Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 38

Thread: Click.GiftLoad problem.

  1. #21
    Junior Member
    Join Date
    Mar 2011
    Posts
    21

    Default

    Here's the RKU report. I've attached it as a .zip file, since it was too big to post as a reply, and the report itself was too large to attach.

  2. #22
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,167

    Default

    Hi.

    Please go to my file submission channel here.

    Next to the box:- Link to topic where this file was requested: Add in the below:-
    Code:
    http://forums.spybot.info/showthread.php?t=61939
    Next to the box: Browse to the file you want to submit: click on the Browse... tab and navigate to the below:-

    C:\Windows\System32\Drivers\sphz.sys

    Then click on the Send File tab. I will be notified when the file has been uploaded and checked.

    Next:

    Are you using a Router at all?
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  3. #23
    Junior Member
    Join Date
    Mar 2011
    Posts
    21

    Default

    C:\Windows\System32\Drivers\sphz.sys
    I can't seem to find that file. I have my folders set to show hidden files/folders, but when I search through the Drivers folder, I cannot find sphz.sys. I even did a search and it turned up nothing but the RKU Report (since it was mentioned in it).

    Are you using a Router at all?
    Yes, a Westell router. My computer is connected to it via a wireless USB adapter.

  4. #24
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,167

    Default

    Hi.

    OK let see if we can locate the file as follows...

    Please download SystemLook from one of the links below and save it to your Desktop.

    Download Mirror #1
    Download Mirror #2

    • Right-click SystemLook.exe select Run as Administrator to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :filefind
      sphz.sys
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt

    Router Advice:

    OK at this juncture I think it would be prudent to actually reset your Router and apply a new admin password. If the default password is retained, a remote attacker can install his own server address in between you and your Internet Service Provider. (The default passwords are published). If you go into the router installation routine, you can take a quick look at the IP addresses in the router setup to make sure no extras have been added.

    Ensure the NAT(Network Address Translation) Firewall is active. Since a actual Wireless Router, check it is secure....Further information about this can be read here. Finally check for any firmware updates.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  5. #25
    Junior Member
    Join Date
    Mar 2011
    Posts
    21

    Default

    SystemLook Log:

    SystemLook 04.09.10 by jpshortstuff
    Log created at 13:15 on 26/03/2011 by Justin
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "sphz.sys"
    No files found.

    -= EOF =-

    And I've completed the recommended Router reset.

  6. #26
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,167

    Default

    Hi.

    Most strange the file not found though RKUnhooker claims it is there, upon further research it appears to be either Apple and or Intel related. Though never actually come across the driver myself before hence I wanted a check with it. Quite possible is is hidden even with system files revealed etc. Anyway we can come back to this if the need.

    And I've completed the recommended Router reset.
    Good.

    Any further issues? Still search engine redirects?
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  7. #27
    Junior Member
    Join Date
    Mar 2011
    Posts
    21

    Default

    Any further issues? Still search engine redirects?
    Yes, almost every time. And once or twice I've had the browser freeze issue.

  8. #28
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,167

    Default

    Hi.

    Yes, almost every time. And once or twice I've had the browser freeze issue.
    OK, we will check this out further as follows...

    Scan with TDSSKiller:

    Please download TDSSKiller.zip and extract (unzip) it to your Desktop.

    • Right-click on TDSSKiller.exe and select Run as Administrator to launch it.
    • Click on Start Scan, the scan will run.
    • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
    • To find the log go to Start > Computer > C:
    • Post the contents of that log in your next reply please.
    Note: Do not have TDSSKiller remove anything if found at this point in time!

    Scan with aswMBR:

    Please download aswMBR.exe to your desktop.

    Right-click the aswMBR.exe select Run as Administrator to run it



    Click the "Scan" button to start scan




    On completion of the scan click save log, save it to your desktop and post in your next reply

    Note: There will also be a file on your desktop named MBR.dat(or similar) do not delete this for now it is a actual backup of the MBR(master boot record).
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  9. #29
    Junior Member
    Join Date
    Mar 2011
    Posts
    21

    Default

    TDSSKiller Log:

