[A] "Windows delayed write failed" pop-ups, files missing, fake "Windows security"

Inactive
By jellybeans07
Nov 19, 2011
Topic Status:
Not open for further replies.
  1. Hello- so just a little background- I have Windows Vista on my HP laptop with McAfee Virus software. I'm not sure if all of the symptoms I'm experiencing are related or the result of multiple viruses/malware. Also, unable to post GMER log at this time as it keeps freezing my computer- will try to run it in Safe Mode and post the log in a few.

    About 4 or 5 days ago, I noticed my search engine results being redirected to Starfeedsmixer.com or get-answers-fast.com. Shortly after trying to fix that problem, by installing "Spyware Protection" which is now deleted since it did nothing, I logged on and my desktop was completely black and icon free, and at least 40 pop-ups appeared saying "windows delayed write fail; failed to save components..." It wouldn't let me run any sort of virus programs or any program at all for that matter- the computer would just restart. For a day or two I had to log in using Safe Mode but after downloading MalwareBytes, DDS, and the virus software that starts with a K (sorry!), I am able to log in using normal mode, however the screen is still black, appears all of my files are deleted, and I also see the fake Windows Security Alerts icon (the red shield with the white X). Also, every few minutes I get an alert that "Windows has blocked some startup programs". I'm hoping and praying my files aren't really gone and that this issue can be fixed.... Here are the logs (hope I did this right and apologies if I didn't)


    ------------------------------------------------------------------------------------------------

    MalwareBytes Log:


    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8191

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 8.0.6001.19088

    11/19/2011 4:11:45 PM
    mbam-log-2011-11-19 (16-11-45).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 396779
    Time elapsed: 4 hour(s), 7 minute(s), 28 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 2
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 4

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OKFawhEgyTV.exe (Trojan.FakeAlert) -> Value: OKFawhEgyTV.exe -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent) -> Value: Shell -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\programdata\okfawhegytv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Users\Delisa\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\99QDW5GL\about[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Windows\assembly\GAC_MSIL\Desktop.ini (Trojan.Agent) -> Delete on reboot.
    c:\Users\Delisa\Desktop\privacy protection.lnk (Malware.Trace) -> Quarantined and deleted successfully.




    ----------------------------------------------------------------------------------------------------




    DDS Log- dds.txt:


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.19088
    Run by Delisa at 21:40:51 on 2011-11-19
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.631 [GMT -5:00]
    .
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
    uURLSearchHooks: H - No File
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\progra~1\bearsh~1\mediabar\toolbar\BearshareMediabarDx.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111103155606.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\progra~1\bearsh~1\mediabar\toolbar\BearshareMediabarDx.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0\bin\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    StartupFolder: c:\users\delisa\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\users\delisa\appdata\roaming\micros~1\windows\startm~1\programs\startup\picaboo.lnk - c:\program files\picaboo\picaboo\PicabooMain.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mbcame~1.lnk - c:\program files\pixela\everio mediabrowser\MBCameraMonitor.exe
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    LSP: mswsock.dll
    Trusted Zone: brassring.com\sjobs
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    TCP: Interfaces\{7357CCE5-C189-4260-97D5-3C7F276A69A1} : DhcpNameServer = 204.117.214.10 199.2.252.10 204.97.212.10
    TCP: Interfaces\{EC302945-AED3-4D1F-96C8-3D97C28F4FC1} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\delisa\appdata\roaming\mozilla\firefox\profiles\venacdqj.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/|http://www.facebook.com/|http://www.yahoo.com/|http://norfolk.craigslist.org/
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.3.21.81\npGoogleUpdate3.dll
    FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 459728]
    R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-11-3 64584]
    R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-11-3 165032]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-18 22216]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-11-3 153280]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-11-3 314088]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c9fa70cb9f36a0;Google Update Service (gupdate1c9fa70cb9f36a0);c:\program files\google\update\GoogleUpdate.exe [2009-7-1 133104]
    S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-18 366152]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-11-3 271480]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-11-3 271480]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-11-3 271480]
    S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-11-3 271480]
    S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-11-3 171168]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-11-3 188136]
    S2 mfevtp;McAfee Validation Trust Protection Service;"c:\windows\system32\mfevtps.exe" --> c:\windows\system32\mfevtps.exe [?]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-11-3 56064]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-1 133104]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-11-3 52320]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-11-3 84488]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    SUnknown sdAuxService;sdAuxService; [x]
    SUnknown sdCoreService;sdCoreService; [x]
    .
    =============== Created Last 30 ================
    .
    2011-11-18 19:17:44 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-18 18:02:09 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
    2011-11-18 17:40:35 -------- d-----w- c:\program files\PC Tools Security
    2011-11-18 17:40:35 -------- d-----w- c:\program files\common files\PC Tools
    2011-11-18 17:38:00 -------- d-----w- c:\programdata\PC Tools
    2011-11-15 10:51:05 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2011-11-15 10:45:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-11 03:08:09 -------- d--h--w- c:\users\delisa\appdata\roaming\Malwarebytes
    2011-11-11 03:07:55 -------- d-----w- c:\programdata\Malwarebytes
    2011-11-11 03:07:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-08 20:54:48 -------- d-sh--w- c:\users\delisa\appdata\local\1cf6efbe
    2011-11-08 04:51:09 -------- d-----w- c:\program files\Picaboo X
    2011-11-03 19:56:06 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-11-03 19:56:06 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    2011-11-03 19:55:56 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-11-03 19:55:56 64584 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
    2011-11-03 19:55:56 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-11-03 19:55:56 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2011-11-03 19:55:56 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-11-03 19:55:56 165032 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2011-11-03 19:55:56 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-11-03 19:55:52 -------- d-----w- c:\program files\McAfee.com
    2011-11-03 19:55:52 -------- d-----w- c:\program files\common files\Mcafee
    2011-11-03 19:53:51 -------- d-----w- c:\program files\McAfee
    2011-11-02 00:58:49 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{488495a2-4ff9-4564-86f8-85acc4bf8cd8}\mpengine.dll
    2011-10-28 16:57:27 -------- d-----w- c:\program files\iPod
    2011-10-28 16:56:46 -------- d-----w- c:\program files\iTunes
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 21:42:38.26 ===============






    ----------------------------------------------------------------------------------------------------



    DDS LOG- attach.txt





    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/15/2007 8:14:35 AM
    System Uptime: 11/19/2011 4:13:35 PM (5 hours ago)
    .
    Motherboard: Quanta | | 30CC
    Processor: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz | U2E1 | 1467/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 223 GiB total, 106.083 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 3.507 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description:
    Device ID: ROOT\IMAGE\0000
    Manufacturer:
    Name:
    PNP Device ID: ROOT\IMAGE\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    32 Bit HP CIO Components Installer
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 8.1.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Everio MediaBrowser
    Google Update Helper
    Google Updater
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Active Support Library 32 bit components
    HP Customer Experience Enhancements
    HP Doc Viewer
    HP Driver Diagnostics
    HP Help and Support
    HP Photo and Imaging 2.0 - All-in-One
    HP Photo and Imaging 2.0 - All-in-One Drivers
    HP Product Detection
    HP Quick Launch Buttons 6.20 B1
    HP QuickPlay 3.2
    HP Update
    HP User Guides 0057
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    HPNetworkAssistant
    HPSSupply
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Matrix Storage Manager
    iTunes
    Java(TM) SE Runtime Environment 6
    LightScribe 1.4.136.1
    Malwarebytes' Anti-Malware version 1.51.2.1300
    McAfee SecurityCenter
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Works
    Microsoft WSE 3.0 Runtime
    Motorola SM56 Data Fax Modem
    Mozilla Firefox 8.0 (x86 en-US)
    MSCU for Microsoft Vista
    Nikon Message Center
    Nikon Transfer
    Picaboo X
    Picasa 3
    QuickTime
    RealPlayer
    Realtek High Definition Audio Driver
    Rhapsody Player Engine
    Roxio Activation Module
    Roxio Creator Basic v9
    Roxio Creator EasyArchive
    Roxio Creator Tools
    Roxio Express Labeler 3
    SAMSUNG USB Driver for Mobile Phones
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office Groove 2007 (KB2552997)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Shop for HP Supplies
    The Sims™ 3
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    ViewNX
    Windows Live OneCare safety scanner
    .
    ==== End Of File ===========================
  2. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===========================================================

    I can see McAfee Security Center in a list of installed programs but I don't see it running.
    What's the story there?

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  3. jellybeans07

    jellybeans07 Newcomer, in training Topic Starter Posts: 25

    Thanks for the reply! As far as McAfee goes, I'm guessing its virus related- that was one of the things that started happening too, is that even when I try to turn the real-time scanning or firewall on, it'll automatically go back to "off".

