Solved Trying to clear out remnants of XP *** 2012 infection

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
 
GooredFix by jpshortstuff (03.07.10.1)
Log created at 13:06 on 20/02/2012 (HP_Administrator)
Firefox version 3.5.5 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
(none)

C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\
ctrltabpreview@extensions.hesslow.se [17:31 14/03/2007]
firebug@software.joehewitt.com [11:43 07/05/2007]
linkalert.conlan@addons.mozilla.com [21:47 24/05/2008]
piraton@enchufados.net [15:14 09/08/2007]
videodowloader@videodownloader.net [07:00 07/03/2007]
{075538f3-a7a9-498a-8e0d-12f2e2ff862a} [22:01 11/09/2007]
{0cdfdd5e-eea6-45ff-b035-81243cf02efb} [02:50 11/02/2007]
{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [11:21 22/09/2008]
{35106bca-6c78-48c7-ac28-56df30b51d2a} [17:39 30/07/2008]
{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [18:54 01/08/2008]
{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF} [23:37 02/09/2008]
{73a6fe31-595d-460b-a920-fcc0f8843232} [11:21 22/09/2008]
{77b819fa-95ad-4f2c-ac7c-486b356188a9} [04:01 18/06/2007]
{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [17:39 30/07/2008]
{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [11:21 22/09/2008]
{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [03:35 07/06/2008]
{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [18:04 30/08/2010]
{c50ca3c4-5656-43c2-a061-13e717f73fc8} [17:39 30/07/2008]
{C985DAC8-338E-11DB-8AF6-B622A1EF5492} [15:15 16/03/2007]
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [15:15 19/06/2008]
{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [15:15 19/06/2008]
{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [15:15 19/06/2008]
{F807FACD-E46A-4793-B345-D58CB177673C} [11:21 22/09/2008]

C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\
betterfacebook@mattkruse.com [04:34 10/09/2011]
DeviceDetection@logitech.com [02:01 11/08/2011]
firebug@software.joehewitt.com [04:38 13/05/2010]
lazarus@interclue.com [04:34 10/09/2011]
linkalert.conlan@addons.mozilla.com [21:03 28/06/2011]
staged-xpis [05:27 03/10/2009]
VacuumPlaces@revertron.com [16:30 04/10/2009]
weatherwatcherlive@singerscreations.com [21:03 28/06/2011]
webmaster@keep-tube.com [04:38 13/05/2010]
{075538f3-a7a9-498a-8e0d-12f2e2ff862a} [17:52 07/09/2009]
{0cdfdd5e-eea6-45ff-b035-81243cf02efb} [05:11 13/10/2008]
{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [04:33 10/09/2011]
{35106bca-6c78-48c7-ac28-56df30b51d2a} [04:31 27/04/2010]
{37E4D8EA-8BDA-4831-8EA1-89053939A250} [21:03 28/06/2011]
{3EC9C995-8072-4fc0-953E-4F30620D17F3} [06:14 28/07/2009]
{45d8ff86-d909-11db-9705-005056c00008} [19:25 19/12/2010]
{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [21:04 28/06/2011]
{563e4790-7e70-11da-a72b-0800200c9a66} [04:33 10/09/2011]
{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF} [02:30 29/09/2009]
{71328583-3CA7-4809-B4BA-570A85818FBB} [15:09 05/01/2012]
{73a6fe31-595d-460b-a920-fcc0f8843232} [04:33 10/09/2011]
{77b819fa-95ad-4f2c-ac7c-486b356188a9} [12:36 06/06/2009]
{8F6A6FD9-0619-459f-B9D0-81DE065D4E21} [04:31 27/04/2010]
{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [04:38 13/05/2010]
{9f94fab0-58a2-11dd-ae16-0800200c9a66} [12:20 31/08/2009]
{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [02:01 11/08/2011]
{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [19:25 19/12/2010]
{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [18:04 30/08/2010]
{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [19:52 13/11/2011]
{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash [19:52 13/11/2011]
{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [20:43 29/10/2011]
{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [02:01 11/08/2011]
{c50ca3c4-5656-43c2-a061-13e717f73fc8} [04:33 10/09/2011]
{cd617372-6743-4ee4-bac4-fbf60f35719e} [20:42 16/10/2010]
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [02:01 11/08/2011]
{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [19:25 19/12/2010]
{DDC359D1-844A-42a7-9AA1-88A850A938A8} [21:04 28/06/2011]
{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [09:48 13/08/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"web-accelerator@google.com"="C:\Program Files\Google\Web Accelerator\firefox" [16:01 26/01/2007]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [03:09 18/04/2009]
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files\AVG\AVG2012\Firefox4\" [21:35 19/02/2012]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG2012\Firefox\" [21:35 19/02/2012]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [04:51 20/02/2012]

-=E.O.F=-
 
AVG is popping up MRXSMB.sys

Farbar Service Scanner Version: 13-02-2012
Ran by HP_Administrator (administrator) on 20-02-2012 at 17:47:57
Running from "C:\Documents and Settings\HP_Administrator\Desktop"
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Yahoo IP returend error: Yahoo IP is offline


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainP

rofile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standar

dProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2004-08-09 16:00] - [2006-05-19 07:59] - 0111616 ____N (Microsoft Corporation)

EF545E1A4B043DA4C84E230DD471C55F

C:\WINDOWS\system32\Drivers\afd.sys
[2004-08-09 16:00] - [2008-08-14 04:51] - 0138368 ____A (Microsoft Corporation)

55E6E1C51B6D30E54335750955453702

C:\WINDOWS\system32\Drivers\netbt.sys
[2012-02-12 20:42] - [2004-08-09 16:00] - 0162816 ____A (Microsoft Corporation)

0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2004-08-09 16:00] - [2008-06-20 05:45] - 0360320 ____A (Microsoft Corporation)

2A5554FC5B1E04E131230E3CE035C3F9

C:\WINDOWS\system32\Drivers\ipsec.sys
[2004-08-09 16:00] - [2004-08-09 16:00] - 0074752 ____A (Microsoft Corporation)

64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-09 16:00] - [2008-02-20 00:32] - 0045568 ____A (Microsoft Corporation)

AAC8FFBFD61E784FA3BAC851D4A0BD5F

C:\WINDOWS\system32\ipnathlp.dll
[2004-08-09 16:00] - [2004-08-09 16:00] - 0331264 ____N (Microsoft Corporation)

36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2004-08-09 16:00] - [2005-08-22 13:29] - 0197632 ____A (Microsoft Corporation)

36739B39267914BA69AD0610A0299732

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2004-08-09 16:00] - [2004-08-09 16:00] - 0144896 ____N (Microsoft Corporation)

F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll
[2004-08-09 16:00] - [2004-08-09 16:00] - 0170496 ____N (Microsoft Corporation)

92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys
[2004-08-09 16:00] - [2004-08-09 16:00] - 0073472 ____N (Microsoft Corporation)