    2011/03/27 09:24:17.0750 6140 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
    2011/03/27 09:24:18.0249 6140 ================================================================================
    2011/03/27 09:24:18.0249 6140 SystemInfo:
    2011/03/27 09:24:18.0249 6140
    2011/03/27 09:24:18.0249 6140 OS Version: 6.1.7600 ServicePack: 0.0
    2011/03/27 09:24:18.0249 6140 Product type: Workstation
    2011/03/27 09:24:18.0249 6140 ComputerName: VEDA
    2011/03/27 09:24:18.0249 6140 UserName: Justin
    2011/03/27 09:24:18.0249 6140 Windows directory: C:\Windows
    2011/03/27 09:24:18.0249 6140 System windows directory: C:\Windows
    2011/03/27 09:24:18.0249 6140 Processor architecture: Intel x86
    2011/03/27 09:24:18.0249 6140 Number of processors: 2
    2011/03/27 09:24:18.0249 6140 Page size: 0x1000
    2011/03/27 09:24:18.0249 6140 Boot type: Normal boot
    2011/03/27 09:24:18.0249 6140 ================================================================================
    2011/03/27 09:24:25.0144 6140 Initialize success
    2011/03/27 09:24:31.0337 4356 ================================================================================
    2011/03/27 09:24:31.0337 4356 Scan started
    2011/03/27 09:24:31.0337 4356 Mode: Manual;
    2011/03/27 09:24:31.0337 4356 ================================================================================
    2011/03/27 09:24:33.0412 4356 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/03/27 09:24:33.0490 4356 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/03/27 09:24:33.0521 4356 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/03/27 09:24:33.0584 4356 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/03/27 09:24:33.0646 4356 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/03/27 09:24:33.0693 4356 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/03/27 09:24:33.0771 4356 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
    2011/03/27 09:24:33.0818 4356 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    2011/03/27 09:24:33.0927 4356 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    2011/03/27 09:24:34.0036 4356 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    2011/03/27 09:24:34.0098 4356 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    2011/03/27 09:24:34.0161 4356 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    2011/03/27 09:24:34.0208 4356 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/03/27 09:24:34.0270 4356 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/03/27 09:24:34.0379 4356 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
    2011/03/27 09:24:34.0442 4356 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/03/27 09:24:34.0504 4356 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
    2011/03/27 09:24:34.0535 4356 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    2011/03/27 09:24:34.0644 4356 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    2011/03/27 09:24:34.0707 4356 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/03/27 09:24:34.0800 4356 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/03/27 09:24:34.0847 4356 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    2011/03/27 09:24:34.0988 4356 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    2011/03/27 09:24:35.0066 4356 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2011/03/27 09:24:35.0175 4356 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    2011/03/27 09:24:35.0315 4356 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/03/27 09:24:35.0378 4356 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
    2011/03/27 09:24:35.0424 4356 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/03/27 09:24:35.0487 4356 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/03/27 09:24:35.0565 4356 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    2011/03/27 09:24:35.0612 4356 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/03/27 09:24:35.0674 4356 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/03/27 09:24:35.0721 4356 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/03/27 09:24:35.0814 4356 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/03/27 09:24:35.0955 4356 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/03/27 09:24:36.0017 4356 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/03/27 09:24:36.0064 4356 cfwids (7e6f7da1c4de5680820f964562548949) C:\Windows\system32\drivers\cfwids.sys
    2011/03/27 09:24:36.0251 4356 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    2011/03/27 09:24:36.0314 4356 CLBStor (cc82215750723d839dbc5d2d625fc130) C:\Windows\system32\drivers\CLBStor.sys
    2011/03/27 09:24:36.0423 4356 CLBUDFR (c002f79e6ee9bdf442514435c3d2bcb6) C:\Windows\system32\drivers\CLBUDFR.sys
    2011/03/27 09:24:36.0579 4356 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    2011/03/27 09:24:36.0688 4356 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/03/27 09:24:36.0719 4356 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/03/27 09:24:36.0766 4356 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    2011/03/27 09:24:36.0813 4356 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/03/27 09:24:36.0860 4356 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/03/27 09:24:36.0906 4356 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/03/27 09:24:37.0078 4356 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
    2011/03/27 09:24:37.0140 4356 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    2011/03/27 09:24:37.0187 4356 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    2011/03/27 09:24:37.0296 4356 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
    2011/03/27 09:24:37.0359 4356 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    2011/03/27 09:24:37.0390 4356 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
    2011/03/27 09:24:37.0468 4356 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    2011/03/27 09:24:37.0530 4356 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/03/27 09:24:37.0718 4356 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    2011/03/27 09:24:37.0998 4356 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/03/27 09:24:38.0061 4356 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    2011/03/27 09:24:38.0154 4356 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    2011/03/27 09:24:38.0186 4356 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    2011/03/27 09:24:38.0279 4356 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    2011/03/27 09:24:38.0326 4356 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    2011/03/27 09:24:38.0404 4356 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    2011/03/27 09:24:38.0466 4356 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/03/27 09:24:38.0529 4356 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    2011/03/27 09:24:38.0591 4356 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    2011/03/27 09:24:38.0669 4356 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/03/27 09:24:38.0747 4356 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/03/27 09:24:38.0966 4356 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/03/27 09:24:39.0028 4356 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
    2011/03/27 09:24:39.0200 4356 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    2011/03/27 09:24:39.0262 4356 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/03/27 09:24:39.0309 4356 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/03/27 09:24:39.0356 4356 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/03/27 09:24:39.0434 4356 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    2011/03/27 09:24:39.0558 4356 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/03/27 09:24:39.0761 4356 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/03/27 09:24:39.0855 4356 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    2011/03/27 09:24:39.0933 4356 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    2011/03/27 09:24:39.0980 4356 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/03/27 09:24:40.0104 4356 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