    I have the aswMBR log but I've been having problems with ComboFix. I read the instructions and the blue screen will show up and say that it's scanning but even after 3+ hours of running, nothing else happens. I can't figure out how to delete it since it doesn't even show up in my programs at all- the only way I can access ComboFix is by going through My Computer to my Downloads and clicking it from there. So I tried getting it to run by skipping the delete and re-install step and trying it in safemode, as well as installing Rkill.com; Even running both programs in safemode the same thing happens- the blue screen just stays up forever with no further actions. I have an rkill log but don't know if it'll be of any assistance without the combofix log to go with it. I'm going to keep trying though...



    aswMBR log:



    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-20 14:32:07
    -----------------------------
    14:32:07.038 OS Version: Windows 6.0.6001 Service Pack 1
    14:32:07.039 Number of processors: 2 586 0xF0D
    14:32:07.040 ComputerName: DCOMPUTER UserName: Delisa
    14:32:30.924 Initialize success
    14:33:27.649 AVAST engine defs: 11112001
    14:34:37.513 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    14:34:37.516 Disk 0 Vendor: ST925082 3.AA Size: 238475MB BusType: 3
    14:34:37.529 Disk 0 MBR read successfully
    14:34:37.533 Disk 0 MBR scan
    14:34:37.539 Disk 0 unknown MBR code
    14:34:37.552 Disk 0 scanning sectors +488397152
    14:34:37.644 Disk 0 scanning C:\Windows\system32\drivers
    14:34:49.998 File: C:\Windows\system32\drivers\tdx.sys **INFECTED** Win32:ZAccess-BB [Rtk]
    14:34:52.893 Service scanning
    14:34:54.614 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
    14:34:55.255 Modules scanning
    14:35:06.247 Module: C:\Windows\system32\DRIVERS\tdx.sys **SUSPICIOUS**
    14:35:38.771 Disk 0 trace - called modules:
    14:35:39.195 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x873899b0]<<
    14:35:39.202 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865f7408]
    14:35:39.210 3 CLASSPNP.SYS[88ba7745] -> nt!IofCallDriver -> [0x87325de8]
    14:35:39.218 \Driver\00000870[0x87324968] -> IRP_MJ_CREATE -> 0x873899b0
    14:35:40.346 AVAST engine scan C:\Windows
    14:35:45.593 AVAST engine scan C:\Windows\system32
    14:38:50.172 AVAST engine scan C:\Windows\system32\drivers
    14:39:12.104 File: C:\Windows\system32\drivers\tdx.sys **INFECTED** Win32:ZAccess-BB [Rtk]
    14:39:19.286 AVAST engine scan C:\Users\Delisa
    14:39:21.118 File: C:\Users\Delisa\AppData\Local\1cf6efbe\U\800000cb.$ **INFECTED** Win32:Sirefef-AO [Rtk]
    14:39:45.322 Disk 0 MBR has been saved successfully to "C:\Users\Delisa\Desktop\MBR.dat"
    14:39:45.332 The log file has been saved successfully to "C:\Users\Delisa\Desktop\aswMBR.txt"
  4. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    OK we'll see about McAfee later.

    For now we seem to have a rootkit there. That's why you're having problem with running Combofix.

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  5. jellybeans07

    jellybeans07 Newcomer, in training Topic Starter Posts: 25

    tdsskiller log:


