View Full Version : Missing files
runnerred94
2012-02-08, 21:52
Wife's computer would not boot. Booted to safe mode ran recovery to prior week. Then ran Spybot, Malware bytes, AVG. They caught a bunch of things and removed all but Trojan horse Agent3. Many picture files are missing and the ones left are now labeled as js files. Any ideas or are they gone.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30
Run by melissa at 15:40:49 on 2012-02-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1979.742 [GMT -5:00]
.
AV: AVG Anti-Virus 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k HsfXAudioService
c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\McUICnt.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=YKxdm030YYus&ptb=04825FE9-A424-4857-935F-83E239C41592&si=21786
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll
uURLSearchHooks: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll
mURLSearchHooks: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - C:\PROGRA~2\ArcSoft\VIDEOD~1\ARCURL~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: ToolbarBHO Class: {9519af7e-638d-4933-bad6-d33d23c79fe5} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll
TB: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB: RAW Thumbnail Viewer: {f301665a-12f8-4331-804a-5bcbd379668c} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Google Update] "C:\Users\melissa\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
StartupFolder: C:\Users\melissa\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Read EXIF - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{91F9003A-F590-4C56-B6A8-A644B9F508F2} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{91F9003A-F590-4C56-B6A8-A644B9F508F2}\2456C6B696E6F5E4F575962756C6563737F5332354131364 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{91F9003A-F590-4C56-B6A8-A644B9F508F2}\6514E4449565F4F445D20534F5E4564777F627B6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{91F9003A-F590-4C56-B6A8-A644B9F508F2}\6516E6469767F6F647F50534 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{91F9003A-F590-4C56-B6A8-A644B9F508F2}\6716E6469767F6F647D20534F5E4564777F627B6 : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: IEPlugin Class: {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~2\ArcSoft\VIDEOD~1\ARCURL~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: ToolbarBHO Class: {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll
BHO-X64: SmileBox EN - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll
TB-X64: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB-X64: RAW Thumbnail Viewer: {F301665A-12F8-4331-804A-5BCBD379668C} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\melissa\AppData\Roaming\Mozilla\Firefox\Profiles\9yap7pxv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://ww2.cox.com/myconnection/home.cox
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=04825FE9-A424-4857-935F-83E239C41592&n=77ecd999&ind=2012010905&id=YKxdm030YYus&ptnrS=YKxdm030YYus&si=21786&searchfor=
FF - prefs.js: network.proxy.type - 4
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\melissa\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-02-04 14:15:39 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-01-27 15:26:59 -------- d-----w- C:\Users\melissa\AppData\Roaming\AVG2012
2012-01-27 15:26:04 -------- d-----w- C:\ProgramData\AVG2012
2012-01-27 13:53:51 20480 ----a-w- C:\Windows\svchost.exe
2012-01-26 15:32:05 -------- d-----w- C:\Program Files\CCleaner
2012-01-24 17:26:20 -------- d--h--w- C:\ProgramData\Spybot - Search & Destroy
2012-01-24 17:26:20 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-01-24 10:27:48 -------- d--h--w- C:\Users\melissa\AppData\Roaming\AVG
2012-01-13 10:18:56 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-13 10:18:56 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-13 10:18:56 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-13 10:18:56 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-11 06:50:20 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 06:50:20 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 06:50:20 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 06:50:19 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 06:50:15 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 06:50:15 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 06:50:13 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 06:50:13 67072 ----a-w- C:\Windows\SysWow64\packager.dll
.
==================== Find3M ====================
.
2012-01-11 10:26:59 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 15:42:48.69 ===============
:welcome:
Sorry about the delay
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png
On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
runnerred94
2012-02-15, 01:09
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.14.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
melissa :: MELISSA-PC [administrator]
2/14/2012 6:46:11 PM
mbam-log-2012-02-14 (18-46-11).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 183422
Time elapsed: 5 minute(s), 52 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4632 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)
runnerred94
2012-02-15, 01:09
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-14 19:07:15
-----------------------------
19:07:15.063 OS Version: Windows x64 6.1.7601 Service Pack 1
19:07:15.063 Number of processors: 1 586 0x170A
19:07:15.063 ComputerName: MELISSA-PC UserName: melissa
19:07:23.378 Initialize success
19:08:02.071 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:08:02.071 Disk 0 Vendor: TOSHIBA_MK2556GSY LH003C Size: 238475MB BusType: 11
19:08:02.071 Device \Driver\atapi -> MajorFunction fffffa8002ad55c4
19:08:02.086 Disk 0 MBR read successfully
19:08:02.086 Disk 0 MBR scan
19:08:02.086 Disk 0 TDL4@MBR code has been found
19:08:02.086 Disk 0 MBR hidden
19:08:02.102 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
19:08:02.118 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 225481 MB offset 409600
19:08:02.149 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12793 MB offset 462194688
19:08:02.164 Disk 0 MBR [TDL4] **ROOTKIT**
19:08:02.164 Disk 0 trace - called modules:
19:08:02.164 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8002ad55c4]<<
19:08:02.164 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002737790]
19:08:02.679 3 CLASSPNP.SYS[fffff8800107643f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800223b680]
19:08:02.679 \Driver\atapi[0xfffffa800273e1b0] -> IRP_MJ_CREATE -> 0xfffffa8002ad55c4
19:08:02.679 Scan finished successfully
19:08:10.885 Disk 0 MBR has been saved successfully to "C:\Users\melissa\Desktop\MBR.dat"
19:08:10.900 The log file has been saved successfully to "C:\Users\melissa\Desktop\aswMBR.txt"
Hi,
Glad we didn't lose you, looks like your infected with the TDSS rootkit.
Lets try this program first
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
runnerred94
2012-02-15, 02:52
20:45:37.0406 4780 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
20:45:38.0014 4780 ============================================================
20:45:38.0014 4780 Current date / time: 2012/02/14 20:45:38.0014
20:45:38.0014 4780 SystemInfo:
20:45:38.0014 4780
20:45:38.0014 4780 OS Version: 6.1.7601 ServicePack: 1.0
20:45:38.0014 4780 Product type: Workstation
20:45:38.0014 4780 ComputerName: MELISSA-PC
20:45:38.0014 4780 UserName: melissa
20:45:38.0014 4780 Windows directory: C:\Windows
20:45:38.0014 4780 System windows directory: C:\Windows
20:45:38.0014 4780 Running under WOW64
20:45:38.0014 4780 Processor architecture: Intel x64
20:45:38.0014 4780 Number of processors: 1
20:45:38.0014 4780 Page size: 0x1000
20:45:38.0014 4780 Boot type: Normal boot
20:45:38.0014 4780 ============================================================
20:45:39.0325 4780 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x13B718, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x6, Type 'K0', Flags 0x00000040
20:45:39.0325 4780 \Device\Harddisk0\DR0:
20:45:39.0325 4780 MBR used
20:45:39.0325 4780 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
20:45:39.0325 4780 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B864800
20:45:39.0325 4780 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B8C8800, BlocksNum 0x18FC800
20:45:39.0372 4780 Initialize success
20:45:39.0372 4780 ============================================================
20:45:41.0072 0196 ============================================================
20:45:41.0072 0196 Scan started
20:45:41.0072 0196 Mode: Manual;
20:45:41.0072 0196 ============================================================
20:45:42.0398 0196 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:45:42.0414 0196 1394ohci - ok
20:45:42.0523 0196 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:45:42.0538 0196 ACPI - ok
20:45:42.0554 0196 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:45:42.0663 0196 AcpiPmi - ok
20:45:42.0726 0196 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:45:42.0741 0196 adp94xx - ok
20:45:42.0835 0196 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:45:42.0835 0196 adpahci - ok
20:45:42.0882 0196 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:45:42.0897 0196 adpu320 - ok
20:45:43.0022 0196 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
20:45:43.0038 0196 AFD - ok
20:45:43.0084 0196 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:45:43.0084 0196 agp440 - ok
20:45:43.0162 0196 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:45:43.0162 0196 aliide - ok
20:45:43.0194 0196 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:45:43.0194 0196 amdide - ok
20:45:43.0240 0196 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:45:43.0240 0196 AmdK8 - ok
20:45:43.0272 0196 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:45:43.0272 0196 AmdPPM - ok
20:45:43.0318 0196 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:45:43.0318 0196 amdsata - ok
20:45:43.0412 0196 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:45:43.0428 0196 amdsbs - ok
20:45:43.0459 0196 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:45:43.0459 0196 amdxata - ok
20:45:43.0537 0196 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:45:43.0584 0196 AppID - ok
20:45:43.0677 0196 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:45:43.0677 0196 arc - ok
20:45:43.0708 0196 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:45:43.0724 0196 arcsas - ok
20:45:43.0786 0196 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:45:43.0786 0196 AsyncMac - ok
20:45:43.0864 0196 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:45:43.0864 0196 atapi - ok
20:45:43.0942 0196 athr (96abf88241f90ff647e55c934c55c2f1) C:\Windows\system32\DRIVERS\athrx.sys