    2011/03/27 09:24:40.0323 4356 igfx (c4097c4f60b7603b77e36715663d56eb) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2011/03/27 09:24:40.0619 4356 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/03/27 09:24:40.0822 4356 IntcAzAudAddService (5d26ccb06e1f3b5c26e863df3f4f2611) C:\Windows\system32\drivers\RTKVHDA.sys
    2011/03/27 09:24:40.0978 4356 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    2011/03/27 09:24:41.0025 4356 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/03/27 09:24:41.0072 4356 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/03/27 09:24:41.0150 4356 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/03/27 09:24:41.0212 4356 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    2011/03/27 09:24:41.0306 4356 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    2011/03/27 09:24:41.0352 4356 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/03/27 09:24:41.0399 4356 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/03/27 09:24:41.0524 4356 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/03/27 09:24:41.0586 4356 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/03/27 09:24:41.0618 4356 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
    2011/03/27 09:24:41.0711 4356 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/03/27 09:24:42.0086 4356 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/03/27 09:24:42.0148 4356 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/03/27 09:24:42.0210 4356 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/03/27 09:24:42.0273 4356 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/03/27 09:24:42.0320 4356 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/03/27 09:24:42.0366 4356 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    2011/03/27 09:24:42.0554 4356 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    2011/03/27 09:24:42.0616 4356 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/03/27 09:24:42.0678 4356 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\Windows\system32\drivers\mfeapfk.sys
    2011/03/27 09:24:42.0756 4356 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\Windows\system32\drivers\mfeavfk.sys
    2011/03/27 09:24:42.0959 4356 mfebopk (19161b1796cf74a6a326abde309062ba) C:\Windows\system32\drivers\mfebopk.sys
    2011/03/27 09:24:43.0053 4356 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\Windows\system32\drivers\mfefirek.sys
    2011/03/27 09:24:43.0146 4356 mfehidk (0efab2b91b27543fe589de700de07136) C:\Windows\system32\drivers\mfehidk.sys
    2011/03/27 09:24:43.0318 4356 mfenlfk (b4022e16569bbd1a85e68e7e78e68880) C:\Windows\system32\DRIVERS\mfenlfk.sys
    2011/03/27 09:24:43.0474 4356 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\Windows\system32\drivers\mferkdet.sys
    2011/03/27 09:24:43.0661 4356 mfewfpk (183f32c79d1693170df3baecec611125) C:\Windows\system32\drivers\mfewfpk.sys
    2011/03/27 09:24:43.0864 4356 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    2011/03/27 09:24:43.0942 4356 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    2011/03/27 09:24:43.0989 4356 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/03/27 09:24:44.0082 4356 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/03/27 09:24:44.0129 4356 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    2011/03/27 09:24:44.0160 4356 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    2011/03/27 09:24:44.0192 4356 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    2011/03/27 09:24:44.0285 4356 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    2011/03/27 09:24:44.0363 4356 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/03/27 09:24:44.0504 4356 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/03/27 09:24:44.0691 4356 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/03/27 09:24:44.0894 4356 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    2011/03/27 09:24:44.0956 4356 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/03/27 09:24:45.0034 4356 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    2011/03/27 09:24:45.0065 4356 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/03/27 09:24:45.0128 4356 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/03/27 09:24:45.0252 4356 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/03/27 09:24:45.0315 4356 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/03/27 09:24:45.0362 4356 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    2011/03/27 09:24:45.0424 4356 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    2011/03/27 09:24:45.0486 4356 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/03/27 09:24:45.0518 4356 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    2011/03/27 09:24:45.0580 4356 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/03/27 09:24:45.0627 4356 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    2011/03/27 09:24:45.0736 4356 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/03/27 09:24:45.0798 4356 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
    2011/03/27 09:24:45.0845 4356 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/03/27 09:24:45.0908 4356 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/03/27 09:24:45.0954 4356 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/03/27 09:24:46.0017 4356 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/03/27 09:24:46.0064 4356 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    2011/03/27 09:24:46.0157 4356 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    2011/03/27 09:24:46.0204 4356 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
    2011/03/27 09:24:46.0313 4356 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/03/27 09:24:46.0469 4356 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    2011/03/27 09:24:46.0516 4356 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    2011/03/27 09:24:46.0610 4356 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
    2011/03/27 09:24:46.0750 4356 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    2011/03/27 09:24:46.0859 4356 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
    2011/03/27 09:24:46.0890 4356 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
    2011/03/27 09:24:46.0984 4356 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/03/27 09:24:47.0046 4356 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/03/27 09:24:47.0171 4356 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    2011/03/27 09:24:47.0218 4356 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    2011/03/27 09:24:47.0280 4356 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    2011/03/27 09:24:47.0390 4356 PCD5SRVC{BD6912E3-AC9D80E8-05040000} (77a76c2da7c9431024b299ef7700dd4f) C:\Program Files\PC-Doctor 5 for Windows\pcd5srvc.pkms
    2011/03/27 09:24:47.0748 4356 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    2011/03/27 09:24:47.0811 4356 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    2011/03/27 09:24:47.0873 4356 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/03/27 09:24:47.0936 4356 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    2011/03/27 09:24:47.0982 4356 PdiPorts (18ed1d71fef6f71d38c24263500bbd01) C:\Windows\system32\Drivers\PdiPorts.sys
    2011/03/27 09:24:48.0138 4356 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    2011/03/27 09:24:48.0279 4356 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/03/27 09:24:48.0326 4356 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    2011/03/27 09:24:48.0450 4356 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    2011/03/27 09:24:48.0544 4356 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/03/27 09:24:48.0747 4356 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/03/27 09:24:48.0825 4356 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    2011/03/27 09:24:48.0856 4356 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/03/27 09:24:48.0965 4356 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/03/27 09:24:49.0043 4356 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/03/27 09:24:49.0152 4356 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/03/27 09:24:49.0246 4356 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/03/27 09:24:49.0308 4356 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/03/27 09:24:49.0386 4356 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/03/27 09:24:49.0418 4356 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/03/27 09:24:49.0542 4356 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    2011/03/27 09:24:49.0589 4356 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    2011/03/27 09:24:49.0636 4356 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