    17:02:12.0785 5872 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
    17:02:13.0039 5872 ============================================================
    17:02:13.0039 5872 Current date / time: 2011/11/21 17:02:13.0039
    17:02:13.0039 5872 SystemInfo:
    17:02:13.0039 5872
    17:02:13.0040 5872 OS Version: 6.0.6001 ServicePack: 1.0
    17:02:13.0040 5872 Product type: Workstation
    17:02:13.0040 5872 ComputerName: DCOMPUTER
    17:02:13.0040 5872 UserName: Delisa
    17:02:13.0040 5872 Windows directory: C:\Windows
    17:02:13.0040 5872 System windows directory: C:\Windows
    17:02:13.0040 5872 Processor architecture: Intel x86
    17:02:13.0040 5872 Number of processors: 2
    17:02:13.0040 5872 Page size: 0x1000
    17:02:13.0040 5872 Boot type: Normal boot
    17:02:13.0040 5872 ============================================================
    17:02:13.0987 5872 Initialize success
    17:02:34.0054 6264 ============================================================
    17:02:34.0055 6264 Scan started
    17:02:34.0055 6264 Mode: Manual;
    17:02:34.0055 6264 ============================================================
    17:02:34.0628 6264 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
    17:02:34.0635 6264 ACPI - ok
    17:02:34.0705 6264 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    17:02:34.0713 6264 adp94xx - ok
    17:02:34.0798 6264 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    17:02:34.0808 6264 adpahci - ok
    17:02:34.0880 6264 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    17:02:34.0884 6264 adpu160m - ok
    17:02:34.0932 6264 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    17:02:34.0936 6264 adpu320 - ok
    17:02:35.0114 6264 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
    17:02:35.0116 6264 Afc - ok
    17:02:35.0214 6264 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
    17:02:35.0220 6264 AFD - ok
    17:02:35.0361 6264 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    17:02:35.0363 6264 agp440 - ok
    17:02:35.0402 6264 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    17:02:35.0404 6264 aic78xx - ok
    17:02:35.0446 6264 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    17:02:35.0448 6264 aliide - ok
    17:02:35.0488 6264 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    17:02:35.0490 6264 amdagp - ok
    17:02:35.0567 6264 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    17:02:35.0568 6264 amdide - ok
    17:02:35.0644 6264 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    17:02:35.0645 6264 AmdK7 - ok
    17:02:35.0681 6264 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    17:02:35.0683 6264 AmdK8 - ok
    17:02:35.0844 6264 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    17:02:35.0847 6264 arc - ok
    17:02:35.0925 6264 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    17:02:35.0927 6264 arcsas - ok
    17:02:36.0000 6264 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    17:02:36.0002 6264 AsyncMac - ok
    17:02:36.0053 6264 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
    17:02:36.0058 6264 atapi - ok
    17:02:36.0302 6264 BCM43XV (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
    17:02:36.0315 6264 BCM43XV - ok
    17:02:36.0370 6264 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
    17:02:36.0376 6264 BCM43XX - ok
    17:02:36.0514 6264 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    17:02:36.0516 6264 Beep - ok
    17:02:36.0558 6264 blbdrive - ok
    17:02:36.0656 6264 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
    17:02:36.0659 6264 bowser - ok
    17:02:36.0753 6264 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    17:02:36.0757 6264 BrFiltLo - ok
    17:02:36.0808 6264 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    17:02:36.0810 6264 BrFiltUp - ok
    17:02:36.0886 6264 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    17:02:36.0889 6264 Brserid - ok
    17:02:36.0918 6264 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    17:02:36.0921 6264 BrSerWdm - ok
    17:02:36.0971 6264 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    17:02:36.0973 6264 BrUsbMdm - ok
    17:02:36.0995 6264 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    17:02:36.0997 6264 BrUsbSer - ok
    17:02:37.0081 6264 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    17:02:37.0083 6264 BTHMODEM - ok
    17:02:37.0177 6264 catchme - ok
    17:02:37.0298 6264 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    17:02:37.0301 6264 cdfs - ok
    17:02:37.0443 6264 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
    17:02:37.0446 6264 cdrom - ok
    17:02:37.0538 6264 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\Windows\system32\drivers\cfwids.sys
    17:02:37.0542 6264 cfwids - ok
    17:02:37.0623 6264 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    17:02:37.0625 6264 circlass - ok
    17:02:37.0694 6264 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
    17:02:37.0700 6264 CLFS - ok
    17:02:37.0911 6264 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    17:02:37.0926 6264 CmBatt - ok
    17:02:37.0977 6264 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    17:02:37.0980 6264 cmdide - ok
    17:02:38.0080 6264 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    17:02:38.0082 6264 Compbatt - ok
    17:02:38.0104 6264 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    17:02:38.0106 6264 crcdisk - ok
    17:02:38.0156 6264 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    17:02:38.0158 6264 Crusoe - ok
    17:02:38.0298 6264 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
    17:02:38.0301 6264 DfsC - ok
    17:02:38.0455 6264 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
    17:02:38.0458 6264 disk - ok
    17:02:38.0533 6264 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
    17:02:38.0537 6264 Dot4 - ok
    17:02:38.0587 6264 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    17:02:38.0589 6264 Dot4Print - ok
    17:02:38.0643 6264 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
    17:02:38.0646 6264 dot4usb - ok
    17:02:38.0772 6264 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    17:02:38.0774 6264 drmkaud - ok
    17:02:38.0833 6264 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
    17:02:38.0890 6264 DXGKrnl - ok
    17:02:38.0995 6264 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
    17:02:38.0999 6264 E100B - ok
    17:02:39.0079 6264 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    17:02:39.0082 6264 E1G60 - ok
    17:02:39.0201 6264 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys
    17:02:39.0202 6264 eabfiltr - ok
    17:02:39.0296 6264 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
    17:02:39.0300 6264 Ecache - ok
    17:02:39.0385 6264 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    17:02:39.0397 6264 elxstor - ok
    17:02:39.0480 6264 EraserUtilDrv11113 - ok
    17:02:39.0633 6264 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
    17:02:39.0637 6264 exfat - ok
    17:02:39.0739 6264 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
    17:02:39.0742 6264 fastfat - ok
    17:02:39.0855 6264 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    17:02:39.0857 6264 fdc - ok
    17:02:39.0933 6264 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    17:02:39.0935 6264 FileInfo - ok
    17:02:40.0024 6264 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    17:02:40.0028 6264 Filetrace - ok
    17:02:40.0191 6264 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    17:02:40.0194 6264 flpydisk - ok
    17:02:40.0332 6264 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
    17:02:40.0337 6264 FltMgr - ok
    17:02:40.0481 6264 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    17:02:40.0482 6264 Fs_Rec - ok
    17:02:40.0534 6264 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    17:02:40.0536 6264 gagp30kx - ok
    17:02:40.0638 6264 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
    17:02:40.0639 6264 GEARAspiWDM - ok
    17:02:40.0771 6264 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
    17:02:40.0772 6264 HBtnKey - ok
    17:02:40.0824 6264 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    17:02:40.0830 6264 HdAudAddService - ok
    17:02:40.0892 6264 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
    17:02:40.0894 6264 HDAudBus - ok
    17:02:40.0957 6264 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    17:02:40.0958 6264 HidBth - ok
    17:02:40.0985 6264 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    17:02:40.0987 6264 HidIr - ok
    17:02:41.0118 6264 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
    17:02:41.0120 6264 HidUsb - ok
    17:02:41.0202 6264 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    17:02:41.0204 6264 HpCISSs - ok
    17:02:41.0309 6264 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    17:02:41.0315 6264 HSFHWAZL - ok
    17:02:41.0389 6264 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
    17:02:41.0423 6264 HSF_DPV - ok
    17:02:41.0523 6264 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
    17:02:41.0546 6264 HTTP - ok
    17:02:41.0575 6264 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    17:02:41.0577 6264 i2omp - ok
    17:02:41.0683 6264 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    17:02:41.0685 6264 i8042prt - ok
    17:02:41.0903 6264 ialm (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
    17:02:41.0981 6264 ialm - ok
    17:02:42.0094 6264 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
    17:02:42.0098 6264 iaStor - ok
    17:02:42.0153 6264 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    17:02:42.0158 6264 iaStorV - ok
    17:02:42.0370 6264 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
    17:02:42.0390 6264 igfx - ok
    17:02:42.0437 6264 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    17:02:42.0439 6264 iirsp - ok
    17:02:42.0572 6264 IntcAzAudAddService (8d7eb1fd498fd0a34c95a298685ec1c7) C:\Windows\system32\drivers\RTKVHDA.sys
    17:02:42.0620 6264 IntcAzAudAddService - ok
    17:02:42.0704 6264 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
    17:02:42.0706 6264 intelide - ok
    17:02:42.0771 6264 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    17:02:42.0773 6264 intelppm - ok
    17:02:42.0853 6264 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:02:42.0856 6264 IpFilterDriver - ok
    17:02:42.0881 6264 IpInIp - ok
    17:02:42.0916 6264 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    17:02:42.0919 6264 IPMIDRV - ok
    17:02:42.0974 6264 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    17:02:42.0977 6264 IPNAT - ok