20:45:44.0020 0196 athr - ok
20:45:44.0161 0196 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
20:45:44.0161 0196 AVGIDSDriver - ok
20:45:44.0192 0196 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
20:45:44.0192 0196 AVGIDSEH - ok
20:45:44.0208 0196 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
20:45:44.0208 0196 AVGIDSFilter - ok
20:45:44.0254 0196 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
20:45:44.0270 0196 Avgldx64 - ok
20:45:44.0301 0196 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
20:45:44.0317 0196 Avgmfx64 - ok
20:45:44.0348 0196 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
20:45:44.0348 0196 Avgrkx64 - ok
20:45:44.0395 0196 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
20:45:44.0395 0196 Avgtdia - ok
20:45:44.0520 0196 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:45:44.0520 0196 b06bdrv - ok
20:45:44.0566 0196 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:45:44.0582 0196 b57nd60a - ok
20:45:44.0613 0196 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:45:44.0613 0196 Beep - ok
20:45:44.0691 0196 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:45:44.0691 0196 blbdrive - ok
20:45:44.0738 0196 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:45:44.0754 0196 bowser - ok
20:45:44.0832 0196 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:45:44.0832 0196 BrFiltLo - ok
20:45:44.0863 0196 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:45:44.0863 0196 BrFiltUp - ok
20:45:44.0894 0196 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:45:44.0910 0196 Brserid - ok
20:45:44.0925 0196 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:45:44.0925 0196 BrSerWdm - ok
20:45:44.0956 0196 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:45:44.0956 0196 BrUsbMdm - ok
20:45:44.0988 0196 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:45:45.0003 0196 BrUsbSer - ok
20:45:45.0019 0196 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:45:45.0066 0196 BTHMODEM - ok
20:45:45.0190 0196 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
20:45:45.0206 0196 CAXHWAZL - ok
20:45:45.0315 0196 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:45:45.0362 0196 cdfs - ok
20:45:45.0393 0196 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:45:45.0440 0196 cdrom - ok
20:45:45.0487 0196 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:45:45.0487 0196 circlass - ok
20:45:45.0534 0196 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:45:45.0534 0196 CLFS - ok
20:45:45.0627 0196 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:45:45.0627 0196 CmBatt - ok
20:45:45.0705 0196 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:45:45.0705 0196 cmdide - ok
20:45:45.0736 0196 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:45:45.0736 0196 CNG - ok
20:45:45.0799 0196 CnxtHdAudService (a44dfdb81dc62b11760881175e5b2266) C:\Windows\system32\drivers\CHDRT64.sys
20:45:45.0799 0196 CnxtHdAudService - ok
20:45:45.0846 0196 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:45:45.0846 0196 Compbatt - ok
20:45:45.0892 0196 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:45:45.0892 0196 CompositeBus - ok
20:45:45.0986 0196 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:45:45.0986 0196 crcdisk - ok
20:45:46.0064 0196 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:45:46.0064 0196 DfsC - ok
20:45:46.0126 0196 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:45:46.0126 0196 discache - ok
20:45:46.0173 0196 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:45:46.0173 0196 Disk - ok
20:45:46.0220 0196 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:45:46.0220 0196 drmkaud - ok
20:45:46.0282 0196 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:45:46.0282 0196 DXGKrnl - ok
20:45:46.0454 0196 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:45:46.0485 0196 ebdrv - ok
20:45:46.0563 0196 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:45:46.0579 0196 elxstor - ok
20:45:46.0610 0196 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:45:46.0672 0196 ErrDev - ok
20:45:46.0782 0196 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:45:46.0782 0196 exfat - ok
20:45:46.0813 0196 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:45:46.0813 0196 fastfat - ok
20:45:46.0875 0196 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:45:46.0875 0196 fdc - ok
20:45:46.0922 0196 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:45:46.0922 0196 FileInfo - ok
20:45:46.0984 0196 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:45:46.0984 0196 Filetrace - ok
20:45:47.0016 0196 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:45:47.0016 0196 flpydisk - ok
20:45:47.0047 0196 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:45:47.0047 0196 FltMgr - ok
20:45:47.0078 0196 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:45:47.0078 0196 FsDepends - ok
20:45:47.0109 0196 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:45:47.0109 0196 Fs_Rec - ok
20:45:47.0156 0196 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:45:47.0156 0196 fvevol - ok
20:45:47.0218 0196 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:45:47.0250 0196 gagp30kx - ok
20:45:47.0343 0196 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:45:47.0343 0196 GEARAspiWDM - ok
20:45:47.0437 0196 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:45:47.0437 0196 hcw85cir - ok
20:45:47.0499 0196 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:45:47.0515 0196 HdAudAddService - ok
20:45:47.0546 0196 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:45:47.0546 0196 HDAudBus - ok
20:45:47.0577 0196 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:45:47.0577 0196 HidBatt - ok
20:45:47.0624 0196 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:45:47.0624 0196 HidBth - ok
20:45:47.0640 0196 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:45:47.0640 0196 HidIr - ok
20:45:47.0686 0196 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
20:45:47.0702 0196 HidUsb - ok
20:45:47.0858 0196 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
20:45:47.0874 0196 HpqKbFiltr - ok
20:45:47.0936 0196 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:45:47.0952 0196 HpSAMD - ok
20:45:48.0030 0196 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
20:45:48.0045 0196 HSF_DPV - ok
20:45:48.0092 0196 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:45:48.0092 0196 HTTP - ok
20:45:48.0170 0196 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:45:48.0170 0196 hwpolicy - ok
20:45:48.0201 0196 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:45:48.0201 0196 i8042prt - ok
20:45:48.0279 0196 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:45:48.0279 0196 iaStorV - ok
20:45:48.0576 0196 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:45:48.0841 0196 igfx - ok
20:45:48.0919 0196 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:45:48.0919 0196 iirsp - ok
20:45:48.0966 0196 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:45:48.0966 0196 intelide - ok
20:45:49.0012 0196 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:45:49.0012 0196 intelppm - ok
20:45:49.0059 0196 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:45:49.0153 0196 IpFilterDriver - ok
20:45:49.0184 0196 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:45:49.0231 0196 IPMIDRV - ok
20:45:49.0324 0196 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:45:49.0324 0196 IPNAT - ok
20:45:49.0371 0196 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:45:49.0371 0196 IRENUM - ok
20:45:49.0402 0196 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:45:49.0402 0196 isapnp - ok
20:45:49.0449 0196 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:45:49.0449 0196 iScsiPrt - ok
20:45:49.0480 0196 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:45:49.0480 0196 kbdclass - ok
20:45:49.0527 0196 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:45:49.0558 0196 kbdhid - ok
20:45:49.0605 0196 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:45:49.0605 0196 KSecDD - ok
20:45:49.0683 0196 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:45:49.0683 0196 KSecPkg - ok
20:45:49.0730 0196 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:45:49.0730 0196 ksthunk - ok
20:45:49.0792 0196 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:45:49.0792 0196 lltdio - ok
20:45:49.0855 0196 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:45:49.0855 0196 LSI_FC - ok
20:45:49.0886 0196 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:45:49.0902 0196 LSI_SAS - ok
20:45:49.0917 0196 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:45:49.0917 0196 LSI_SAS2 - ok
20:45:49.0948 0196 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:45:49.0948 0196 LSI_SCSI - ok
20:45:50.0026 0196 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:45:50.0026 0196 luafv - ok
20:45:50.0089 0196 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:45:50.0089 0196 mdmxsdk - ok
20:45:50.0136 0196 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:45:50.0136 0196 megasas - ok
20:45:50.0151 0196 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:45:50.0167 0196 MegaSR - ok
20:45:50.0245 0196 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:45:50.0245 0196 Modem - ok
20:45:50.0307 0196 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:45:50.0323 0196 monitor - ok
20:45:50.0370 0196 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:45:50.0370 0196 mouclass - ok
20:45:50.0401 0196 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:45:50.0401 0196 mouhid - ok
20:45:50.0448 0196 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:45:50.0448 0196 mountmgr - ok
20:45:50.0494 0196 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:45:50.0494 0196 mpio - ok
20:45:50.0510 0196 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:45:50.0526 0196 mpsdrv - ok
20:45:50.0557 0196 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:45:50.0619 0196 MRxDAV - ok
20:45:50.0713 0196 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:45:50.0713 0196 mrxsmb - ok
20:45:50.0760 0196 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:45:50.0760 0196 mrxsmb10 - ok
20:45:50.0791 0196 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:45:50.0791 0196 mrxsmb20 - ok
20:45:50.0806 0196 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:45:50.0806 0196 msahci - ok
20:45:50.0853 0196 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:45:50.0853 0196 msdsm - ok
20:45:50.0916 0196 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:45:50.0916 0196 Msfs - ok
20:45:50.0947 0196 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:45:50.0947 0196 mshidkmdf - ok
20:45:50.0978 0196 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:45:50.0994 0196 msisadrv - ok