    2011/03/27 09:24:49.0792 4356 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    2011/03/27 09:24:49.0917 4356 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/03/27 09:24:49.0979 4356 RTL8169 (5163f804256deb8cf1ef64b780a18caa) C:\Windows\system32\DRIVERS\Rtlh86.sys
    2011/03/27 09:24:50.0182 4356 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/03/27 09:24:50.0229 4356 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/03/27 09:24:50.0276 4356 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/03/27 09:24:50.0385 4356 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    2011/03/27 09:24:50.0432 4356 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    2011/03/27 09:24:50.0494 4356 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/03/27 09:24:50.0556 4356 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/03/27 09:24:50.0603 4356 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/03/27 09:24:50.0666 4356 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/03/27 09:24:50.0728 4356 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/03/27 09:24:50.0822 4356 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    2011/03/27 09:24:50.0884 4356 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/03/27 09:24:50.0946 4356 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/03/27 09:24:50.0993 4356 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    2011/03/27 09:24:51.0071 4356 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    2011/03/27 09:24:51.0149 4356 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
    2011/03/27 09:24:51.0149 4356 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    2011/03/27 09:24:51.0149 4356 sptd - detected Locked file (1)
    2011/03/27 09:24:51.0243 4356 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
    2011/03/27 09:24:51.0383 4356 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
    2011/03/27 09:24:51.0492 4356 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/03/27 09:24:51.0711 4356 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/03/27 09:24:51.0820 4356 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    2011/03/27 09:24:51.0929 4356 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
    2011/03/27 09:24:52.0194 4356 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/03/27 09:24:52.0288 4356 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    2011/03/27 09:24:52.0553 4356 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    2011/03/27 09:24:52.0600 4356 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
    2011/03/27 09:24:52.0694 4356 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    2011/03/27 09:24:52.0725 4356 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    2011/03/27 09:24:52.0896 4356 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/03/27 09:24:52.0974 4356 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/03/27 09:24:53.0037 4356 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\Windows\system32\DRIVERS\TVICHW32.SYS
    2011/03/27 09:24:53.0130 4356 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/03/27 09:24:53.0193 4356 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
    2011/03/27 09:24:53.0271 4356 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/03/27 09:24:53.0333 4356 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    2011/03/27 09:24:53.0380 4356 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    2011/03/27 09:24:53.0474 4356 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
    2011/03/27 09:24:53.0614 4356 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/03/27 09:24:53.0661 4356 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/03/27 09:24:53.0723 4356 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/03/27 09:24:53.0786 4356 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/03/27 09:24:53.0864 4356 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/03/27 09:24:53.0910 4356 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/03/27 09:24:53.0988 4356 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/03/27 09:24:54.0051 4356 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/03/27 09:24:54.0113 4356 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/03/27 09:24:54.0176 4356 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/03/27 09:24:54.0285 4356 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/03/27 09:24:54.0332 4356 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    2011/03/27 09:24:54.0425 4356 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/03/27 09:24:54.0534 4356 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    2011/03/27 09:24:54.0628 4356 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    2011/03/27 09:24:54.0690 4356 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    2011/03/27 09:24:54.0768 4356 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/03/27 09:24:54.0924 4356 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    2011/03/27 09:24:54.0987 4356 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/03/27 09:24:55.0112 4356 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/03/27 09:24:55.0221 4356 VSTHWBS2 (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS
    2011/03/27 09:24:55.0299 4356 VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
    2011/03/27 09:24:55.0392 4356 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    2011/03/27 09:24:55.0455 4356 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/03/27 09:24:55.0502 4356 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/03/27 09:24:55.0533 4356 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/03/27 09:24:55.0767 4356 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    2011/03/27 09:24:55.0860 4356 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2011/03/27 09:24:56.0048 4356 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/03/27 09:24:56.0094 4356 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    2011/03/27 09:24:56.0172 4356 winachsf (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
    2011/03/27 09:24:56.0313 4356 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/03/27 09:24:56.0391 4356 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/03/27 09:24:56.0578 4356 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/03/27 09:24:56.0656 4356 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    2011/03/27 09:24:56.0874 4356 XG762_VS (be701d39fb0543083ddf74227638bcf3) C:\Windows\system32\DRIVERS\WlanGZG.sys
    2011/03/27 09:24:57.0030 4356 ZY202_XP (6d0b121fe665626d266678ea97c75622) C:\Windows\system32\DRIVERS\WlanUZXP.sys
    2011/03/27 09:24:57.0233 4356 {95808DC4-FA4A-4C74-92FE-5B863F82066B} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD\000.fcl
    2011/03/27 09:24:58.0450 4356 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/03/27 09:24:58.0497 4356 ================================================================================
    2011/03/27 09:24:58.0497 4356 Scan finished
    2011/03/27 09:24:58.0497 4356 ================================================================================
    2011/03/27 09:24:58.0512 4292 Detected object count: 2
    2011/03/27 09:25:14.0066 4292 Locked file(sptd) - User select action: Skip
    2011/03/27 09:25:14.0081 4292 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Skip

