
17:50:57.0039 4424 \Device\Harddisk2\DR2 - ok
17:50:57.0039 4424 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk3\DR3
17:50:57.0273 4424 \Device\Harddisk3\DR3 - ok
17:50:57.0289 4424 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk4\DR4
17:50:57.0539 4424 \Device\Harddisk4\DR4 - ok
17:50:57.0554 4424 Boot (0x1200) (954ac5097a17b427e5274ddc93c777cf) \Device\Harddisk0\DR0\Partition0
17:50:57.0554 4424 \Device\Harddisk0\DR0\Partition0 - ok
17:50:57.0570 4424 Boot (0x1200) (1ac0bc5d22fff248608a4d981e7061df) \Device\Harddisk1\DR1\Partition0
17:50:57.0570 4424 \Device\Harddisk1\DR1\Partition0 - ok
17:50:57.0570 4424 Boot (0x1200) (ddfd53f6e4968d2df3af85912bb2796c) \Device\Harddisk2\DR2\Partition0
17:50:57.0570 4424 \Device\Harddisk2\DR2\Partition0 - ok
17:50:57.0585 4424 Boot (0x1200) (817e7a4f1f5df68ca674e9581a3d8749) \Device\Harddisk3\DR3\Partition0
17:50:57.0585 4424 \Device\Harddisk3\DR3\Partition0 - ok
17:50:57.0601 4424 Boot (0x1200) (05e7130ce5b914e82b1da22b82799a6f) \Device\Harddisk4\DR4\Partition0
17:50:57.0601 4424 \Device\Harddisk4\DR4\Partition0 - ok
17:50:57.0601 4424 Boot (0x1200) (dffe01ab33c19b9f76d9a5d08652ea26) \Device\Harddisk4\DR4\Partition1
17:50:57.0601 4424 \Device\Harddisk4\DR4\Partition1 - ok
17:50:57.0601 4424 ============================================================
17:50:57.0601 4424 Scan finished
17:50:57.0601 4424 ============================================================
17:50:57.0632 5188 Detected object count: 1
17:50:57.0632 5188 Actual detected object count: 1
17:52:00.0095 5188 sptd ( LockedFile.Multi.Generic ) - skipped by user
17:52:00.0095 5188 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
17:55:14.0469 1376 Deinitialize success
jeffce
2011-10-25, 13:49
Hi,
ComboFix will not run? Try to run it again.

If it still won't run after that, delete the copy of ComboFix that you have using right click > delete and then download a fresh copy of it from one of the links I provided earlier. Prior to downloading it though I want you to rename it to Vageta.com. After you get the new copy downloaded attempt to run it again. If there is a log created post that into your next reply. :)
usedsoul
2011-10-26, 02:01
i tried it, seemed to work for longer but when the pop up appears it stops scanning :sick:
jeffce
2011-10-26, 03:09
Hi usedsoul,

Lets go this route...


Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
usedsoul
2011-10-28, 00:42
wow that scan is ...in depth.
To much to my liking to post for the whole internet.

After pouring over the logs I did find the files created in the last 30 days interesting:

[2011/10/22 17:20:32 | 000,011,776 | RHS- | C] (Microsoft Corporation) -- C:\Users\USedSoul\Vgt.exe



Doing a search on my drive for Vgt.exe comes up with nothing.
Looking in the folder comes up with nothing.

Any thoughts about how it is hiding?
jeffce
2011-10-28, 02:20
Hi usedsoul,

I understand your concern but for me to be able to effectively help you with your system I will require the entire log. If you are not able to do so I am afraid I won't be able to help you.
----------

Download CKScanner by askey127 from Here (http://downloads.malwareremoval.com/CKScanner.exe) & save it to your Desktop.
Doubleclick CKScanner.exe then click Search For Files
When the cursor hourglass disappears, click Save List To File
A message box will verify the file saved
Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
usedsoul
2011-10-30, 01:04
the whole reason i was trying to avoid reinstalling was I could not find my keys. Turned my place upside down and after a week I finally found it buried. Thanks for looking into this for me.

You guys have always been a great help to me.

:thanks:
jeffce
2011-10-30, 01:11
Hi usedsoul,

:) I am glad you were able to find what you were looking for? Are you wanting to continue with cleaning the system or what would you like to do?
jeffce
2011-10-31, 15:19
Do you still need help? :)
jeffce
2011-11-01, 12:54
Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you are the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.