E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll
[2004-08-09 16:00] - [2004-08-09 16:00] - 0081408 ____A (Microsoft Corporation)

4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2004-08-09 16:00] - [2004-08-09 16:00] - 0144896 ____N (Microsoft Corporation)

F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll
[2004-08-09 16:00] - [2004-08-09 16:00] - 0006656 ____A (Microsoft Corporation)

13D72740963CBA12D9FF76A7F218BCD8

C:\WINDOWS\system32\qmgr.dll
[2004-08-09 16:00] - [2004-08-09 16:00] - 0382464 ____N (Microsoft Corporation)

2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll
[2004-08-09 16:00] - [2008-07-07 15:32] - 0253952 ____A (Microsoft Corporation)

60D1A6342238378BFB7545C81EE3606C

C:\WINDOWS\system32\cryptsvc.dll
[2004-08-09 16:00] - [2004-08-09 16:00] - 0060416 ____N (Microsoft Corporation)

10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe
[2004-08-09 16:00] - [2004-08-09 16:00] - 0014336 ____N (Microsoft Corporation)

8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll
[2004-08-09 16:00] - [2009-02-09 05:20] - 0399360 ____A (Microsoft Corporation)

01095FEBF33BEEA00C2A0730B9B3EC28

C:\WINDOWS\system32\services.exe
[2004-08-09 16:00] - [2009-02-06 12:14] - 0110592 ____N (Microsoft Corporation)

37561F8D4160D62DA86D24AE41FAE8DE


Extra List:
=======
Avgtdix(14) Bridge(12) BridgeMP(11) Gpc(6) IPSec(4) NetBT(5) PSched(7) pwipf6(13) Tcpip(3)
0x0E00000004000000010000000200000003000000080000000A0000000E000000050000000600000007000000090000000B

0000000C0000000D000000
IpSec Tag value is correct.

**** End of log ****

C:\Documents and Settings\HP_Administrator\Desktop\Stuff\xnews\downloads\d-1036me1\DVT.rar

probably a variant of Win32/Agent.CXGAPFH trojan deleted - quarantined
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\asc-setup.exe a variant of

Win32/Toolbar.Widgi application deleted - quarantined
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\gamebooster.exe a variant of

Win32/Toolbar.Widgi application deleted - quarantined
C:\Downloads\Astral.Masters.v1.4.WinALL.Incl.Keygen.ECLiPSE.zip probably a variant of

Win32/Agent.DRHDRYQ trojan deleted - quarantined
C:\Downloads\Temp\Babylon8_setup.exe a variant of Win32/Toolbar.Babylon application deleted -

quarantined
C:\Downloads\Temp\cnet2_pgsetup_exe.exe a variant of Win32/InstallCore.D application cleaned by

deleting - quarantined
C:\Downloads\Temp\freez_online_tv.exe Win32/Adware.ADON application deleted - quarantined
C:\Downloads\Temp\sophie_nudealbum_june7.zip a variant of Win32/Injector.AIB trojan deleted -

quarantined
C:\GamesCampus\SoulMaster\smc.exe a variant of Win32/Packed.Themida application cleaned by

deleting - quarantined
C:\hp\bin\wbug\HPPavillion_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application

deleted - quarantined
C:\mirc\xserv.mrc IRC/Azzura trojan cleaned by deleting - quarantined
C:\Program Files\Internet\Hirc\download\mircbot.zip IRC/Azzura trojan deleted -

quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\dtsoftbus01.sys.vir a variant of

Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\netbt.sys.vir a variant of Win32/Sirefef.DA trojan

cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\serial.sys.vir a variant of Win32/Sirefef.DA trojan

cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP479\A0180246.com

Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP479\A0180262.sys a

variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP479\A0180311.exe a

variant of Win32/Toolbar.Babylon application deleted - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP479\A0180312.exe a

variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP479\A0180313.exe

Win32/Adware.ADON application deleted - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP479\A0180314.exe a

variant of Win32/Packed.Themida application cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP479\A0180315.exe a

variant of Win32/Toolbar.MyWebSearch application deleted - quarantined
C:\WINDOWS\system32\sfsync02.dll probably a variant of Win32/Sirefef.ER trojan cleaned by

deleting - quarantined
C:\WINDOWS\system32\Vundo.7z multiple threats deleted - quarantined
C:\WINDOWS\system32\w810bus.dll probably a variant of Win32/Sirefef.ER trojan cleaned by deleting

- quarantined
C:\WINDOWS\system32\drivers\mrxsmb.sys a variant of Win32/Sirefef.DA trojan unable to clean
D:\I386\APPS\APP14197\src\CompaqPresario_Spring06.exe a variant of Win32/Toolbar.MyWebSearch

application deleted - quarantined
D:\I386\APPS\APP14197\src\HPPavillion_Spring06.exe a variant of Win32/Toolbar.MyWebSearch

application deleted - quarantined
D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP479\A0180338.exe a

variant of Win32/Toolbar.MyWebSearch application deleted - quarantined
D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP479\A0180339.exe a

variant of Win32/Toolbar.MyWebSearch application deleted - quarantined
J:\Documents and Settings\All Users\Start Menu\Programs\Internet Tools\Webcamspy\Help\Webcam Spy

Supportpage.lnk LNK/URL.B trojan cleaned by deleting - quarantined
J:\Documents and Settings\Circuit City\Desktop\Stuff\wwwhack\more_names.txt probably a variant

of Win32/IRCBot.JSAITPW trojan cleaned by deleting - quarantined
J:\Downloads\Torrents\Fallout.3.FinalFix.Skullptura.rar probably a variant of Win32/Agent.DSLWBHV

trojan deleted - quarantined
J:\Downloads\Torrents\MorphVox Pro 4.2.0.0 + patch by [misterT].zip a variant of

Win32/Injector.AIB trojan deleted - quarantined
J:\Downloads\Torrents\Extreme Se7en 2010 Ultimate [Final + SP3]\[WinXP] Extreme Se7en 2010 Ultimate

[Final + SP3] Created By Jcberry526 [CW OS Team].iso multiple threats deleted -

quarantined
J:\Downloads\Torrents\SoulMaster_Setup\SoulMaster_Setup.exe a variant of Win32/Packed.Themida

application deleted - quarantined
J:\Downloads\Torrents\Virtual Sex_Doctor and Nurse-[games anime hentai games]\Doc_and_Nurse.rar a

variant of Win32/Chepdu.AC trojan deleted - quarantined
J:\Downloads\Torrents\WM.Recorder.v10.1.Incl.Keygen.and.Patch-

iNFECTED\WM.Recorder.v10.1.Incl.Keygen.and.Patch-iNFECTED.ZIP probably a variant of

Win32/Agent.FJRKSRJ trojan deleted - quarantined
K:\mIRCbot.zip IRC/Azzura trojan deleted - quarantined
K:\CDS\[WinXP] Extreme Se7en 2010 Ultimate [Final + SP3] Created By Jcberry526 [CW OS Team].iso

multiple threats deleted - quarantined
K:\Download\3DSexVilla.2.058.002.Full.Offline.By.FreeCoder.zip a variant of Win32/Inject.NDT trojan

deleted - quarantined
Operating memory Win32/Sirefef.DN trojan
 
Please disable "word wrap" in Notepad as your logs are hard to read.

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Was waiting just a bit for something to finish when a 'delayed write failed' error popped up and froze the system. Now it isn't booting normally and I can only get into a very slow safe mode. I have tdss downloaded before it did this despite 'bad write' issues. Should I just do it in safe mode or try what worked before (Surface scan from a boot cd) and run in normal mode?
 
Was waiting just a bit for something to finish
What was "something"?
My instructions clearly say not to run any other tools until we're done.

Yes you can run TDSSKiller from safe mode.
 
Wasn't a tool. Just a movie that I didn't think would take more than a few minutes to finish downloading. I hadn't seen that error pop up in a week or so and kinda hoped it was gone.
 
15:13:54.0968 1580 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
15:13:55.0062 1580 ============================================================
15:13:55.0062 1580 Current date / time: 2012/02/24 15:13:55.0062
15:13:55.0062 1580 SystemInfo:
15:13:55.0062 1580
15:13:55.0062 1580 OS Version: 5.1.2600 ServicePack: 2.0
15:13:55.0062 1580 Product type: Workstation
15:13:55.0062 1580 ComputerName: ELENGIL
15:13:55.0062 1580 UserName: HP_Administrator
15:13:55.0062 1580 Windows directory: C:\WINDOWS
15:13:55.0062 1580 System windows directory: C:\WINDOWS
15:13:55.0062 1580 Processor architecture: Intel x86
15:13:55.0062 1580 Number of processors: 6
15:13:55.0062 1580 Page size: 0x1000
15:13:55.0062 1580 Boot type: Safe boot
15:13:55.0062 1580 ============================================================
15:14:20.0093 1580 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DCE0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFE, Type 'K0', Flags 0x00000054
15:14:20.0109 1580 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:14:20.0125 1580 Drive \Device\Harddisk2\DR2 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:14:20.0187 1580 \Device\Harddisk0\DR0:
15:14:20.0187 1580 MBR used
15:14:20.0187 1580 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x249ED825
15:14:20.0203 1580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x249ED8A3, BlocksNum 0x4FD1811E
15:14:20.0203 1580 \Device\Harddisk1\DR1:
15:14:20.0203 1580 MBR used
15:14:20.0203 1580 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x242776FE
15:14:20.0203 1580 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x2427B5FE, BlocksNum 0x11B20C3
15:14:20.0203 1580 \Device\Harddisk2\DR2:
15:14:20.0203 1580 MBR used
15:14:20.0218 1580 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x4B0E7A2, BlocksNum 0xE7A66D1
15:14:20.0593 1580 Initialize success
15:14:20.0593 1580 ============================================================
15:14:31.0984 1600 ============================================================
15:14:31.0984 1600 Scan started
15:14:31.0984 1600 Mode: Manual;
15:14:31.0984 1600 ============================================================
15:14:33.0171 1600 .avgtdix - ok
15:14:33.0187 1600 .dtsoftbus01 - ok
15:14:33.0218 1600 .redbook - ok
15:14:33.0687 1600 Abiosdsk - ok
15:14:34.0140 1600 abp480n5 - ok
15:14:34.0718 1600 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:14:34.0828 1600 ACPI - ok
15:14:35.0296 1600 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:14:35.0296 1600 ACPIEC - ok
15:14:35.0765 1600 adpu160m - ok
15:14:36.0296 1600 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
15:14:36.0375 1600 aec - ok
15:14:36.0921 1600 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
15:14:37.0031 1600 AFD - ok
15:14:37.0500 1600 AFGMp50 - ok
15:14:37.0968 1600 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys
15:14:37.0984 1600 AFGSp50 - ok
15:14:38.0421 1600 Aha154x - ok
15:14:38.0843 1600 aic78u2 - ok
15:14:39.0328 1600 aic78xx - ok
15:14:39.0781 1600 AliIde - ok
15:14:40.0281 1600 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
15:14:40.0296 1600 AmdK8 - ok
15:14:40.0828 1600 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
15:14:40.0875 1600 AmdPPM - ok
15:14:41.0312 1600 amsint - ok
15:14:41.0796 1600 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys
15:14:41.0812 1600 androidusb - ok
15:14:42.0296 1600 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
15:14:42.0312 1600 aracpi - ok
15:14:42.0796 1600 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
15:14:42.0796 1600 arhidfltr - ok
15:14:43.0281 1600 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
15:14:43.0281 1600 arkbcfltr - ok
15:14:43.0734 1600 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
15:14:43.0734 1600 armoucfltr - ok
15:14:44.0234 1600 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:14:44.0265 1600 Arp1394 - ok
15:14:44.0781 1600 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
15:14:44.0796 1600 ARPolicy - ok
15:14:45.0296 1600 asc - ok
15:14:45.0718 1600 asc3350p - ok
15:14:46.0140 1600 asc3550 - ok
15:14:46.0625 1600 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\WINDOWS\system32\drivers\AsIO.sys
15:14:46.0625 1600 AsIO - ok
15:14:47.0078 1600 Aspi32 - ok
15:14:47.0546 1600 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:14:47.0546 1600 AsyncMac - ok
15:14:48.0078 1600 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:14:48.0078 1600 atapi - ok
15:14:48.0562 1600 Atdisk - ok
15:14:49.0046 1600 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:14:49.0093 1600 Atmarpc - ok
15:14:49.0625 1600 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:14:49.0625 1600 audstub - ok
15:14:50.0187 1600 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
15:14:50.0265 1600 AVGIDSDriver - ok
15:14:50.0750 1600 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
15:14:50.0765 1600 AVGIDSEH - ok
15:14:51.0250 1600 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
15:14:51.0265 1600 AVGIDSFilter - ok
15:14:51.0765 1600 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
15:14:51.0765 1600 AVGIDSShim - ok
15:14:52.0390 1600 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
15:14:52.0531 1600 Avgldx86 - ok
15:14:53.0015 1600 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
15:14:53.0046 1600 Avgmfx86 - ok
15:14:53.0546 1600 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
15:14:53.0578 1600 Avgrkx86 - ok
15:14:54.0031 1600 Avgtdix - ok
15:14:54.0546 1600 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
15:14:54.0546 1600 bb-run - ok
15:14:55.0046 1600 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:14:55.0046 1600 Beep - ok
15:14:55.0578 1600 Bridge (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
15:14:55.0609 1600 Bridge - ok
15:14:55.0671 1600 BridgeMP (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
15:14:55.0671 1600 BridgeMP - ok
15:14:56.0187 1600 BT848 (703ab1e942c1606c7e1ecaf8bf89dd66) C:\WINDOWS\system32\DRIVERS\BT848.sys
15:14:56.0187 1600 BT848 - ok
15:14:56.0687 1600 Cardex (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPANEL.SYS
15:14:56.0687 1600 Cardex - ok
15:14:56.0796 1600 catchme - ok
15:14:57.0296 1600 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:14:57.0312 1600 cbidf2k - ok
15:14:57.0796 1600 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:14:57.0812 1600 CCDECODE - ok
15:14:58.0265 1600 cd20xrnt - ok
15:14:58.0734 1600 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:14:58.0750 1600 Cdaudio - ok
15:14:59.0281 1600 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
15:14:59.0312 1600 Cdfs - ok
15:14:59.0843 1600 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:14:59.0875 1600 Cdrom - ok
15:15:00.0375 1600 cfadisk (b9f8223f5edbdcb089969aec5406d95a) C:\WINDOWS\system32\DRIVERS\cfadisk.sys
15:15:00.0375 1600 cfadisk - ok
15:15:00.0828 1600 Changer - ok
15:15:01.0312 1600 CmdIde - ok
15:15:01.0750 1600 Cpqarray - ok
15:15:02.0218 1600 dac2w2k - ok
15:15:02.0656 1600 dac960nt - ok
15:15:03.0171 1600 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
15:15:03.0187 1600 Disk - ok
15:15:04.0109 1600 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
15:15:04.0593 1600 dmboot - ok
15:15:05.0187 1600 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
15:15:05.0265 1600 dmio - ok
15:15:05.0734 1600 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:15:05.0750 1600 dmload - ok
15:15:06.0250 1600 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
15:15:06.0281 1600 DMusic - ok
15:15:06.0750 1600 dpti2o - ok
15:15:07.0218 1600 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
15:15:07.0218 1600 drmkaud - ok
15:15:07.0703 1600 dtsoftbus01 - ok
15:15:08.0140 1600 EagleNT - ok
15:15:08.0640 1600 EAPPkt (c47e7c5e7410c7de98f7219e3008c23d) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
15:15:08.0671 1600 EAPPkt - ok
15:15:09.0250 1600 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
15:15:09.0328 1600 Fastfat - ok
15:15:09.0843 1600 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
15:15:09.0859 1600 Fdc - ok
15:15:10.0390 1600 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
15:15:10.0406 1600 FilterService - ok
15:15:10.0906 1600 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
15:15:10.0921 1600 Fips - ok
15:15:11.0390 1600 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:15:11.0406 1600 Flpydisk - ok
15:15:11.0937 1600 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:15:12.0031 1600 FltMgr - ok
15:15:12.0531 1600 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:15:12.0531 1600 Fs_Rec - ok
15:15:13.0046 1600 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:15:13.0125 1600 Ftdisk - ok
15:15:13.0671 1600 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
15:15:13.0765 1600 ftsata2 - ok
15:15:14.0187 1600 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
15:15:14.0328 1600 giveio - ok
15:15:14.0796 1600 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:15:14.0812 1600 Gpc - ok
15:15:15.0453 1600 hcwPP2 (9436fbf3ca45a0fb726856b409734d7a) C:\WINDOWS\system32\DRIVERS\hcwPP2.sys
15:15:15.0578 1600 hcwPP2 - ok
15:15:16.0125 1600 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:15:16.0125 1600 HDAudBus - ok
15:15:16.0625 1600 HidIr (07577916997e89563ed508c2ab6ff415) C:\WINDOWS\system32\DRIVERS\hidir.sys
15:15:16.0640 1600 HidIr - ok
15:15:17.0125 1600 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:15:17.0140 1600 HidUsb - ok
15:15:17.0578 1600 hpn - ok
15:15:18.0203 1600 HSXHWBS2 (1f5c64b0c6b2e2f48735a77ae714ccb8) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
15:15:18.0343 1600 HSXHWBS2 - ok
15:15:19.0343 1600 HSX_DP (a7f8c9228898a1e871d2ae7082f50ac3) C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
15:15:19.0859 1600 HSX_DP - ok
15:15:20.0406 1600 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
15:15:20.0421 1600 HTCAND32 - ok
15:15:21.0046 1600 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
15:15:21.0203 1600 HTTP - ok
15:15:21.0671 1600 i2omgmt - ok
15:15:22.0109 1600 i2omp - ok
15:15:22.0640 1600 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:15:22.0671 1600 i8042prt - ok
15:15:23.0187 1600 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:15:23.0203 1600 Imapi - ok
15:15:23.0687 1600 ini910u - ok
15:15:26.0531 1600 IntcAzAudAddService (ab2fe0faa519880bd16e4a0792d633d2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:15:28.0890 1600 IntcAzAudAddService - ok
15:15:29.0390 1600 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:15:29.0390 1600 IntelIde - ok
15:15:29.0875 1600 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\drivers\intelppm.sys
15:15:29.0890 1600 intelppm - ok
15:15:30.0406 1600 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:15:30.0421 1600 Ip6Fw - ok
15:15:30.0937 1600 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:15:30.0968 1600 IpFilterDriver - ok
15:15:31.0421 1600 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:15:31.0437 1600 IpInIp - ok
15:15:31.0984 1600 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:15:32.0062 1600 IpNat - ok
15:15:32.0578 1600 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:15:32.0625 1600 IPSec - ok
15:15:33.0218 1600 IrBus (0461e205fa8870f9020ffe7c64721e75) C:\WINDOWS\system32\DRIVERS\IrBus.sys
15:15:33.0234 1600 IrBus - ok
15:15:33.0718 1600 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:15:33.0718 1600 IRENUM - ok
15:15:34.0218 1600 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:15:34.0234 1600 isapnp - ok
15:15:34.0734 1600 ivusb (de96bbf842059a67d876b692076d8875) C:\WINDOWS\system32\DRIVERS\ivusb.sys
15:15:34.0750 1600 ivusb - ok
15:15:35.0250 1600 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:15:35.0265 1600 Kbdclass - ok
15:15:35.0765 1600 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:15:35.0781 1600 kbdhid - ok
15:15:36.0343 1600 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
15:15:36.0437 1600 kmixer - ok
15:15:36.0984 1600 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
15:15:37.0031 1600 KSecDD - ok
15:15:37.0515 1600 L8042Kbd (58759156a6918913edd368f995be3e53) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
15:15:37.0531 1600 L8042Kbd - ok
15:15:38.0015 1600 L8042mou (973f78482aa2f2760323900b3a501c40) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
15:15:38.0046 1600 L8042mou - ok
15:15:38.0218 1600 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
15:15:38.0234 1600 Lavasoft Kernexplorer - ok
15:15:38.0765 1600 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
15:15:38.0796 1600 Lbd - ok
15:15:39.0281 1600 LBeepKE (5644acfa1b281ce2212353552147d1a0) C:\WINDOWS\system32\Drivers\LBeepKE.sys
15:15:39.0281 1600 LBeepKE - ok
15:15:39.0734 1600 lbrtfdc - ok
15:15:40.0218 1600 LEqdUsb (0fe8fefe98626509661b50ea20ecd129) C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
15:15:40.0250 1600 LEqdUsb - ok
15:15:40.0781 1600 LHidEqd (93657522a5dd7da4c81fb347973ae01c) C:\WINDOWS\system32\Drivers\LHidEqd.Sys
15:15:40.0781 1600 LHidEqd - ok
15:15:41.0296 1600 LHidFilt (05d6b85ecc3204931923ab7940b9596e) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
15:15:41.0296 1600 LHidFilt - ok
15:15:41.0828 1600 LMouFilt (053dbcc1082fdf74ab145a71917a6556) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
15:15:41.0828 1600 LMouFilt - ok
15:15:42.0328 1600 LMouKE (2a3e4db78b20b2cd2c548a48a8e6b1b7) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
15:15:42.0375 1600 LMouKE - ok
15:15:42.0859 1600 LUsbFilt (95dab70d56bbac7ddb7e6d0017d71369) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
15:15:42.0859 1600 LUsbFilt - ok
15:15:43.0390 1600 lvpopflt (9fb982de1c8dd769f8ed681dd878b12f) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
15:15:43.0453 1600 lvpopflt - ok
15:15:43.0937 1600 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
15:15:43.0953 1600 LVPr2Mon - ok
15:15:44.0546 1600 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
15:15:44.0703 1600 LVRS - ok
15:15:48.0796 1600 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
15:15:52.0484 1600 LVUVC - ok
15:15:53.0015 1600 mcdbus (cf156a4797551f88fea61567e052dcec) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
15:15:53.0062 1600 mcdbus - ok
15:15:53.0546 1600 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:15:53.0562 1600 mdmxsdk - ok
15:15:54.0031 1600 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
15:15:54.0031 1600 MHNDRV - ok
15:15:54.0484 1600 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:15:54.0500 1600 mnmdd - ok
15:15:54.0968 1600 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
15:15:54.0984 1600 Modem - ok
15:15:55.0468 1600 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:15:55.0468 1600 Mouclass - ok
15:15:55.0953 1600 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:15:55.0953 1600 mouhid - ok
15:15:56.0468 1600 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
15:15:56.0484 1600 MountMgr - ok
15:15:56.0937 1600 mraid35x - ok
15:15:57.0484 1600 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:15:57.0593 1600 MRxDAV - ok
15:15:58.0312 1600 MRxSmb (a2c21446c741fde74afb3efc779b9d25) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:15:58.0546 1600 MRxSmb ( Virus.Win32.ZAccess.c ) - infected
15:15:58.0546 1600 MRxSmb - detected Virus.Win32.ZAccess.c (0)
15:15:59.0046 1600 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
15:15:59.0062 1600 Msfs - ok
15:15:59.0531 1600 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:15:59.0531 1600 MSKSSRV - ok
15:16:00.0031 1600 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:16:00.0031 1600 MSPCLOCK - ok
15:16:00.0531 1600 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
15:16:00.0531 1600 MSPQM - ok
15:16:01.0000 1600 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:16:01.0000 1600 mssmbios - ok
15:16:01.0500 1600 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
15:16:01.0500 1600 MSTEE - ok
15:16:01.0984 1600 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
15:16:01.0984 1600 MTsensor - ok
15:16:02.0515 1600 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
15:16:02.0593 1600 Mup - ok
15:16:03.0140 1600 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:16:03.0203 1600 NABTSFEC - ok
15:16:03.0734 1600 NCHSSVAD (0df9cc7b5cc173f545723f23e68fac93) C:\WINDOWS\system32\drivers\nchssvad.sys
15:16:03.0750 1600 NCHSSVAD - ok
15:16:04.0328 1600 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
15:16:04.0437 1600 NDIS - ok
15:16:04.0921 1600 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:16:04.0921 1600 NdisIP - ok
15:16:05.0437 1600 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:16:05.0437 1600 NdisTapi - ok
15:16:05.0937 1600 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:16:05.0937 1600 Ndisuio - ok
15:16:06.0515 1600 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:16:06.0593 1600 NdisWan - ok
15:16:07.0093 1600 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
15:16:07.0125 1600 NDProxy - ok
15:16:07.0593 1600 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:16:07.0609 1600 NetBIOS - ok
15:16:08.0203 1600 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:16:08.0296 1600 NetBT - ok
15:16:08.0828 1600 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:16:08.0859 1600 NIC1394 - ok
15:16:09.0390 1600 nm (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys
15:16:09.0421 1600 nm - ok
15:16:09.0937 1600 NPF (243126da7ba441d7c7c3262dcf435a9c) C:\WINDOWS\system32\drivers\npf.sys
15:16:09.0953 1600 NPF - ok
15:16:10.0453 1600 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
15:16:10.0468 1600 Npfs - ok
15:16:10.0921 1600 npkcrypt - ok
15:16:11.0390 1600 npkycryp - ok
15:16:11.0843 1600 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys
15:16:11.0953 1600 NPPTNT2 - ok
15:16:12.0750 1600 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
15:16:13.0078 1600 Ntfs - ok
15:16:13.0593 1600 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:16:13.0593 1600 Null - ok
15:16:14.0078 1600 nusb3hub (9a3879b890f395ef8007a69543b56e8d) C:\WINDOWS\system32\DRIVERS\nusb3hub.sys
15:16:14.0125 1600 nusb3hub - ok
15:16:14.0687 1600 nusb3xhc (61c3a3c6b35f596831358d954d20712f) C:\WINDOWS\system32\DRIVERS\nusb3xhc.sys
15:16:14.0765 1600 nusb3xhc - ok
15:16:20.0687 1600 nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:16:26.0093 1600 nv - ok
15:16:26.0593 1600 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
15:16:26.0640 1600 NVENETFD - ok
15:16:27.0203 1600 NVHDA (50acb7253d1104e5917e15a0670d63d5) C:\WINDOWS\system32\drivers\nvhda32.sys
15:16:27.0281 1600 NVHDA - ok
15:16:27.0781 1600 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
15:16:27.0796 1600 nvnetbus - ok
15:16:28.0281 1600 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:16:28.0281 1600 NwlnkFlt - ok
15:16:28.0765 1600 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:16:28.0781 1600 NwlnkFwd - ok
15:16:29.0281 1600 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:16:29.0328 1600 ohci1394 - ok
15:16:29.0859 1600 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
15:16:29.0890 1600 Parport - ok
15:16:30.0375 1600 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
15:16:30.0390 1600 PartMgr - ok
15:16:30.0859 1600 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:16:30.0859 1600 ParVdm - ok
15:16:31.0375 1600 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
15:16:31.0390 1600 PCASp50 - ok
15:16:31.0953 1600 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
15:16:31.0984 1600 PCI - ok
15:16:32.0421 1600 PCIDump - ok
15:16:32.0890 1600 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:16:32.0906 1600 PCIIde - ok
15:16:33.0437 1600 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:16:33.0500 1600 Pcmcia - ok
15:16:33.0968 1600 PDCOMP - ok
15:16:34.0406 1600 PDFRAME - ok
15:16:34.0890 1600 PDIDRV - ok
15:16:35.0359 1600 PDRELI - ok
15:16:35.0812 1600 PDRFRAME - ok
15:16:36.0265 1600 perc2 - ok
15:16:36.0718 1600 perc2hib - ok
15:16:36.0875 1600 pgfilter (79bad6756154335d5304f0fe39961f5b) C:\Program Files\PeerGuardian2\pgfilter.sys
15:16:36.0890 1600 pgfilter - ok
15:16:37.0406 1600 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:16:37.0421 1600 PptpMiniport - ok
15:16:37.0875 1600 PQNTDrv - ok
15:16:38.0359 1600 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
15:16:38.0375 1600 Processor - ok
15:16:38.0875 1600 PROCEXP113 (36c46561fdc566fd4943216aba090343) C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
15:16:38.0890 1600 PROCEXP113 - ok
15:16:39.0343 1600 procguard - ok
15:16:39.0828 1600 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
15:16:39.0843 1600 Ps2 - ok
15:16:40.0375 1600 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
15:16:40.0406 1600 PSched - ok
15:16:40.0890 1600 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:16:40.0906 1600 Ptilink - ok
15:16:41.0468 1600 pwipf6 (8c8eb906238b79b30621e0756d8eefe8) C:\WINDOWS\system32\DRIVERS\pwipf6.sys
15:16:41.0546 1600 pwipf6 - ok
15:16:42.0031 1600 PxHelp20 - ok
15:16:42.0500 1600 ql1080 - ok
15:16:42.0937 1600 Ql10wnt - ok
15:16:43.0390 1600 ql12160 - ok
15:16:43.0828 1600 ql1240 - ok
15:16:44.0265 1600 ql1280 - ok
15:16:44.0734 1600 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:16:44.0750 1600 RasAcd - ok
15:16:45.0250 1600 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:16:45.0281 1600 Rasl2tp - ok
15:16:45.0781 1600 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:16:45.0812 1600 RasPppoe - ok
15:16:46.0281 1600 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:16:46.0281 1600 Raspti - ok
15:16:46.0843 1600 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:16:46.0953 1600 Rdbss - ok
15:16:47.0468 1600 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:16:47.0468 1600 RDPCDD - ok
15:16:48.0031 1600 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:16:48.0140 1600 rdpdr - ok
15:16:48.0687 1600 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
15:16:48.0765 1600 RDPWD - ok
15:16:49.0234 1600 redbook - ok
15:16:49.0750 1600 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
15:16:49.0765 1600 rtl8139 - ok
15:16:50.0562 1600 RTL8192su (94fd6cab93f06045efd3068eba874e65) C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
15:16:50.0875 1600 RTL8192su - ok
15:16:51.0437 1600 RTLE8023xp (cb9310a5a910648d359c99a857e22a54) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
15:16:51.0515 1600 RTLE8023xp - ok
15:16:52.0046 1600 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:16:52.0062 1600 Secdrv - ok
15:16:52.0562 1600 Serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:16:52.0562 1600 Serenum - ok
15:16:53.0078 1600 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
15:16:53.0125 1600 Serial - ok
15:16:53.0625 1600 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
15:16:53.0625 1600 Sfloppy - ok
15:16:54.0093 1600 Simbad - ok
15:16:54.0515 1600 SjyPkt - ok
15:16:55.0000 1600 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:16:55.0000 1600 SLIP - ok
15:16:55.0453 1600 Sparrow - ok
15:16:55.0875 1600 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
15:16:55.0921 1600 speedfan - ok
15:16:56.0390 1600 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
15:16:56.0390 1600 splitter - ok
15:16:56.0890 1600 sptd (703ab1e942c1606c7e1ecaf8bf89dd66) C:\WINDOWS\System32\Drivers\sptd.sys
15:16:56.0906 1600 sptd - ok
15:16:57.0437 1600 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
15:16:57.0484 1600 sr - ok
15:16:58.0125 1600 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
15:16:58.0328 1600 Srv - ok
15:16:58.0875 1600 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
15:16:58.0937 1600 ssadbus - ok
15:16:59.0421 1600 ssadmdfl (703ab1e942c1606c7e1ecaf8bf89dd66) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
15:16:59.0421 1600 ssadmdfl - ok
15:16:59.0906 1600 ssadmdm (703ab1e942c1606c7e1ecaf8bf89dd66) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
15:16:59.0921 1600 ssadmdm - ok
15:17:00.0406 1600 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
15:17:00.0406 1600 StarOpen - ok
15:17:00.0890 1600 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:17:00.0906 1600 streamip - ok
15:17:01.0562 1600 supersafer (28f0f7f8e4c9039289c80ca1385bc4b7) C:\WINDOWS\system32\drivers\supersafer.sys
15:17:01.0750 1600 supersafer - ok
15:17:02.0218 1600 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:17:02.0234 1600 swenum - ok
15:17:02.0750 1600 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
15:17:02.0781 1600 swmidi - ok
15:17:03.0281 1600 sxuptp (703ab1e942c1606c7e1ecaf8bf89dd66) C:\WINDOWS\system32\DRIVERS\sxuptp.sys
15:17:03.0281 1600 sxuptp - ok
15:17:03.0718 1600 symc810 - ok
15:17:04.0156 1600 symc8xx - ok
15:17:04.0609 1600 sym_hi - ok
15:17:05.0031 1600 sym_u3 - ok
15:17:05.0546 1600 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
15:17:05.0578 1600 sysaudio - ok
15:17:06.0078 1600 TBPanel (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPanel.sys
15:17:06.0078 1600 TBPanel - ok
15:17:06.0781 1600 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:17:06.0968 1600 Tcpip - ok
15:17:07.0453 1600 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:17:07.0468 1600 TDPIPE - ok
15:17:07.0937 1600 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
15:17:07.0953 1600 TDTCP - ok
15:17:08.0437 1600 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:17:08.0453 1600 TermDD - ok
15:17:08.0968 1600 TfFsMon (a56ec942ecabfb7849bfa76060f929fb) C:\WINDOWS\system32\drivers\TfFsMon.sys
15:17:09.0000 1600 TfFsMon - ok
15:17:09.0531 1600 TfNetMon (917ef522563f6047685486efa486fb3c) C:\WINDOWS\system32\drivers\TfNetMon.sys
15:17:09.0562 1600 TfNetMon - ok
15:17:10.0078 1600 TfSysMon (57edbb5fe7ff09bb21121d13bb950ba5) C:\WINDOWS\system32\drivers\TfSysMon.sys
15:17:10.0125 1600 TfSysMon - ok
15:17:10.0578 1600 TosIde - ok
15:17:11.0093 1600 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
15:17:11.0140 1600 Udfs - ok
15:17:11.0609 1600 ultra - ok
15:17:12.0171 1600 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
15:17:12.0281 1600 Update - ok
15:17:12.0828 1600 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
15:17:12.0859 1600 usbaudio - ok
15:17:13.0359 1600 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:17:13.0375 1600 usbccgp - ok
15:17:13.0875 1600 usbehci (7481d843e672b51039b7e8a161b746b8) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:17:13.0890 1600 usbehci - ok
15:17:14.0375 1600 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:17:14.0406 1600 usbhub - ok
15:17:14.0875 1600 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:17:14.0890 1600 usbohci - ok
15:17:15.0359 1600 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:17:15.0375 1600 usbscan - ok
15:17:15.0890 1600 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:17:15.0906 1600 usbstor - ok
15:17:16.0375 1600 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:17:16.0390 1600 usbuhci - ok
15:17:16.0890 1600 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
15:17:16.0953 1600 usbvideo - ok
15:17:17.0531 1600 VBoxDrv (12525f65e8c561b66e0bce2de2018c0c) C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
15:17:17.0593 1600 VBoxDrv - ok
15:17:18.0109 1600 VBoxUSBMon (4ac4d33350cdd927cd575934cf983e68) C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
15:17:18.0125 1600 VBoxUSBMon - ok
15:17:18.0625 1600 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
15:17:18.0625 1600 VgaSave - ok
15:17:20.0234 1600 VIAHdAudAddService (3082f6f16f90ebcc85bf2a3d9880f3c5) C:\WINDOWS\system32\drivers\viahduaa.sys
15:17:21.0406 1600 VIAHdAudAddService - ok
15:17:21.0906 1600 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:17:21.0906 1600 ViaIde - ok
15:17:21.0953 1600 VirtualFD (2d8d84d0b90c9055c0b83050d8a17a89) C:\VFD\vfd.sys
15:17:21.0968 1600 VirtualFD - ok
15:17:22.0468 1600 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
15:17:22.0500 1600 VolSnap - ok
15:17:22.0984 1600 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:17:23.0000 1600 Wanarp - ok
15:17:23.0765 1600 Wdf01000 (4769596d7cc0f5fa447d2babc239672a) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:17:23.0765 1600 Wdf01000 - ok
15:17:24.0203 1600 WDICA - ok
15:17:24.0718 1600 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
15:17:24.0765 1600 wdmaud - ok
15:17:25.0609 1600 winachsx (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
15:17:26.0000 1600 winachsx - ok
15:17:26.0562 1600 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:17:26.0562 1600 WmiAcpi - ok
15:17:27.0093 1600 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
15:17:27.0125 1600 WpdUsb - ok
15:17:27.0656 1600 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:17:27.0671 1600 WS2IFSL - ok
15:17:28.0187 1600 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:17:28.0187 1600 WSTCODEC - ok
15:17:28.0718 1600 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:17:28.0765 1600 WudfPf - ok
15:17:29.0281 1600 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:17:29.0328 1600 WudfRd - ok
15:17:29.0781 1600 XIRLINK - ok
15:17:29.0828 1600 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:17:29.0843 1600 \Device\Harddisk0\DR0 - ok
15:17:29.0875 1600 MBR (0x1B8) (ed18b096bc416bfb306882a7c2eba877) \Device\Harddisk1\DR1
15:17:29.0906 1600 \Device\Harddisk1\DR1 - ok
15:17:29.0937 1600 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk2\DR2
15:17:34.0250 1600 \Device\Harddisk2\DR2 - ok
15:17:34.0265 1600 Boot (0x1200) (b4e7675a9609f26a47f5597aa7d80b51) \Device\Harddisk0\DR0\Partition0
15:17:34.0265 1600 \Device\Harddisk0\DR0\Partition0 - ok
15:17:34.0281 1600 Boot (0x1200) (63692a67f6157d55c53814b86070c931) \Device\Harddisk0\DR0\Partition1
15:17:34.0281 1600 \Device\Harddisk0\DR0\Partition1 - ok
15:17:34.0296 1600 Boot (0x1200) (746b78273524474defce7f478965233d) \Device\Harddisk1\DR1\Partition0
15:17:34.0296 1600 \Device\Harddisk1\DR1\Partition0 - ok
15:17:34.0328 1600 Boot (0x1200) (3c751e0d229d8db11ca3c4ac39e217a3) \Device\Harddisk1\DR1\Partition1
15:17:34.0328 1600 \Device\Harddisk1\DR1\Partition1 - ok
15:17:34.0343 1600 Boot (0x1200) (357315808c931252d0bcb3c80d07bf1d) \Device\Harddisk2\DR2\Partition0
15:17:34.0343 1600 \Device\Harddisk2\DR2\Partition0 - ok
15:17:34.0343 1600 ============================================================
15:17:34.0343 1600 Scan finished
15:17:34.0343 1600 ============================================================
15:17:34.0359 1592 Detected object count: 1
15:17:34.0359 1592 Actual detected object count: 1
15:42:09.0046 1592 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - copied to quarantine
15:42:09.0390 1592 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\mrxsmb.sys) error 1813
15:42:16.0031 1592 Backup copy found, using it..
15:42:16.0328 1592 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - will be cured on reboot
15:42:55.0265 1592 MRxSmb ( Virus.Win32.ZAccess.c ) - User select action: Cure
15:44:13.0843 1576 Deinitialize success
 