20:45:51.0087 0196 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:45:51.0087 0196 MSKSSRV - ok
20:45:51.0118 0196 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:45:51.0118 0196 MSPCLOCK - ok
20:45:51.0134 0196 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:45:51.0134 0196 MSPQM - ok
20:45:51.0181 0196 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:45:51.0181 0196 MsRPC - ok
20:45:51.0212 0196 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:45:51.0212 0196 mssmbios - ok
20:45:51.0243 0196 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:45:51.0243 0196 MSTEE - ok
20:45:51.0274 0196 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:45:51.0274 0196 MTConfig - ok
20:45:51.0306 0196 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:45:51.0306 0196 Mup - ok
20:45:51.0368 0196 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:45:51.0368 0196 NativeWifiP - ok
20:45:51.0477 0196 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:45:51.0477 0196 NDIS - ok
20:45:51.0508 0196 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:45:51.0508 0196 NdisCap - ok
20:45:51.0540 0196 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:45:51.0540 0196 NdisTapi - ok
20:45:51.0571 0196 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:45:51.0571 0196 Ndisuio - ok
20:45:51.0602 0196 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:45:51.0602 0196 NdisWan - ok
20:45:51.0633 0196 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:45:51.0742 0196 NDProxy - ok
20:45:51.0867 0196 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:45:51.0883 0196 NetBIOS - ok
20:45:51.0914 0196 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:45:51.0914 0196 NetBT - ok
20:45:52.0070 0196 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
20:45:52.0132 0196 netw5v64 - ok
20:45:52.0210 0196 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:45:52.0210 0196 nfrd960 - ok
20:45:52.0257 0196 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:45:52.0257 0196 Npfs - ok
20:45:52.0288 0196 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:45:52.0288 0196 nsiproxy - ok
20:45:52.0366 0196 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:45:52.0382 0196 Ntfs - ok
20:45:52.0398 0196 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:45:52.0444 0196 Null - ok
20:45:52.0476 0196 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:45:52.0476 0196 nvraid - ok
20:45:52.0507 0196 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:45:52.0507 0196 nvstor - ok
20:45:52.0585 0196 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:45:52.0600 0196 nv_agp - ok
20:45:52.0632 0196 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:45:52.0725 0196 ohci1394 - ok
20:45:52.0819 0196 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:45:52.0819 0196 Parport - ok
20:45:52.0866 0196 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:45:52.0866 0196 partmgr - ok
20:45:52.0897 0196 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:45:52.0897 0196 pci - ok
20:45:52.0975 0196 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:45:52.0975 0196 pciide - ok
20:45:53.0022 0196 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:45:53.0022 0196 pcmcia - ok
20:45:53.0053 0196 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:45:53.0053 0196 pcw - ok
20:45:53.0084 0196 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:45:53.0100 0196 PEAUTH - ok
20:45:53.0240 0196 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:45:53.0318 0196 PptpMiniport - ok
20:45:53.0412 0196 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:45:53.0412 0196 Processor - ok
20:45:53.0490 0196 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:45:53.0490 0196 Psched - ok
20:45:53.0552 0196 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:45:53.0568 0196 ql2300 - ok
20:45:53.0599 0196 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:45:53.0599 0196 ql40xx - ok
20:45:53.0630 0196 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:45:53.0646 0196 QWAVEdrv - ok
20:45:53.0677 0196 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:45:53.0677 0196 RasAcd - ok
20:45:53.0755 0196 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:45:53.0755 0196 RasAgileVpn - ok
20:45:53.0786 0196 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:45:53.0833 0196 Rasl2tp - ok
20:45:53.0880 0196 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:45:53.0880 0196 RasPppoe - ok
20:45:53.0926 0196 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:45:53.0926 0196 RasSstp - ok
20:45:53.0958 0196 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:45:53.0958 0196 rdbss - ok
20:45:54.0004 0196 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:45:54.0004 0196 rdpbus - ok
20:45:54.0036 0196 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:45:54.0036 0196 RDPCDD - ok
20:45:54.0129 0196 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:45:54.0129 0196 RDPENCDD - ok
20:45:54.0160 0196 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:45:54.0160 0196 RDPREFMP - ok
20:45:54.0192 0196 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
20:45:54.0207 0196 RDPWD - ok
20:45:54.0238 0196 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:45:54.0254 0196 rdyboost - ok
20:45:54.0332 0196 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:45:54.0332 0196 rspndr - ok
20:45:54.0379 0196 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\System32\Drivers\RtsUStor.sys
20:45:54.0394 0196 RSUSBSTOR - ok
20:45:54.0488 0196 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:45:54.0488 0196 RTL8167 - ok
20:45:54.0519 0196 RtsUIR - ok
20:45:54.0566 0196 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:45:54.0566 0196 sbp2port - ok
20:45:54.0628 0196 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:45:54.0628 0196 scfilter - ok
20:45:54.0691 0196 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
20:45:54.0784 0196 sdbus - ok
20:45:54.0878 0196 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:45:54.0878 0196 secdrv - ok
20:45:54.0940 0196 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:45:54.0940 0196 Serenum - ok
20:45:54.0987 0196 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:45:54.0987 0196 Serial - ok
20:45:55.0018 0196 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:45:55.0096 0196 sermouse - ok
20:45:55.0174 0196 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:45:55.0252 0196 sffdisk - ok
20:45:55.0346 0196 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:45:55.0408 0196 sffp_mmc - ok
20:45:55.0455 0196 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:45:55.0486 0196 sffp_sd - ok
20:45:55.0518 0196 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:45:55.0518 0196 sfloppy - ok
20:45:55.0580 0196 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:45:55.0580 0196 SiSRaid2 - ok
20:45:55.0611 0196 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:45:55.0611 0196 SiSRaid4 - ok
20:45:55.0642 0196 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:45:55.0658 0196 Smb - ok
20:45:55.0736 0196 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:45:55.0736 0196 spldr - ok
20:45:55.0798 0196 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:45:55.0798 0196 srv - ok
20:45:55.0845 0196 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:45:55.0861 0196 srv2 - ok
20:45:55.0892 0196 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:45:55.0892 0196 SrvHsfHDA - ok
20:45:55.0954 0196 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:45:55.0970 0196 SrvHsfV92 - ok
20:45:56.0017 0196 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:45:56.0017 0196 SrvHsfWinac - ok
20:45:56.0110 0196 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:45:56.0110 0196 srvnet - ok
20:45:56.0157 0196 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:45:56.0173 0196 stexstor - ok
20:45:56.0220 0196 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
20:45:56.0220 0196 StillCam - ok
20:45:56.0282 0196 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:45:56.0298 0196 swenum - ok
20:45:56.0344 0196 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
20:45:56.0360 0196 SynTP - ok
20:45:56.0516 0196 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:45:56.0532 0196 Tcpip - ok
20:45:56.0578 0196 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:45:56.0594 0196 TCPIP6 - ok
20:45:56.0641 0196 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:45:56.0656 0196 tcpipreg - ok
20:45:56.0688 0196 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:45:56.0688 0196 TDPIPE - ok
20:45:56.0719 0196 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:45:56.0719 0196 TDTCP - ok
20:45:56.0781 0196 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:45:56.0844 0196 tdx - ok
20:45:56.0937 0196 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:45:56.0937 0196 TermDD - ok
20:45:57.0015 0196 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:45:57.0015 0196 tssecsrv - ok
20:45:57.0078 0196 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:45:57.0124 0196 TsUsbFlt - ok
20:45:57.0187 0196 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:45:57.0187 0196 tunnel - ok
20:45:57.0218 0196 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:45:57.0218 0196 uagp35 - ok
20:45:57.0312 0196 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:45:57.0327 0196 udfs - ok
20:45:57.0390 0196 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:45:57.0390 0196 uliagpkx - ok
20:45:57.0436 0196 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:45:57.0514 0196 umbus - ok
20:45:57.0577 0196 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:45:57.0577 0196 UmPass - ok
20:45:57.0670 0196 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
20:45:57.0670 0196 USBAAPL64 - ok
20:45:57.0702 0196 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:45:57.0702 0196 usbccgp - ok
20:45:57.0717 0196 USBCCID - ok
20:45:57.0748 0196 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:45:57.0811 0196 usbcir - ok
20:45:57.0858 0196 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:45:57.0858 0196 usbehci - ok
20:45:57.0889 0196 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:45:57.0889 0196 usbhub - ok
20:45:57.0936 0196 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:45:58.0014 0196 usbohci - ok
20:45:58.0092 0196 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:45:58.0092 0196 usbprint - ok
20:45:58.0138 0196 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:45:58.0154 0196 usbscan - ok
20:45:58.0170 0196 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:45:58.0201 0196 USBSTOR - ok
20:45:58.0216 0196 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:45:58.0216 0196 usbuhci - ok
20:45:58.0263 0196 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:45:58.0263 0196 vdrvroot - ok
