Solved Trojan horse Crypt.AQLW, Internet pops up, computer crashing

========== Custom Scans ==========



< MD5 for: DFSC.SYS >
[2011/04/14 09:59:03 | 000,075,264 | ---- | M] () MD5=048D6FEC8033B3C0ED624693EC9ADA2B -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18451_none_894b9dbde369cb1f\dfsc.sys
[2009/04/10 16:14:14 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=218D8AE46C88E82014F5D73D0236D9B2 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18005_none_8985a6e9e33db02a\dfsc.sys
[2011/04/14 09:36:03 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=3A3436F7DFE0E0C58CD5C3B6C9F21634 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.22625_none_89f9ad5afc6b7999\dfsc.sys
[2008/01/19 00:28:20 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=9E635AE5E8AD93E2B5989E2E23679F97 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.18000_none_879a2ddde61be4de\dfsc.sys
[2011/04/14 09:24:14 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=A3E9FA213F443AC77C7746119D13FEEC -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.18633_none_877cca5be63173a0\dfsc.sys
[2012/02/29 02:07:45 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=A7179DE59AE269AB70345527894CCD7C -- C:\Windows\System32\drivers\dfsc.sys
[2006/11/02 03:31:04 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=A7179DE59AE269AB70345527894CCD7C -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6000.16386_none_85636be1e930d40a\dfsc.sys
[2011/04/13 08:22:40 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=E20FB30D720810646ED24FB7CA9899A2 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.22899_none_87cb8b40ff7a5041\dfsc.sys

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/01/20 12:12:39 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/01/20 12:12:39 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/10 18:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/10 18:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 18:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 04:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/01/13 09:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 04:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 09:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/10 18:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/10 18:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 18:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< End of report >
 
Incidentally the program did not ask me to load the remote registry, just for info in case it;s a problem.
 
Do this on the computer you are posting from:
Copy the text in the codebox below:


Code: 
:OTL
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto] -- C:\Windows\System32\YahooAUService.dll -- (knobserv)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto] -- C:\Windows\System32\agpcpq.dll -- (delldmi)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O4 - HKU\Mark_ON_C..\Run: [Steam] File not found
[2012/03/01 12:25:29 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd


:Services

:Reg

:Files
c:\windows\system32\drivers\dfsc.sys|C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.22899_none_87cb8b40ff7a5041\dfsc.sys /replace
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18451_none_894b9dbde369cb1f\dfsc.sys

:Commands
[purity]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive


On the infected computer the following...

Run OTLPE

  • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
    • (The content of Fix.txt should appear in the box)
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log produced (you'll need to transfer it with USB stick)
  • Remove the CD and shut down computer manually.
  • Attempt to reboot normally into Windows.
 
I ran the tool but the machine would not shut down or restart, it just continued to run, the log popped up but disappeared sharpish, I think that might have been an error or my part but not sure.

I did a hard reboot and it has loaded Reatogo-x-pe. The log has not displayed... where would the log be located?
 
I got the log this time, the machine hung whilst shutting down and had to be hard rebooted again. Log follows:


========== OTL ==========
Service\Driver key knobserv not found.
File C:\Windows\System32\YahooAUService.dll not found.
Service\Driver key delldmi not found.
File C:\Windows\System32\agpcpq.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_USERS\Mark_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Steam not found.
File C:\Windows\System32\dds_trash_log.cmd not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File c:\windows\system32\drivers\dfsc.sys successfully replaced with C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.22899_none_87cb8b40ff7a5041\dfsc.sys
File\Folder C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18451_none_894b9dbde369cb1f\dfsc.sys not found.
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 03032012_034720
 
You're very welcome
smiley_says_hello.gif
 
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-03 05:29:55
-----------------------------
05:29:55.484 OS Version: Windows 6.0.6002 Service Pack 2
05:29:55.484 Number of processors: 4 586 0xF0B
05:29:55.484 ComputerName: MARK-PC UserName: Mark
05:30:05.015 Initialize success
05:30:09.649 AVAST engine defs: 12030201
05:30:14.048 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
05:30:14.063 Disk 0 Vendor: WDC_WD1600AAJB-00PVA0 00.07H00 Size: 152627MB BusType: 3
05:30:14.063 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000059
05:30:14.063 Disk 1 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 6
05:30:14.063 Disk 0 MBR read successfully
05:30:14.063 Disk 0 MBR scan
05:30:14.079 Disk 0 Windows VISTA default MBR code
05:30:14.079 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 2048
05:30:14.079 Disk 0 scanning sectors +312578048
05:30:14.188 Disk 0 scanning C:\Windows\system32\drivers
05:30:26.980 File: C:\Windows\system32\drivers\tdx.sys **INFECTED** Win32:Sirefef-JQ [Trj]
05:30:30.443 Disk 0 trace - called modules:
05:30:30.475 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xa0505fc0]<<
05:30:30.475 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87330968]
05:30:30.475 3 CLASSPNP.SYS[8bba68b3] -> nt!IofCallDriver -> [0x8ae126c8]
05:30:30.475 \Driver\00003211[0x8ae12928] -> IRP_MJ_CREATE -> 0xa0505fc0
05:30:31.801 AVAST engine scan C:\Windows
05:30:41.067 AVAST engine scan C:\Windows\system32
05:34:07.658 AVAST engine scan C:\Windows\system32\drivers
05:34:23.991 File: C:\Windows\system32\drivers\tdx.sys **INFECTED** Win32:Sirefef-JQ [Trj]
05:34:29.357 AVAST engine scan C:\Users\Mark
05:35:44.815 Disk 0 MBR has been saved successfully to "C:\Users\Mark\Desktop\MBR.dat"
05:35:44.815 The log file has been saved successfully to "C:\Users\Mark\Desktop\aswMBR.txt"
 
05:26:20.0672 4684 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
05:26:20.0910 4684 ============================================================
05:26:20.0910 4684 Current date / time: 2012/03/03 05:26:20.0910
05:26:20.0910 4684 SystemInfo:
05:26:20.0910 4684
05:26:20.0910 4684 OS Version: 6.0.6002 ServicePack: 2.0
05:26:20.0910 4684 Product type: Workstation
05:26:20.0911 4684 ComputerName: MARK-PC
05:26:20.0911 4684 UserName: Mark
05:26:20.0911 4684 Windows directory: C:\Windows
05:26:20.0911 4684 System windows directory: C:\Windows
05:26:20.0911 4684 Processor architecture: Intel x86
05:26:20.0911 4684 Number of processors: 4
05:26:20.0911 4684 Page size: 0x1000
05:26:20.0911 4684 Boot type: Normal boot
05:26:20.0911 4684 ============================================================
05:26:22.0637 4684 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
05:26:22.0654 4684 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
05:26:22.0664 4684 \Device\Harddisk0\DR0:
05:26:22.0667 4684 MBR used
05:26:22.0667 4684 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
05:26:22.0667 4684 \Device\Harddisk1\DR1:
05:26:22.0669 4684 MBR used
05:26:22.0669 4684 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
05:26:22.0708 4684 Initialize success
05:26:22.0708 4684 ============================================================
05:26:23.0917 4360 ============================================================
05:26:23.0917 4360 Scan started
05:26:23.0917 4360 Mode: Manual;
05:26:23.0917 4360 ============================================================
05:26:26.0247 4360 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
05:26:26.0254 4360 ACPI - ok
05:26:26.0333 4360 ADIHdAudAddService (81a61c3fe6f0f8c084c9a80b584cce21) C:\Windows\system32\drivers\ADIHdAud.sys
05:26:26.0340 4360 ADIHdAudAddService - ok
05:26:26.0389 4360 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
05:26:26.0395 4360 adp94xx - ok
05:26:26.0423 4360 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
05:26:26.0427 4360 adpahci - ok
05:26:26.0451 4360 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
05:26:26.0452 4360 adpu160m - ok
05:26:26.0476 4360 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
05:26:26.0478 4360 adpu320 - ok
05:26:26.0572 4360 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
05:26:26.0586 4360 AFD - ok
05:26:26.0600 4360 AFGMp50 - ok
05:26:26.0637 4360 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\AFGSp50.sys
05:26:26.0648 4360 AFGSp50 - ok
05:26:26.0673 4360 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
05:26:26.0674 4360 agp440 - ok
05:26:26.0699 4360 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
05:26:26.0718 4360 aic78xx - ok
05:26:26.0853 4360 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
05:26:26.0854 4360 aliide - ok
05:26:27.0016 4360 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
05:26:27.0031 4360 amdagp - ok
05:26:27.0057 4360 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
05:26:27.0058 4360 amdide - ok
05:26:27.0080 4360 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
05:26:27.0081 4360 AmdK7 - ok
05:26:27.0097 4360 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
05:26:27.0098 4360 AmdK8 - ok
05:26:27.0122 4360 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
05:26:27.0123 4360 arc - ok
05:26:27.0145 4360 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
05:26:27.0146 4360 arcsas - ok
05:26:27.0181 4360 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
05:26:27.0181 4360 AsyncMac - ok
05:26:27.0223 4360 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
05:26:27.0223 4360 atapi - ok
05:26:27.0266 4360 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
05:26:27.0266 4360 Beep - ok
05:26:27.0283 4360 blbdrive - ok
05:26:27.0327 4360 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
05:26:27.0328 4360 bowser - ok
05:26:27.0352 4360 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
05:26:27.0353 4360 BrFiltLo - ok
05:26:27.0377 4360 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
05:26:27.0378 4360 BrFiltUp - ok
05:26:27.0408 4360 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
05:26:27.0409 4360 Brserid - ok
05:26:27.0431 4360 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
05:26:27.0432 4360 BrSerWdm - ok
05:26:27.0457 4360 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
05:26:27.0457 4360 BrUsbMdm - ok
05:26:27.0472 4360 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
05:26:27.0473 4360 BrUsbSer - ok
05:26:27.0498 4360 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
05:26:27.0499 4360 BTHMODEM - ok
05:26:27.0571 4360 catchme - ok
05:26:27.0663 4360 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
05:26:27.0664 4360 cdfs - ok
05:26:27.0694 4360 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
05:26:27.0695 4360 cdrom - ok
05:26:27.0729 4360 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
05:26:27.0730 4360 circlass - ok
05:26:27.0801 4360 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
05:26:27.0806 4360 CLFS - ok
05:26:27.0868 4360 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
05:26:27.0869 4360 cmdide - ok
05:26:27.0910 4360 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
05:26:27.0911 4360 Compbatt - ok
05:26:27.0940 4360 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
05:26:27.0941 4360 crcdisk - ok
05:26:27.0964 4360 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
05:26:27.0965 4360 Crusoe - ok
05:26:28.0019 4360 DfsC (e20fb30d720810646ed24fb7ca9899a2) C:\Windows\system32\Drivers\dfsc.sys
05:26:28.0019 4360 DfsC - ok
05:26:28.0054 4360 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
05:26:28.0055 4360 disk - ok
05:26:28.0097 4360 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
05:26:28.0099 4360 Dot4 - ok
05:26:28.0136 4360 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
05:26:28.0137 4360 Dot4Print - ok
05:26:28.0170 4360 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
05:26:28.0171 4360 dot4usb - ok
05:26:28.0194 4360 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
05:26:28.0195 4360 drmkaud - ok
05:26:28.0265 4360 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
05:26:28.0282 4360 DXGKrnl - ok
05:26:28.0322 4360 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
05:26:28.0323 4360 E1G60 - ok
05:26:28.0366 4360 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
05:26:28.0367 4360 Ecache - ok
05:26:28.0404 4360 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
05:26:28.0408 4360 elxstor - ok
05:26:28.0461 4360 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
05:26:28.0462 4360 exfat - ok
05:26:28.0505 4360 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
05:26:28.0506 4360 fastfat - ok
05:26:28.0545 4360 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
05:26:28.0545 4360 fdc - ok
05:26:28.0588 4360 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
05:26:28.0589 4360 FileInfo - ok
05:26:28.0634 4360 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
05:26:28.0635 4360 Filetrace - ok
05:26:28.0661 4360 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
05:26:28.0661 4360 flpydisk - ok
05:26:28.0684 4360 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
05:26:28.0686 4360 FltMgr - ok
05:26:28.0703 4360 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
05:26:28.0704 4360 Fs_Rec - ok
05:26:28.0736 4360 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
05:26:28.0737 4360 gagp30kx - ok
05:26:28.0814 4360 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
05:26:28.0817 4360 HdAudAddService - ok
05:26:28.0861 4360 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
05:26:28.0870 4360 HDAudBus - ok
05:26:28.0895 4360 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
05:26:28.0896 4360 HidBth - ok
05:26:28.0915 4360 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
05:26:28.0917 4360 HidIr - ok
05:26:28.0978 4360 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
05:26:28.0979 4360 HidUsb - ok
05:26:29.0010 4360 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
05:26:29.0010 4360 HpCISSs - ok
05:26:29.0079 4360 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
05:26:29.0086 4360 HTTP - ok
05:26:29.0120 4360 hwdatacard (4154079a88089155d10168333b19627f) C:\Windows\system32\DRIVERS\ewusbmdm.sys
05:26:29.0121 4360 hwdatacard - ok
05:26:29.0135 4360 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
05:26:29.0136 4360 i2omp - ok
05:26:29.0175 4360 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
05:26:29.0176 4360 i8042prt - ok
05:26:29.0208 4360 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
05:26:29.0212 4360 iaStorV - ok
05:26:29.0240 4360 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
05:26:29.0241 4360 iirsp - ok
05:26:29.0268 4360 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
05:26:29.0268 4360 intelide - ok
05:26:29.0313 4360 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
05:26:29.0314 4360 intelppm - ok
05:26:29.0351 4360 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
05:26:29.0352 4360 IpFilterDriver - ok
05:26:29.0367 4360 IpInIp - ok
05:26:29.0395 4360 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
05:26:29.0396 4360 IPMIDRV - ok
05:26:29.0433 4360 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
05:26:29.0434 4360 IPNAT - ok
05:26:29.0468 4360 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
05:26:29.0469 4360 IRENUM - ok
05:26:29.0497 4360 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
05:26:29.0497 4360 isapnp - ok
05:26:29.0540 4360 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
05:26:29.0542 4360 iScsiPrt - ok
05:26:29.0573 4360 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
05:26:29.0588 4360 iteatapi - ok
05:26:29.0614 4360 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
05:26:29.0615 4360 iteraid - ok
05:26:29.0688 4360 jbridgep - ok
05:26:29.0753 4360 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
05:26:29.0753 4360 kbdclass - ok
05:26:29.0806 4360 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
05:26:29.0815 4360 kbdhid - ok
05:26:29.0859 4360 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
05:26:29.0866 4360 KSecDD - ok
05:26:29.0924 4360 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
05:26:29.0929 4360 lltdio - ok
05:26:29.0970 4360 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
05:26:29.0970 4360 LSI_FC - ok
05:26:30.0000 4360 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
05:26:30.0001 4360 LSI_SAS - ok
05:26:30.0028 4360 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
05:26:30.0029 4360 LSI_SCSI - ok
05:26:30.0069 4360 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
05:26:30.0088 4360 luafv - ok
05:26:30.0128 4360 massfilter (6490fe1b088c7199a9b6ce0e04a98a8b) C:\Windows\system32\DRIVERS\massfilter.sys
05:26:30.0128 4360 massfilter - ok
05:26:30.0355 4360 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
05:26:30.0356 4360 MBAMProtector - ok
05:26:30.0404 4360 mbmiodrvr (290fb01f7f51eff0960599404a09f8d6) C:\Windows\system32\mbmiodrvr.sys
05:26:30.0405 4360 mbmiodrvr - ok
05:26:30.0440 4360 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
05:26:30.0441 4360 megasas - ok
05:26:30.0505 4360 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
05:26:30.0505 4360 Modem - ok
05:26:30.0548 4360 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
05:26:30.0548 4360 monitor - ok
05:26:30.0578 4360 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
05:26:30.0579 4360 mouclass - ok
05:26:30.0612 4360 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
05:26:30.0617 4360 mouhid - ok
05:26:30.0644 4360 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
05:26:30.0645 4360 MountMgr - ok
05:26:30.0691 4360 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
05:26:30.0692 4360 mpio - ok
05:26:30.0718 4360 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
05:26:30.0719 4360 mpsdrv - ok
05:26:30.0756 4360 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
05:26:30.0757 4360 Mraid35x - ok
05:26:30.0844 4360 MRV6X32P (02b74ba962232ea2a1771aa522143eaa) C:\Windows\system32\DRIVERS\MRVW13B.sys
05:26:30.0848 4360 MRV6X32P - ok
05:26:30.0901 4360 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
05:26:30.0903 4360 MRxDAV - ok
05:26:30.0941 4360 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
05:26:30.0942 4360 mrxsmb - ok
05:26:30.0995 4360 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
05:26:31.0006 4360 mrxsmb10 - ok
05:26:31.0030 4360 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
05:26:31.0031 4360 mrxsmb20 - ok
05:26:31.0059 4360 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
05:26:31.0077 4360 msahci - ok
05:26:31.0107 4360 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
05:26:31.0108 4360 msdsm - ok
05:26:31.0168 4360 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
05:26:31.0186 4360 Msfs - ok
05:26:31.0218 4360 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
05:26:31.0218 4360 msisadrv - ok
05:26:31.0259 4360 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
05:26:31.0259 4360 MSKSSRV - ok
05:26:31.0320 4360 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
05:26:31.0320 4360 MSPCLOCK - ok
05:26:31.0462 4360 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
05:26:31.0462 4360 MSPQM - ok
05:26:31.0520 4360 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
05:26:31.0522 4360 MsRPC - ok
05:26:31.0565 4360 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
05:26:31.0565 4360 mssmbios - ok
05:26:31.0640 4360 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
05:26:31.0641 4360 MSTEE - ok
05:26:31.0671 4360 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
05:26:31.0672 4360 MTsensor - ok
05:26:31.0686 4360 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
05:26:31.0687 4360 Mup - ok
05:26:31.0737 4360 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
05:26:31.0738 4360 NativeWifiP - ok