    17:02:43.0173 6264 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    17:02:43.0175 6264 IRENUM - ok
    17:02:43.0209 6264 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    17:02:43.0211 6264 isapnp - ok
    17:02:43.0310 6264 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
    17:02:43.0316 6264 iScsiPrt - ok
    17:02:43.0379 6264 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    17:02:43.0381 6264 iteatapi - ok
    17:02:43.0440 6264 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    17:02:43.0442 6264 iteraid - ok
    17:02:43.0504 6264 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    17:02:43.0506 6264 kbdclass - ok
    17:02:43.0605 6264 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
    17:02:43.0606 6264 kbdhid - ok
    17:02:43.0691 6264 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
    17:02:43.0699 6264 KSecDD - ok
    17:02:43.0795 6264 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    17:02:43.0797 6264 lltdio - ok
    17:02:43.0873 6264 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    17:02:43.0876 6264 LSI_FC - ok
    17:02:43.0968 6264 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    17:02:43.0970 6264 LSI_SAS - ok
    17:02:43.0999 6264 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    17:02:44.0002 6264 LSI_SCSI - ok
    17:02:44.0059 6264 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    17:02:44.0062 6264 luafv - ok
    17:02:44.0144 6264 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
    17:02:44.0146 6264 MBAMProtector - ok
    17:02:44.0197 6264 MBAMSwissArmy - ok
    17:02:44.0491 6264 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\Windows\system32\drivers\MCSTRM.sys
    17:02:44.0492 6264 MCSTRM - ok
    17:02:44.0587 6264 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    17:02:44.0590 6264 megasas - ok
    17:02:44.0705 6264 mfeapfk (688b626fca708ee9eb161cad1f7363a9) C:\Windows\system32\drivers\mfeapfk.sys
    17:02:44.0708 6264 mfeapfk - ok
    17:02:44.0799 6264 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\Windows\system32\drivers\mfeavfk.sys
    17:02:44.0804 6264 mfeavfk - ok
    17:02:44.0935 6264 mfebopk (a528b15e330edb83ea649be318d841d5) C:\Windows\system32\drivers\mfebopk.sys
    17:02:44.0937 6264 mfebopk - ok
    17:02:45.0050 6264 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\Windows\system32\drivers\mfefirek.sys
    17:02:45.0058 6264 mfefirek - ok
    17:02:45.0313 6264 mfehidk (44184f32392fa2e94d08d056ce750d56) C:\Windows\system32\drivers\mfehidk.sys
    17:02:45.0327 6264 mfehidk - ok
    17:02:45.0582 6264 mfenlfk (3a1aa28066785449da570462e0532d0c) C:\Windows\system32\DRIVERS\mfenlfk.sys
    17:02:45.0585 6264 mfenlfk - ok
    17:02:45.0662 6264 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\Windows\system32\drivers\mferkdet.sys
    17:02:45.0665 6264 mferkdet - ok
    17:02:45.0778 6264 mfewfpk (b2baac6bbedda3e26e82db13fa0e5bee) C:\Windows\system32\drivers\mfewfpk.sys
    17:02:45.0782 6264 mfewfpk - ok
    17:02:45.0878 6264 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    17:02:45.0880 6264 Modem - ok
    17:02:45.0968 6264 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    17:02:45.0970 6264 monitor - ok
    17:02:46.0033 6264 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    17:02:46.0035 6264 mouclass - ok
    17:02:46.0135 6264 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    17:02:46.0137 6264 mouhid - ok
    17:02:46.0207 6264 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    17:02:46.0209 6264 MountMgr - ok
    17:02:46.0284 6264 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    17:02:46.0287 6264 mpio - ok
    17:02:46.0330 6264 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    17:02:46.0332 6264 mpsdrv - ok
    17:02:46.0456 6264 mr7910 (d805cc36f02afe93e3236d5bf91a8dc7) C:\Windows\system32\DRIVERS\mr7910.sys
    17:02:46.0458 6264 mr7910 - ok
    17:02:46.0532 6264 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    17:02:46.0534 6264 Mraid35x - ok
    17:02:46.0624 6264 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
    17:02:46.0627 6264 MRxDAV - ok
    17:02:46.0717 6264 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
    17:02:46.0720 6264 mrxsmb - ok
    17:02:46.0813 6264 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:02:46.0818 6264 mrxsmb10 - ok
    17:02:46.0919 6264 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:02:46.0922 6264 mrxsmb20 - ok
    17:02:47.0022 6264 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    17:02:47.0024 6264 msahci - ok
    17:02:47.0072 6264 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    17:02:47.0075 6264 msdsm - ok
    17:02:47.0218 6264 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    17:02:47.0220 6264 Msfs - ok
    17:02:47.0287 6264 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    17:02:47.0290 6264 msisadrv - ok
    17:02:47.0436 6264 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    17:02:47.0438 6264 MSKSSRV - ok
    17:02:47.0457 6264 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    17:02:47.0458 6264 MSPCLOCK - ok
    17:02:47.0484 6264 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    17:02:47.0485 6264 MSPQM - ok
    17:02:47.0552 6264 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
    17:02:47.0556 6264 MsRPC - ok
    17:02:47.0626 6264 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    17:02:47.0628 6264 mssmbios - ok
    17:02:47.0751 6264 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    17:02:47.0752 6264 MSTEE - ok
    17:02:47.0864 6264 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
    17:02:47.0866 6264 Mup - ok
    17:02:47.0983 6264 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
    17:02:47.0987 6264 NativeWifiP - ok
    17:02:48.0084 6264 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
    17:02:48.0094 6264 NDIS - ok
    17:02:48.0211 6264 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    17:02:48.0213 6264 NdisTapi - ok
    17:02:48.0284 6264 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    17:02:48.0286 6264 Ndisuio - ok
    17:02:48.0342 6264 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
    17:02:48.0345 6264 NdisWan - ok
    17:02:48.0437 6264 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    17:02:48.0439 6264 NDProxy - ok
    17:02:48.0565 6264 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    17:02:48.0567 6264 NetBIOS - ok
    17:02:48.0644 6264 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
    17:02:48.0648 6264 netbt - ok
    17:02:48.0874 6264 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
    17:02:48.0920 6264 NETw3v32 - ok
    17:02:49.0020 6264 NETw4v32 (1d73499a6664b4da05d750ff83fdb274) C:\Windows\system32\DRIVERS\NETw4v32.sys
    17:02:49.0075 6264 NETw4v32 - ok
    17:02:49.0188 6264 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    17:02:49.0190 6264 nfrd960 - ok
    17:02:49.0261 6264 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
    17:02:49.0263 6264 Npfs - ok
    17:02:49.0352 6264 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    17:02:49.0353 6264 nsiproxy - ok
    17:02:49.0432 6264 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
    17:02:49.0465 6264 Ntfs - ok
    17:02:49.0547 6264 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    17:02:49.0549 6264 ntrigdigi - ok
    17:02:49.0629 6264 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    17:02:49.0631 6264 Null - ok
    17:02:49.0728 6264 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    17:02:49.0733 6264 nvraid - ok
    17:02:49.0812 6264 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    17:02:49.0814 6264 nvstor - ok
    17:02:49.0912 6264 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    17:02:49.0915 6264 nv_agp - ok
    17:02:49.0962 6264 NwlnkFlt - ok
    17:02:50.0006 6264 NwlnkFwd - ok
    17:02:50.0107 6264 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
    17:02:50.0109 6264 ohci1394 - ok
    17:02:50.0274 6264 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    17:02:50.0277 6264 Parport - ok
    17:02:50.0336 6264 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
    17:02:50.0338 6264 partmgr - ok
    17:02:50.0369 6264 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    17:02:50.0370 6264 Parvdm - ok
    17:02:50.0458 6264 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
    17:02:50.0461 6264 pci - ok
    17:02:50.0489 6264 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
    17:02:50.0491 6264 pciide - ok
    17:02:50.0596 6264 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    17:02:50.0600 6264 pcmcia - ok
    17:02:50.0675 6264 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    17:02:50.0709 6264 PEAUTH - ok
    17:02:50.0971 6264 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    17:02:50.0974 6264 PptpMiniport - ok
    17:02:51.0053 6264 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    17:02:51.0055 6264 Processor - ok
    17:02:51.0211 6264 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
    17:02:51.0214 6264 PSched - ok
    17:02:51.0264 6264 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
    17:02:51.0266 6264 PxHelp20 - ok
    17:02:51.0406 6264 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    17:02:51.0439 6264 ql2300 - ok
    17:02:51.0771 6264 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    17:02:51.0775 6264 ql40xx - ok
    17:02:51.0874 6264 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    17:02:51.0879 6264 QWAVEdrv - ok
    17:02:51.0956 6264 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    17:02:51.0958 6264 RasAcd - ok
    17:02:52.0086 6264 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    17:02:52.0089 6264 Rasl2tp - ok
    17:02:52.0159 6264 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
    17:02:52.0161 6264 RasPppoe - ok
    17:02:52.0215 6264 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
    17:02:52.0217 6264 RasSstp - ok
    17:02:52.0262 6264 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
    17:02:52.0267 6264 rdbss - ok
    17:02:52.0316 6264 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    17:02:52.0318 6264 RDPCDD - ok
    17:02:52.0369 6264 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    17:02:52.0374 6264 rdpdr - ok
    17:02:52.0428 6264 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    17:02:52.0429 6264 RDPENCDD - ok
    17:02:52.0496 6264 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
    17:02:52.0500 6264 RDPWD - ok
    17:02:52.0572 6264 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
    17:02:52.0574 6264 rimmptsk - ok
    17:02:52.0638 6264 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