20:45:58.0310 0196 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:45:58.0310 0196 vga - ok
20:45:58.0341 0196 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:45:58.0341 0196 VgaSave - ok
20:45:58.0419 0196 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:45:58.0419 0196 vhdmp - ok
20:45:58.0450 0196 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:45:58.0450 0196 viaide - ok
20:45:58.0513 0196 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:45:58.0513 0196 volmgr - ok
20:45:58.0560 0196 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:45:58.0560 0196 volmgrx - ok
20:45:58.0591 0196 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:45:58.0606 0196 volsnap - ok
20:45:58.0638 0196 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:45:58.0638 0196 vsmraid - ok
20:45:58.0669 0196 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:45:58.0669 0196 vwifibus - ok
20:45:58.0700 0196 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:45:58.0700 0196 vwififlt - ok
20:45:58.0731 0196 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
20:45:58.0731 0196 vwifimp - ok
20:45:58.0778 0196 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:45:58.0794 0196 WacomPen - ok
20:45:58.0856 0196 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:45:58.0934 0196 WANARP - ok
20:45:58.0965 0196 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:45:58.0965 0196 Wanarpv6 - ok
20:45:59.0059 0196 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:45:59.0059 0196 Wd - ok
20:45:59.0090 0196 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:45:59.0106 0196 Wdf01000 - ok
20:45:59.0215 0196 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:45:59.0215 0196 WfpLwf - ok
20:45:59.0246 0196 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:45:59.0246 0196 WIMMount - ok
20:45:59.0308 0196 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
20:45:59.0308 0196 winachsf - ok
20:45:59.0418 0196 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:45:59.0449 0196 WinUsb - ok
20:45:59.0496 0196 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:45:59.0496 0196 WmiAcpi - ok
20:45:59.0574 0196 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:45:59.0574 0196 ws2ifsl - ok
20:45:59.0667 0196 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:45:59.0667 0196 WudfPf - ok
20:45:59.0714 0196 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:45:59.0714 0196 WUDFRd - ok
20:45:59.0761 0196 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
20:45:59.0761 0196 XAudio - ok
20:45:59.0823 0196 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
20:45:59.0823 0196 yukonw7 - ok
20:45:59.0901 0196 MBR (0x1B8) (35a4fa451025305a24e864aaa8e364c9) \Device\Harddisk0\DR0
20:45:59.0917 0196 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
20:45:59.0917 0196 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
20:45:59.0948 0196 Boot (0x1200) (7722dc9121596e2e07e41a6f74497570) \Device\Harddisk0\DR0\Partition0
20:45:59.0948 0196 \Device\Harddisk0\DR0\Partition0 - ok
20:45:59.0979 0196 Boot (0x1200) (74681c72af7fa20eb4bccd3c92a041b7) \Device\Harddisk0\DR0\Partition1
20:45:59.0979 0196 \Device\Harddisk0\DR0\Partition1 - ok
20:46:00.0010 0196 Boot (0x1200) (962281e06c378f28ec8bef59d9f4dbab) \Device\Harddisk0\DR0\Partition2
20:46:00.0010 0196 \Device\Harddisk0\DR0\Partition2 - ok
20:46:00.0010 0196 ============================================================
20:46:00.0010 0196 Scan finished
20:46:00.0010 0196 ============================================================
20:46:00.0042 6020 Detected object count: 1
20:46:00.0042 6020 Actual detected object count: 1
20:46:06.0952 6020 \Device\Harddisk0\DR0\# - copied to quarantine
20:46:06.0952 6020 \Device\Harddisk0\DR0 - copied to quarantine
20:46:07.0561 6020 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
20:46:07.0561 6020 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
20:46:07.0561 6020 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
20:46:07.0561 6020 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
20:46:07.0561 6020 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
20:46:07.0576 6020 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
20:46:07.0592 6020 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
20:46:07.0592 6020 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
20:46:07.0608 6020 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
20:46:07.0608 6020 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
20:46:07.0654 6020 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
20:46:07.0686 6020 \Device\Harddisk0\DR0 - ok
20:46:08.0746 6020 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
20:46:12.0007 5212 Deinitialize success
Lets check your Master Boot Record
Download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.
Be sure to disable your security programs
Double click on the file to run it
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.
runnerred94
2012-02-15, 04:08
Would not let me stop avg even in task manager. I just stopped the anti virus part.
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ60 Notebook PC
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 199):
0x02A08000 \SystemRoot\system32\ntoskrnl.exe
0x02FF1000 \SystemRoot\system32\hal.dll
0x00BA8000 \SystemRoot\system32\kdcom.dll
0x00C92000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CE1000 \SystemRoot\system32\PSHED.dll
0x00CF5000 \SystemRoot\system32\CLFS.SYS
0x00E9A000 \SystemRoot\system32\CI.dll
0x00F5A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00E00000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E0F000 \SystemRoot\system32\drivers\ACPI.sys
0x00E66000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00E6F000 \SystemRoot\system32\drivers\msisadrv.sys
0x00D53000 \SystemRoot\system32\drivers\pci.sys
0x00E79000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00E86000 \SystemRoot\system32\drivers\isapnp.sys
0x00D86000 \SystemRoot\system32\drivers\mpio.sys
0x00DB0000 \SystemRoot\System32\drivers\partmgr.sys
0x00E8F000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00DC5000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00DD1000 \SystemRoot\system32\drivers\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00C5C000 \SystemRoot\system32\drivers\intelide.sys
0x00C64000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00C74000 \SystemRoot\system32\drivers\aliide.sys
0x00C7B000 \SystemRoot\system32\drivers\amdide.sys
0x00C82000 \SystemRoot\system32\drivers\cmdide.sys
0x00DE6000 \SystemRoot\System32\drivers\mountmgr.sys
0x01013000 \SystemRoot\system32\drivers\msdsm.sys
0x01039000 \SystemRoot\system32\drivers\nvraid.sys
0x01061000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01091000 \SystemRoot\system32\drivers\pciide.sys
0x01098000 \SystemRoot\system32\drivers\viaide.sys
0x010A0000 \SystemRoot\system32\drivers\iaStorV.sys
0x011BE000 \SystemRoot\system32\drivers\atapi.sys
0x011C7000 \SystemRoot\system32\drivers\ataport.SYS
0x012DE000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x012FB000 \SystemRoot\system32\DRIVERS\storport.sys
0x0135E000 \SystemRoot\system32\drivers\msahci.sys
0x01369000 \SystemRoot\system32\drivers\HpSAMD.sys
0x01380000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x01200000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x01256000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x01285000 \SystemRoot\system32\drivers\amdsata.sys
0x0144B000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x01492000 \SystemRoot\system32\drivers\amdxata.sys
0x0149D000 \SystemRoot\system32\DRIVERS\arc.sys
0x014B6000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x014D1000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x01558000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x01569000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x01588000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x0159B000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x015BA000 \SystemRoot\system32\DRIVERS\megasas.sys
0x01634000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x016D8000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x016E8000 \SystemRoot\system32\drivers\nvstor.sys
0x0185A000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x01713000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x01800000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x0180E000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x01826000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x01830000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x01772000 \SystemRoot\system32\drivers\fltmgr.sys
0x017BE000 \SystemRoot\system32\drivers\fileinfo.sys
0x01A40000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01C4C000 \SystemRoot\System32\Drivers\msrpc.sys
0x01CAA000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01CC5000 \SystemRoot\System32\Drivers\cng.sys
0x01D37000 \SystemRoot\System32\drivers\pcw.sys
0x01D48000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01E77000 \SystemRoot\system32\drivers\ndis.sys
0x01F6A000 \SystemRoot\system32\drivers\NETIO.SYS
0x01FCA000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x020F8000 \SystemRoot\System32\drivers\tcpip.sys
0x022FC000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x02346000 \SystemRoot\system32\DRIVERS\wd.sys
0x0234E000 \SystemRoot\system32\drivers\volsnap.sys
0x0239A000 \SystemRoot\System32\Drivers\spldr.sys
0x023A2000 \SystemRoot\system32\drivers\sbp2port.sys
0x023BF000 \SystemRoot\System32\drivers\rdyboost.sys
0x02000000 \SystemRoot\System32\Drivers\mup.sys
0x02012000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0201B000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x02055000 \SystemRoot\system32\DRIVERS\disk.sys
0x0206B000 \SystemRoot\system32\DRIVERS\avgrkx64.sys
0x02077000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x020B9000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x020E3000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
0x01FF5000 \SystemRoot\System32\Drivers\Null.SYS
0x023F9000 \SystemRoot\System32\Drivers\Beep.SYS
0x01E00000 \SystemRoot\System32\drivers\vga.sys
0x01E0E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01E33000 \SystemRoot\System32\drivers\watchdog.sys
0x01E43000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01E4C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01E55000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01E5E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01D52000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01D63000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01E69000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01D85000 \SystemRoot\system32\DRIVERS\avgtdia.sys
0x01C00000 \SystemRoot\System32\DRIVERS\netbt.sys
0x036DA000 \SystemRoot\system32\drivers\afd.sys