Redoing Eset since i cant find the logs.

So far its running ok, other than java issues (several java based things, arent working anymore) Waiting on the nasty surprise popup (hoping im just paranoid)

C:\TDSSKiller_Quarantine\24.02.2012_15.13.55\rtkt0000\svc0000\tsk0000.dta
a variant of Win32/Sirefef.DA trojan

J:\Downloads\Torrents\Fallout.3.FinalFix.Skullptura.rar
probably a variant of Win32/Agent.DSLWBHV trojan

K:\CDS\[WinXP] Extreme Se7en 2010 Ultimate [Final + SP3] Created By Jcberry526 [CW OS Team].iso
multiple threats
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL

:Files
C:\WINDOWS\tasks\At*.job

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
Interesting note: I had a lot of "job" files in the windows tasks folder that are pointing to an odd file that doesnt exist (that I think the malware may have added, to keep itself active)

C:\WINDOWS\system32\HJ82c.com_
C:\WINDOWS\system32\HJ82c.com

one task every hour for each
 
Those shouldn't be there.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    Code:
    :dir
    C:\WINDOWS\tasks
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
Only reason I mentioned was since one of the security programs was asking me if i wanted to let this file run. (Note: Very good for noticing and stopping the tiny hidden under a second infection files)

SystemLook 30.07.11 by jpshortstuff
Log created at 19:51 on 26/02/2012 by HP_Administrator
Administrator - Elevation successful