    17:02:52.0641 6264 rimsptsk - ok
    17:02:52.0692 6264 RimUsb - ok
    17:02:52.0802 6264 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
    17:02:52.0804 6264 RimVSerPort - ok
    17:02:52.0898 6264 rismxdp (c663af77e2f4eabf8eb08b388d2f1f36) C:\Windows\system32\DRIVERS\rixdptsk.sys
    17:02:52.0900 6264 rismxdp - ok
    17:02:52.0973 6264 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
    17:02:52.0975 6264 ROOTMODEM - ok
    17:02:53.0076 6264 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    17:02:53.0078 6264 rspndr - ok
    17:02:53.0148 6264 RTL8169 (71b7026d61293c1e91145bdad11c53bf) C:\Windows\system32\DRIVERS\Rtlh86.sys
    17:02:53.0151 6264 RTL8169 - ok
    17:02:53.0200 6264 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    17:02:53.0203 6264 sbp2port - ok
    17:02:53.0277 6264 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
    17:02:53.0280 6264 sdbus - ok
    17:02:53.0359 6264 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    17:02:53.0361 6264 secdrv - ok
    17:02:53.0416 6264 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    17:02:53.0418 6264 Serenum - ok
    17:02:53.0440 6264 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    17:02:53.0443 6264 Serial - ok
    17:02:53.0531 6264 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    17:02:53.0533 6264 sermouse - ok
    17:02:53.0607 6264 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
    17:02:53.0609 6264 sffdisk - ok
    17:02:53.0681 6264 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    17:02:53.0685 6264 sffp_mmc - ok
    17:02:53.0767 6264 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
    17:02:53.0770 6264 sffp_sd - ok
    17:02:53.0883 6264 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    17:02:53.0887 6264 sfloppy - ok
    17:02:54.0033 6264 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    17:02:54.0038 6264 sisagp - ok
    17:02:54.0128 6264 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    17:02:54.0130 6264 SiSRaid2 - ok
    17:02:54.0178 6264 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    17:02:54.0181 6264 SiSRaid4 - ok
    17:02:54.0280 6264 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
    17:02:54.0283 6264 Smb - ok
    17:02:54.0445 6264 smserial (3850aba97b31094f93bcbe94d6abbe22) C:\Windows\system32\DRIVERS\smserial.sys
    17:02:54.0480 6264 smserial - ok
    17:02:54.0591 6264 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    17:02:54.0593 6264 spldr - ok
    17:02:54.0769 6264 sptd (d390675b8ce45e5fb359338e5e649329) C:\Windows\system32\Drivers\sptd.sys
    17:02:54.0769 6264 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
    17:02:54.0773 6264 sptd ( LockedFile.Multi.Generic ) - warning
    17:02:54.0773 6264 sptd - detected LockedFile.Multi.Generic (1)
    17:02:54.0862 6264 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
    17:02:54.0874 6264 srv - ok
    17:02:54.0936 6264 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
    17:02:54.0940 6264 srv2 - ok
    17:02:55.0010 6264 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
    17:02:55.0014 6264 srvnet - ok
    17:02:55.0163 6264 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
    17:02:55.0165 6264 StillCam - ok
    17:02:55.0266 6264 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    17:02:55.0268 6264 swenum - ok
    17:02:55.0343 6264 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    17:02:55.0345 6264 Symc8xx - ok
    17:02:55.0377 6264 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    17:02:55.0379 6264 Sym_hi - ok
    17:02:55.0452 6264 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    17:02:55.0454 6264 Sym_u3 - ok
    17:02:55.0598 6264 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
    17:02:55.0632 6264 Tcpip - ok
    17:02:55.0731 6264 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
    17:02:55.0740 6264 Tcpip6 - ok
    17:02:55.0798 6264 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
    17:02:55.0800 6264 tcpipreg - ok
    17:02:55.0871 6264 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    17:02:55.0873 6264 TDPIPE - ok
    17:02:55.0937 6264 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    17:02:55.0939 6264 TDTCP - ok
    17:02:56.0019 6264 tdx (5d5b8fbdc508d22e6530808888d9cb4b) C:\Windows\system32\DRIVERS\tdx.sys
    17:02:56.0021 6264 tdx ( Rootkit.Win32.ZAccess.g ) - infected
    17:02:56.0022 6264 tdx - detected Rootkit.Win32.ZAccess.g (0)
    17:02:56.0085 6264 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
    17:02:56.0088 6264 TermDD - ok
    17:02:56.0278 6264 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    17:02:56.0280 6264 tssecsrv - ok
    17:02:56.0381 6264 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    17:02:56.0383 6264 tunmp - ok
    17:02:56.0454 6264 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
    17:02:56.0456 6264 tunnel - ok
    17:02:56.0509 6264 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    17:02:56.0511 6264 uagp35 - ok
    17:02:56.0591 6264 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
    17:02:56.0596 6264 udfs - ok
    17:02:56.0697 6264 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    17:02:56.0699 6264 uliagpkx - ok
    17:02:56.0758 6264 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    17:02:56.0763 6264 uliahci - ok
    17:02:56.0816 6264 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    17:02:56.0820 6264 UlSata - ok
    17:02:56.0886 6264 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    17:02:56.0889 6264 ulsata2 - ok
    17:02:57.0062 6264 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    17:02:57.0065 6264 umbus - ok
    17:02:57.0242 6264 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
    17:02:57.0244 6264 USBAAPL - ok
    17:02:57.0300 6264 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
    17:02:57.0303 6264 usbaudio - ok
    17:02:57.0381 6264 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    17:02:57.0384 6264 usbccgp - ok
    17:02:57.0468 6264 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    17:02:57.0471 6264 usbcir - ok
    17:02:57.0538 6264 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
    17:02:57.0540 6264 usbehci - ok
    17:02:57.0577 6264 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
    17:02:57.0582 6264 usbhub - ok
    17:02:57.0617 6264 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    17:02:57.0619 6264 usbohci - ok
    17:02:57.0671 6264 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    17:02:57.0673 6264 usbprint - ok
    17:02:57.0782 6264 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    17:02:57.0784 6264 usbscan - ok
    17:02:57.0893 6264 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    17:02:57.0896 6264 USBSTOR - ok
    17:02:57.0966 6264 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    17:02:57.0974 6264 usbuhci - ok
    17:02:58.0123 6264 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    17:02:58.0127 6264 usbvideo - ok
    17:02:58.0220 6264 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    17:02:58.0221 6264 vga - ok
    17:02:58.0318 6264 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    17:02:58.0320 6264 VgaSave - ok
    17:02:58.0381 6264 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    17:02:58.0383 6264 viaagp - ok
    17:02:58.0431 6264 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    17:02:58.0433 6264 ViaC7 - ok
    17:02:58.0493 6264 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    17:02:58.0495 6264 viaide - ok
    17:02:58.0564 6264 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    17:02:58.0567 6264 volmgr - ok
    17:02:58.0646 6264 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
    17:02:58.0659 6264 volmgrx - ok
    17:02:58.0748 6264 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
    17:02:58.0753 6264 volsnap - ok
    17:02:58.0799 6264 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    17:02:58.0803 6264 vsmraid - ok
    17:02:58.0918 6264 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    17:02:58.0920 6264 WacomPen - ok
    17:02:58.0992 6264 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    17:02:58.0994 6264 Wanarp - ok
    17:02:59.0036 6264 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    17:02:59.0037 6264 Wanarpv6 - ok
    17:02:59.0177 6264 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    17:02:59.0180 6264 Wd - ok
    17:02:59.0258 6264 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    17:02:59.0273 6264 Wdf01000 - ok
    17:02:59.0504 6264 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
    17:02:59.0538 6264 winachsf - ok
    17:02:59.0753 6264 winusb (f03110711b17ad31271cb2baf0dbb2b1) C:\Windows\system32\DRIVERS\WinUSB.SYS
    17:02:59.0755 6264 winusb - ok
    17:02:59.0807 6264 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    17:02:59.0809 6264 WmiAcpi - ok
    17:02:59.0976 6264 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
    17:02:59.0978 6264 WpdUsb - ok
    17:03:00.0066 6264 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    17:03:00.0068 6264 ws2ifsl - ok
    17:03:00.0186 6264 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    17:03:00.0189 6264 WUDFRd - ok
    17:03:00.0259 6264 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
    17:03:00.0313 6264 \Device\Harddisk0\DR0 - ok
    17:03:00.0319 6264 Boot (0x1200) (3d7ad02652a9a55b2a86a980bb201f9a) \Device\Harddisk0\DR0\Partition0
    17:03:00.0320 6264 \Device\Harddisk0\DR0\Partition0 - ok
    17:03:00.0327 6264 Boot (0x1200) (3a0bad8aac7b8f3a35172e9b3a397a9d) \Device\Harddisk0\DR0\Partition1
    17:03:00.0328 6264 \Device\Harddisk0\DR0\Partition1 - ok
    17:03:00.0331 6264 ============================================================
    17:03:00.0331 6264 Scan finished
    17:03:00.0331 6264 ============================================================
    17:03:00.0354 7104 Detected object count: 2
    17:03:00.0354 7104 Actual detected object count: 2
    17:04:17.0485 7104 sptd ( LockedFile.Multi.Generic ) - skipped by user
    17:04:17.0485 7104 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
    17:04:17.0611 7104 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\tdx.sys) error 1813
    17:04:44.0924 7104 Backup copy found, using it..
    17:04:44.0979 7104 C:\Windows\system32\DRIVERS\tdx.sys - will be cured on reboot
    17:04:47.0415 7104 C:\Windows\System32\c_47915.nls - will be deleted on reboot
    17:04:48.0330 7104 tdx ( Rootkit.Win32.ZAccess.g ) - User select action: Cure
    17:07:30.0695 8100 Deinitialize success
  6. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Re-run the tool one more time so I can see if it's clean.