0x03763000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0376C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03792000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x037A8000 \SystemRoot\system32\DRIVERS\netbios.sys
0x037D4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03600000 \SystemRoot\system32\drivers\termdd.sys
0x03614000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03665000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03671000 \SystemRoot\system32\drivers\mssmbios.sys
0x0367C000 \SystemRoot\System32\drivers\discache.sys
0x0368B000 \SystemRoot\System32\Drivers\dfsc.sys
0x036A9000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x01400000 \SystemRoot\system32\DRIVERS\avgldx64.sys
0x01A00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x036BA000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x036D0000 \SystemRoot\system32\drivers\wmiacpi.sys
0x044FE000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x04400000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04F1D000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04F63000 \SystemRoot\system32\drivers\usbuhci.sys
0x04F70000 \SystemRoot\system32\drivers\USBPORT.SYS
0x04FC6000 \SystemRoot\system32\drivers\usbehci.sys
0x04FD7000 \SystemRoot\system32\drivers\HDAudBus.sys
0x040B1000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x05220000 \SystemRoot\system32\DRIVERS\athrx.sys
0x0546A000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05477000 \SystemRoot\system32\drivers\i8042prt.sys
0x05495000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x054A1000 \SystemRoot\system32\drivers\kbdclass.sys
0x054B0000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x054F9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x054FB000 \SystemRoot\system32\drivers\mouclass.sys
0x0550A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0550F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0551C000 \SystemRoot\system32\drivers\CompositeBus.sys
0x0552C000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05542000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05566000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x05572000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x055A1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x055BC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x055DD000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x055F7000 \SystemRoot\system32\drivers\swenum.sys
0x04136000 \SystemRoot\system32\drivers\ks.sys
0x05200000 \SystemRoot\system32\drivers\umbus.sys
0x04179000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x041D3000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04000000 \SystemRoot\system32\drivers\CHDRT64.sys
0x05AD8000 \SystemRoot\system32\drivers\portcls.sys
0x05B15000 \SystemRoot\system32\drivers\drmk.sys
0x05B37000 \SystemRoot\system32\drivers\ksthunk.sys
0x05B3D000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys
0x05862000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys
0x05A00000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
0x059D6000 \SystemRoot\system32\drivers\modem.sys
0x05800000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0581D000 \SystemRoot\system32\drivers\hidusb.sys
0x0582B000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x05844000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x0584D000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x059E5000 \SystemRoot\System32\Drivers\crashdmp.sys
0x059F3000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x05ACB000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x05B8F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000B0000 \SystemRoot\System32\win32k.sys
0x05BA2000 \SystemRoot\System32\drivers\Dxapi.sys
0x00420000 \SystemRoot\System32\TSDDD.dll
0x007C0000 \SystemRoot\System32\cdd.dll
0x00840000 \SystemRoot\System32\ATMFD.DLL
0x05BBC000 \SystemRoot\system32\drivers\luafv.sys
0x05BDF000 \SystemRoot\system32\drivers\WudfPf.sys
0x041E8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03025000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x03078000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0308B000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x030A3000 \SystemRoot\system32\drivers\HTTP.sys
0x0316C000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0318A000 \SystemRoot\System32\drivers\mpsdrv.sys
0x031A2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x031CF000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x03429000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03477000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0349B000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0x034A6000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x034AB000 \SystemRoot\system32\drivers\peauth.sys
0x03551000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0355C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0358D000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0359F000 \SystemRoot\system32\DRIVERS\XAudio64.sys
0x035A7000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0x06475000 \SystemRoot\System32\DRIVERS\srv2.sys
0x064DE000 \SystemRoot\System32\DRIVERS\srv.sys
0x065E7000 \SystemRoot\system32\DRIVERS\monitor.sys
0x76D00000 \Windows\System32\ntdll.dll
0x48270000 \Windows\System32\smss.exe
0xFF020000 \Windows\System32\apisetschema.dll
Processes (total 81):
0 System Idle Process
4 System
272 C:\Windows\System32\smss.exe
340 C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
372 C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
588 csrss.exe
644 C:\Windows\System32\wininit.exe
656 csrss.exe
716 C:\Windows\System32\winlogon.exe
752 C:\Windows\System32\services.exe
768 C:\Windows\System32\lsass.exe
776 C:\Windows\System32\lsm.exe
880 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\svchost.exe
316 C:\Windows\System32\svchost.exe
552 C:\Windows\System32\svchost.exe
584 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\svchost.exe
1272 C:\Windows\System32\svchost.exe
1356 C:\Windows\System32\wlanext.exe
1364 C:\Windows\System32\conhost.exe
1452 C:\Windows\System32\spoolsv.exe
1484 C:\Windows\System32\svchost.exe
1588 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1608 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1648 C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
1668 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1708 C:\Windows\System32\svchost.exe
1740 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
1804 C:\Windows\SysWOW64\svchost.exe
1848 C:\Windows\System32\svchost.exe
1884 C:\PROGRA~2\McAfee\SITEAD~1\mcsacore.exe
1308 C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
1368 C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
1732 C:\Windows\System32\rundll32.exe
1756 C:\Windows\System32\rundll32.exe
1156 C:\Windows\SysWOW64\rundll32.exe
1280 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2064 C:\Windows\System32\svchost.exe
2292 C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
2496 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2812 C:\Windows\System32\taskhost.exe
2892 C:\Windows\System32\dwm.exe
2900 C:\Windows\explorer.exe
2176 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2208 C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
2200 C:\Program Files\Java\jre6\bin\jusched.exe
2988 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
3008 C:\Windows\System32\svchost.exe
3124 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
3236 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
3464 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
3508 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3576 C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
3584 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3604 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
3696 C:\Windows\System32\SearchIndexer.exe
3976 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
4056 WmiPrvSE.exe
3792 C:\Windows\System32\SearchProtocolHost.exe
3384 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
556 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
3260 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
4176 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
4328 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
4376 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
4580 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
3912 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
5056 C:\Program Files\Windows Media Player\wmpnetwk.exe
3492 C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
3328 C:\Windows\servicing\TrustedInstaller.exe
3856 taskhost.exe
2464 C:\Windows\System32\audiodg.exe
3568 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4848 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
4312 C:\Windows\System32\taskeng.exe
5104 C:\Windows\System32\svchost.exe
5780 C:\Windows\System32\SearchFilterHost.exe
5904 C:\Windows\System32\dllhost.exe
6136 C:\Users\melissa\Desktop\MBRCheck.exe
3640 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`19100000 (NTFS)
PhysicalDrive0 Model Number: TOSHIBAMK2556GSY, Rev: LH003C
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 17DED76FA968BF4760C9E47179B9B43F281EEB90
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
Reboot your system and go ahead and run TDSSKiller again and post a new log please
runnerred94
2012-02-15, 16:52
09:43:25.0734 4616 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
09:43:26.0155 4616 ============================================================
09:43:26.0155 4616 Current date / time: 2012/02/15 09:43:26.0155
09:43:26.0155 4616 SystemInfo:
09:43:26.0155 4616
09:43:26.0155 4616 OS Version: 6.1.7601 ServicePack: 1.0
09:43:26.0155 4616 Product type: Workstation
09:43:26.0155 4616 ComputerName: MELISSA-PC
09:43:26.0155 4616 UserName: melissa
09:43:26.0155 4616 Windows directory: C:\Windows
09:43:26.0155 4616 System windows directory: C:\Windows
09:43:26.0155 4616 Running under WOW64
09:43:26.0155 4616 Processor architecture: Intel x64
09:43:26.0155 4616 Number of processors: 1
09:43:26.0155 4616 Page size: 0x1000
09:43:26.0155 4616 Boot type: Normal boot
09:43:26.0155 4616 ============================================================
09:43:27.0387 4616 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x13B718, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x6, Type 'K0', Flags 0x00000040
09:43:27.0387 4616 \Device\Harddisk0\DR0:
09:43:27.0387 4616 MBR used
09:43:27.0387 4616 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
09:43:27.0387 4616 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B864800
09:43:27.0387 4616 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B8C8800, BlocksNum 0x18FC800
09:43:27.0512 4616 Initialize success
09:43:27.0512 4616 ============================================================
09:43:28.0588 4696 ============================================================
09:43:28.0588 4696 Scan started
09:43:28.0588 4696 Mode: Manual;
09:43:28.0588 4696 ============================================================
09:43:29.0649 4696 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
09:43:29.0665 4696 1394ohci - ok
09:43:29.0727 4696 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
09:43:29.0727 4696 ACPI - ok
09:43:29.0758 4696 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
09:43:29.0774 4696 AcpiPmi - ok
09:43:29.0883 4696 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
09:43:29.0883 4696 adp94xx - ok
09:43:30.0070 4696 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
09:43:30.0070 4696 adpahci - ok
09:43:30.0117 4696 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
09:43:30.0117 4696 adpu320 - ok
09:43:30.0211 4696 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
09:43:30.0226 4696 AFD - ok
09:43:30.0273 4696 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
09:43:30.0273 4696 agp440 - ok
09:43:30.0320 4696 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
09:43:30.0320 4696 aliide - ok
09:43:30.0382 4696 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
09:43:30.0382 4696 amdide - ok
09:43:30.0445 4696 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
09:43:30.0445 4696 AmdK8 - ok
09:43:30.0476 4696 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
09:43:30.0476 4696 AmdPPM - ok
09:43:30.0554 4696 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
09:43:30.0554 4696 amdsata - ok
09:43:30.0601 4696 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
09:43:30.0616 4696 amdsbs - ok
09:43:30.0648 4696 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
09:43:30.0648 4696 amdxata - ok
09:43:30.0850 4696 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
09:43:30.0850 4696 AppID - ok
09:43:30.0913 4696 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
09:43:30.0913 4696 arc - ok
09:43:30.0960 4696 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
09:43:30.0960 4696 arcsas - ok
09:43:30.0991 4696 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:43:31.0006 4696 AsyncMac - ok
09:43:31.0038 4696 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
09:43:31.0038 4696 atapi - ok
09:43:31.0131 4696 athr (96abf88241f90ff647e55c934c55c2f1) C:\Windows\system32\DRIVERS\athrx.sys
09:43:31.0162 4696 athr - ok
09:43:31.0256 4696 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
09:43:31.0256 4696 AVGIDSDriver - ok
09:43:31.0272 4696 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
09:43:31.0272 4696 AVGIDSEH - ok
09:43:31.0303 4696 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
09:43:31.0303 4696 AVGIDSFilter - ok
09:43:31.0381 4696 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
09:43:31.0396 4696 Avgldx64 - ok
09:43:31.0443 4696 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
09:43:31.0443 4696 Avgmfx64 - ok
09:43:31.0490 4696 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
09:43:31.0490 4696 Avgrkx64 - ok
09:43:31.0568 4696 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
09:43:31.0568 4696 Avgtdia - ok
09:43:31.0646 4696 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
09:43:31.0662 4696 b06bdrv - ok
09:43:31.0693 4696 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:43:31.0708 4696 b57nd60a - ok
09:43:31.0740 4696 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:43:31.0755 4696 Beep - ok
09:43:31.0849 4696 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:43:31.0849 4696 blbdrive - ok
09:43:31.0896 4696 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
09:43:31.0911 4696 bowser - ok
09:43:31.0942 4696 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:43:31.0942 4696 BrFiltLo - ok
09:43:31.0974 4696 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:43:31.0974 4696 BrFiltUp - ok
09:43:32.0020 4696 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:43:32.0020 4696 Brserid - ok
09:43:32.0052 4696 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:43:32.0052 4696 BrSerWdm - ok
09:43:32.0083 4696 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:43:32.0083 4696 BrUsbMdm - ok
09:43:32.0114 4696 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:43:32.0114 4696 BrUsbSer - ok
09:43:32.0130 4696 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
09:43:32.0130 4696 BTHMODEM - ok
09:43:32.0239 4696 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
09:43:32.0239 4696 CAXHWAZL - ok
09:43:32.0286 4696 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:43:32.0286 4696 cdfs - ok
09:43:32.0332 4696 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
09:43:32.0348 4696 cdrom - ok
09:43:32.0395 4696 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
09:43:32.0395 4696 circlass - ok
09:43:32.0442 4696 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:43:32.0457 4696 CLFS - ok
09:43:32.0566 4696 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:43:32.0566 4696 CmBatt - ok
09:43:32.0598 4696 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
09:43:32.0598 4696 cmdide - ok
09:43:32.0629 4696 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
09:43:32.0644 4696 CNG - ok
09:43:32.0691 4696 CnxtHdAudService (a44dfdb81dc62b11760881175e5b2266) C:\Windows\system32\drivers\CHDRT64.sys
09:43:32.0707 4696 CnxtHdAudService - ok
09:43:32.0754 4696 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
09:43:32.0754 4696 Compbatt - ok
09:43:32.0800 4696 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
09:43:32.0800 4696 CompositeBus - ok
09:43:32.0956 4696 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
09:43:32.0956 4696 crcdisk - ok
09:43:33.0066 4696 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
09:43:33.0066 4696 DfsC - ok
09:43:33.0128 4696 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:43:33.0128 4696 discache - ok
09:43:33.0190 4696 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
09:43:33.0190 4696 Disk - ok
09:43:33.0237 4696 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:43:33.0237 4696 drmkaud - ok
09:43:33.0284 4696 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
09:43:33.0300 4696 DXGKrnl - ok
09:43:33.0471 4696 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
09:43:33.0534 4696 ebdrv - ok
09:43:33.0612 4696 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
09:43:33.0612 4696 elxstor - ok
09:43:33.0658 4696 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
09:43:33.0658 4696 ErrDev - ok
09:43:33.0721 4696 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:43:33.0721 4696 exfat - ok
09:43:33.0783 4696 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:43:33.0783 4696 fastfat - ok
09:43:33.0830 4696 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
09:43:33.0830 4696 fdc - ok
09:43:33.0877 4696 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:43:33.0877 4696 FileInfo - ok
09:43:33.0924 4696 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:43:33.0924 4696 Filetrace - ok
09:43:33.0939 4696 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
09:43:33.0939 4696 flpydisk - ok
09:43:33.0986 4696 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
09:43:33.0986 4696 FltMgr - ok
09:43:34.0017 4696 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:43:34.0017 4696 FsDepends - ok
09:43:34.0064 4696 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
09:43:34.0080 4696 Fs_Rec - ok
09:43:34.0111 4696 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:43:34.0111 4696 fvevol - ok
09:43:34.0173 4696 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:43:34.0173 4696 gagp30kx - ok
09:43:34.0236 4696 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:43:34.0251 4696 GEARAspiWDM - ok
09:43:34.0282 4696 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:43:34.0282 4696 hcw85cir - ok
09:43:34.0360 4696 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
09:43:34.0376 4696 HdAudAddService - ok
09:43:34.0407 4696 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
09:43:34.0407 4696 HDAudBus - ok
09:43:34.0438 4696 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
09:43:34.0438 4696 HidBatt - ok
09:43:34.0470 4696 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
09:43:34.0470 4696 HidBth - ok
09:43:34.0501 4696 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
09:43:34.0501 4696 HidIr - ok
09:43:34.0579 4696 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
09:43:34.0579 4696 HidUsb - ok
09:43:34.0719 4696 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
09:43:34.0719 4696 HpqKbFiltr - ok
09:43:34.0782 4696 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
09:43:34.0782 4696 HpSAMD - ok
09:43:34.0891 4696 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
09:43:34.0922 4696 HSF_DPV - ok
09:43:34.0969 4696 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
09:43:34.0984 4696 HTTP - ok
09:43:35.0031 4696 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
09:43:35.0031 4696 hwpolicy - ok
09:43:35.0125 4696 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
09:43:35.0125 4696 i8042prt - ok
09:43:35.0187 4696 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
09:43:35.0187 4696 iaStorV - ok
09:43:35.0562 4696 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
09:43:35.0764 4696 igfx - ok
09:43:36.0014 4696 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
09:43:36.0014 4696 iirsp - ok
09:43:36.0092 4696 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
09:43:36.0092 4696 intelide - ok
09:43:36.0123 4696 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:43:36.0123 4696 intelppm - ok
09:43:36.0170 4696 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:43:36.0170 4696 IpFilterDriver - ok
09:43:36.0217 4696 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
09:43:36.0217 4696 IPMIDRV - ok
09:43:36.0264 4696 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:43:36.0279 4696 IPNAT - ok
09:43:36.0435 4696 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:43:36.0435 4696 IRENUM - ok
09:43:36.0451 4696 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
09:43:36.0451 4696 isapnp - ok
09:43:36.0482 4696 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
09:43:36.0482 4696 iScsiPrt - ok
09:43:36.0513 4696 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
09:43:36.0529 4696 kbdclass - ok
09:43:36.0576 4696 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
09:43:36.0576 4696 kbdhid - ok
09:43:36.0622 4696 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
09:43:36.0622 4696 KSecDD - ok
09:43:36.0669 4696 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
09:43:36.0669 4696 KSecPkg - ok
09:43:36.0685 4696 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:43:36.0685 4696 ksthunk - ok
