TechSpot

Virus/malware that keeps coming back despite being removed with Malwarebytes

Inactive
By lunsk
Feb 28, 2012
  1. Hi,

    I have malware on my computer right now (RootKit.0Access.H) and some virus that keeps on playing a "Congratulations you win" sound. I tried scanning with Malwarebytes and it says it removed it, but it keeps coming back. I also have a popup whenever I open Firefox, only when it's the first time opening Firefox though. I hope you guys will be able to help me.

    The antivirus program I'm using right now is Microsoft Security Essentials.

    Malwarebytes Log:

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.26.07

    Windows Vista Service Pack 1 x86 NTFS
    Internet Explorer 7.0.6001.18000
    Jonathan :: JONATHAN-PC [administrator]

    28/02/2012 2:11:01 PM
    mbam-log-2012-02-28 (14-11-01).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 195963
    Time elapsed: 20 minute(s), 21 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 1
    C:\Windows\System32\DCamUSBDXGTech.dll (RootKit.0Access.H) -> Delete on reboot.

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\System32\DCamUSBDXGTech.dll (RootKit.0Access.H) -> Delete on reboot.

    (end)


    GMER Log:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-02-28 14:49:07
    Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
    Running: GMER.exe; Driver: C:\Users\Jonathan\AppData\Local\Temp\fwlcrkow.sys


    ---- Devices - GMER 1.0.15 ----

    Device \Driver\iaStor \Device\Ide\iaStor0 [82ABA8E0] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [82ABA8E0] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [82ABA8E0] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atzxebsi \Device\Scsi\atzxebsi1 8788D1F8
    Device \FileSystem\Ntfs \Ntfs 852DD1F8
    Device \FileSystem\fastfat \Fat 896251F8

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----


    DDS Log:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.6001.18000
    Run by Jonathan at 14:56:21 on 2012-02-28
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.3581.2362 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Fingerprint Sensor\AtService.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\STacSV.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\System32\bcmwltry.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\ASTSRV.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\DigitalPersona\Bin\DpAgent.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Users\Jonathan\Program Files\DNA\btdna.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    \\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\wuauclt.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=0080717
    uWindow Title = Internet Explorer provided by Dell
    uDefault_Page_URL = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=0080717
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    TB: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No File
    TB: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
    uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
    uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [BitTorrent DNA] "c:\users\jonathan\program files\dna\btdna.exe"
    mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe
    mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
    mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    StartupFolder: c:\users\jonathan\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
    StartupFolder: c:\users\jonathan\appdata\roaming\micros~1\windows\startm~1\programs\startup\thunde~1.lnk - c:\program files\mozilla thunderbird\thunderbird.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    LSP: mswsock.dll
    Trusted Zone: google.ca\www
    Trusted Zone: pixiv.net
    DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
    DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{9D43A0E4-2CCA-4641-A869-252AA04B100D} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{CB8D97A1-8DB2-4AFB-897C-29AE5A8CC818} : DhcpNameServer = 192.168.0.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    LSA: Notification Packages = scecli DPPWDFLT
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_c204e27d\AEstSrv.exe [2008-7-16 73728]
    R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-2-29 1053944]
    R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]
    R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2011-6-21 196912]
    R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-7-16 548352]
    R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-7-16 54784]
    R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-7-16 203264]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
    R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2008-7-16 149208]
    R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2008-7-16 277624]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-31 1153368]
    S3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [2011-7-21 500704]
    S3 GDISpyDevice;GDISpyDevice;c:\windows\system32\GDISpy.sys [2008-4-22 38856]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]
    S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2008-9-6 83496]
    S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [2008-9-6 15016]
    S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [2008-9-6 109992]
    S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [2008-9-6 103976]
    S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [2008-9-6 100008]
    S3 XDva189;XDva189;c:\windows\system32\XDva189.sys [2008-8-4 46464]
    .
    =============== Created Last 30 ================
    .
    2012-02-28 19:55:31 6552120 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2b92e378-461f-4ce5-a732-dad1b5a1dfd6}\mpengine.dll
    2012-02-28 05:25:49 -------- d-----w- c:\program files\SpywareBlaster
    2012-02-28 04:52:53 -------- d-----w- c:\program files\MozBackup
    2012-02-27 23:22:09 -------- d-----w- c:\users\jonathan\DoctorWeb
    2012-02-27 04:06:39 83136 ----a-w- c:\windows\system32\eE0cm.com_
    2012-02-27 03:56:37 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-02-25 02:18:09 -------- d-----w- c:\program files\common files\Spigot
    2012-02-25 02:17:48 -------- d-----w- c:\programdata\YouTube Downloader
    2012-02-25 02:17:43 -------- d-----w- c:\program files\YouTube Downloader
    2012-02-11 15:04:53 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fccff295-a8d2-42e0-a563-ee40b05596f3}\gapaengine.dll
    2012-01-30 23:58:57 -------- d-----w- c:\programdata\youku
    2012-01-30 23:58:48 161056 ----a-w- c:\windows\system32\ikutm.dll
    2012-01-30 23:58:34 -------- d-----w- c:\program files\YouKu
    2012-01-30 22:49:05 -------- d-----w- c:\program files\Conduit
    2012-01-30 22:49:02 -------- d-----w- c:\users\jonathan\appdata\local\Conduit
    2012-01-30 22:48:49 -------- d-----w- c:\users\jonathan\appdata\local\FLVService
    .
    ==================== Find3M ====================
    .
    2012-02-27 04:06:13 114688 ----a-w- c:\windows\system32\msvos.dll
    2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
    2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    ============= FINISH: 14:56:41.66 ===============


    DDS Attach log:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 16/07/2008 5:01:24 PM
    System Uptime: 28/02/2012 2:39:06 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0F700C
    Processor: Intel(R) Core(TM)2 Duo CPU T5850 @ 2.16GHz | Microprocessor | 2167/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 288 GiB total, 0.741 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 5.584 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.1.5
    Advanced Audio FX Engine
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Control Center
    µTorrent
    Audacity 1.3.13 (Unicode)
    AuthenTec Fingerprint System
    Awave Studio v10
    Bandisoft MPEG-1 Decoder
    Bonjour
    Broadcom Gigabit NetLink Controller
    Browser Address Error Redirector
    BufferChm
    Canon MX320 series MP Drivers
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization Chinese Traditional
    Catalyst Control Center Localization Danish
    Catalyst Control Center Localization Dutch
    Catalyst Control Center Localization Finnish
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Korean
    Catalyst Control Center Localization Norwegian
    Catalyst Control Center Localization Portuguese
    Catalyst Control Center Localization Russian
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Swedish
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCleaner
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Compatibility Pack for the 2007 Office system
    Copy
    Dell Dock
    Dell Driver Download Manager
    Dell Getting Started Guide
    Dell Touchpad
    Dell Webcam Central
    Dell Wireless WLAN Card Utility
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    Digital Line Detect
    DigitalPersona Personal 3.0.1
    DJ_AIO_03_F4200_ProductContext
    DJ_AIO_03_F4200_Software
    DJ_AIO_03_F4200_Software_Min
    DocProc
    DocProcQFolder
    Dropbox
    DVD Decrypter (Remove Only)
    Finale NotePad 2008
    Garena
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
    HP Imaging Device Functions 11.0
    HP Update
    Integrated Webcam Driver (1.00.08.0216)
    Intel(R) Matrix Storage Manager
    ITECIR Driver
    iTunes
    Japanese Fonts Support For Adobe Reader 8
    Java Auto Updater
    Java(TM) 6 Update 5
    Java(TM) SE Development Kit 7 Update 1
    JDownloader
    Junk Mail filter update
    K-Lite Mega Codec Pack 7.6.0
    KB408682
    Live! Cam Avatar Creator
    LiveUpdate (Symantec Corporation)
    M3 GAME Manager Uninstall
    Malwarebytes Anti-Malware version 1.60.1.1000
    Media Player Classic - Home Cinema v1.5.3.3699
    MediaDirect
    MHP3 ToolKit version 2.2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft AppLocale
    Microsoft Choice Guard
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Windows Application Compatibility Database
    Microsoft Works
    mIRC
    Modem Diagnostics Tool
    MozBackup 1.5.1
    Mozilla Firefox 10.0.2 (x86 en-US)
    Mozilla Thunderbird 9.0.1 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NetWaiting
    Nitro PDF Reader 2
    OCR Software by I.R.I.S. 11.0
    OGPlanet Game Launcher
    Pando Media Booster
    Pokemon Online 1.0.53
    PrimoPDF -- brought to you by Nitro PDF Software
    QuickSet
    QuickTime
    RealPlayer
    Revo Uninstaller 1.85
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Update Manager
    Scan
    SD Gundam Capsule Fighter
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB969679)
    Security Update for Microsoft Office Excel 2007 (KB969682)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB969693)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office Word 2007 (KB969604)
    Skins
    Slice Audio File Splitter
    Spybot - Search & Destroy
    SpywareBlaster 4.6
    StarCraft II
    Status
    Steam
    Synthesia (remove only)
    SysTools PDF Unlocker - v3.1
    Toolbox
    TrayApp
    Uniblue RegistryBooster
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB969907)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (kb971933)
    Ventrilo Client
    VLC media player 0.9.8a
    Warcraft III
    Warcraft III: All Products
    WBFS Manager 3.0
    WebReg
    Winamp
    Winamp Detector Plug-in
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Player Firefox Plugin
    WinRAR 4.01 (32-bit)
    YouTube Downloader 3.5
    .
    ==== End Of File ===========================



    Thanks for giving me your time
     
  2. Broni

    Broni Malware Annihilator Posts: 47,646   +267

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==================================================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Click on SCAN.
      [/b]
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
     
  3. lunsk

    lunsk TS Rookie Topic Starter Posts: 62

    I have a problem with aswMBR, it just stalled while it was scanning on a file. I waited for 10 mins and there was no change, so I just saved the log and cancelled it. Should I redo the scan?
    This also happened yesterday when I was using something called Dr Web and it would just stall on this one file.

    I'll post the partial log from aswMBR:

    aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-28 22:03:45
    -----------------------------
    22:03:45.848 OS Version: Windows 6.0.6001 Service Pack 1
    22:03:45.848 Number of processors: 2 586 0xF0D
    22:03:45.850 ComputerName: JONATHAN-PC UserName: Jonathan
    22:03:50.013 Initialize success
    22:05:22.138 AVAST engine defs: 12022802
    22:06:12.865 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    22:06:12.882 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
    22:06:12.941 Disk 0 MBR read successfully
    22:06:12.961 Disk 0 MBR scan
    22:06:13.004 Disk 0 Windows VISTA default MBR code
    22:06:13.015 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
    22:06:13.100 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10000 MB offset 80325
    22:06:13.181 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 295205 MB offset 20560325
    22:06:13.202 Disk 0 scanning sectors +625140400
    22:06:13.347 Disk 0 scanning C:\Windows\system32\drivers
    22:06:24.437 File: C:\Windows\system32\drivers\afd.sys **INFECTED** Win32:Alureon-AQV [Rtk]
    22:06:58.801 Disk 0 trace - called modules:
    22:06:58.836 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87ff5fd0]<<
    22:06:58.850 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86bedac8]
    22:06:58.856 3 CLASSPNP.SYS[837a8745] -> nt!IofCallDriver -> [0x87fa1ae8]
    22:06:58.865 \Driver\00000816[0x87fa1c20] -> IRP_MJ_CREATE -> 0x87ff5fd0
    22:07:01.588 AVAST engine scan C:\Windows
    22:07:14.198 AVAST engine scan C:\Windows\system32
    22:08:52.962 File: C:\Windows\system32\eE0cm.com **INFECTED** Win32:Kryptik-HRL [Trj]
    22:08:53.083 File: C:\Windows\system32\eE0cm.com_ **INFECTED** Win32:Kryptik-HRL [Trj]
    22:18:08.628 AVAST engine scan C:\Windows\system32\drivers
    22:18:16.691 File: C:\Windows\system32\drivers\afd.sys **INFECTED** Win32:Alureon-AQV [Rtk]
    22:19:04.145 AVAST engine scan C:\Users\Jonathan
    22:29:54.715 Disk 0 MBR has been saved successfully to "C:\Users\Jonathan\Desktop\MBR.dat"
    22:29:54.734 The log file has been saved successfully to "C:\Users\Jonathan\Desktop\aswMBR.txt"


    RogueKiller report didn't open automatically, but it was saved to the desktop, not sure if that is a problem or not.

    RogueKiller V7.2.0 [02/27/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
    Started in : Normal mode
    User: Jonathan [Admin rights]
    Mode: Scan -- Date: 02/28/2012 22:32:47

    ¤¤¤ Bad processes: 2 ¤¤¤
    [HJ NAME] svchost.exe -- \\.\globalroot\SystemRoot\system32\svchost.exe -> KILLED [TermProc]
    [RESIDUE] svchost.exe -- \\.\globalroot\SystemRoot\system32\svchost.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries: 5 ¤¤¤
    [HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    [HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD3200BEVT-75ZCT1 +++++
    --- User ---
    [MBR] a8b76465bd75b989238d8ac2c1d7b9a9
    [BSP] 3ded86fab9859a190a086440b067760c : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 10000 Mo
    2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20560325 | Size: 295205 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt



    Also, thank you very much for the help
     
  4. Broni

    Broni Malware Annihilator Posts: 47,646   +267

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. lunsk

    lunsk TS Rookie Topic Starter Posts: 62

    I just got a message saying "Freeware implementation of XCACLS stopped working" should I close it? Combofix is still running I have think
     
  6. Broni

    Broni Malware Annihilator Posts: 47,646   +267

    Go ahead and close it.
    Always post new reply.
     
  7. lunsk

    lunsk TS Rookie Topic Starter Posts: 62

    Combofix just said I had a rootkit and it needed to restart my computer, but I'm getting a BSOD everytime right before it goes to the desktop
     
  8. lunsk

    lunsk TS Rookie Topic Starter Posts: 62

    I went into safe mode and it says "The recycle bin on C:\ is corrupted. Doyou want to empty the recycle bin for this drive?

    I definitely had security essentials turned off when I was using combofix, as soon as it finished it restarted
     
  9. Broni

    Broni Malware Annihilator Posts: 47,646   +267

    Did you say "Yes"?
     
  10. lunsk

    lunsk TS Rookie Topic Starter Posts: 62

    I accidentally pressed enter when I was trying to turn on the screen today and I emptied it. Is that a problem?
     
  11. Broni

    Broni Malware Annihilator Posts: 47,646   +267

    Go ahead and re-run Combofix.
     
     
  12. lunsk

    lunsk TS Rookie Topic Starter Posts: 62

    From safe mode? I can't get to my desktop because of a blue screen

    Should I do a startup repair?
     
  13. Broni

    Broni Malware Annihilator Posts: 47,646   +267

    If safe mode works run Combofix from there.
     
  14. lunsk

    lunsk TS Rookie Topic Starter Posts: 62

    Combo fix just said it found a rootkit on my computer and it needs to restart, I can enter windows normally now, I can't find the log in C:\ though and my recycle bin is still corrupt
     
  15. Broni

    Broni Malware Annihilator Posts: 47,646   +267

    Re-run Combofix one more time.
     
  16. lunsk

    lunsk TS Rookie Topic Starter Posts: 62

    Should I empty the corrupted recycle bin when it asks?
     
  17. Broni

    Broni Malware Annihilator Posts: 47,646   +267

    Yes.........
     
  18. lunsk

    lunsk TS Rookie Topic Starter Posts: 62

    It finished scanning, but I still don't see a combofix text file, I see a combofix file though in my c:\ is that it?
     
  19. Broni

    Broni Malware Annihilator Posts: 47,646   +267

    It must be. Open it with Notepad and paste its content in your next reply.
     
  20. lunsk

    lunsk TS Rookie Topic Starter Posts: 62

    When I opened it with Notepad, it said access denied, I restarted my computer and now it's a folder. There's 2 files in that folder within a folder called Test4Max and still no log. When I open them in notepad it's just gibberish and I don't think it's the files you're looking for. Also, just one of them is too long to fit in one post.
     
  21. lunsk

    lunsk TS Rookie Topic Starter Posts: 62

    Also, I can't turn on my Firewall for some reason saying "Due to an unidentified problem, Windows cannot display Windows Firewall settings"

    I don't get popups anymore when I open Firefox though

    Edit: Nevermind, I'm still getting popups
     
  22. Broni

    Broni Malware Annihilator Posts: 47,646   +267

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  23. lunsk

    lunsk TS Rookie Topic Starter Posts: 62

    It produced a log this time

    15:31:03.0781 5344 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24
    15:31:04.0246 5344 ============================================================
    15:31:04.0246 5344 Current date / time: 2012/02/29 15:31:04.0246
    15:31:04.0246 5344 SystemInfo:
    15:31:04.0246 5344
    15:31:04.0246 5344 OS Version: 6.0.6001 ServicePack: 1.0
    15:31:04.0246 5344 Product type: Workstation
    15:31:04.0246 5344 ComputerName: JONATHAN-PC
    15:31:04.0246 5344 UserName: Jonathan
    15:31:04.0246 5344 Windows directory: C:\Windows
    15:31:04.0246 5344 System windows directory: C:\Windows
    15:31:04.0246 5344 Processor architecture: Intel x86
    15:31:04.0246 5344 Number of processors: 2
    15:31:04.0247 5344 Page size: 0x1000
    15:31:04.0247 5344 Boot type: Normal boot
    15:31:04.0247 5344 ============================================================
    15:31:05.0433 5344 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    15:31:05.0452 5344 \Device\Harddisk0\DR0:
    15:31:05.0452 5344 MBR used
    15:31:05.0452 5344 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1388000
    15:31:05.0452 5344 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139B9C5, BlocksNum 0x240928EB
    15:31:05.0531 5344 Initialize success
    15:31:05.0531 5344 ============================================================
    15:31:13.0118 7496 ============================================================
    15:31:13.0119 7496 Scan started
    15:31:13.0119 7496 Mode: Manual;
    15:31:13.0119 7496 ============================================================
    15:31:16.0135 7496 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
    15:31:16.0139 7496 ACPI - ok
    15:31:16.0243 7496 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    15:31:16.0265 7496 adp94xx - ok
    15:31:16.0426 7496 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    15:31:16.0439 7496 adpahci - ok
    15:31:16.0564 7496 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    15:31:16.0595 7496 adpu160m - ok
    15:31:16.0738 7496 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    15:31:16.0791 7496 adpu320 - ok
    15:31:16.0911 7496 AFD (a3ef19e838b95593607f2aaeb9c2a8db) C:\Windows\system32\drivers\afd.sys
    15:31:16.0912 7496 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: a3ef19e838b95593607f2aaeb9c2a8db, Fake md5: 763e172a55177e478cb419f88fd0ba03
    15:31:16.0913 7496 AFD ( Virus.Win32.ZAccess.c ) - infected
    15:31:16.0913 7496 AFD - detected Virus.Win32.ZAccess.c (0)
    15:31:17.0024 7496 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    15:31:17.0144 7496 agp440 - ok
    15:31:17.0287 7496 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    15:31:17.0507 7496 aic78xx - ok
    15:31:17.0623 7496 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    15:31:17.0637 7496 aliide - ok
    15:31:17.0742 7496 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    15:31:17.0785 7496 amdagp - ok
    15:31:17.0876 7496 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    15:31:17.0877 7496 amdide - ok
    15:31:17.0928 7496 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    15:31:17.0952 7496 AmdK7 - ok
    15:31:17.0993 7496 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    15:31:18.0026 7496 AmdK8 - ok
    15:31:18.0095 7496 ApfiltrService (1de27858a431a5749e0f3df54ba935b9) C:\Windows\system32\DRIVERS\Apfiltr.sys
    15:31:18.0140 7496 ApfiltrService - ok
    15:31:18.0211 7496 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    15:31:18.0241 7496 arc - ok
    15:31:18.0281 7496 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    15:31:18.0321 7496 arcsas - ok
    15:31:18.0353 7496 ASPI32 - ok
    15:31:18.0396 7496 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    15:31:18.0397 7496 AsyncMac - ok
    15:31:18.0449 7496 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
    15:31:18.0450 7496 atapi - ok
    15:31:18.0585 7496 atikmdag (be4d8fdc6b2598c46b2b5e6e4fbaafc5) C:\Windows\system32\DRIVERS\atikmdag.sys
    15:31:19.0037 7496 atikmdag - ok
    15:31:19.0141 7496 ATSwpWDF (6d4bf9538e449d64c5413bc46afcd8ff) C:\Windows\system32\Drivers\ATSwpWDF.sys
    15:31:19.0216 7496 ATSwpWDF - ok
    15:31:19.0295 7496 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
    15:31:19.0296 7496 BCM42RLY - ok
    15:31:19.0393 7496 BCM43XX (b56999be8f22ba3071e4ceafa9e82e26) C:\Windows\system32\DRIVERS\bcmwl6.sys
    15:31:19.0426 7496 BCM43XX - ok
    15:31:19.0456 7496 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    15:31:19.0457 7496 Beep - ok
    15:31:19.0496 7496 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    15:31:19.0521 7496 blbdrive - ok
    15:31:19.0582 7496 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    15:31:19.0621 7496 bowser - ok
    15:31:19.0666 7496 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    15:31:19.0667 7496 BrFiltLo - ok
    15:31:19.0714 7496 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    15:31:19.0715 7496 BrFiltUp - ok
    15:31:19.0757 7496 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    15:31:19.0836 7496 Brserid - ok
    15:31:19.0896 7496 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    15:31:20.0044 7496 BrSerWdm - ok
    15:31:20.0097 7496 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    15:31:20.0098 7496 BrUsbMdm - ok
    15:31:20.0149 7496 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    15:31:20.0153 7496 BrUsbSer - ok
    15:31:20.0192 7496 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    15:31:20.0200 7496 BTHMODEM - ok
    15:31:20.0305 7496 catchme - ok
    15:31:20.0356 7496 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    15:31:20.0404 7496 cdfs - ok
    15:31:20.0456 7496 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
    15:31:20.0504 7496 cdrom - ok
    15:31:20.0544 7496 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
    15:31:20.0553 7496 circlass - ok
    15:31:20.0601 7496 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
    15:31:20.0604 7496 CLFS - ok
    15:31:20.0640 7496 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    15:31:20.0663 7496 CmBatt - ok
    15:31:20.0718 7496 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    15:31:20.0719 7496 cmdide - ok
    15:31:20.0748 7496 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    15:31:20.0750 7496 Compbatt - ok
    15:31:20.0769 7496 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    15:31:20.0770 7496 crcdisk - ok
    15:31:20.0814 7496 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    15:31:20.0848 7496 Crusoe - ok
    15:31:20.0906 7496 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
    15:31:20.0960 7496 DfsC - ok
    15:31:21.0072 7496 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
    15:31:21.0107 7496 disk - ok
    15:31:21.0244 7496 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
    15:31:21.0265 7496 Dot4 - ok
    15:31:21.0311 7496 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    15:31:21.0312 7496 Dot4Print - ok
    15:31:21.0361 7496 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
    15:31:21.0362 7496 dot4usb - ok
    15:31:21.0449 7496 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    15:31:21.0451 7496 drmkaud - ok
    15:31:21.0538 7496 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
    15:31:21.0561 7496 DXGKrnl - ok
    15:31:21.0600 7496 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
    15:31:21.0805 7496 e1express - ok
    15:31:21.0873 7496 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    15:31:21.0977 7496 E1G60 - ok
    15:31:21.0990 7496 EagleNT - ok
    15:31:22.0086 7496 EagleXNt (a8c4b2ae80afe54ec01d4591dbc1c396) C:\Windows\system32\drivers\EagleXNt.sys
    15:31:25.0129 7496 EagleXNt - ok
    15:31:25.0309 7496 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
    15:31:25.0337 7496 Ecache - ok
    15:31:25.0481 7496 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    15:31:25.0514 7496 elxstor - ok
    15:31:25.0561 7496 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    15:31:25.0562 7496 ErrDev - ok
    15:31:25.0619 7496 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
    15:31:25.0656 7496 exfat - ok
    15:31:25.0686 7496 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
    15:31:25.0704 7496 fastfat - ok
    15:31:25.0742 7496 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    15:31:25.0756 7496 fdc - ok
    15:31:25.0777 7496 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    15:31:25.0884 7496 FileInfo - ok
    15:31:25.0962 7496 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    15:31:25.0965 7496 Filetrace - ok
    15:31:26.0013 7496 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    15:31:26.0014 7496 flpydisk - ok
    15:31:26.0029 7496 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
    15:31:26.0058 7496 FltMgr - ok
    15:31:26.0116 7496 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    15:31:26.0131 7496 Fs_Rec - ok
    15:31:26.0179 7496 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    15:31:26.0214 7496 gagp30kx - ok
    15:31:26.0359 7496 GarenaPEngine - ok
    15:31:26.0450 7496 GDISpyDevice (38303f4f86305cce7180b29ce902503b) C:\Windows\system32\GDISpy.sys
    15:31:26.0489 7496 GDISpyDevice - ok
    15:31:26.0585 7496 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    15:31:26.0587 7496 GEARAspiWDM - ok
    15:31:26.0666 7496 GGSAFERDriver - ok
    15:31:26.0731 7496 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
    15:31:26.0734 7496 hamachi - ok
    15:31:26.0784 7496 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    15:31:26.0809 7496 HdAudAddService - ok
    15:31:26.0852 7496 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
    15:31:26.0852 7496 HDAudBus - ok
    15:31:26.0887 7496 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    15:31:26.0888 7496 HidBth - ok
    15:31:26.0932 7496 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
    15:31:26.0934 7496 HidIr - ok
    15:31:26.0962 7496 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
    15:31:26.0963 7496 HidUsb - ok
    15:31:27.0010 7496 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    15:31:27.0064 7496 HpCISSs - ok
    15:31:27.0122 7496 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
    15:31:27.0199 7496 HTTP - ok
    15:31:27.0226 7496 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    15:31:27.0260 7496 i2omp - ok
    15:31:27.0298 7496 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    15:31:27.0330 7496 i8042prt - ok
    15:31:27.0386 7496 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys
    15:31:27.0388 7496 iaStor - ok
    15:31:27.0422 7496 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    15:31:27.0466 7496 iaStorV - ok
    15:31:27.0518 7496 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    15:31:27.0537 7496 iirsp - ok
    15:31:27.0598 7496 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    15:31:27.0613 7496 intelide - ok
    15:31:27.0646 7496 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    15:31:27.0647 7496 intelppm - ok
    15:31:27.0690 7496 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    15:31:27.0721 7496 IpFilterDriver - ok
    15:31:27.0737 7496 IpInIp - ok
    15:31:27.0781 7496 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    15:31:27.0815 7496 IPMIDRV - ok
    15:31:27.0869 7496 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    15:31:27.0888 7496 IPNAT - ok
    15:31:27.0927 7496 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    15:31:27.0928 7496 IRENUM - ok
    15:31:27.0958 7496 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    15:31:27.0987 7496 isapnp - ok
    15:31:28.0040 7496 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
    15:31:28.0043 7496 iScsiPrt - ok
    15:31:28.0074 7496 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    15:31:28.0078 7496 iteatapi - ok
    15:31:28.0142 7496 itecir (8bcd857c7932ad005d5f9c89329da2e1) C:\Windows\system32\DRIVERS\itecir.sys
    15:31:28.0216 7496 itecir - ok
    15:31:28.0270 7496 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    15:31:28.0275 7496 iteraid - ok
    15:31:28.0331 7496 k57nd60x (a67e8cfcad7d4f8b35643d6c79ba64c3) C:\Windows\system32\DRIVERS\k57nd60x.sys
    15:31:28.0442 7496 k57nd60x - ok
    15:31:28.0473 7496 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    15:31:28.0497 7496 kbdclass - ok
    15:31:28.0522 7496 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
    15:31:28.0524 7496 kbdhid - ok
    15:31:28.0585 7496 KSecDD (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
    15:31:28.0683 7496 KSecDD - ok
    15:31:28.0755 7496 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    15:31:28.0787 7496 lltdio - ok
    15:31:28.0846 7496 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    15:31:28.0948 7496 LSI_FC - ok
    15:31:28.0983 7496 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    15:31:29.0031 7496 LSI_SAS - ok
    15:31:29.0062 7496 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    15:31:29.0123 7496 LSI_SCSI - ok
    15:31:29.0136 7496 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    15:31:29.0258 7496 luafv - ok
    15:31:29.0284 7496 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    15:31:29.0285 7496 megasas - ok
    15:31:29.0331 7496 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    15:31:29.0416 7496 MegaSR - ok
    15:31:29.0452 7496 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    15:31:29.0456 7496 Modem - ok
    15:31:29.0483 7496 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    15:31:29.0484 7496 monitor - ok
    15:31:29.0510 7496 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    15:31:29.0512 7496 mouclass - ok
    15:31:29.0529 7496 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    15:31:29.0531 7496 mouhid - ok
    15:31:29.0545 7496 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    15:31:29.0582 7496 MountMgr - ok
    15:31:29.0624 7496 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
    15:31:29.0626 7496 MpFilter - ok
    15:31:29.0692 7496 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    15:31:29.0772 7496 mpio - ok
    15:31:29.0823 7496 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
    15:31:29.0824 7496 MpNWMon - ok
    15:31:29.0937 7496 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    15:31:29.0959 7496 mpsdrv - ok
    15:31:29.0987 7496 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    15:31:29.0989 7496 Mraid35x - ok
    15:31:30.0032 7496 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
    15:31:30.0054 7496 MRxDAV - ok
    15:31:30.0100 7496 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
    15:31:30.0139 7496 mrxsmb - ok
    15:31:30.0205 7496 mrxsmb10 (0a986b34f1678a2697574d7b1664e2dd) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    15:31:30.0282 7496 mrxsmb10 - ok
    15:31:30.0319 7496 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    15:31:30.0376 7496 mrxsmb20 - ok
    15:31:30.0409 7496 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
    15:31:30.0411 7496 msahci - ok
    15:31:30.0454 7496 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    15:31:30.0478 7496 msdsm - ok
    15:31:30.0522 7496 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    15:31:30.0535 7496 Msfs - ok
    15:31:30.0561 7496 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    15:31:30.0562 7496 msisadrv - ok
    15:31:30.0590 7496 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    15:31:30.0591 7496 MSKSSRV - ok
    15:31:30.0622 7496 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    15:31:30.0623 7496 MSPCLOCK - ok
    15:31:30.0647 7496 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    15:31:30.0649 7496 MSPQM - ok
    15:31:30.0675 7496 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
    15:31:30.0778 7496 MsRPC - ok
    15:31:30.0817 7496 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    15:31:30.0817 7496 mssmbios - ok
    15:31:30.0841 7496 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    15:31:30.0843 7496 MSTEE - ok
    15:31:30.0858 7496 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
    15:31:30.0888 7496 Mup - ok
    15:31:31.0000 7496 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
    15:31:31.0003 7496 NativeWifiP - ok
    15:31:31.0054 7496 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys
    15:31:31.0064 7496 NDIS - ok
    15:31:31.0084 7496 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    15:31:31.0123 7496 NdisTapi - ok
    15:31:31.0138 7496 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    15:31:31.0149 7496 Ndisuio - ok
    15:31:31.0183 7496 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
    15:31:31.0218 7496 NdisWan - ok
    15:31:31.0296 7496 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    15:31:31.0884 7496 NDProxy - ok
    15:31:31.0974 7496 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    15:31:32.0018 7496 NetBIOS - ok
    15:31:32.0030 7496 netbt - ok
    15:31:32.0142 7496 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    15:31:32.0144 7496 nfrd960 - ok
    15:31:32.0202 7496 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    15:31:32.0207 7496 NisDrv - ok
    15:31:32.0279 7496 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
    15:31:32.0310 7496 Npfs - ok
    15:31:32.0345 7496 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    15:31:32.0396 7496 nsiproxy - ok
    15:31:32.0470 7496 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
    15:31:32.0560 7496 Ntfs - ok
    15:31:32.0590 7496 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    15:31:32.0592 7496 ntrigdigi - ok
    15:31:32.0626 7496 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    15:31:32.0628 7496 Null - ok
    15:31:32.0661 7496 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    15:31:32.0668 7496 nvraid - ok
    15:31:32.0701 7496 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    15:31:32.0726 7496 nvstor - ok
    15:31:32.0755 7496 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    15:31:32.0774 7496 nv_agp - ok
    15:31:32.0786 7496 NwlnkFlt - ok
    15:31:32.0803 7496 NwlnkFwd - ok
    15:31:32.0872 7496 OA001Ufd (9b7cd7151a7c4009c383396155f02b95) C:\Windows\system32\DRIVERS\OA001Ufd.sys
    15:31:32.0877 7496 OA001Ufd - ok
    15:31:32.0914 7496 OA001Vid (cdcdad303a9208cf3513400ef2a05f80) C:\Windows\system32\DRIVERS\OA001Vid.sys
    15:31:32.0920 7496 OA001Vid - ok
    15:31:32.0954 7496 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
    15:31:32.0955 7496 ohci1394 - ok
    15:31:33.0026 7496 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    15:31:33.0034 7496 Parport - ok
    15:31:33.0093 7496 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
    15:31:33.0095 7496 partmgr - ok
    15:31:33.0126 7496 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    15:31:33.0127 7496 Parvdm - ok
    15:31:33.0178 7496 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
    15:31:33.0181 7496 pci - ok
    15:31:33.0214 7496 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
    15:31:33.0222 7496 pciide - ok
    15:31:33.0282 7496 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    15:31:33.0299 7496 pcmcia - ok
    15:31:33.0366 7496 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    15:31:33.0389 7496 PEAUTH - ok
    15:31:33.0565 7496 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    15:31:33.0567 7496 PptpMiniport - ok
    15:31:33.0726 7496 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    15:31:33.0728 7496 Processor - ok
    15:31:33.0817 7496 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
    15:31:33.0827 7496 PSched - ok
    15:31:33.0916 7496 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
    15:31:33.0922 7496 PxHelp20 - ok
    15:31:34.0118 7496 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    15:31:34.0157 7496 ql2300 - ok
    15:31:34.0273 7496 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    15:31:34.0308 7496 ql40xx - ok
    15:31:34.0413 7496 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    15:31:34.0418 7496 QWAVEdrv - ok
    15:31:34.0825 7496 R300 (be4d8fdc6b2598c46b2b5e6e4fbaafc5) C:\Windows\system32\DRIVERS\atikmdag.sys
    15:31:34.0848 7496 R300 - ok
    15:31:34.0935 7496 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    15:31:34.0941 7496 RasAcd - ok
    15:31:35.0092 7496 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    15:31:35.0190 7496 Rasl2tp - ok
    15:31:35.0296 7496 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
    15:31:35.0298 7496 RasPppoe - ok
    15:31:35.0394 7496 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
    15:31:35.0435 7496 RasSstp - ok
    15:31:35.0902 7496 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
    15:31:36.0002 7496 rdbss - ok
    15:31:36.0093 7496 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    15:31:36.0100 7496 RDPCDD - ok
    15:31:36.0251 7496 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    15:31:36.0256 7496 rdpdr - ok
    15:31:36.0428 7496 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    15:31:36.0429 7496 RDPENCDD - ok
    15:31:36.0653 7496 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
    15:31:36.0776 7496 RDPWD - ok
    15:31:37.0247 7496 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
    15:31:37.0271 7496 rimmptsk - ok
    15:31:37.0659 7496 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
    15:31:37.0660 7496 rimsptsk - ok
    15:31:37.0858 7496 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
    15:31:37.0874 7496 RimUsb - ok
    15:31:38.0124 7496 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
    15:31:38.0134 7496 RimVSerPort - ok
    15:31:38.0223 7496 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
    15:31:38.0226 7496 rismxdp - ok
    15:31:38.0412 7496 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
    15:31:38.0421 7496 ROOTMODEM - ok
    15:31:38.0522 7496 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    15:31:38.0525 7496 rspndr - ok
    15:31:38.0945 7496 s916bus (fec4f19c80f623c3bfb386fc815bcd30) C:\Windows\system32\DRIVERS\s916bus.sys
    15:31:38.0948 7496 s916bus - ok
    15:31:39.0102 7496 s916mdfl (a6f154da17cafd5743f552b1a88b2c32) C:\Windows\system32\DRIVERS\s916mdfl.sys
    15:31:39.0103 7496 s916mdfl - ok
    15:31:39.0236 7496 s916mdm (b4362e96e0a9d258cf5c7ca7ad28958a) C:\Windows\system32\DRIVERS\s916mdm.sys
    15:31:39.0296 7496 s916mdm - ok
    15:31:39.0483 7496 s916mgmt (16926a57dcc885691e34aafc42e1f652) C:\Windows\system32\DRIVERS\s916mgmt.sys
    15:31:39.0498 7496 s916mgmt - ok
    15:31:40.0196 7496 s916obex (c04f59dd93625883357953cf367373fb) C:\Windows\system32\DRIVERS\s916obex.sys
    15:31:40.0216 7496 s916obex - ok
    15:31:40.0354 7496 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    15:31:40.0368 7496 sbp2port - ok
    15:31:40.0485 7496 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
    15:31:40.0489 7496 sdbus - ok
    15:31:41.0103 7496 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    15:31:41.0104 7496 secdrv - ok
    15:31:41.0567 7496 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    15:31:41.0777 7496 Serenum - ok
    15:31:42.0186 7496 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    15:31:42.0217 7496 Serial - ok
    15:31:42.0676 7496 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    15:31:42.0677 7496 sermouse - ok
    15:31:43.0015 7496 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
    15:31:43.0043 7496 sffdisk - ok
    15:31:43.0231 7496 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    15:31:43.0235 7496 sffp_mmc - ok
    15:31:43.0352 7496 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
    15:31:43.0354 7496 sffp_sd - ok
    15:31:43.0591 7496 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    15:31:43.0896 7496 sfloppy - ok
    15:31:44.0037 7496 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    15:31:44.0053 7496 sisagp - ok
    15:31:44.0263 7496 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    15:31:44.0280 7496 SiSRaid2 - ok
    15:31:44.0431 7496 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    15:31:44.0436 7496 SiSRaid4 - ok
    15:31:44.0653 7496 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
    15:31:44.0713 7496 Smb - ok
    15:31:45.0196 7496 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    15:31:45.0210 7496 spldr - ok
    15:31:45.0339 7496 sptd (7f1b7c4d446cd3f926af45b8c48bd593) C:\Windows\system32\Drivers\sptd.sys
    15:31:45.0339 7496 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 7f1b7c4d446cd3f926af45b8c48bd593
    15:31:45.0341 7496 sptd ( LockedFile.Multi.Generic ) - warning
    15:31:45.0342 7496 sptd - detected LockedFile.Multi.Generic (1)
    15:31:45.0500 7496 srv (73dddbeec61e78568082916a27aadaee) C:\Windows\system32\DRIVERS\srv.sys
    15:31:45.0506 7496 srv - ok
    15:31:45.0711 7496 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
    15:31:45.0717 7496 srv2 - ok
    15:31:46.0462 7496 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
    15:31:46.0464 7496 srvnet - ok
    15:31:46.0749 7496 STEC3 (e4ebf293d1f612bda19b646c36715b20) C:\Windows\system32\STEC3.sys
    15:31:46.0760 7496 STEC3 - ok
    15:31:46.0909 7496 STHDA (87b7fc4cde516c40ab84e786b97953dd) C:\Windows\system32\DRIVERS\stwrt.sys
    15:31:46.0917 7496 STHDA - ok
    15:31:47.0170 7496 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    15:31:47.0171 7496 swenum - ok
    15:31:47.0288 7496 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    15:31:47.0289 7496 Symc8xx - ok
    15:31:47.0386 7496 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    15:31:47.0387 7496 Sym_hi - ok
    15:31:47.0828 7496 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    15:31:47.0830 7496 Sym_u3 - ok
    15:31:48.0116 7496 Tcpip (a6a02ef5b5e40fbd31a1adc577da54bb) C:\Windows\system32\drivers\tcpip.sys
    15:31:48.0513 7496 Tcpip - ok
    15:31:48.0694 7496 Tcpip6 (a6a02ef5b5e40fbd31a1adc577da54bb) C:\Windows\system32\DRIVERS\tcpip.sys
    15:31:48.0700 7496 Tcpip6 - ok
    15:31:49.0043 7496 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
    15:31:49.0045 7496 tcpipreg - ok
    15:31:49.0177 7496 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    15:31:49.0179 7496 TDPIPE - ok
    15:31:49.0281 7496 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    15:31:49.0282 7496 TDTCP - ok
    15:31:49.0404 7496 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
    15:31:49.0472 7496 tdx - ok
    15:31:49.0564 7496 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
    15:31:49.0623 7496 TermDD - ok
    15:31:49.0829 7496 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    15:31:49.0836 7496 tssecsrv - ok
    15:31:49.0925 7496 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    15:31:49.0936 7496 tunmp - ok
    15:31:50.0357 7496 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
    15:31:50.0402 7496 tunnel - ok
    15:31:50.0562 7496 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    15:31:50.0564 7496 uagp35 - ok
    15:31:50.0668 7496 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
    15:31:50.0673 7496 udfs - ok
    15:31:50.0813 7496 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    15:31:50.0815 7496 uliagpkx - ok
    15:31:51.0177 7496 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    15:31:51.0182 7496 uliahci - ok
    15:31:51.0386 7496 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    15:31:51.0388 7496 UlSata - ok
    15:31:51.0493 7496 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    15:31:51.0499 7496 ulsata2 - ok
    15:31:51.0634 7496 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    15:31:51.0635 7496 umbus - ok
    15:31:51.0954 7496 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
    15:31:51.0965 7496 USBAAPL - ok
    15:31:52.0765 7496 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    15:31:52.0768 7496 usbccgp - ok
    15:31:52.0860 7496 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    15:31:52.0861 7496 usbcir - ok
    15:31:53.0535 7496 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
    15:31:53.0536 7496 usbehci - ok
    15:31:53.0735 7496 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
    15:31:53.0740 7496 usbhub - ok
    15:31:54.0154 7496 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    15:31:54.0160 7496 usbohci - ok
    15:31:54.0384 7496 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    15:31:54.0428 7496 usbprint - ok
    15:31:54.0577 7496 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    15:31:54.0579 7496 usbscan - ok
    15:31:54.0717 7496 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    15:31:54.0720 7496 USBSTOR - ok
    15:31:55.0051 7496 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    15:31:55.0056 7496 usbuhci - ok
    15:31:55.0383 7496 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    15:31:55.0384 7496 vga - ok
    15:31:55.0537 7496 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    15:31:55.0539 7496 VgaSave - ok
    15:31:55.0705 7496 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    15:31:55.0708 7496 viaagp - ok
    15:31:56.0138 7496 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    15:31:56.0140 7496 ViaC7 - ok
    15:31:56.0330 7496 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    15:31:56.0331 7496 viaide - ok
    15:31:56.0462 7496 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    15:31:56.0464 7496 volmgr - ok
    15:31:56.0558 7496 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
    15:31:56.0564 7496 volmgrx - ok
    15:31:56.0661 7496 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
    15:31:56.0663 7496 volsnap - ok
    15:31:56.0762 7496 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    15:31:56.0765 7496 vsmraid - ok
    15:31:56.0901 7496 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    15:31:56.0904 7496 WacomPen - ok
    15:31:57.0269 7496 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    15:31:57.0273 7496 Wanarp - ok
    15:31:57.0278 7496 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    15:31:57.0279 7496 Wanarpv6 - ok
    15:31:57.0464 7496 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    15:31:57.0465 7496 Wd - ok
    15:31:57.0594 7496 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    15:31:57.0616 7496 Wdf01000 - ok
    15:31:57.0788 7496 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    15:31:57.0789 7496 WmiAcpi - ok
    15:31:58.0073 7496 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
    15:31:58.0074 7496 WpdUsb - ok
    15:31:58.0191 7496 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    15:31:58.0192 7496 ws2ifsl - ok
    15:31:58.0370 7496 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    15:31:58.0374 7496 WUDFRd - ok
    15:31:58.0487 7496 xbdtm - ok
    15:31:58.0626 7496 XDva189 (dd9b676c862449f5f70a953ba5db6f44) C:\Windows\system32\XDva189.sys
    15:31:58.0668 7496 XDva189 - ok
    15:31:58.0725 7496 XDva195 - ok
    15:31:58.0814 7496 XDva391 - ok
    15:31:58.0874 7496 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
    15:31:58.0958 7496 \Device\Harddisk0\DR0 - ok
    15:31:58.0989 7496 Boot (0x1200) (a431838945ca4aead0b42711b8ca0e9b) \Device\Harddisk0\DR0\Partition0
    15:31:59.0035 7496 \Device\Harddisk0\DR0\Partition0 - ok
    15:31:59.0081 7496 Boot (0x1200) (86628e57b823531841ea55830fe00bd8) \Device\Harddisk0\DR0\Partition1
    15:31:59.0082 7496 \Device\Harddisk0\DR0\Partition1 - ok
    15:31:59.0083 7496 ============================================================
    15:31:59.0083 7496 Scan finished
    15:31:59.0083 7496 ============================================================
    15:31:59.0122 9720 Detected object count: 2
    15:31:59.0122 9720 Actual detected object count: 2
    15:32:17.0584 9720 C:\Windows\system32\drivers\afd.sys - copied to quarantine
    15:32:21.0903 9720 Backup copy not found, trying to cure infected file..
    15:32:21.0944 9720 Cure success, using it..
    15:32:22.0042 9720 C:\Windows\system32\drivers\afd.sys - will be cured on reboot
    15:32:41.0817 9720 AFD ( Virus.Win32.ZAccess.c ) - User select action: Cure
    15:32:41.0819 9720 sptd ( LockedFile.Multi.Generic ) - skipped by user
    15:32:41.0819 9720 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
    15:33:49.0983 4340 Deinitialize success
     
  24. lunsk

    lunsk TS Rookie Topic Starter Posts: 62

    Uh Security Essentials just started scanning by itself when it detected something and now it's telling me to restart, should I?
     
  25. Broni

    Broni Malware Annihilator Posts: 47,646   +267

    Go ahead.

    Then re-run TDSSKiller one more time.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.