    Also post new aswMBR log.
  7. jellybeans07

    jellybeans07 Newcomer, in training Topic Starter Posts: 25

    tdsskiller log - second run


    17:14:27.0672 5332 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
    17:14:27.0986 5332 ============================================================
    17:14:27.0986 5332 Current date / time: 2011/11/21 17:14:27.0986
    17:14:27.0986 5332 SystemInfo:
    17:14:27.0986 5332
    17:14:27.0986 5332 OS Version: 6.0.6001 ServicePack: 1.0
    17:14:27.0986 5332 Product type: Workstation
    17:14:27.0987 5332 ComputerName: DCOMPUTER
    17:14:27.0987 5332 UserName: Delisa
    17:14:27.0987 5332 Windows directory: C:\Windows
    17:14:27.0987 5332 System windows directory: C:\Windows
    17:14:27.0987 5332 Processor architecture: Intel x86
    17:14:27.0987 5332 Number of processors: 2
    17:14:27.0987 5332 Page size: 0x1000
    17:14:27.0987 5332 Boot type: Normal boot
    17:14:27.0987 5332 ============================================================
    17:14:28.0527 5332 Initialize success
    17:32:42.0190 4152 ============================================================
    17:32:42.0190 4152 Scan started
    17:32:42.0190 4152 Mode: Manual;
    17:32:42.0190 4152 ============================================================
    17:32:42.0887 4152 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
    17:32:42.0892 4152 ACPI - ok
    17:32:42.0953 4152 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    17:32:42.0958 4152 adp94xx - ok
    17:32:43.0057 4152 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    17:32:43.0063 4152 adpahci - ok
    17:32:43.0095 4152 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    17:32:43.0097 4152 adpu160m - ok
    17:32:43.0125 4152 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    17:32:43.0129 4152 adpu320 - ok
    17:32:43.0329 4152 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
    17:32:43.0330 4152 Afc - ok
    17:32:43.0462 4152 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
    17:32:43.0468 4152 AFD - ok
    17:32:43.0543 4152 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    17:32:43.0545 4152 agp440 - ok
    17:32:43.0583 4152 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    17:32:43.0590 4152 aic78xx - ok
    17:32:43.0639 4152 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    17:32:43.0640 4152 aliide - ok
    17:32:43.0703 4152 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    17:32:43.0705 4152 amdagp - ok
    17:32:43.0771 4152 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    17:32:43.0772 4152 amdide - ok
    17:32:43.0814 4152 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    17:32:43.0816 4152 AmdK7 - ok
    17:32:43.0884 4152 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    17:32:43.0886 4152 AmdK8 - ok
    17:32:44.0048 4152 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    17:32:44.0050 4152 arc - ok
    17:32:44.0153 4152 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    17:32:44.0155 4152 arcsas - ok
    17:32:44.0250 4152 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    17:32:44.0251 4152 AsyncMac - ok
    17:32:44.0343 4152 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
    17:32:44.0348 4152 atapi - ok
    17:32:44.0516 4152 BCM43XV (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
    17:32:44.0521 4152 BCM43XV - ok
    17:32:44.0551 4152 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
    17:32:44.0556 4152 BCM43XX - ok
    17:32:44.0674 4152 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    17:32:44.0674 4152 Beep - ok
    17:32:44.0717 4152 blbdrive - ok
    17:32:44.0804 4152 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
    17:32:44.0807 4152 bowser - ok
    17:32:44.0857 4152 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    17:32:44.0859 4152 BrFiltLo - ok
    17:32:44.0890 4152 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    17:32:44.0891 4152 BrFiltUp - ok
    17:32:44.0935 4152 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    17:32:44.0937 4152 Brserid - ok
    17:32:44.0956 4152 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    17:32:44.0958 4152 BrSerWdm - ok
    17:32:44.0986 4152 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    17:32:44.0988 4152 BrUsbMdm - ok
    17:32:45.0011 4152 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    17:32:45.0012 4152 BrUsbSer - ok
    17:32:45.0106 4152 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    17:32:45.0108 4152 BTHMODEM - ok
    17:32:45.0192 4152 catchme - ok
    17:32:45.0324 4152 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    17:32:45.0327 4152 cdfs - ok
    17:32:45.0404 4152 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
    17:32:45.0406 4152 cdrom - ok
    17:32:45.0531 4152 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\Windows\system32\drivers\cfwids.sys
    17:32:45.0532 4152 cfwids - ok
    17:32:45.0572 4152 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    17:32:45.0573 4152 circlass - ok
    17:32:45.0665 4152 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
    17:32:45.0671 4152 CLFS - ok
    17:32:45.0741 4152 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    17:32:45.0742 4152 CmBatt - ok
    17:32:45.0782 4152 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    17:32:45.0783 4152 cmdide - ok
    17:32:45.0829 4152 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    17:32:45.0831 4152 Compbatt - ok
    17:32:45.0864 4152 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    17:32:45.0865 4152 crcdisk - ok
    17:32:45.0906 4152 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    17:32:45.0907 4152 Crusoe - ok
    17:32:45.0969 4152 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
    17:32:45.0971 4152 DfsC - ok
    17:32:46.0116 4152 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
    17:32:46.0118 4152 disk - ok
    17:32:46.0193 4152 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
    17:32:46.0197 4152 Dot4 - ok
    17:32:46.0258 4152 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    17:32:46.0260 4152 Dot4Print - ok
    17:32:46.0348 4152 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
    17:32:46.0350 4152 dot4usb - ok
    17:32:46.0411 4152 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    17:32:46.0412 4152 drmkaud - ok
    17:32:46.0471 4152 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
    17:32:46.0477 4152 DXGKrnl - ok
    17:32:46.0555 4152 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
    17:32:46.0559 4152 E100B - ok
    17:32:46.0662 4152 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    17:32:46.0665 4152 E1G60 - ok
    17:32:46.0728 4152 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys
    17:32:46.0730 4152 eabfiltr - ok
    17:32:46.0846 4152 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
    17:32:46.0850 4152 Ecache - ok
    17:32:46.0923 4152 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    17:32:46.0927 4152 elxstor - ok
    17:32:46.0996 4152 EraserUtilDrv11113 - ok
    17:32:47.0127 4152 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
    17:32:47.0131 4152 exfat - ok
    17:32:47.0188 4152 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
    17:32:47.0192 4152 fastfat - ok
    17:32:47.0283 4152 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    17:32:47.0284 4152 fdc - ok
    17:32:47.0383 4152 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    17:32:47.0385 4152 FileInfo - ok
    17:32:47.0459 4152 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    17:32:47.0460 4152 Filetrace - ok
    17:32:47.0536 4152 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    17:32:47.0538 4152 flpydisk - ok
    17:32:47.0604 4152 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
    17:32:47.0608 4152 FltMgr - ok
    17:32:47.0698 4152 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    17:32:47.0699 4152 Fs_Rec - ok
    17:32:47.0740 4152 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    17:32:47.0742 4152 gagp30kx - ok
    17:32:47.0832 4152 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
    17:32:47.0834 4152 GEARAspiWDM - ok
    17:32:47.0977 4152 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
    17:32:47.0978 4152 HBtnKey - ok
    17:32:48.0030 4152 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    17:32:48.0035 4152 HdAudAddService - ok
    17:32:48.0131 4152 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
    17:32:48.0132 4152 HDAudBus - ok
    17:32:48.0162 4152 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    17:32:48.0166 4152 HidBth - ok
    17:32:48.0236 4152 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    17:32:48.0237 4152 HidIr - ok
    17:32:48.0324 4152 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
    17:32:48.0325 4152 HidUsb - ok
    17:32:48.0396 4152 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    17:32:48.0399 4152 HpCISSs - ok
    17:32:48.0493 4152 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    17:32:48.0498 4152 HSFHWAZL - ok
    17:32:48.0617 4152 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
    17:32:48.0663 4152 HSF_DPV - ok
    17:32:48.0751 4152 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
    17:32:48.0762 4152 HTTP - ok
    17:32:48.0847 4152 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    17:32:48.0849 4152 i2omp - ok
    17:32:48.0958 4152 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    17:32:48.0960 4152 i8042prt - ok
    17:32:49.0220 4152 ialm (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
    17:32:49.0297 4152 ialm - ok
    17:32:49.0455 4152 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
    17:32:49.0459 4152 iaStor - ok
    17:32:49.0514 4152 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    17:32:49.0516 4152 iaStorV - ok
    17:32:49.0663 4152 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
    17:32:49.0681 4152 igfx - ok
    17:32:49.0753 4152 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    17:32:49.0756 4152 iirsp - ok
    17:32:49.0867 4152 IntcAzAudAddService (8d7eb1fd498fd0a34c95a298685ec1c7) C:\Windows\system32\drivers\RTKVHDA.sys
    17:32:49.0912 4152 IntcAzAudAddService - ok
    17:32:50.0043 4152 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
    17:32:50.0043 4152 intelide - ok
    17:32:50.0121 4152 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    17:32:50.0122 4152 intelppm - ok
    17:32:50.0225 4152 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:32:50.0227 4152 IpFilterDriver - ok
    17:32:50.0271 4152 IpInIp - ok
    17:32:50.0333 4152 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    17:32:50.0334 4152 IPMIDRV - ok
    17:32:50.0402 4152 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    17:32:50.0404 4152 IPNAT - ok
    17:32:50.0512 4152 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    17:32:50.0513 4152 IRENUM - ok
    17:32:50.0548 4152 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    17:32:50.0549 4152 isapnp - ok
    17:32:50.0627 4152 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
    17:32:50.0630 4152 iScsiPrt - ok
    17:32:50.0674 4152 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    17:32:50.0675 4152 iteatapi - ok
    17:32:50.0701 4152 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    17:32:50.0703 4152 iteraid - ok
    17:32:50.0754 4152 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    17:32:50.0756 4152 kbdclass - ok
    17:32:50.0788 4152 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
    17:32:50.0789 4152 kbdhid - ok
    17:32:50.0853 4152 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
    17:32:50.0858 4152 KSecDD - ok
    17:32:50.0923 4152 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    17:32:50.0925 4152 lltdio - ok
    17:32:50.0979 4152 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    17:32:50.0981 4152 LSI_FC - ok
    17:32:51.0007 4152 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    17:32:51.0009 4152 LSI_SAS - ok
    17:32:51.0046 4152 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    17:32:51.0048 4152 LSI_SCSI - ok
    17:32:51.0088 4152 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    17:32:51.0089 4152 luafv - ok
    17:32:51.0164 4152 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
    17:32:51.0166 4152 MBAMProtector - ok
    17:32:51.0180 4152 MBAMSwissArmy - ok
    17:32:51.0286 4152 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\Windows\system32\drivers\MCSTRM.sys
    17:32:51.0287 4152 MCSTRM - ok
    17:32:51.0361 4152 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    17:32:51.0362 4152 megasas - ok
    17:32:51.0400 4152 mfeapfk (688b626fca708ee9eb161cad1f7363a9) C:\Windows\system32\drivers\mfeapfk.sys
    17:32:51.0404 4152 mfeapfk - ok
    17:32:51.0462 4152 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\Windows\system32\drivers\mfeavfk.sys
    17:32:51.0466 4152 mfeavfk - ok
    17:32:51.0575 4152 mfebopk (a528b15e330edb83ea649be318d841d5) C:\Windows\system32\drivers\mfebopk.sys
    17:32:51.0577 4152 mfebopk - ok
    17:32:51.0646 4152 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\Windows\system32\drivers\mfefirek.sys
    17:32:51.0652 4152 mfefirek - ok
    17:32:51.0753 4152 mfehidk (44184f32392fa2e94d08d056ce750d56) C:\Windows\system32\drivers\mfehidk.sys
    17:32:51.0763 4152 mfehidk - ok
    17:32:51.0857 4152 mfenlfk (3a1aa28066785449da570462e0532d0c) C:\Windows\system32\DRIVERS\mfenlfk.sys
    17:32:51.0859 4152 mfenlfk - ok
    17:32:51.0881 4152 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\Windows\system32\drivers\mferkdet.sys
    17:32:51.0884 4152 mferkdet - ok
    17:32:52.0008 4152 mfewfpk (b2baac6bbedda3e26e82db13fa0e5bee) C:\Windows\system32\drivers\mfewfpk.sys
    17:32:52.0012 4152 mfewfpk - ok
    17:32:52.0097 4152 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    17:32:52.0099 4152 Modem - ok
    17:32:52.0165 4152 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    17:32:52.0166 4152 monitor - ok
    17:32:52.0285 4152 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    17:32:52.0287 4152 mouclass - ok
    17:32:52.0343 4152 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    17:32:52.0345 4152 mouhid - ok
    17:32:52.0404 4152 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    17:32:52.0406 4152 MountMgr - ok
    17:32:52.0492 4152 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    17:32:52.0495 4152 mpio - ok
    17:32:52.0560 4152 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    17:32:52.0562 4152 mpsdrv - ok
    17:32:52.0686 4152 mr7910 (d805cc36f02afe93e3236d5bf91a8dc7) C:\Windows\system32\DRIVERS\mr7910.sys
    17:32:52.0688 4152 mr7910 - ok
    17:32:52.0740 4152 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    17:32:52.0742 4152 Mraid35x - ok
    17:32:52.0832 4152 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
    17:32:52.0835 4152 MRxDAV - ok
    17:32:52.0925 4152 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
    17:32:52.0928 4152 mrxsmb - ok
    17:32:53.0022 4152 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:32:53.0026 4152 mrxsmb10 - ok
    17:32:53.0127 4152 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:32:53.0129 4152 mrxsmb20 - ok
    17:32:53.0252 4152 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    17:32:53.0254 4152 msahci - ok
    17:32:53.0314 4152 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    17:32:53.0316 4152 msdsm - ok
    17:32:53.0404 4152 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    17:32:53.0405 4152 Msfs - ok
    17:32:53.0532 4152 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    17:32:53.0533 4152 msisadrv - ok
    17:32:53.0622 4152 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    17:32:53.0623 4152 MSKSSRV - ok
    17:32:53.0665 4152 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    17:32:53.0666 4152 MSPCLOCK - ok
    17:32:53.0703 4152 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    17:32:53.0704 4152 MSPQM - ok
    17:32:53.0771 4152 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
    17:32:53.0775 4152 MsRPC - ok
    17:32:53.0823 4152 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    17:32:53.0824 4152 mssmbios - ok
    17:32:53.0870 4152 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    17:32:53.0872 4152 MSTEE - ok
    17:32:53.0916 4152 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
    17:32:53.0918 4152 Mup - ok
    17:32:54.0025 4152 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
    17:32:54.0029 4152 NativeWifiP - ok
    17:32:54.0115 4152 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
    17:32:54.0148 4152 NDIS - ok
    17:32:54.0231 4152 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    17:32:54.0232 4152 NdisTapi - ok
    17:32:54.0315 4152 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    17:32:54.0317 4152 Ndisuio - ok
    17:32:54.0384 4152 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
    17:32:54.0387 4152 NdisWan - ok
    17:32:54.0445 4152 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    17:32:54.0447 4152 NDProxy - ok
    17:32:54.0573 4152 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    17:32:54.0574 4152 NetBIOS - ok
    17:32:54.0641 4152 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
    17:32:54.0645 4152 netbt - ok
    17:32:54.0784 4152 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
    17:32:54.0839 4152 NETw3v32 - ok
    17:32:54.0985 4152 NETw4v32 (1d73499a6664b4da05d750ff83fdb274) C:\Windows\system32\DRIVERS\NETw4v32.sys
    17:32:55.0072 4152 NETw4v32 - ok
    17:32:55.0129 4152 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    17:32:55.0131 4152 nfrd960 - ok
    17:32:55.0192 4152 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
    17:32:55.0194 4152 Npfs - ok
    17:32:55.0271 4152 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    17:32:55.0273 4152 nsiproxy - ok
    17:32:55.0374 4152 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
    17:32:55.0430 4152 Ntfs - ok
    17:32:55.0511 4152 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    17:32:55.0513 4152 ntrigdigi - ok
    17:32:55.0571 4152 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    17:32:55.0573 4152 Null - ok
    17:32:55.0626 4152 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    17:32:55.0629 4152 nvraid - ok
    17:32:55.0654 4152 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    17:32:55.0656 4152 nvstor - ok
    17:32:55.0676 4152 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    17:32:55.0679 4152 nv_agp - ok
    17:32:55.0691 4152 NwlnkFlt - ok
    17:32:55.0703 4152 NwlnkFwd - ok
    17:32:55.0772 4152 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
    17:32:55.0773 4152 ohci1394 - ok
    17:32:55.0828 4152 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    17:32:55.0830 4152 Parport - ok
    17:32:55.0878 4152 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
    17:32:55.0881 4152 partmgr - ok
    17:32:55.0911 4152 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    17:32:55.0913 4152 Parvdm - ok
    17:32:55.0967 4152 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
    17:32:55.0971 4152 pci - ok
    17:32:56.0021 4152 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
    17:32:56.0022 4152 pciide - ok
    17:32:56.0061 4152 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    17:32:56.0065 4152 pcmcia - ok
    17:32:56.0206 4152 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    17:32:56.0240 4152 PEAUTH - ok
    17:32:56.0326 4152 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    17:32:56.0328 4152 PptpMiniport - ok
    17:32:56.0352 4152 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    17:32:56.0354 4152 Processor - ok
    17:32:56.0499 4152 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
    17:32:56.0501 4152 PSched - ok
    17:32:56.0585 4152 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
    17:32:56.0588 4152 PxHelp20 - ok
    17:32:56.0660 4152 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    17:32:56.0716 4152 ql2300 - ok
    17:32:56.0782 4152 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    17:32:56.0785 4152 ql40xx - ok
    17:32:56.0856 4152 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    17:32:56.0857 4152 QWAVEdrv - ok
    17:32:56.0922 4152 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    17:32:56.0924 4152 RasAcd - ok
    17:32:57.0052 4152 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    17:32:57.0054 4152 Rasl2tp - ok
    17:32:57.0136 4152 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
    17:32:57.0138 4152 RasPppoe - ok
    17:32:57.0214 4152 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
    17:32:57.0218 4152 RasSstp - ok
    17:32:57.0339 4152 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
    17:32:57.0343 4152 rdbss - ok
    17:32:57.0416 4152 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    17:32:57.0417 4152 RDPCDD - ok
    17:32:57.0468 4152 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    17:32:57.0475 4152 rdpdr - ok
    17:32:57.0488 4152 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    17:32:57.0489 4152 RDPENCDD - ok
    17:32:57.0539 4152 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
    17:32:57.0544 4152 RDPWD - ok
    17:32:57.0594 4152 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
    17:32:57.0595 4152 rimmptsk - ok
    17:32:57.0626 4152 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
    17:32:57.0628 4152 rimsptsk - ok
    17:32:57.0700 4152 RimUsb - ok
    17:32:57.0780 4152 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
    17:32:57.0781 4152 RimVSerPort - ok
    17:32:57.0865 4152 rismxdp (c663af77e2f4eabf8eb08b388d2f1f36) C:\Windows\system32\DRIVERS\rixdptsk.sys
    17:32:57.0867 4152 rismxdp - ok
    17:32:58.0006 4152 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
    17:32:58.0007 4152 ROOTMODEM - ok
    17:32:58.0087 4152 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    17:32:58.0089 4152 rspndr - ok
    17:32:58.0147 4152 RTL8169 (71b7026d61293c1e91145bdad11c53bf) C:\Windows\system32\DRIVERS\Rtlh86.sys
    17:32:58.0149 4152 RTL8169 - ok
    17:32:58.0254 4152 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    17:32:58.0256 4152 sbp2port - ok
    17:32:58.0343 4152 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
    17:32:58.0345 4152 sdbus - ok
    17:32:58.0381 4152 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    17:32:58.0382 4152 secdrv - ok
    17:32:58.0415 4152 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    17:32:58.0417 4152 Serenum - ok
    17:32:58.0439 4152 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    17:32:58.0443 4152 Serial - ok
    17:32:58.0487 4152 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    17:32:58.0489 4152 sermouse - ok
    17:32:58.0551 4152 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
    17:32:58.0553 4152 sffdisk - ok
    17:32:58.0581 4152 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    17:32:58.0582 4152 sffp_mmc - ok
    17:32:58.0689 4152 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
    17:32:58.0690 4152 sffp_sd - ok
    17:32:58.0726 4152 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    17:32:58.0728 4152 sfloppy - ok
    17:32:58.0774 4152 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    17:32:58.0776 4152 sisagp - ok
    17:32:58.0828 4152 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    17:32:58.0830 4152 SiSRaid2 - ok
    17:32:58.0867 4152 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    17:32:58.0869 4152 SiSRaid4 - ok
    17:32:58.0925 4152 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
    17:32:58.0927 4152 Smb - ok
    17:32:59.0046 4152 smserial (3850aba97b31094f93bcbe94d6abbe22) C:\Windows\system32\DRIVERS\smserial.sys
    17:32:59.0091 4152 smserial - ok
    17:32:59.0246 4152 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    17:32:59.0247 4152 spldr - ok
    17:32:59.0381 4152 sptd (d390675b8ce45e5fb359338e5e649329) C:\Windows\system32\Drivers\sptd.sys
    17:32:59.0381 4152 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
    17:32:59.0385 4152 sptd ( LockedFile.Multi.Generic ) - warning
    17:32:59.0385 4152 sptd - detected LockedFile.Multi.Generic (1)
    17:32:59.0452 4152 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
    17:32:59.0485 4152 srv - ok
    17:32:59.0541 4152 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
    17:32:59.0545 4152 srv2 - ok
    17:32:59.0577 4152 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
    17:32:59.0580 4152 srvnet - ok
    17:32:59.0630 4152 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
    17:32:59.0632 4152 StillCam - ok
    17:32:59.0700 4152 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    17:32:59.0702 4152 swenum - ok
    17:32:59.0743 4152 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    17:32:59.0745 4152 Symc8xx - ok
    17:32:59.0800 4152 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    17:32:59.0802 4152 Sym_hi - ok
    17:32:59.0842 4152 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    17:32:59.0844 4152 Sym_u3 - ok
    17:32:59.0965 4152 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
    17:32:59.0986 4152 Tcpip - ok
    17:33:00.0089 4152 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
    17:33:00.0098 4152 Tcpip6 - ok
    17:33:00.0176 4152 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
    17:33:00.0178 4152 tcpipreg - ok
    17:33:00.0261 4152 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    17:33:00.0263 4152 TDPIPE - ok
    17:33:00.0326 4152 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    17:33:00.0328 4152 TDTCP - ok
    17:33:00.0397 4152 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
    17:33:00.0399 4152 tdx - ok
    17:33:00.0464 4152 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
    17:33:00.0466 4152 TermDD - ok
    17:33:00.0579 4152 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    17:33:00.0581 4152 tssecsrv - ok
    17:33:00.0622 4152 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    17:33:00.0623 4152 tunmp - ok
    17:33:00.0683 4152 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
    17:33:00.0685 4152 tunnel - ok
    17:33:00.0754 4152 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    17:33:00.0756 4152 uagp35 - ok
    17:33:00.0837 4152 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
    17:33:00.0842 4152 udfs - ok
    17:33:00.0920 4152 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    17:33:00.0922 4152 uliagpkx - ok
    17:33:01.0004 4152 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    17:33:01.0009 4152 uliahci - ok
    17:33:01.0063 4152 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    17:33:01.0066 4152 UlSata - ok
    17:33:01.0098 4152 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    17:33:01.0101 4152 ulsata2 - ok
    17:33:01.0207 4152 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    17:33:01.0209 4152 umbus - ok
    17:33:01.0277 4152 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
    17:33:01.0279 4152 USBAAPL - ok
    17:33:01.0335 4152 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
    17:33:01.0338 4152 usbaudio - ok
    17:33:01.0382 4152 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    17:33:01.0385 4152 usbccgp - ok
    17:33:01.0426 4152 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    17:33:01.0428 4152 usbcir - ok
    17:33:01.0540 4152 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
    17:33:01.0543 4152 usbehci - ok
    17:33:01.0579 4152 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
    17:33:01.0584 4152 usbhub - ok
    17:33:01.0652 4152 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    17:33:01.0654 4152 usbohci - ok
    17:33:01.0728 4152 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    17:33:01.0729 4152 usbprint - ok
    17:33:01.0805 4152 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    17:33:01.0807 4152 usbscan - ok
    17:33:01.0872 4152 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    17:33:01.0875 4152 USBSTOR - ok
    17:33:01.0968 4152 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    17:33:01.0969 4152 usbuhci - ok
    17:33:02.0047 4152 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    17:33:02.0051 4152 usbvideo - ok
    17:33:02.0155 4152 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    17:33:02.0157 4152 vga - ok
    17:33:02.0231 4152 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    17:33:02.0233 4152 VgaSave - ok
    17:33:02.0316 4152 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    17:33:02.0318 4152 viaagp - ok
    17:33:02.0344 4152 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    17:33:02.0346 4152 ViaC7 - ok
    17:33:02.0373 4152 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    17:33:02.0375 4152 viaide - ok
    17:33:02.0421 4152 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    17:33:02.0423 4152 volmgr - ok
    17:33:02.0471 4152 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
    17:33:02.0478 4152 volmgrx - ok
    17:33:02.0528 4152 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
    17:33:02.0533 4152 volsnap - ok
    17:33:02.0601 4152 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    17:33:02.0605 4152 vsmraid - ok
    17:33:02.0654 4152 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    17:33:02.0655 4152 WacomPen - ok
    17:33:02.0694 4152 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    17:33:02.0696 4152 Wanarp - ok
    17:33:02.0714 4152 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    17:33:02.0715 4152 Wanarpv6 - ok
    17:33:02.0801 4152 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    17:33:02.0803 4152 Wd - ok
    17:33:02.0893 4152 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    17:33:02.0898 4152 Wdf01000 - ok
    17:33:02.0996 4152 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
    17:33:03.0005 4152 winachsf - ok
    17:33:03.0089 4152 winusb (f03110711b17ad31271cb2baf0dbb2b1) C:\Windows\system32\DRIVERS\WinUSB.SYS
    17:33:03.0091 4152 winusb - ok
    17:33:03.0144 4152 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    17:33:03.0145 4152 WmiAcpi - ok
    17:33:03.0235 4152 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
    17:33:03.0236 4152 WpdUsb - ok
    17:33:03.0303 4152 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    17:33:03.0304 4152 ws2ifsl - ok
    17:33:03.0433 4152 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    17:33:03.0435 4152 WUDFRd - ok
    17:33:03.0474 4152 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
    17:33:03.0527 4152 \Device\Harddisk0\DR0 - ok
    17:33:03.0529 4152 Boot (0x1200) (3d7ad02652a9a55b2a86a980bb201f9a) \Device\Harddisk0\DR0\Partition0
    17:33:03.0530 4152 \Device\Harddisk0\DR0\Partition0 - ok
    17:33:03.0532 4152 Boot (0x1200) (3a0bad8aac7b8f3a35172e9b3a397a9d) \Device\Harddisk0\DR0\Partition1
    17:33:03.0533 4152 \Device\Harddisk0\DR0\Partition1 - ok
    17:33:03.0534 4152 ============================================================
    17:33:03.0534 4152 Scan finished
    17:33:03.0534 4152 ============================================================
    17:33:03.0538 4344 Detected object count: 1
    17:33:03.0538 4344 Actual detected object count: 1
    17:33:11.0244 4344 sptd ( LockedFile.Multi.Generic ) - skipped by user
    17:33:11.0244 4344 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
  8. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Good :)...........
  9. jellybeans07

    jellybeans07 Newcomer, in training Topic Starter Posts: 25

    :D Does this mean we're making progress??
  10. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Yes. I still need fresh aswMBR log.
  11. jellybeans07

    jellybeans07 Newcomer, in training Topic Starter Posts: 25

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-21 17:49:44
    -----------------------------
    17:49:44.597 OS Version: Windows 6.0.6001 Service Pack 1
    17:49:44.597 Number of processors: 2 586 0xF0D
    17:49:44.599 ComputerName: DCOMPUTER UserName: Delisa
    17:50:06.097 Initialize success
    17:50:14.961 AVAST engine defs: 11112001
    17:51:22.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    17:51:22.675 Disk 0 Vendor: ST925082 3.AA Size: 238475MB BusType: 3
    17:51:22.700 Disk 0 MBR read successfully
    17:51:22.705 Disk 0 MBR scan
    17:51:22.764 Disk 0 unknown MBR code
    17:51:22.769 Disk 0 scanning sectors +488397152
    17:51:22.870 Disk 0 scanning C:\Windows\system32\drivers
    17:51:42.285 Service scanning
    17:51:43.550 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
    17:51:44.153 Modules scanning
    17:51:51.167 Disk 0 trace - called modules:
    17:51:51.182 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84a621e8]<<
    17:51:51.183 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865f5ac8]
    17:51:51.185 3 CLASSPNP.SYS[88ba2745] -> nt!IofCallDriver -> [0x854961f0]
    17:51:51.186 5 acpi.sys[883b26a0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85a32028]
    17:51:51.187 \Driver\iaStor[0x85496030] -> IRP_MJ_CREATE -> 0x84a621e8
    17:51:52.411 AVAST engine scan C:\Windows
    17:51:57.603 AVAST engine scan C:\Windows\system32
    17:55:13.434 AVAST engine scan C:\Windows\system32\drivers
    17:55:32.824 AVAST engine scan C:\Users\Delisa
    17:55:34.514 File: C:\Users\Delisa\AppData\Local\1cf6efbe\U\800000cb.$ **INFECTED** Win32:Sirefef-AO [Rtk]
    17:59:20.539 Disk 0 MBR has been saved successfully to "C:\Users\Delisa\Desktop\MBR.dat"
    17:59:20.556 The log file has been saved successfully to "C:\Users\Delisa\Desktop\aswMBR2.txt"
     
  12. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  13. jellybeans07

    jellybeans07 Newcomer, in training Topic Starter Posts: 25

    Alright... so I've tried it a million times over by now and ComboFix just doesn't want to work for me.

    When I try it in SafeMode with Rkill at first I get a message that says "access denied" and then a few seconds later that goes away and it says starting scan but never does anything else... I will say however, I never figured out how to uninstall ComboFix so I just downloaded it again to see if that helped which didn't :(
  14. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Lets run the following tool. This will help determine which files need permissions restored.

    Please download and save Junction.zip

    Unzip it and place Junction.exe in the Windows directory (C:\Windows).
    Go to Start>Run (Vista and Windows 7 users use "Start search" box).
    Copy and paste the following command in the Run box and click OK (Vista and Windows 7 users press "Enter"):

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

    A command window opens starting to scan the system.
    Wait until a log file opens.
    Copy and paste the log in your next reply.
  15. jellybeans07

    jellybeans07 Newcomer, in training Topic Starter Posts: 25

    I tried that and after I pasted the command and hit enter, a command box appeared for like 1/4 of a second and then instantly disappeared again.... nothing further happened. I've also been getting pop-ups stating that my recycle bin is corrupted asking if I'd like to permanently delete the files in the recycling bin- that's been happening for the past day or two... Whatever this is got me good apparently :/
  16. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Instead of simply pressing Enter hold CTRL and SHIFT keys then press Enter.
  17. jellybeans07

    jellybeans07 Newcomer, in training Topic Starter Posts: 25

    Didn't work... shall I try it in safe mode?
  18. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Go ahead......
  19. jellybeans07

    jellybeans07 Newcomer, in training Topic Starter Posts: 25

    Ok so it worked in safe mode but the log is incredibly long- it'll probably have to be split between about 4 or 5 posts. Can I just attach it it or so you want me to do the seperate posts instead?
  20. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    You can attach it.
  21. jellybeans07

    jellybeans07 Newcomer, in training Topic Starter Posts: 25

    Ok- I still had to save it into multiple files since the one log is more than 900 kb. 5 parts of them are attached to this post and the rest I'll attach in my next post. Is it normal for this log to be so long or is my computer just that jacked?

    Attached Files:

  22. jellybeans07

    jellybeans07 Newcomer, in training Topic Starter Posts: 25

    And here's the final 3 parts... if there were some easier way to post this, I'm sorry that I have no idea how to do so.

    Attached Files:

  23. Broni

    Broni Malware Annihilator Posts: 46,127   +251

  24. jellybeans07

    jellybeans07 Newcomer, in training Topic Starter Posts: 25

  25. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    It looks serious.

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.