09:43:36.0810 4696 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:43:36.0810 4696 lltdio - ok
09:43:36.0919 4696 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:43:36.0919 4696 LSI_FC - ok
09:43:36.0966 4696 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:43:36.0966 4696 LSI_SAS - ok
09:43:37.0012 4696 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:43:37.0012 4696 LSI_SAS2 - ok
09:43:37.0044 4696 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:43:37.0059 4696 LSI_SCSI - ok
09:43:37.0090 4696 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:43:37.0090 4696 luafv - ok
09:43:37.0231 4696 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:43:37.0231 4696 mdmxsdk - ok
09:43:37.0262 4696 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
09:43:37.0262 4696 megasas - ok
09:43:37.0309 4696 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
09:43:37.0309 4696 MegaSR - ok
09:43:37.0387 4696 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:43:37.0387 4696 Modem - ok
09:43:37.0449 4696 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:43:37.0449 4696 monitor - ok
09:43:37.0527 4696 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
09:43:37.0527 4696 mouclass - ok
09:43:37.0574 4696 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:43:37.0574 4696 mouhid - ok
09:43:37.0652 4696 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
09:43:37.0652 4696 mountmgr - ok
09:43:37.0699 4696 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
09:43:37.0699 4696 mpio - ok
09:43:37.0730 4696 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:43:37.0730 4696 mpsdrv - ok
09:43:37.0761 4696 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
09:43:37.0777 4696 MRxDAV - ok
09:43:37.0824 4696 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:43:37.0824 4696 mrxsmb - ok
09:43:37.0855 4696 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:43:37.0870 4696 mrxsmb10 - ok
09:43:37.0902 4696 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:43:37.0902 4696 mrxsmb20 - ok
09:43:37.0917 4696 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
09:43:37.0917 4696 msahci - ok
09:43:37.0995 4696 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
09:43:37.0995 4696 msdsm - ok
09:43:38.0042 4696 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:43:38.0042 4696 Msfs - ok
09:43:38.0073 4696 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:43:38.0073 4696 mshidkmdf - ok
09:43:38.0120 4696 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
09:43:38.0120 4696 msisadrv - ok
09:43:38.0182 4696 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:43:38.0182 4696 MSKSSRV - ok
09:43:38.0198 4696 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:43:38.0198 4696 MSPCLOCK - ok
09:43:38.0214 4696 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:43:38.0214 4696 MSPQM - ok
09:43:38.0260 4696 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
09:43:38.0276 4696 MsRPC - ok
09:43:38.0307 4696 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
09:43:38.0307 4696 mssmbios - ok
09:43:38.0338 4696 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:43:38.0338 4696 MSTEE - ok
09:43:38.0354 4696 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
09:43:38.0370 4696 MTConfig - ok
09:43:38.0432 4696 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:43:38.0432 4696 Mup - ok
09:43:38.0494 4696 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:43:38.0494 4696 NativeWifiP - ok
09:43:38.0557 4696 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
09:43:38.0572 4696 NDIS - ok
09:43:38.0604 4696 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:43:38.0604 4696 NdisCap - ok
09:43:38.0650 4696 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:43:38.0650 4696 NdisTapi - ok
09:43:38.0666 4696 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
09:43:38.0666 4696 Ndisuio - ok
09:43:38.0744 4696 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
09:43:38.0744 4696 NdisWan - ok
09:43:38.0791 4696 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
09:43:38.0791 4696 NDProxy - ok
09:43:38.0884 4696 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:43:38.0884 4696 NetBIOS - ok
09:43:38.0931 4696 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
09:43:38.0947 4696 NetBT - ok
09:43:39.0103 4696 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
09:43:39.0150 4696 netw5v64 - ok
09:43:39.0228 4696 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
09:43:39.0228 4696 nfrd960 - ok
09:43:39.0274 4696 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:43:39.0274 4696 Npfs - ok
09:43:39.0321 4696 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:43:39.0321 4696 nsiproxy - ok
09:43:39.0399 4696 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
09:43:39.0415 4696 Ntfs - ok
09:43:39.0430 4696 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:43:39.0430 4696 Null - ok
09:43:39.0477 4696 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
09:43:39.0477 4696 nvraid - ok
09:43:39.0508 4696 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
09:43:39.0508 4696 nvstor - ok
09:43:39.0540 4696 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
09:43:39.0540 4696 nv_agp - ok
09:43:39.0602 4696 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
09:43:39.0602 4696 ohci1394 - ok
09:43:39.0696 4696 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
09:43:39.0696 4696 Parport - ok
09:43:39.0742 4696 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
09:43:39.0742 4696 partmgr - ok
09:43:39.0774 4696 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
09:43:39.0774 4696 pci - ok
09:43:39.0805 4696 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
09:43:39.0805 4696 pciide - ok
09:43:39.0852 4696 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
09:43:39.0852 4696 pcmcia - ok
09:43:39.0883 4696 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:43:39.0883 4696 pcw - ok
09:43:39.0930 4696 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:43:39.0945 4696 PEAUTH - ok
09:43:40.0117 4696 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
09:43:40.0117 4696 PptpMiniport - ok
09:43:40.0148 4696 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
09:43:40.0148 4696 Processor - ok
09:43:40.0226 4696 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
09:43:40.0226 4696 Psched - ok
09:43:40.0288 4696 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
09:43:40.0304 4696 ql2300 - ok
09:43:40.0351 4696 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
09:43:40.0351 4696 ql40xx - ok
09:43:40.0413 4696 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:43:40.0413 4696 QWAVEdrv - ok
09:43:40.0429 4696 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:43:40.0429 4696 RasAcd - ok
09:43:40.0460 4696 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:43:40.0460 4696 RasAgileVpn - ok
09:43:40.0507 4696 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:43:40.0507 4696 Rasl2tp - ok
09:43:40.0554 4696 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:43:40.0554 4696 RasPppoe - ok
09:43:40.0585 4696 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:43:40.0585 4696 RasSstp - ok
09:43:40.0616 4696 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
09:43:40.0616 4696 rdbss - ok
09:43:40.0647 4696 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:43:40.0647 4696 rdpbus - ok
09:43:40.0678 4696 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:43:40.0678 4696 RDPCDD - ok
09:43:40.0741 4696 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:43:40.0741 4696 RDPENCDD - ok
09:43:40.0788 4696 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:43:40.0788 4696 RDPREFMP - ok
09:43:40.0834 4696 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
09:43:40.0834 4696 RDPWD - ok
09:43:40.0881 4696 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
09:43:40.0881 4696 rdyboost - ok
09:43:40.0975 4696 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:43:40.0975 4696 rspndr - ok
09:43:41.0068 4696 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\System32\Drivers\RtsUStor.sys
09:43:41.0100 4696 RSUSBSTOR - ok
09:43:41.0209 4696 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
09:43:41.0224 4696 RTL8167 - ok
09:43:41.0287 4696 RtsUIR - ok
09:43:41.0349 4696 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
09:43:41.0349 4696 sbp2port - ok
09:43:41.0412 4696 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
09:43:41.0412 4696 scfilter - ok
09:43:41.0474 4696 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
09:43:41.0474 4696 sdbus - ok
09:43:41.0661 4696 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:43:41.0661 4696 secdrv - ok
09:43:41.0724 4696 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:43:41.0724 4696 Serenum - ok
09:43:41.0755 4696 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:43:41.0755 4696 Serial - ok
09:43:41.0786 4696 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
09:43:41.0786 4696 sermouse - ok
09:43:41.0911 4696 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
09:43:41.0911 4696 sffdisk - ok
09:43:41.0942 4696 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
09:43:41.0942 4696 sffp_mmc - ok
09:43:41.0958 4696 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
09:43:41.0973 4696 sffp_sd - ok
09:43:42.0004 4696 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
09:43:42.0004 4696 sfloppy - ok
09:43:42.0067 4696 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:43:42.0067 4696 SiSRaid2 - ok
09:43:42.0129 4696 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
09:43:42.0160 4696 SiSRaid4 - ok
09:43:42.0238 4696 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:43:42.0254 4696 Smb - ok
09:43:42.0348 4696 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:43:42.0348 4696 spldr - ok
09:43:42.0410 4696 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
09:43:42.0410 4696 srv - ok
09:43:42.0457 4696 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
09:43:42.0472 4696 srv2 - ok
09:43:42.0504 4696 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
09:43:42.0504 4696 SrvHsfHDA - ok
09:43:42.0550 4696 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
09:43:42.0566 4696 SrvHsfV92 - ok
09:43:42.0613 4696 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
09:43:42.0628 4696 SrvHsfWinac - ok
09:43:42.0706 4696 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
09:43:42.0706 4696 srvnet - ok
09:43:42.0769 4696 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
09:43:42.0769 4696 stexstor - ok
09:43:42.0831 4696 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
09:43:42.0831 4696 StillCam - ok
09:43:42.0878 4696 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
09:43:42.0878 4696 swenum - ok
09:43:42.0940 4696 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
09:43:42.0940 4696 SynTP - ok
09:43:43.0096 4696 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
09:43:43.0112 4696 Tcpip - ok
09:43:43.0159 4696 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
09:43:43.0174 4696 TCPIP6 - ok
09:43:43.0206 4696 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
09:43:43.0206 4696 tcpipreg - ok
09:43:43.0252 4696 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:43:43.0252 4696 TDPIPE - ok
09:43:43.0284 4696 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
09:43:43.0284 4696 TDTCP - ok
09:43:43.0346 4696 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
09:43:43.0346 4696 tdx - ok
09:43:43.0393 4696 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
09:43:43.0408 4696 TermDD - ok
09:43:43.0518 4696 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:43:43.0518 4696 tssecsrv - ok
09:43:43.0580 4696 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
09:43:43.0580 4696 TsUsbFlt - ok
09:43:43.0627 4696 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
09:43:43.0642 4696 tunnel - ok
09:43:43.0674 4696 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
09:43:43.0674 4696 uagp35 - ok
09:43:43.0720 4696 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
09:43:43.0720 4696 udfs - ok
09:43:43.0845 4696 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
09:43:43.0845 4696 uliagpkx - ok
09:43:43.0892 4696 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
09:43:43.0892 4696 umbus - ok
09:43:43.0939 4696 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:43:43.0939 4696 UmPass - ok
09:43:43.0986 4696 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
09:43:43.0986 4696 USBAAPL64 - ok
09:43:44.0017 4696 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
09:43:44.0017 4696 usbccgp - ok
09:43:44.0048 4696 USBCCID - ok
09:43:44.0079 4696 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
09:43:44.0079 4696 usbcir - ok
09:43:44.0110 4696 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
09:43:44.0110 4696 usbehci - ok
09:43:44.0142 4696 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
09:43:44.0142 4696 usbhub - ok
09:43:44.0235 4696 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
09:43:44.0235 4696 usbohci - ok
09:43:44.0266 4696 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:43:44.0266 4696 usbprint - ok
09:43:44.0313 4696 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
09:43:44.0313 4696 usbscan - ok
09:43:44.0344 4696 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:43:44.0344 4696 USBSTOR - ok
09:43:44.0376 4696 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
09:43:44.0376 4696 usbuhci - ok
09:43:44.0422 4696 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
09:43:44.0438 4696 vdrvroot - ok
09:43:44.0469 4696 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:43:44.0469 4696 vga - ok
09:43:44.0500 4696 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:43:44.0500 4696 VgaSave - ok
09:43:44.0532 4696 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
09:43:44.0532 4696 vhdmp - ok
09:43:44.0563 4696 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
09:43:44.0563 4696 viaide - ok
09:43:44.0625 4696 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
09:43:44.0625 4696 volmgr - ok
09:43:44.0688 4696 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
09:43:44.0688 4696 volmgrx - ok
09:43:44.0719 4696 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
09:43:44.0734 4696 volsnap - ok
09:43:44.0766 4696 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
09:43:44.0766 4696 vsmraid - ok
09:43:44.0812 4696 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
09:43:44.0812 4696 vwifibus - ok
09:43:44.0828 4696 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
09:43:44.0828 4696 vwififlt - ok
09:43:44.0859 4696 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
09:43:44.0859 4696 vwifimp - ok
09:43:44.0922 4696 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
09:43:44.0922 4696 WacomPen - ok
09:43:44.0984 4696 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:43:44.0984 4696 WANARP - ok
09:43:45.0015 4696 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:43:45.0015 4696 Wanarpv6 - ok
09:43:45.0109 4696 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
09:43:45.0109 4696 Wd - ok
09:43:45.0140 4696 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:43:45.0156 4696 Wdf01000 - ok
09:43:45.0218 4696 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:43:45.0218 4696 WfpLwf - ok
09:43:45.0249 4696 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:43:45.0249 4696 WIMMount - ok
09:43:45.0312 4696 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
09:43:45.0327 4696 winachsf - ok
09:43:45.0468 4696 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
09:43:45.0468 4696 WinUsb - ok
09:43:45.0499 4696 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
09:43:45.0499 4696 WmiAcpi - ok
09:43:45.0577 4696 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:43:45.0577 4696 ws2ifsl - ok
09:43:45.0639 4696 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
09:43:45.0655 4696 WudfPf - ok
09:43:45.0686 4696 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:43:45.0702 4696 WUDFRd - ok
09:43:45.0748 4696 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
09:43:45.0748 4696 XAudio - ok
09:43:45.0826 4696 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
09:43:45.0826 4696 yukonw7 - ok
09:43:45.0889 4696 MBR (0x1B8) (255087f687b9079c823af15f2c5366f8) \Device\Harddisk0\DR0
09:43:45.0920 4696 \Device\Harddisk0\DR0 - ok
09:43:45.0951 4696 Boot (0x1200) (7722dc9121596e2e07e41a6f74497570) \Device\Harddisk0\DR0\Partition0
09:43:45.0951 4696 \Device\Harddisk0\DR0\Partition0 - ok
09:43:45.0967 4696 Boot (0x1200) (74681c72af7fa20eb4bccd3c92a041b7) \Device\Harddisk0\DR0\Partition1
09:43:45.0967 4696 \Device\Harddisk0\DR0\Partition1 - ok
09:43:46.0014 4696 Boot (0x1200) (962281e06c378f28ec8bef59d9f4dbab) \Device\Harddisk0\DR0\Partition2
09:43:46.0014 4696 \Device\Harddisk0\DR0\Partition2 - ok
09:43:46.0014 4696 ============================================================
09:43:46.0014 4696 Scan finished
09:43:46.0014 4696 ============================================================
09:43:46.0029 4688 Detected object count: 0
09:43:46.0029 4688 Actual detected object count: 0
Hi,
Run aswMBR again just to scan and post a new log please
runnerred94
2012-02-15, 20:26
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-15 13:03:42
-----------------------------
13:03:42.709 OS Version: Windows x64 6.1.7601 Service Pack 1
13:03:42.709 Number of processors: 1 586 0x170A
13:03:42.709 ComputerName: MELISSA-PC UserName: melissa
13:03:43.723 Initialize success
13:04:59.021 AVAST engine defs: 12021500
13:05:00.503 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:05:00.503 Disk 0 Vendor: TOSHIBA_MK2556GSY LH003C Size: 238475MB BusType: 11
13:05:00.518 Disk 0 MBR read successfully
13:05:00.518 Disk 0 MBR scan
13:05:00.534 Disk 0 unknown MBR code
13:05:00.534 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
13:05:00.550 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 225481 MB offset 409600
13:05:00.581 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12793 MB offset 462194688
13:05:00.581 Service scanning
13:05:01.829 Modules scanning
13:05:01.829 Disk 0 trace - called modules:
13:05:01.860 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
13:05:01.860 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002718600]
13:05:01.938 3 CLASSPNP.SYS[fffff880010b143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800226d060]
13:05:03.638 AVAST engine scan C:\Windows
13:05:05.042 AVAST engine scan C:\Windows\system32
13:29:22.462 AVAST engine scan C:\Windows\system32\drivers
13:29:40.230 AVAST engine scan C:\Users\melissa
13:32:29.288 AVAST engine scan C:\ProgramData
13:34:37.865 Scan finished successfully
14:25:42.352 Disk 0 MBR has been saved successfully to "C:\Users\melissa\Desktop\MBR.dat"
14:25:42.383 The log file has been saved successfully to "C:\Users\melissa\Desktop\aswMBR.txt"
14:25:56.951 Disk 0 MBR has been saved successfully to "C:\Users\melissa\Desktop\MBR.dat"
14:25:56.951 The log file has been saved successfully to "C:\Users\melissa\Desktop\aswMBR.txt"
Hi,
Outside of losing all your pictures , how are things running in General ? When where done I can link you to a windows forum that maybe able to help you get some of your files back
runnerred94
2012-02-15, 23:01
Every thing looks great. I tried show hidden files again after the last scan and they are all there except the ones labeled java files. I greatly appreciate all the time you have taken helping some one you do not know. I would love to learn how to help people like this one day.
FYI
C:\Windows\svchost.exe This file is legit if it was in the system32 folder but where it is in the windows folder its a virus.
You where infected with a TDL4 which is a variant of the TDSS Rootkit, not nice.
I would at this point advise you to change all your passwords for sites that you frequent, especially sites that you may shop at or do any online banking.
Post back in a few days and let me know how its going
Another FYI
http://forums.whatthetech.com/index.php?showtopic=80368
runnerred94
2012-02-15, 23:18
Already changed them when I saw she had a problem. So am I clean then sir?
You look ok so far, but lets check for leftovers
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
runnerred94
2012-02-16, 00:46
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm
C:\TDSSKiller_Quarantine\14.02.2012_20.45.38\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\14.02.2012_20.45.38\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.X trojan
C:\TDSSKiller_Quarantine\14.02.2012_20.45.38\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.ID trojan
C:\TDSSKiller_Quarantine\14.02.2012_20.45.38\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AC trojan
C:\TDSSKiller_Quarantine\14.02.2012_20.45.38\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\14.02.2012_20.45.38\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.Z trojan
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm
C:\Users\melissa\AppData\Local\Temp\ICReinstall\cnet_PandoraRecovery2_1_1Setup_exe.exe a variant of Win32/InstallCore.D application
All those files are in Quarantine from the programs we have run and are harmless where there at.
Open up Spybot and go to the recovery folder and delete it all
Any other problems ?
runnerred94
2012-02-16, 00:57
No other problems.
Wonderfull,
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
runnerred94
2012-02-16, 01:40
Thank you so much sir I will look into that school. I really appreciate your help.
Your very welcome,
Take care my friend
Ken :)