========== dir ==========

C:\WINDOWS\tasks - Parameters: "(none)"

---Files---
Ad-Aware Update (Weekly).job --a---- 486 bytes [15:40 24/06/2009] [20:46 26/02/2012]
At1.job --a---- 344 bytes [21:27 21/02/2012] [05:30 26/02/2012]
At10.job --a---- 346 bytes [21:27 21/02/2012] [09:30 26/02/2012]
At11.job --a---- 344 bytes [21:27 21/02/2012] [10:30 26/02/2012]
At12.job --a---- 346 bytes [21:27 21/02/2012] [10:30 26/02/2012]
At13.job --a---- 344 bytes [21:27 21/02/2012] [11:30 26/02/2012]
At14.job --a---- 346 bytes [21:27 21/02/2012] [11:30 26/02/2012]
At15.job --a---- 344 bytes [21:27 21/02/2012] [12:30 26/02/2012]
At16.job --a---- 346 bytes [21:27 21/02/2012] [12:30 26/02/2012]
At17.job --a---- 344 bytes [21:27 21/02/2012] [13:30 26/02/2012]
At18.job --a---- 346 bytes [21:27 21/02/2012] [13:30 26/02/2012]
At19.job --a---- 344 bytes [21:27 21/02/2012] [14:30 26/02/2012]
At2.job --a---- 346 bytes [21:27 21/02/2012] [05:30 26/02/2012]
At20.job --a---- 346 bytes [21:27 21/02/2012] [14:30 26/02/2012]
At21.job --a---- 344 bytes [21:27 21/02/2012] [15:30 25/02/2012]
At22.job --a---- 346 bytes [21:27 21/02/2012] [15:30 25/02/2012]
At23.job --a---- 344 bytes [21:27 21/02/2012] [16:30 25/02/2012]
At24.job --a---- 346 bytes [21:27 21/02/2012] [16:30 25/02/2012]
At25.job --a---- 344 bytes [21:27 21/02/2012] [17:30 25/02/2012]
At26.job --a---- 346 bytes [21:27 21/02/2012] [17:30 25/02/2012]
At27.job --a---- 344 bytes [21:27 21/02/2012] [18:30 25/02/2012]
At28.job --a---- 346 bytes [21:27 21/02/2012] [18:30 25/02/2012]
At29.job --a---- 344 bytes [21:27 21/02/2012] [19:30 26/02/2012]
At3.job --a---- 344 bytes [21:27 21/02/2012] [06:30 26/02/2012]
At30.job --a---- 346 bytes [21:27 21/02/2012] [19:30 26/02/2012]
At31.job --a---- 344 bytes [21:27 21/02/2012] [20:30 26/02/2012]
At32.job --a---- 346 bytes [21:27 21/02/2012] [20:30 26/02/2012]
At33.job --a---- 344 bytes [21:27 21/02/2012] [21:30 25/02/2012]
At34.job --a---- 346 bytes [21:27 21/02/2012] [21:30 25/02/2012]
At35.job --a---- 344 bytes [21:27 21/02/2012] [22:30 25/02/2012]
At36.job --a---- 346 bytes [21:27 21/02/2012] [22:30 25/02/2012]
At37.job --a---- 344 bytes [21:27 21/02/2012] [23:30 25/02/2012]
At38.job --a---- 346 bytes [21:27 21/02/2012] [23:30 25/02/2012]
At39.job --a---- 344 bytes [21:27 21/02/2012] [00:30 26/02/2012]
At4.job --a---- 346 bytes [21:27 21/02/2012] [06:30 26/02/2012]
At40.job --a---- 346 bytes [21:27 21/02/2012] [00:30 26/02/2012]
At41.job --a---- 344 bytes [21:27 21/02/2012] [01:30 26/02/2012]
At42.job --a---- 346 bytes [21:27 21/02/2012] [01:30 26/02/2012]
At43.job --a---- 344 bytes [21:27 21/02/2012] [02:30 26/02/2012]
At44.job --a---- 346 bytes [21:27 21/02/2012] [02:30 26/02/2012]
At45.job --a---- 344 bytes [21:27 21/02/2012] [03:30 26/02/2012]
At46.job --a---- 346 bytes [21:27 21/02/2012] [03:30 26/02/2012]
At47.job --a---- 344 bytes [21:27 21/02/2012] [04:30 26/02/2012]
At48.job --a---- 346 bytes [21:27 21/02/2012] [04:30 26/02/2012]
At5.job --a---- 344 bytes [21:27 21/02/2012] [07:30 26/02/2012]
At6.job --a---- 346 bytes [21:27 21/02/2012] [07:30 26/02/2012]
At7.job --a---- 344 bytes [21:27 21/02/2012] [08:30 26/02/2012]
At8.job --a---- 346 bytes [21:27 21/02/2012] [08:30 26/02/2012]
At9.job --a---- 344 bytes [21:27 21/02/2012] [09:30 26/02/2012]
desktop.ini -rah--- 65 bytes [04:00 10/08/2004] [04:00 10/08/2004]
GoogleUpdateTaskMachineCore.job --a---- 902 bytes [22:51 29/08/2010] [19:52 26/02/2012]
GoogleUpdateTaskMachineUA.job --a---- 906 bytes [22:51 29/08/2010] [23:52 26/02/2012]
MP Scheduled Scan.job --ah--- 330 bytes [08:45 19/08/2008] [07:18 26/02/2012]
SA.DAT --ah--- 6 bytes [21:17 30/08/2005] [19:22 26/02/2012]
switchShakeIcon.job --a---- 300 bytes [05:23 31/01/2011] [05:23 12/02/2011]

---Folders---
None found.

-= EOF =-
 
I adjusted OTL fix code in my reply #65 to remove those files.
You can proceed with my reply #65 now.
 
Had copied the instructs to txt file, and ran old script accidentally, but the AT files were easily removed with windows scheduler after. (Either way, they are good and gone)

As for the cleanup step, does it just delete certain files?

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HP_Administrator
->Temp folder emptied: 22111794 bytes
->Temporary Internet Files folder emptied: 8459767 bytes
->Java cache emptied: 971143 bytes
->FireFox cache emptied: 95978632 bytes
->Google Chrome cache emptied: 49877168 bytes
->Flash cache emptied: 15317 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 207886 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 16560 bytes

Total Files Cleaned = 170.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: HP_Administrator
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: HP_Administrator
->Java cache emptied: 0 bytes

User: LocalService
->Java cache emptied: 0 bytes

User: NetworkService
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.32.0 log created on 02272012_033207

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\JET3336.tmp not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_4b8.dat not found!

Registry entries deleted on Reboot...
 
Well, as to how its doing, it was semi ok yesterday, today, it randomly reset and is now popping up a repeated "windows error" ("The system had recovered from a serious error." kind) and i have no idea why.

Additionally, since updating Java, several things I do (that rely on java) refuse to work now.
 
In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.
 
Back