05:26:31.0840 4360 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
05:26:31.0849 4360 NDIS - ok
05:26:31.0887 4360 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
05:26:31.0888 4360 NdisTapi - ok
05:26:31.0916 4360 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
05:26:31.0918 4360 Ndisuio - ok
05:26:31.0940 4360 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
05:26:31.0941 4360 NdisWan - ok
05:26:31.0981 4360 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
05:26:31.0982 4360 NDProxy - ok
05:26:32.0000 4360 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
05:26:32.0001 4360 NetBIOS - ok
05:26:32.0040 4360 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\drivers\netbt.sys
05:26:32.0042 4360 netbt - ok
05:26:32.0097 4360 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
05:26:32.0098 4360 nfrd960 - ok
05:26:32.0142 4360 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
05:26:32.0151 4360 Npfs - ok
05:26:32.0198 4360 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
05:26:32.0199 4360 nsiproxy - ok
05:26:32.0413 4360 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
05:26:32.0455 4360 Ntfs - ok
05:26:32.0506 4360 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
05:26:32.0508 4360 ntrigdigi - ok
05:26:32.0578 4360 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
05:26:32.0580 4360 NuidFltr - ok
05:26:32.0641 4360 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
05:26:32.0642 4360 Null - ok
05:26:32.0724 4360 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
05:26:32.0750 4360 NVENETFD - ok
05:26:33.0635 4360 nvlddmkm (f452e6ad3eda2852f44be492e283c40f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
05:26:33.0882 4360 nvlddmkm - ok
05:26:34.0035 4360 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
05:26:34.0036 4360 nvraid - ok
05:26:34.0079 4360 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
05:26:34.0080 4360 nvstor - ok
05:26:34.0113 4360 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
05:26:34.0114 4360 nvstor32 - ok
05:26:34.0151 4360 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
05:26:34.0163 4360 nv_agp - ok
05:26:34.0177 4360 NwlnkFlt - ok
05:26:34.0192 4360 NwlnkFwd - ok
05:26:34.0225 4360 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
05:26:34.0226 4360 ohci1394 - ok
05:26:34.0255 4360 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
05:26:34.0256 4360 Parport - ok
05:26:34.0298 4360 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
05:26:34.0301 4360 partmgr - ok
05:26:34.0325 4360 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
05:26:34.0325 4360 Parvdm - ok
05:26:34.0338 4360 PCASp50 - ok
05:26:34.0420 4360 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
05:26:34.0421 4360 pci - ok
05:26:34.0463 4360 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
05:26:34.0464 4360 pciide - ok
05:26:34.0522 4360 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
05:26:34.0524 4360 pcmcia - ok
05:26:34.0566 4360 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
05:26:34.0591 4360 PEAUTH - ok
05:26:34.0661 4360 Point32 (5b6f99087cc1342b3d193e8155f26b6f) C:\Windows\system32\DRIVERS\point32k.sys
05:26:34.0662 4360 Point32 - ok
05:26:34.0709 4360 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
05:26:34.0710 4360 PptpMiniport - ok
05:26:34.0735 4360 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
05:26:34.0736 4360 Processor - ok
05:26:34.0792 4360 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
05:26:34.0793 4360 PSched - ok
05:26:34.0851 4360 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
05:26:34.0875 4360 ql2300 - ok
05:26:34.0902 4360 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
05:26:34.0903 4360 ql40xx - ok
05:26:34.0943 4360 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
05:26:34.0944 4360 QWAVEdrv - ok
05:26:34.0987 4360 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
05:26:34.0987 4360 RasAcd - ok
05:26:35.0024 4360 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
05:26:35.0025 4360 Rasl2tp - ok
05:26:35.0080 4360 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
05:26:35.0081 4360 RasPppoe - ok
05:26:35.0105 4360 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
05:26:35.0106 4360 RasSstp - ok
05:26:35.0157 4360 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
05:26:35.0160 4360 rdbss - ok
05:26:35.0201 4360 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
05:26:35.0201 4360 RDPCDD - ok
05:26:35.0248 4360 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
05:26:35.0252 4360 rdpdr - ok
05:26:35.0266 4360 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
05:26:35.0267 4360 RDPENCDD - ok
05:26:35.0310 4360 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
05:26:35.0312 4360 RDPWD - ok
05:26:35.0354 4360 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
05:26:35.0355 4360 rspndr - ok
05:26:35.0386 4360 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
05:26:35.0387 4360 sbp2port - ok
05:26:35.0416 4360 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
05:26:35.0417 4360 secdrv - ok
05:26:35.0449 4360 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
05:26:35.0449 4360 Serenum - ok
05:26:35.0474 4360 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
05:26:35.0475 4360 Serial - ok
05:26:35.0509 4360 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
05:26:35.0510 4360 sermouse - ok
05:26:35.0554 4360 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
05:26:35.0554 4360 sffdisk - ok
05:26:35.0641 4360 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
05:26:35.0641 4360 sffp_mmc - ok
05:26:35.0772 4360 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
05:26:35.0772 4360 sffp_sd - ok
05:26:35.0806 4360 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
05:26:35.0806 4360 sfloppy - ok
05:26:35.0857 4360 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
05:26:35.0868 4360 sisagp - ok
05:26:35.0909 4360 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
05:26:35.0910 4360 SiSRaid2 - ok
05:26:35.0952 4360 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
05:26:35.0970 4360 SiSRaid4 - ok
05:26:36.0022 4360 Smb (ed23daaaccaf6f7efcfaf0cc155873e8) C:\Windows\system32\DRIVERS\smb.sys
05:26:36.0027 4360 Suspicious file (Forged): C:\Windows\system32\DRIVERS\smb.sys. Real md5: ed23daaaccaf6f7efcfaf0cc155873e8, Fake md5: 4dcd48353241b0f3853d0ba396ef2afe
05:26:36.0028 4360 Smb ( Virus.Win32.ZAccess.c ) - infected
05:26:36.0028 4360 Smb - detected Virus.Win32.ZAccess.c (0)
05:26:36.0086 4360 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
05:26:36.0087 4360 spldr - ok
05:26:36.0187 4360 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
05:26:36.0187 4360 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
05:26:36.0189 4360 sptd ( LockedFile.Multi.Generic ) - warning
05:26:36.0189 4360 sptd - detected LockedFile.Multi.Generic (1)
05:26:36.0274 4360 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
05:26:36.0278 4360 srv - ok
05:26:36.0320 4360 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
05:26:36.0322 4360 srv2 - ok
05:26:36.0378 4360 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
05:26:36.0383 4360 srvnet - ok
05:26:36.0433 4360 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
05:26:36.0433 4360 swenum - ok
05:26:36.0473 4360 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
05:26:36.0474 4360 Symc8xx - ok
05:26:36.0497 4360 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
05:26:36.0498 4360 Sym_hi - ok
05:26:36.0525 4360 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
05:26:36.0536 4360 Sym_u3 - ok
05:26:36.0624 4360 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
05:26:36.0629 4360 Tcpip - ok
05:26:36.0757 4360 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
05:26:36.0762 4360 Tcpip6 - ok
05:26:36.0813 4360 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
05:26:36.0821 4360 tcpipreg - ok
05:26:36.0865 4360 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
05:26:36.0866 4360 TDPIPE - ok
05:26:36.0897 4360 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
05:26:36.0898 4360 TDTCP - ok
05:26:36.0938 4360 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
05:26:36.0939 4360 tdx - ok
05:26:37.0006 4360 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
05:26:37.0007 4360 TermDD - ok
05:26:37.0082 4360 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
05:26:37.0082 4360 tssecsrv - ok
05:26:37.0122 4360 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
05:26:37.0123 4360 tunmp - ok
05:26:37.0159 4360 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
05:26:37.0160 4360 tunnel - ok
05:26:37.0203 4360 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
05:26:37.0204 4360 uagp35 - ok
05:26:37.0252 4360 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
05:26:37.0256 4360 udfs - ok
05:26:37.0291 4360 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
05:26:37.0292 4360 uliagpkx - ok
05:26:37.0319 4360 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
05:26:37.0322 4360 uliahci - ok
05:26:37.0349 4360 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
05:26:37.0350 4360 UlSata - ok
05:26:37.0375 4360 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
05:26:37.0376 4360 ulsata2 - ok
05:26:37.0409 4360 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
05:26:37.0419 4360 umbus - ok
05:26:37.0459 4360 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
05:26:37.0470 4360 usbccgp - ok
05:26:37.0494 4360 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
05:26:37.0495 4360 usbcir - ok
05:26:37.0526 4360 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
05:26:37.0535 4360 usbehci - ok
05:26:37.0570 4360 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
05:26:37.0572 4360 usbhub - ok
05:26:37.0601 4360 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
05:26:37.0602 4360 usbohci - ok
05:26:37.0639 4360 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
05:26:37.0639 4360 usbprint - ok
05:26:37.0695 4360 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
05:26:37.0696 4360 usbscan - ok
05:26:37.0728 4360 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
05:26:37.0729 4360 USBSTOR - ok
05:26:37.0780 4360 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
05:26:37.0781 4360 usbuhci - ok
05:26:37.0843 4360 USB_RNDIS (830d5d8456b822c1247c1e59b4c464fa) C:\Windows\system32\DRIVERS\usb8023.sys
05:26:37.0843 4360 USB_RNDIS - ok
05:26:37.0919 4360 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
05:26:37.0920 4360 vga - ok
05:26:37.0976 4360 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
05:26:37.0977 4360 VgaSave - ok
05:26:38.0013 4360 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
05:26:38.0029 4360 viaagp - ok
05:26:38.0069 4360 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
05:26:38.0085 4360 ViaC7 - ok
05:26:38.0115 4360 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
05:26:38.0115 4360 viaide - ok
05:26:38.0159 4360 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
05:26:38.0178 4360 volmgr - ok
05:26:38.0242 4360 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
05:26:38.0246 4360 volmgrx - ok
05:26:38.0293 4360 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
05:26:38.0296 4360 volsnap - ok
05:26:38.0331 4360 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
05:26:38.0332 4360 vsmraid - ok
05:26:38.0360 4360 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
05:26:38.0361 4360 WacomPen - ok
05:26:38.0398 4360 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
05:26:38.0399 4360 Wanarp - ok
05:26:38.0403 4360 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
05:26:38.0404 4360 Wanarpv6 - ok
05:26:38.0433 4360 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
05:26:38.0433 4360 Wd - ok
05:26:38.0489 4360 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
05:26:38.0492 4360 Wdf01000 - ok
05:26:38.0583 4360 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
05:26:38.0583 4360 WmiAcpi - ok
05:26:38.0639 4360 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
05:26:38.0650 4360 WpdUsb - ok
05:26:38.0692 4360 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
05:26:38.0693 4360 ws2ifsl - ok
05:26:38.0737 4360 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
05:26:38.0739 4360 WUDFRd - ok
05:26:38.0786 4360 ZTEusbmdm6k (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
05:26:38.0787 4360 ZTEusbmdm6k - ok
05:26:38.0833 4360 ZTEusbnmea (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
05:26:38.0834 4360 ZTEusbnmea - ok
05:26:38.0867 4360 ZTEusbser6k (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
05:26:38.0868 4360 ZTEusbser6k - ok
05:26:38.0905 4360 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
05:26:38.0952 4360 \Device\Harddisk0\DR0 - ok
05:26:38.0972 4360 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
05:26:39.0014 4360 \Device\Harddisk1\DR1 - ok
05:26:39.0017 4360 Boot (0x1200) (0764067473881a4af3236f319ce802b5) \Device\Harddisk0\DR0\Partition0
05:26:39.0018 4360 \Device\Harddisk0\DR0\Partition0 - ok
05:26:39.0021 4360 Boot (0x1200) (21fa605b69522b273bd08e3b52a2ee70) \Device\Harddisk1\DR1\Partition0
05:26:39.0022 4360 \Device\Harddisk1\DR1\Partition0 - ok
05:26:39.0023 4360 ============================================================
05:26:39.0023 4360 Scan finished
05:26:39.0023 4360 ============================================================
05:26:39.0030 4188 Detected object count: 2
05:26:39.0030 4188 Actual detected object count: 2
05:26:44.0033 4188 C:\Windows\system32\DRIVERS\smb.sys - copied to quarantine
05:26:48.0598 4188 Backup copy found, using it..
05:26:48.0598 4188 C:\Windows\system32\DRIVERS\smb.sys - will be cured on reboot
05:26:55.0509 4188 Smb ( Virus.Win32.ZAccess.c ) - User select action: Cure
05:26:55.0509 4188 sptd ( LockedFile.Multi.Generic ) - skipped by user
05:26:55.0509 4188 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
05:27:06.0725 5696 Deinitialize success
 
02:39:02.0212 3812 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
02:39:02.0337 3812 ============================================================
02:39:02.0337 3812 Current date / time: 2012/03/04 02:39:02.0337
02:39:02.0337 3812 SystemInfo:
02:39:02.0337 3812
02:39:02.0353 3812 OS Version: 6.0.6002 ServicePack: 2.0
02:39:02.0353 3812 Product type: Workstation
02:39:02.0353 3812 ComputerName: MARK-PC
02:39:02.0353 3812 UserName: Mark
02:39:02.0353 3812 Windows directory: C:\Windows
02:39:02.0353 3812 System windows directory: C:\Windows
02:39:02.0353 3812 Processor architecture: Intel x86
02:39:02.0353 3812 Number of processors: 4
02:39:02.0353 3812 Page size: 0x1000
02:39:02.0353 3812 Boot type: Normal boot
02:39:02.0353 3812 ============================================================
02:39:04.0147 3812 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
02:39:04.0162 3812 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
02:39:04.0162 3812 \Device\Harddisk0\DR0:
02:39:04.0162 3812 MBR used
02:39:04.0162 3812 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
02:39:04.0162 3812 \Device\Harddisk1\DR1:
02:39:04.0162 3812 MBR used
02:39:04.0162 3812 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
02:39:04.0209 3812 Initialize success
02:39:04.0209 3812 ============================================================
02:39:07.0563 3776 ============================================================
02:39:07.0563 3776 Scan started
02:39:07.0563 3776 Mode: Manual;
02:39:07.0563 3776 ============================================================
02:39:09.0544 3776 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
02:39:09.0544 3776 ACPI - ok
02:39:09.0622 3776 ADIHdAudAddService (81a61c3fe6f0f8c084c9a80b584cce21) C:\Windows\system32\drivers\ADIHdAud.sys
02:39:09.0622 3776 ADIHdAudAddService - ok
02:39:09.0856 3776 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
02:39:09.0872 3776 adp94xx - ok
02:39:09.0919 3776 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
02:39:09.0919 3776 adpahci - ok
02:39:09.0981 3776 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
02:39:09.0981 3776 adpu160m - ok
02:39:10.0044 3776 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
02:39:10.0044 3776 adpu320 - ok
02:39:10.0122 3776 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
02:39:10.0122 3776 AFD - ok
02:39:10.0137 3776 AFGMp50 - ok
02:39:10.0184 3776 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\AFGSp50.sys
02:39:10.0184 3776 AFGSp50 - ok
02:39:10.0200 3776 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
02:39:10.0200 3776 agp440 - ok
02:39:10.0231 3776 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
02:39:10.0231 3776 aic78xx - ok
02:39:10.0278 3776 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
02:39:10.0278 3776 aliide - ok
02:39:10.0309 3776 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
02:39:10.0324 3776 amdagp - ok
02:39:10.0356 3776 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
02:39:10.0356 3776 amdide - ok
02:39:10.0402 3776 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
02:39:10.0402 3776 AmdK7 - ok
02:39:10.0434 3776 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
02:39:10.0434 3776 AmdK8 - ok
02:39:10.0496 3776 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
02:39:10.0496 3776 arc - ok
02:39:10.0512 3776 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
02:39:10.0512 3776 arcsas - ok
02:39:10.0543 3776 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
02:39:10.0543 3776 AsyncMac - ok
02:39:10.0605 3776 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
02:39:10.0605 3776 atapi - ok
02:39:10.0652 3776 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
02:39:10.0652 3776 Beep - ok
02:39:10.0668 3776 blbdrive - ok
02:39:10.0714 3776 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
02:39:10.0714 3776 bowser - ok
02:39:10.0777 3776 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
02:39:10.0777 3776 BrFiltLo - ok
02:39:10.0870 3776 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
02:39:10.0870 3776 BrFiltUp - ok
02:39:10.0902 3776 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
02:39:10.0902 3776 Brserid - ok
02:39:10.0933 3776 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
02:39:10.0933 3776 BrSerWdm - ok
02:39:10.0964 3776 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
02:39:10.0964 3776 BrUsbMdm - ok
02:39:10.0980 3776 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
02:39:10.0980 3776 BrUsbSer - ok
02:39:10.0995 3776 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
02:39:10.0995 3776 BTHMODEM - ok
02:39:11.0307 3776 catchme - ok
02:39:11.0401 3776 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
02:39:11.0401 3776 cdfs - ok
02:39:11.0432 3776 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
02:39:11.0432 3776 cdrom - ok
02:39:11.0479 3776 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
02:39:11.0479 3776 circlass - ok
02:39:11.0541 3776 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
02:39:11.0541 3776 CLFS - ok
02:39:11.0604 3776 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
02:39:11.0604 3776 cmdide - ok
02:39:11.0635 3776 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
02:39:11.0635 3776 Compbatt - ok
02:39:11.0697 3776 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
02:39:11.0697 3776 crcdisk - ok
02:39:11.0728 3776 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
02:39:11.0728 3776 Crusoe - ok
02:39:11.0806 3776 DfsC (e20fb30d720810646ed24fb7ca9899a2) C:\Windows\system32\Drivers\dfsc.sys
02:39:11.0806 3776 DfsC - ok
02:39:11.0931 3776 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
02:39:11.0931 3776 disk - ok
02:39:12.0009 3776 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
02:39:12.0009 3776 Dot4 - ok
02:39:12.0072 3776 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
02:39:12.0072 3776 Dot4Print - ok
02:39:12.0165 3776 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
02:39:12.0165 3776 dot4usb - ok
02:39:12.0196 3776 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
02:39:12.0196 3776 drmkaud - ok
02:39:12.0274 3776 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
02:39:12.0290 3776 DXGKrnl - ok
02:39:12.0337 3776 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
02:39:12.0337 3776 E1G60 - ok
02:39:12.0399 3776 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
02:39:12.0399 3776 Ecache - ok
02:39:12.0462 3776 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
02:39:12.0462 3776 elxstor - ok
02:39:12.0586 3776 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
02:39:12.0586 3776 exfat - ok
02:39:12.0680 3776 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
02:39:12.0680 3776 fastfat - ok
02:39:12.0727 3776 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
02:39:12.0727 3776 fdc - ok
02:39:12.0914 3776 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
02:39:12.0914 3776 FileInfo - ok
02:39:12.0976 3776 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
02:39:12.0976 3776 Filetrace - ok
02:39:13.0023 3776 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
02:39:13.0023 3776 flpydisk - ok
02:39:13.0101 3776 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
02:39:13.0101 3776 FltMgr - ok
02:39:13.0132 3776 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
02:39:13.0132 3776 Fs_Rec - ok
02:39:13.0164 3776 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
02:39:13.0164 3776 gagp30kx - ok
02:39:13.0273 3776 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
02:39:13.0273 3776 HdAudAddService - ok
02:39:13.0351 3776 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
02:39:13.0351 3776 HDAudBus - ok
02:39:13.0382 3776 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
02:39:13.0382 3776 HidBth - ok
02:39:13.0429 3776 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
02:39:13.0429 3776 HidIr - ok
02:39:13.0507 3776 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
02:39:13.0507 3776 HidUsb - ok
02:39:13.0554 3776 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
02:39:13.0554 3776 HpCISSs - ok
02:39:13.0663 3776 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
02:39:13.0663 3776 HTTP - ok
02:39:13.0710 3776 hwdatacard (4154079a88089155d10168333b19627f) C:\Windows\system32\DRIVERS\ewusbmdm.sys
02:39:13.0710 3776 hwdatacard - ok
02:39:13.0756 3776 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
02:39:13.0756 3776 i2omp - ok
02:39:13.0803 3776 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
02:39:13.0803 3776 i8042prt - ok
02:39:13.0897 3776 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
02:39:13.0897 3776 iaStorV - ok
02:39:13.0959 3776 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
02:39:13.0959 3776 iirsp - ok
02:39:14.0022 3776 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
02:39:14.0022 3776 intelide - ok
02:39:14.0084 3776 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
02:39:14.0084 3776 intelppm - ok
02:39:14.0146 3776 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:39:14.0146 3776 IpFilterDriver - ok
02:39:14.0162 3776 IpInIp - ok
02:39:14.0209 3776 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
02:39:14.0209 3776 IPMIDRV - ok
02:39:14.0287 3776 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
02:39:14.0287 3776 IPNAT - ok
02:39:14.0349 3776 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
02:39:14.0349 3776 IRENUM - ok
02:39:14.0396 3776 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
02:39:14.0396 3776 isapnp - ok
02:39:14.0443 3776 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
02:39:14.0443 3776 iScsiPrt - ok
02:39:14.0490 3776 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
02:39:14.0490 3776 iteatapi - ok
02:39:14.0505 3776 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
02:39:14.0505 3776 iteraid - ok
02:39:14.0568 3776 jbridgep - ok
02:39:14.0692 3776 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
02:39:14.0692 3776 kbdclass - ok
02:39:14.0724 3776 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
02:39:14.0739 3776 kbdhid - ok
02:39:14.0770 3776 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
02:39:14.0786 3776 KSecDD - ok
02:39:14.0848 3776 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
02:39:14.0848 3776 lltdio - ok
02:39:14.0942 3776 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
02:39:14.0942 3776 LSI_FC - ok
02:39:14.0973 3776 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
02:39:14.0973 3776 LSI_SAS - ok
02:39:14.0989 3776 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
02:39:14.0989 3776 LSI_SCSI - ok
02:39:15.0051 3776 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
02:39:15.0051 3776 luafv - ok
02:39:15.0082 3776 massfilter (6490fe1b088c7199a9b6ce0e04a98a8b) C:\Windows\system32\DRIVERS\massfilter.sys
02:39:15.0082 3776 massfilter - ok
02:39:15.0114 3776 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
02:39:15.0114 3776 MBAMProtector - ok
02:39:15.0160 3776 mbmiodrvr (290fb01f7f51eff0960599404a09f8d6) C:\Windows\system32\mbmiodrvr.sys
02:39:15.0160 3776 mbmiodrvr - ok
02:39:15.0176 3776 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
02:39:15.0176 3776 megasas - ok
02:39:15.0207 3776 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
02:39:15.0207 3776 Modem - ok
02:39:15.0254 3776 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
02:39:15.0254 3776 monitor - ok
02:39:15.0301 3776 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
02:39:15.0301 3776 mouclass - ok
02:39:15.0316 3776 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
02:39:15.0316 3776 mouhid - ok
02:39:15.0348 3776 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
02:39:15.0348 3776 MountMgr - ok
02:39:15.0379 3776 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
02:39:15.0379 3776 mpio - ok
02:39:15.0426 3776 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
02:39:15.0426 3776 mpsdrv - ok
02:39:15.0441 3776 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
02:39:15.0441 3776 Mraid35x - ok
02:39:15.0488 3776 MRV6X32P (02b74ba962232ea2a1771aa522143eaa) C:\Windows\system32\DRIVERS\MRVW13B.sys
02:39:15.0488 3776 MRV6X32P - ok
02:39:15.0550 3776 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
02:39:15.0550 3776 MRxDAV - ok
02:39:15.0597 3776 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:39:15.0597 3776 mrxsmb - ok
02:39:15.0706 3776 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:39:15.0706 3776 mrxsmb10 - ok
02:39:15.0753 3776 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:39:15.0753 3776 mrxsmb20 - ok
02:39:15.0816 3776 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
02:39:15.0816 3776 msahci - ok
02:39:15.0831 3776 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
02:39:15.0831 3776 msdsm - ok
02:39:15.0878 3776 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
02:39:15.0878 3776 Msfs - ok
02:39:15.0972 3776 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
02:39:15.0972 3776 msisadrv - ok
02:39:16.0003 3776 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
02:39:16.0003 3776 MSKSSRV - ok
02:39:16.0034 3776 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
02:39:16.0034 3776 MSPCLOCK - ok
02:39:16.0065 3776 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
02:39:16.0065 3776 MSPQM - ok
02:39:16.0128 3776 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
02:39:16.0128 3776 MsRPC - ok
02:39:16.0143 3776 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
02:39:16.0143 3776 mssmbios - ok
02:39:16.0159 3776 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
02:39:16.0159 3776 MSTEE - ok
02:39:16.0252 3776 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
02:39:16.0252 3776 MTsensor - ok
02:39:16.0268 3776 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
02:39:16.0268 3776 Mup - ok
02:39:16.0315 3776 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
02:39:16.0315 3776 NativeWifiP - ok
02:39:16.0362 3776 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
02:39:16.0362 3776 NDIS - ok
02:39:16.0393 3776 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
02:39:16.0393 3776 NdisTapi - ok
02:39:16.0424 3776 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
02:39:16.0424 3776 Ndisuio - ok
02:39:16.0440 3776 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
02:39:16.0440 3776 NdisWan - ok
02:39:16.0486 3776 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
02:39:16.0486 3776 NDProxy - ok
02:39:16.0502 3776 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
02:39:16.0502 3776 NetBIOS - ok
02:39:16.0564 3776 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\drivers\netbt.sys
02:39:16.0564 3776 netbt - ok
02:39:16.0611 3776 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
02:39:16.0611 3776 nfrd960 - ok
02:39:16.0674 3776 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
02:39:16.0674 3776 Npfs - ok
02:39:16.0705 3776 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
02:39:16.0705 3776 nsiproxy - ok
02:39:16.0783 3776 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
02:39:16.0798 3776 Ntfs - ok
02:39:16.0830 3776 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
02:39:16.0830 3776 ntrigdigi - ok
02:39:16.0861 3776 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
02:39:16.0861 3776 NuidFltr - ok
02:39:16.0954 3776 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
02:39:16.0954 3776 Null - ok
02:39:17.0001 3776 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
02:39:17.0017 3776 NVENETFD - ok
02:39:17.0266 3776 nvlddmkm (f452e6ad3eda2852f44be492e283c40f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
02:39:17.0313 3776 nvlddmkm - ok
02:39:17.0344 3776 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
02:39:17.0344 3776 nvraid - ok
02:39:17.0376 3776 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
02:39:17.0376 3776 nvstor - ok
02:39:17.0407 3776 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
02:39:17.0407 3776 nvstor32 - ok
02:39:17.0438 3776 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
02:39:17.0438 3776 nv_agp - ok
02:39:17.0454 3776 NwlnkFlt - ok
02:39:17.0469 3776 NwlnkFwd - ok
02:39:17.0516 3776 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
02:39:17.0516 3776 ohci1394 - ok
02:39:17.0532 3776 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
02:39:17.0547 3776 Parport - ok
02:39:17.0578 3776 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
02:39:17.0578 3776 partmgr - ok
02:39:17.0610 3776 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
02:39:17.0610 3776 Parvdm - ok
02:39:17.0625 3776 PCASp50 - ok
02:39:17.0672 3776 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
02:39:17.0672 3776 pci - ok
02:39:17.0703 3776 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
02:39:17.0703 3776 pciide - ok
02:39:17.0734 3776 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
02:39:17.0734 3776 pcmcia - ok
02:39:17.0781 3776 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
02:39:17.0781 3776 PEAUTH - ok
02:39:17.0859 3776 Point32 (5b6f99087cc1342b3d193e8155f26b6f) C:\Windows\system32\DRIVERS\point32k.sys
02:39:17.0859 3776 Point32 - ok
02:39:17.0890 3776 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
02:39:17.0890 3776 PptpMiniport - ok
02:39:17.0984 3776 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
02:39:17.0984 3776 Processor - ok
02:39:18.0031 3776 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
02:39:18.0031 3776 PSched - ok
02:39:18.0078 3776 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
02:39:18.0078 3776 ql2300 - ok
02:39:18.0109 3776 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
02:39:18.0109 3776 ql40xx - ok
02:39:18.0171 3776 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
02:39:18.0171 3776 QWAVEdrv - ok
02:39:18.0218 3776 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
02:39:18.0218 3776 RasAcd - ok
02:39:18.0265 3776 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:39:18.0265 3776 Rasl2tp - ok
02:39:18.0312 3776 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
02:39:18.0312 3776 RasPppoe - ok
02:39:18.0327 3776 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
02:39:18.0327 3776 RasSstp - ok
02:39:18.0390 3776 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
02:39:18.0390 3776 rdbss - ok
02:39:18.0421 3776 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:39:18.0421 3776 RDPCDD - ok
02:39:18.0468 3776 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
02:39:18.0468 3776 rdpdr - ok
02:39:18.0483 3776 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
02:39:18.0483 3776 RDPENCDD - ok
02:39:18.0530 3776 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
02:39:18.0530 3776 RDPWD - ok
02:39:18.0577 3776 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
02:39:18.0577 3776 rspndr - ok
02:39:18.0608 3776 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
02:39:18.0608 3776 sbp2port - ok
02:39:18.0639 3776 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
02:39:18.0639 3776 secdrv - ok
02:39:18.0670 3776 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
02:39:18.0670 3776 Serenum - ok
02:39:18.0702 3776 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
02:39:18.0702 3776 Serial - ok
02:39:18.0748 3776 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
02:39:18.0748 3776 sermouse - ok
02:39:18.0764 3776 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
02:39:18.0764 3776 sffdisk - ok
02:39:18.0795 3776 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
02:39:18.0795 3776 sffp_mmc - ok
02:39:18.0826 3776 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
02:39:18.0826 3776 sffp_sd - ok
02:39:18.0873 3776 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
02:39:18.0873 3776 sfloppy - ok
02:39:19.0014 3776 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
02:39:19.0014 3776 sisagp - ok
02:39:19.0076 3776 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
02:39:19.0076 3776 SiSRaid2 - ok
02:39:19.0107 3776 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
02:39:19.0107 3776 SiSRaid4 - ok
02:39:19.0170 3776 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
02:39:19.0170 3776 Smb - ok
02:39:19.0232 3776 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
02:39:19.0232 3776 spldr - ok
02:39:19.0310 3776 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
02:39:19.0310 3776 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
02:39:19.0310 3776 sptd ( LockedFile.Multi.Generic ) - warning
02:39:19.0310 3776 sptd - detected LockedFile.Multi.Generic (1)
02:39:19.0372 3776 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
02:39:19.0372 3776 srv - ok
02:39:19.0435 3776 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
02:39:19.0435 3776 srv2 - ok
02:39:19.0497 3776 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
02:39:19.0497 3776 srvnet - ok
02:39:19.0560 3776 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
02:39:19.0560 3776 swenum - ok
02:39:19.0622 3776 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
02:39:19.0622 3776 Symc8xx - ok
02:39:19.0669 3776 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
02:39:19.0669 3776 Sym_hi - ok
02:39:19.0716 3776 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
02:39:19.0716 3776 Sym_u3 - ok
02:39:20.0106 3776 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
02:39:20.0106 3776 Tcpip - ok
02:39:20.0168 3776 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
02:39:20.0168 3776 Tcpip6 - ok
02:39:20.0230 3776 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
02:39:20.0230 3776 tcpipreg - ok
02:39:20.0277 3776 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
02:39:20.0277 3776 TDPIPE - ok
02:39:20.0340 3776 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
02:39:20.0340 3776 TDTCP - ok
02:39:20.0418 3776 tdx (f8fa40f8e3b28b3c5aefb0bd31cc3b46) C:\Windows\system32\DRIVERS\tdx.sys
02:39:20.0418 3776 Suspicious file (Forged): C:\Windows\system32\DRIVERS\tdx.sys. Real md5: f8fa40f8e3b28b3c5aefb0bd31cc3b46, Fake md5: 76b06eb8a01fc8624d699e7045303e54
02:39:20.0418 3776 tdx ( Virus.Win32.ZAccess.c ) - infected
02:39:20.0418 3776 tdx - detected Virus.Win32.ZAccess.c (0)
02:39:20.0480 3776 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
02:39:20.0480 3776 TermDD - ok
02:39:20.0527 3776 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:39:20.0527 3776 tssecsrv - ok
02:39:20.0574 3776 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
02:39:20.0589 3776 tunmp - ok
02:39:20.0620 3776 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
02:39:20.0620 3776 tunnel - ok
02:39:20.0683 3776 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
02:39:20.0683 3776 uagp35 - ok
02:39:20.0761 3776 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
02:39:20.0761 3776 udfs - ok
02:39:20.0808 3776 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
02:39:20.0808 3776 uliagpkx - ok
02:39:20.0823 3776 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
02:39:20.0823 3776 uliahci - ok
02:39:20.0854 3776 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
02:39:20.0854 3776 UlSata - ok
02:39:20.0886 3776 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
02:39:20.0886 3776 ulsata2 - ok
02:39:20.0932 3776 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
02:39:20.0932 3776 umbus - ok
02:39:21.0057 3776 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
02:39:21.0057 3776 usbccgp - ok
02:39:21.0104 3776 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
02:39:21.0104 3776 usbcir - ok
02:39:21.0151 3776 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
02:39:21.0151 3776 usbehci - ok
02:39:21.0198 3776 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
02:39:21.0198 3776 usbhub - ok
02:39:21.0229 3776 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
02:39:21.0229 3776 usbohci - ok
02:39:21.0276 3776 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
02:39:21.0276 3776 usbprint - ok
02:39:21.0416 3776 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
02:39:21.0416 3776 usbscan - ok
02:39:21.0494 3776 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:39:21.0494 3776 USBSTOR - ok
02:39:21.0588 3776 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
02:39:21.0588 3776 usbuhci - ok
02:39:21.0650 3776 USB_RNDIS (830d5d8456b822c1247c1e59b4c464fa) C:\Windows\system32\DRIVERS\usb8023.sys
02:39:21.0650 3776 USB_RNDIS - ok
02:39:21.0712 3776 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
02:39:21.0712 3776 vga - ok
02:39:21.0759 3776 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
02:39:21.0759 3776 VgaSave - ok
02:39:21.0790 3776 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
02:39:21.0790 3776 viaagp - ok
02:39:21.0806 3776 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
02:39:21.0806 3776 ViaC7 - ok
02:39:21.0837 3776 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
02:39:21.0837 3776 viaide - ok
02:39:21.0884 3776 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
02:39:21.0884 3776 volmgr - ok
02:39:21.0931 3776 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
02:39:21.0931 3776 volmgrx - ok
02:39:22.0040 3776 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
02:39:22.0040 3776 volsnap - ok
02:39:22.0071 3776 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
02:39:22.0071 3776 vsmraid - ok
02:39:22.0087 3776 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
02:39:22.0087 3776 WacomPen - ok
02:39:22.0134 3776 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
02:39:22.0134 3776 Wanarp - ok
02:39:22.0134 3776 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
02:39:22.0134 3776 Wanarpv6 - ok
02:39:22.0180 3776 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
02:39:22.0180 3776 Wd - ok
02:39:22.0243 3776 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
02:39:22.0243 3776 Wdf01000 - ok
02:39:22.0352 3776 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
02:39:22.0352 3776 WmiAcpi - ok
02:39:22.0383 3776 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
02:39:22.0383 3776 WpdUsb - ok
02:39:22.0430 3776 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
02:39:22.0430 3776 ws2ifsl - ok
02:39:22.0492 3776 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:39:22.0492 3776 WUDFRd - ok
02:39:22.0539 3776 ZTEusbmdm6k (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
02:39:22.0539 3776 ZTEusbmdm6k - ok
02:39:22.0586 3776 ZTEusbnmea (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
02:39:22.0586 3776 ZTEusbnmea - ok
02:39:22.0648 3776 ZTEusbser6k (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
02:39:22.0648 3776 ZTEusbser6k - ok
02:39:22.0664 3776 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
02:39:22.0711 3776 \Device\Harddisk0\DR0 - ok
02:39:22.0726 3776 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
02:39:22.0758 3776 \Device\Harddisk1\DR1 - ok
02:39:22.0758 3776 Boot (0x1200) (0764067473881a4af3236f319ce802b5) \Device\Harddisk0\DR0\Partition0
02:39:22.0773 3776 \Device\Harddisk0\DR0\Partition0 - ok
02:39:22.0773 3776 Boot (0x1200) (21fa605b69522b273bd08e3b52a2ee70) \Device\Harddisk1\DR1\Partition0
02:39:22.0773 3776 \Device\Harddisk1\DR1\Partition0 - ok
02:39:22.0773 3776 ============================================================
02:39:22.0773 3776 Scan finished
02:39:22.0773 3776 ============================================================
02:39:22.0773 1152 Detected object count: 2
02:39:22.0773 1152 Actual detected object count: 2
02:39:29.0341 1152 sptd ( LockedFile.Multi.Generic ) - skipped by user
02:39:29.0341 1152 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
02:39:29.0434 1152 C:\Windows\system32\DRIVERS\tdx.sys - copied to quarantine
02:39:29.0559 1152 Backup copy found, using it..
02:39:29.0559 1152 C:\Windows\system32\DRIVERS\tdx.sys - will be cured on reboot
02:39:32.0679 1152 tdx ( Virus.Win32.ZAccess.c ) - User select action: Cure
02:39:35.0784 3152 Deinitialize success
 
22:38:56.0422 3384 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
22:38:56.0562 3384 ============================================================
22:38:56.0562 3384 Current date / time: 2012/03/04 22:38:56.0562
22:38:56.0562 3384 SystemInfo:
22:38:56.0562 3384
22:38:56.0562 3384 OS Version: 6.0.6002 ServicePack: 2.0
22:38:56.0562 3384 Product type: Workstation
22:38:56.0562 3384 ComputerName: MARK-PC
22:38:56.0562 3384 UserName: Mark
22:38:56.0562 3384 Windows directory: C:\Windows
22:38:56.0562 3384 System windows directory: C:\Windows
22:38:56.0562 3384 Processor architecture: Intel x86
22:38:56.0562 3384 Number of processors: 4
22:38:56.0562 3384 Page size: 0x1000
22:38:56.0562 3384 Boot type: Normal boot
22:38:56.0562 3384 ============================================================
22:38:58.0029 3384 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:38:58.0044 3384 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:38:58.0044 3384 \Device\Harddisk0\DR0:
22:38:58.0044 3384 MBR used
22:38:58.0044 3384 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
22:38:58.0044 3384 \Device\Harddisk1\DR1:
22:38:58.0044 3384 MBR used
22:38:58.0044 3384 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
22:38:58.0075 3384 Initialize success
22:38:58.0075 3384 ============================================================
22:39:01.0024 2928 ============================================================
22:39:01.0024 2928 Scan started
22:39:01.0024 2928 Mode: Manual;
22:39:01.0024 2928 ============================================================
22:39:02.0397 2928 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:39:02.0397 2928 ACPI - ok
22:39:02.0537 2928 ADIHdAudAddService (81a61c3fe6f0f8c084c9a80b584cce21) C:\Windows\system32\drivers\ADIHdAud.sys
22:39:02.0537 2928 ADIHdAudAddService - ok
22:39:02.0709 2928 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
22:39:02.0709 2928 adp94xx - ok
22:39:02.0911 2928 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
22:39:02.0927 2928 adpahci - ok
22:39:02.0974 2928 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
22:39:02.0974 2928 adpu160m - ok
22:39:03.0021 2928 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
22:39:03.0021 2928 adpu320 - ok
22:39:03.0130 2928 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:39:03.0130 2928 AFD - ok
22:39:03.0192 2928 AFGMp50 - ok
22:39:03.0379 2928 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\AFGSp50.sys
22:39:03.0379 2928 AFGSp50 - ok
22:39:03.0473 2928 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
22:39:03.0473 2928 agp440 - ok
22:39:03.0551 2928 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:39:03.0567 2928 aic78xx - ok
22:39:03.0660 2928 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
22:39:03.0660 2928 aliide - ok
22:39:03.0707 2928 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
22:39:03.0707 2928 amdagp - ok
22:39:03.0832 2928 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
22:39:03.0832 2928 amdide - ok
22:39:03.0972 2928 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
22:39:03.0972 2928 AmdK7 - ok
22:39:04.0113 2928 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
22:39:04.0113 2928 AmdK8 - ok
22:39:04.0222 2928 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
22:39:04.0237 2928 arc - ok
22:39:04.0347 2928 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
22:39:04.0362 2928 arcsas - ok
22:39:04.0487 2928 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:39:04.0487 2928 AsyncMac - ok
22:39:04.0565 2928 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:39:04.0565 2928 atapi - ok
22:39:04.0643 2928 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:39:04.0643 2928 Beep - ok
22:39:04.0752 2928 blbdrive - ok
22:39:04.0955 2928 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:39:04.0955 2928 bowser - ok
22:39:05.0111 2928 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:39:05.0111 2928 BrFiltLo - ok
22:39:05.0267 2928 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:39:05.0267 2928 BrFiltUp - ok
22:39:05.0407 2928 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:39:05.0407 2928 Brserid - ok
22:39:05.0579 2928 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:39:05.0579 2928 BrSerWdm - ok
22:39:05.0782 2928 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:39:05.0782 2928 BrUsbMdm - ok
22:39:05.0891 2928 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:39:05.0907 2928 BrUsbSer - ok
22:39:06.0047 2928 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:39:06.0047 2928 BTHMODEM - ok
22:39:06.0141 2928 catchme - ok
22:39:06.0187 2928 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:39:06.0187 2928 cdfs - ok
22:39:06.0281 2928 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:39:06.0281 2928 cdrom - ok
22:39:06.0437 2928 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
22:39:06.0437 2928 circlass - ok
22:39:06.0624 2928 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:39:06.0655 2928 CLFS - ok
22:39:06.0874 2928 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
22:39:06.0874 2928 cmdide - ok
22:39:07.0014 2928 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
22:39:07.0014 2928 Compbatt - ok
22:39:07.0155 2928 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
22:39:07.0155 2928 crcdisk - ok
22:39:07.0311 2928 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
22:39:07.0311 2928 Crusoe - ok
22:39:07.0623 2928 DfsC (e20fb30d720810646ed24fb7ca9899a2) C:\Windows\system32\Drivers\dfsc.sys
22:39:07.0623 2928 DfsC - ok
22:39:07.0779 2928 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:39:07.0779 2928 disk - ok
22:39:07.0981 2928 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
22:39:07.0981 2928 Dot4 - ok
22:39:08.0122 2928 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:39:08.0137 2928 Dot4Print - ok
22:39:08.0247 2928 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
22:39:08.0247 2928 dot4usb - ok
22:39:08.0340 2928 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:39:08.0340 2928 drmkaud - ok
22:39:08.0590 2928 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
22:39:08.0590 2928 DXGKrnl - ok
22:39:08.0730 2928 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:39:08.0730 2928 E1G60 - ok
22:39:08.0871 2928 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:39:08.0871 2928 Ecache - ok
22:39:09.0120 2928 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
22:39:09.0120 2928 elxstor - ok
22:39:09.0401 2928 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:39:09.0401 2928 exfat - ok
22:39:09.0604 2928 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:39:09.0604 2928 fastfat - ok
22:39:09.0744 2928 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
22:39:09.0744 2928 fdc - ok
22:39:09.0931 2928 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:39:09.0931 2928 FileInfo - ok
22:39:10.0119 2928 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:39:10.0119 2928 Filetrace - ok
22:39:10.0290 2928 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:39:10.0290 2928 flpydisk - ok
22:39:10.0353 2928 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:39:10.0353 2928 FltMgr - ok
22:39:10.0524 2928 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:39:10.0524 2928 Fs_Rec - ok
22:39:10.0665 2928 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
22:39:10.0665 2928 gagp30kx - ok
22:39:10.0852 2928 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:39:10.0852 2928 HdAudAddService - ok
22:39:11.0133 2928 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:39:11.0148 2928 HDAudBus - ok
22:39:11.0335 2928 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:39:11.0335 2928 HidBth - ok
22:39:11.0398 2928 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:39:11.0398 2928 HidIr - ok
22:39:11.0585 2928 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:39:11.0585 2928 HidUsb - ok
22:39:11.0725 2928 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
22:39:11.0741 2928 HpCISSs - ok
22:39:12.0006 2928 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:39:12.0006 2928 HTTP - ok
22:39:12.0131 2928 hwdatacard (4154079a88089155d10168333b19627f) C:\Windows\system32\DRIVERS\ewusbmdm.sys
22:39:12.0147 2928 hwdatacard - ok
22:39:12.0303 2928 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
22:39:12.0303 2928 i2omp - ok
22:39:12.0490 2928 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:39:12.0490 2928 i8042prt - ok
22:39:12.0630 2928 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
22:39:12.0646 2928 iaStorV - ok
22:39:12.0771 2928 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:39:12.0771 2928 iirsp - ok
22:39:12.0880 2928 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
22:39:12.0880 2928 intelide - ok
22:39:13.0036 2928 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:39:13.0036 2928 intelppm - ok
22:39:13.0192 2928 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:39:13.0192 2928 IpFilterDriver - ok
22:39:13.0239 2928 IpInIp - ok
22:39:13.0363 2928 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
22:39:13.0363 2928 IPMIDRV - ok
22:39:13.0457 2928 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:39:13.0457 2928 IPNAT - ok
22:39:13.0582 2928 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:39:13.0582 2928 IRENUM - ok
22:39:13.0722 2928 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
22:39:13.0722 2928 isapnp - ok
22:39:13.0847 2928 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:39:13.0847 2928 iScsiPrt - ok
22:39:13.0925 2928 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:39:13.0925 2928 iteatapi - ok
22:39:14.0034 2928 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:39:14.0034 2928 iteraid - ok
22:39:14.0237 2928 jbridgep - ok
22:39:14.0393 2928 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:39:14.0393 2928 kbdclass - ok
22:39:14.0502 2928 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
22:39:14.0502 2928 kbdhid - ok
22:39:14.0596 2928 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
22:39:14.0596 2928 KSecDD - ok
22:39:14.0736 2928 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:39:14.0736 2928 lltdio - ok
22:39:14.0845 2928 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
22:39:14.0845 2928 LSI_FC - ok
22:39:14.0939 2928 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
22:39:14.0955 2928 LSI_SAS - ok
22:39:15.0033 2928 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
22:39:15.0033 2928 LSI_SCSI - ok
22:39:15.0126 2928 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:39:15.0126 2928 luafv - ok
22:39:15.0251 2928 massfilter (6490fe1b088c7199a9b6ce0e04a98a8b) C:\Windows\system32\DRIVERS\massfilter.sys
22:39:15.0251 2928 massfilter - ok
22:39:15.0360 2928 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
22:39:15.0360 2928 MBAMProtector - ok
22:39:15.0485 2928 mbmiodrvr (290fb01f7f51eff0960599404a09f8d6) C:\Windows\system32\mbmiodrvr.sys
22:39:15.0485 2928 mbmiodrvr - ok
22:39:15.0563 2928 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
22:39:15.0563 2928 megasas - ok
22:39:15.0688 2928 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:39:15.0688 2928 Modem - ok
22:39:15.0797 2928 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:39:15.0797 2928 monitor - ok
22:39:15.0953 2928 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:39:15.0953 2928 mouclass - ok
22:39:16.0078 2928 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:39:16.0078 2928 mouhid - ok
22:39:16.0171 2928 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:39:16.0171 2928 MountMgr - ok
22:39:16.0296 2928 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
22:39:16.0296 2928 mpio - ok
22:39:16.0405 2928 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:39:16.0405 2928 mpsdrv - ok
22:39:16.0483 2928 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:39:16.0483 2928 Mraid35x - ok
22:39:16.0655 2928 MRV6X32P (02b74ba962232ea2a1771aa522143eaa) C:\Windows\system32\DRIVERS\MRVW13B.sys
22:39:16.0671 2928 MRV6X32P - ok
22:39:16.0764 2928 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:39:16.0764 2928 MRxDAV - ok
22:39:16.0873 2928 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:39:16.0873 2928 mrxsmb - ok
22:39:17.0029 2928 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:39:17.0029 2928 mrxsmb10 - ok
22:39:17.0139 2928 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:39:17.0139 2928 mrxsmb20 - ok
22:39:17.0279 2928 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
22:39:17.0279 2928 msahci - ok
22:39:17.0373 2928 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
22:39:17.0373 2928 msdsm - ok
22:39:17.0451 2928 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:39:17.0451 2928 Msfs - ok
22:39:17.0560 2928 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:39:17.0560 2928 msisadrv - ok
22:39:17.0700 2928 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:39:17.0700 2928 MSKSSRV - ok
22:39:17.0794 2928 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:39:17.0794 2928 MSPCLOCK - ok
22:39:17.0903 2928 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:39:17.0903 2928 MSPQM - ok
22:39:18.0075 2928 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:39:18.0075 2928 MsRPC - ok
22:39:18.0246 2928 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:39:18.0246 2928 mssmbios - ok
22:39:18.0402 2928 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:39:18.0402 2928 MSTEE - ok
22:39:18.0558 2928 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
22:39:18.0558 2928 MTsensor - ok
22:39:18.0714 2928 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:39:18.0714 2928 Mup - ok
22:39:18.0901 2928 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:39:18.0901 2928 NativeWifiP - ok
22:39:19.0151 2928 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:39:19.0151 2928 NDIS - ok
22:39:19.0323 2928 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:39:19.0323 2928 NdisTapi - ok
22:39:19.0479 2928 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:39:19.0479 2928 Ndisuio - ok
22:39:19.0697 2928 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:39:19.0697 2928 NdisWan - ok
22:39:20.0181 2928 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:39:20.0181 2928 NDProxy - ok
22:39:20.0493 2928 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:39:20.0493 2928 NetBIOS - ok
22:39:20.0836 2928 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\drivers\netbt.sys
22:39:20.0836 2928 netbt - ok
22:39:21.0085 2928 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:39:21.0085 2928 nfrd960 - ok
22:39:22.0645 2928 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:39:22.0645 2928 Npfs - ok
22:39:22.0989 2928 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:39:22.0989 2928 nsiproxy - ok
22:39:25.0032 2928 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:39:25.0032 2928 Ntfs - ok
22:39:25.0703 2928 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:39:25.0703 2928 ntrigdigi - ok
22:39:26.0639 2928 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
22:39:26.0639 2928 NuidFltr - ok
22:39:27.0232 2928 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:39:27.0232 2928 Null - ok
22:39:27.0653 2928 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
22:39:27.0669 2928 NVENETFD - ok
22:39:30.0851 2928 nvlddmkm (f452e6ad3eda2852f44be492e283c40f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:39:30.0913 2928 nvlddmkm - ok
22:39:31.0381 2928 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
22:39:31.0381 2928 nvraid - ok
22:39:31.0709 2928 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
22:39:31.0740 2928 nvstor - ok
22:39:32.0052 2928 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
22:39:32.0052 2928 nvstor32 - ok
22:39:32.0598 2928 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
22:39:32.0598 2928 nv_agp - ok
22:39:32.0770 2928 NwlnkFlt - ok
22:39:32.0879 2928 NwlnkFwd - ok
22:39:33.0019 2928 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
22:39:33.0019 2928 ohci1394 - ok
22:39:33.0425 2928 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:39:33.0441 2928 Parport - ok
22:39:33.0690 2928 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:39:33.0690 2928 partmgr - ok
22:39:34.0018 2928 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:39:34.0018 2928 Parvdm - ok
22:39:34.0314 2928 PCASp50 - ok
22:39:34.0642 2928 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:39:34.0642 2928 pci - ok
22:39:35.0079 2928 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
22:39:35.0079 2928 pciide - ok
22:39:35.0547 2928 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:39:35.0547 2928 pcmcia - ok
22:39:36.0093 2928 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:39:36.0093 2928 PEAUTH - ok
22:39:36.0498 2928 Point32 (5b6f99087cc1342b3d193e8155f26b6f) C:\Windows\system32\DRIVERS\point32k.sys
22:39:36.0498 2928 Point32 - ok
22:39:36.0779 2928 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:39:36.0779 2928 PptpMiniport - ok
22:39:36.0904 2928 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
22:39:36.0904 2928 Processor - ok
22:39:36.0997 2928 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:39:36.0997 2928 PSched - ok
22:39:37.0247 2928 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
22:39:37.0247 2928 ql2300 - ok
22:39:37.0341 2928 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:39:37.0341 2928 ql40xx - ok
22:39:37.0403 2928 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:39:37.0403 2928 QWAVEdrv - ok
22:39:37.0481 2928 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:39:37.0481 2928 RasAcd - ok
22:39:37.0933 2928 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:39:37.0933 2928 Rasl2tp - ok
22:39:38.0121 2928 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:39:38.0121 2928 RasPppoe - ok
22:39:38.0199 2928 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:39:38.0199 2928 RasSstp - ok
22:39:38.0245 2928 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:39:38.0245 2928 rdbss - ok
22:39:38.0308 2928 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:39:38.0308 2928 RDPCDD - ok
22:39:38.0386 2928 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
22:39:38.0386 2928 rdpdr - ok
22:39:38.0401 2928 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:39:38.0401 2928 RDPENCDD - ok
22:39:38.0479 2928 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
22:39:38.0495 2928 RDPWD - ok
22:39:38.0526 2928 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:39:38.0526 2928 rspndr - ok
22:39:38.0557 2928 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:39:38.0557 2928 sbp2port - ok
22:39:38.0589 2928 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:39:38.0589 2928 secdrv - ok
22:39:38.0854 2928 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:39:38.0854 2928 Serenum - ok
22:39:38.0979 2928 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:39:38.0979 2928 Serial - ok
22:39:39.0025 2928 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:39:39.0025 2928 sermouse - ok
22:39:39.0119 2928 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
22:39:39.0119 2928 sffdisk - ok
22:39:39.0181 2928 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
22:39:39.0181 2928 sffp_mmc - ok
22:39:39.0228 2928 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
22:39:39.0228 2928 sffp_sd - ok
22:39:39.0275 2928 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:39:39.0275 2928 sfloppy - ok
22:39:39.0337 2928 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
22:39:39.0337 2928 sisagp - ok
22:39:39.0462 2928 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
22:39:39.0462 2928 SiSRaid2 - ok
22:39:39.0493 2928 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
22:39:39.0493 2928 SiSRaid4 - ok
22:39:39.0540 2928 Smb (ed23daaaccaf6f7efcfaf0cc155873e8) C:\Windows\system32\DRIVERS\smb.sys
22:39:39.0540 2928 Suspicious file (Forged): C:\Windows\system32\DRIVERS\smb.sys. Real md5: ed23daaaccaf6f7efcfaf0cc155873e8, Fake md5: 7b75299a4d201d6a6533603d6914ab04
22:39:39.0540 2928 Smb ( Virus.Win32.ZAccess.c ) - infected
22:39:39.0540 2928 Smb - detected Virus.Win32.ZAccess.c (0)
22:39:39.0712 2928 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:39:39.0712 2928 spldr - ok
22:39:40.0102 2928 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
22:39:40.0102 2928 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
22:39:40.0133 2928 sptd ( LockedFile.Multi.Generic ) - warning
22:39:40.0133 2928 sptd - detected LockedFile.Multi.Generic (1)
22:39:40.0258 2928 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:39:40.0258 2928 srv - ok
22:39:40.0320 2928 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:39:40.0320 2928 srv2 - ok
22:39:40.0476 2928 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:39:40.0476 2928 srvnet - ok
22:39:40.0695 2928 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:39:40.0695 2928 swenum - ok
22:39:41.0053 2928 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:39:41.0069 2928 Symc8xx - ok
22:39:41.0131 2928 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:39:41.0131 2928 Sym_hi - ok
22:39:41.0225 2928 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:39:41.0225 2928 Sym_u3 - ok
22:39:41.0365 2928 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
22:39:41.0365 2928 Tcpip - ok
22:39:41.0506 2928 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
22:39:41.0521 2928 Tcpip6 - ok
22:39:41.0568 2928 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:39:41.0568 2928 tcpipreg - ok
22:39:42.0067 2928 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:39:42.0067 2928 TDPIPE - ok
22:39:42.0442 2928 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:39:42.0442 2928 TDTCP - ok
22:39:42.0645 2928 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:39:42.0645 2928 tdx - ok
22:39:42.0707 2928 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:39:42.0707 2928 TermDD - ok
22:39:42.0769 2928 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:39:42.0769 2928 tssecsrv - ok
22:39:42.0910 2928 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:39:42.0910 2928 tunmp - ok
22:39:42.0988 2928 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:39:42.0988 2928 tunnel - ok
22:39:43.0035 2928 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
22:39:43.0035 2928 uagp35 - ok
22:39:43.0159 2928 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:39:43.0159 2928 udfs - ok
22:39:43.0269 2928 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
22:39:43.0269 2928 uliagpkx - ok
22:39:43.0300 2928 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
22:39:43.0300 2928 uliahci - ok
22:39:43.0331 2928 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:39:43.0331 2928 UlSata - ok
22:39:43.0362 2928 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:39:43.0378 2928 ulsata2 - ok
22:39:43.0471 2928 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:39:43.0471 2928 umbus - ok
22:39:43.0830 2928 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:39:43.0830 2928 usbccgp - ok
22:39:43.0939 2928 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:39:43.0939 2928 usbcir - ok
22:39:44.0127 2928 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:39:44.0127 2928 usbehci - ok
22:39:44.0314 2928 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:39:44.0314 2928 usbhub - ok
22:39:44.0361 2928 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
22:39:44.0361 2928 usbohci - ok
22:39:44.0392 2928 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:39:44.0392 2928 usbprint - ok
22:39:44.0673 2928 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
22:39:44.0673 2928 usbscan - ok
22:39:44.0829 2928 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:39:44.0829 2928 USBSTOR - ok
22:39:44.0922 2928 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
22:39:44.0922 2928 usbuhci - ok
22:39:44.0969 2928 USB_RNDIS (830d5d8456b822c1247c1e59b4c464fa) C:\Windows\system32\DRIVERS\usb8023.sys
22:39:44.0969 2928 USB_RNDIS - ok
22:39:45.0031 2928 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:39:45.0031 2928 vga - ok
22:39:45.0141 2928 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:39:45.0141 2928 VgaSave - ok
22:39:45.0297 2928 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
22:39:45.0297 2928 viaagp - ok
22:39:45.0359 2928 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
22:39:45.0359 2928 ViaC7 - ok
22:39:45.0390 2928 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
22:39:45.0390 2928 viaide - ok
22:39:45.0702 2928 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:39:45.0702 2928 volmgr - ok
22:39:45.0827 2928 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:39:45.0827 2928 volmgrx - ok
22:39:45.0967 2928 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:39:45.0967 2928 volsnap - ok
22:39:46.0123 2928 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
22:39:46.0123 2928 vsmraid - ok
22:39:46.0139 2928 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:39:46.0139 2928 WacomPen - ok
22:39:46.0311 2928 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:39:46.0311 2928 Wanarp - ok
22:39:46.0326 2928 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:39:46.0326 2928 Wanarpv6 - ok
22:39:46.0545 2928 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
22:39:46.0545 2928 Wd - ok
22:39:46.0981 2928 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:39:46.0981 2928 Wdf01000 - ok
22:39:47.0137 2928 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
22:39:47.0137 2928 WmiAcpi - ok
22:39:47.0184 2928 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
22:39:47.0184 2928 WpdUsb - ok
22:39:47.0309 2928 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:39:47.0309 2928 ws2ifsl - ok
22:39:47.0621 2928 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:39:47.0621 2928 WUDFRd - ok
22:39:47.0964 2928 ZTEusbmdm6k (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
22:39:47.0964 2928 ZTEusbmdm6k - ok
22:39:48.0042 2928 ZTEusbnmea (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
22:39:48.0042 2928 ZTEusbnmea - ok
22:39:48.0136 2928 ZTEusbser6k (4692a3e087cf018808f376a3cc2128fa) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
22:39:48.0136 2928 ZTEusbser6k - ok
22:39:48.0167 2928 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:39:48.0214 2928 \Device\Harddisk0\DR0 - ok
22:39:48.0229 2928 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
22:39:48.0276 2928 \Device\Harddisk1\DR1 - ok
22:39:48.0292 2928 Boot (0x1200) (0764067473881a4af3236f319ce802b5) \Device\Harddisk0\DR0\Partition0
22:39:48.0292 2928 \Device\Harddisk0\DR0\Partition0 - ok
22:39:48.0307 2928 Boot (0x1200) (21fa605b69522b273bd08e3b52a2ee70) \Device\Harddisk1\DR1\Partition0
22:39:48.0307 2928 \Device\Harddisk1\DR1\Partition0 - ok
22:39:48.0307 2928 ============================================================
22:39:48.0307 2928 Scan finished
22:39:48.0307 2928 ============================================================
22:39:48.0307 2904 Detected object count: 2
22:39:48.0307 2904 Actual detected object count: 2
22:39:54.0111 2904 C:\Windows\system32\DRIVERS\smb.sys - copied to quarantine
22:39:54.0282 2904 Backup copy found, using it..
22:39:54.0282 2904 C:\Windows\system32\DRIVERS\smb.sys - will be cured on reboot
22:40:02.0176 2904 Smb ( Virus.Win32.ZAccess.c ) - User select action: Cure
22:40:02.0176 2904 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:40:02.0176 2904 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
22:40:07.0589 3472 Deinitialize success
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Hello again. I had problems getting Combofix to run - in normal mode it hung at the scan stage. I booted into safe mode where again it hung the first time I ran it; I then got error messages about the recucle bin again; it then ran in safemode where it produced a few pop boxes about rootkts and rebooted the machine, I put it into safemode and combofix ran itself. Log attached:
 
ComboFix 12-03-04.01 - Mark 05/03/2012 4:22.3.4 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2938 [GMT 0:00]
Running from: c:\users\Mark\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB32240$
c:\windows\system32\amdagp.dll
.
Infected copy of c:\windows\system32\drivers\dfsc.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((( Files Created from 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))))
.
.
2012-03-05 04:31 . 2012-03-05 04:31 -------- d-----w- c:\users\Mark\AppData\Local\temp
2012-03-05 04:31 . 2012-03-05 04:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-03 08:28 . 2012-03-03 08:28 -------- d-----w- C:\_OTL
2012-03-03 03:59 . 2012-03-04 02:33 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-26 13:17 . 2012-02-26 13:17 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-26 13:17 . 2012-02-26 13:17 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-26 13:17 . 2012-02-26 13:17 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-02-26 13:17 . 2012-02-26 13:17 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-02-26 03:14 . 2012-03-01 17:24 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-26 01:22 . 2012-03-04 22:39 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\users\Mark\AppData\Roaming\Malwarebytes
2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\programdata\Malwarebytes
2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-24 22:59 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-22 00:17 . 2012-03-02 12:46 -------- d-----w- c:\users\UpdatusUser
2012-02-22 00:15 . 2012-02-10 04:13 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-22 00:15 . 2012-02-10 04:13 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-22 00:15 . 2012-02-10 04:13 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-22 00:15 . 2012-02-10 04:13 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-22 00:15 . 2012-02-10 04:13 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-22 00:15 . 2012-02-10 04:13 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-22 00:15 . 2012-02-10 04:13 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-17 22:47 . 2012-02-17 22:47 -------- d-----w- c:\users\Mark\AppData\Roaming\AVG2012
2012-02-17 22:44 . 2012-02-25 03:09 -------- d-----w- c:\programdata\AVG2012
2012-02-17 20:58 . 2012-02-25 02:42 -------- d-----w- c:\programdata\MFAData
2012-02-09 20:05 . 2012-02-09 20:05 416064 ----a-w- c:\windows\system32\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-04 22:41 . 2011-03-14 13:06 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2012-03-04 02:40 . 2011-03-14 13:06 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-02-28 16:25 . 2011-03-14 13:08 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-02-24 22:55 . 2010-09-11 16:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-10 04:13 . 2011-10-17 02:10 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-10 04:13 . 2011-10-17 02:10 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-10 04:13 . 2011-02-23 01:57 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-10 04:13 . 2009-06-10 17:33 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:13 . 2009-06-10 17:33 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-10 03:02 . 2011-02-23 00:40 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:00 . 2011-02-23 00:39 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-10 03:00 . 2011-02-23 00:38 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:00 . 2011-02-23 00:38 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-10 03:00 . 2009-06-10 08:34 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-26 13:17 . 2011-06-17 13:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-23 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-10 385024]
"DLBTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-22 73728]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Impulse Now.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2009-6-9 2042088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\WG311v3.exe [2005-8-31 1691648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Update Agent.lnk
backup=c:\windows\pss\Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-10 09:02 216520 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2008-11-04 11:40 2087424 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qmofiltr
pserve
vmparport
k750mdfl
delldmi
hcf_msft
knobserv
tvtpktfilter
datasvr2
amdk77
clsched
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-23 07:15]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 22:16]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 22:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.bbc.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mod.uk\www.westminster
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\yqgk2812.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/|http://www.hotmail.com/|http://www.facebook.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-01172566.sys
SafeBoot-03506180.sys
SafeBoot-16759884.sys
SafeBoot-23715927.sys
SafeBoot-35322252.sys
SafeBoot-47446112.sys
SafeBoot-53918648.sys
SafeBoot-99381612.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-05 04:31
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:95,f0,cb,53,9a,96,d9,c6,ad,ef,7c,3c,7e,8b,6b,a3,ff,28,9d,b4,75,d4,82,
26,15,8f,b4,41,79,6c,09,51,8c,9d,91,01,67,9b,86,e0,74,e9,a2,47,79,c5,f6,54,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\SecuROM\License information*]
"datasecu"=hex:f4,f1,7f,cf,66,dd,ac,72,8d,ac,be,3a,9d,4b,e4,d9,ab,7b,d6,f6,9d,
0d,17,ea,ee,d3,da,33,d4,78,a6,c5,ea,e0,39,41,67,35,ac,cc,d6,8a,b3,9d,50,a5,\
"rkeysecu"=hex:d1,e1,fa,c4,59,30,95,93,46,98,0f,5a,99,e8,81,17
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-03-05 04:33:44
ComboFix-quarantined-files.txt 2012-03-05 04:33
ComboFix2.txt 2012-02-26 03:26
.
Pre-Run: 39,110,111,232 bytes free
Post-Run: 39,197,859,840 bytes free
.
- - End Of File - - 0F994AA1DB536BD102FBF56C0211BA36
 
The machine is currently running in normal mode (and for info I have no anti virus installed at the moment as I took AVG off the first time I ran combofix earlier in the thread)
 
Good :)

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\windows\system32\dds_trash_log.cmd

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
You must log in or register to reply here.

Similar threads

D
Mini PCs sold on Amazon contained factory-installed spyware
Replies
16
Views
400
Fastturtle
F
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
Nicki
Solved Must have picked up something... some COVID computer variant???
Replies
9
Views
3K
Broni
Broni

Latest posts

Back