  10. #30
    Junior Member
    Join Date
    Mar 2011
    Posts
    21

    Default

    aswMBR Log:

    aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
    Run date: 2011-03-27 09:26:59
    -----------------------------
    09:26:59.623 OS Version: Windows 6.1.7600
    09:26:59.623 Number of processors: 2 586 0xF0D
    09:26:59.623 ComputerName: VEDA UserName:
    09:27:00.856 Initialize success
    09:27:12.915 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdePort0
    09:27:12.915 Disk 0 Vendor: ST3360320AS 3.CHN Size: 343399MB BusType: 3
    09:27:12.930 Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskST3360320AS_____________________________3.CHN___#5&2aa567a1&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
    09:27:14.943 Disk 0 MBR read successfully
    09:27:14.943 Disk 0 MBR scan
    09:27:14.943 Disk 0 TDL4@MBR code has been found
    09:27:14.958 Disk 0 MBR hidden
    09:27:14.958 Disk 0 MBR [TDL4] **ROOTKIT**
    09:27:14.974 Disk 0 trace - called modules:
    09:27:14.974 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x868e6439]<<
    09:27:14.989 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868c7030]
    09:27:14.989 3 CLASSPNP.SYS[899bd59e] -> nt!IofCallDriver -> [0x86764918]
    09:27:14.989 5 ACPI.sys[83bbc3b2] -> nt!IofCallDriver -> \IdeDeviceP0T0L0-0[0x86798908]
    09:27:15.005 \Driver\atapi[0x868c9358] -> IRP_MJ_CREATE -> 0x868e6439
    09:27:15.520 Scan finished successfully

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •