Inactive Virus/malware that keeps coming back despite being removed with Malwarebytes

[lunsk]

Hi,

I have malware on my computer right now (RootKit.0Access.H) and some virus that keeps on playing a "Congratulations you win" sound. I tried scanning with Malwarebytes and it says it removed it, but it keeps coming back. I also have a popup whenever I open Firefox, only when it's the first time opening Firefox though. I hope you guys will be able to help me.

The antivirus program I'm using right now is Microsoft Security Essentials.

Malwarebytes Log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.26.07

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Jonathan :: JONATHAN-PC [administrator]

28/02/2012 2:11:01 PM
mbam-log-2012-02-28 (14-11-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195963
Time elapsed: 20 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Windows\System32\DCamUSBDXGTech.dll (RootKit.0Access.H) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\System32\DCamUSBDXGTech.dll (RootKit.0Access.H) -> Delete on reboot.

(end)


GMER Log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-28 14:49:07
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: GMER.exe; Driver: C:\Users\Jonathan\AppData\Local\Temp\fwlcrkow.sys


---- Devices - GMER 1.0.15 ----

Device \Driver\iaStor \Device\Ide\iaStor0 [82ABA8E0] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [82ABA8E0] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [82ABA8E0] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atzxebsi \Device\Scsi\atzxebsi1 8788D1F8
Device \FileSystem\Ntfs \Ntfs 852DD1F8
Device \FileSystem\fastfat \Fat 896251F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000
Run by Jonathan at 14:56:21 on 2012-02-28
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.3581.2362 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\ASTSRV.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Jonathan\Program Files\DNA\btdna.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=0080717
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=0080717
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
TB: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No File
TB: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [BitTorrent DNA] "c:\users\jonathan\program files\dna\btdna.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\users\jonathan\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\jonathan\appdata\roaming\micros~1\windows\startm~1\programs\startup\thunde~1.lnk - c:\program files\mozilla thunderbird\thunderbird.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: google.ca\www
Trusted Zone: pixiv.net
DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9D43A0E4-2CCA-4641-A869-252AA04B100D} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CB8D97A1-8DB2-4AFB-897C-29AE5A8CC818} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli DPPWDFLT
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_c204e27d\AEstSrv.exe [2008-7-16 73728]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-2-29 1053944]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2011-6-21 196912]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-7-16 548352]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-7-16 54784]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-7-16 203264]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2008-7-16 149208]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2008-7-16 277624]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-31 1153368]
S3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [2011-7-21 500704]
S3 GDISpyDevice;GDISpyDevice;c:\windows\system32\GDISpy.sys [2008-4-22 38856]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2008-9-6 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [2008-9-6 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [2008-9-6 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [2008-9-6 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [2008-9-6 100008]
S3 XDva189;XDva189;c:\windows\system32\XDva189.sys [2008-8-4 46464]
.
=============== Created Last 30 ================
.
2012-02-28 19:55:31 6552120 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2b92e378-461f-4ce5-a732-dad1b5a1dfd6}\mpengine.dll
2012-02-28 05:25:49 -------- d-----w- c:\program files\SpywareBlaster
2012-02-28 04:52:53 -------- d-----w- c:\program files\MozBackup
2012-02-27 23:22:09 -------- d-----w- c:\users\jonathan\DoctorWeb
2012-02-27 04:06:39 83136 ----a-w- c:\windows\system32\eE0cm.com_
2012-02-27 03:56:37 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-25 02:18:09 -------- d-----w- c:\program files\common files\Spigot
2012-02-25 02:17:48 -------- d-----w- c:\programdata\YouTube Downloader
2012-02-25 02:17:43 -------- d-----w- c:\program files\YouTube Downloader
2012-02-11 15:04:53 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fccff295-a8d2-42e0-a563-ee40b05596f3}\gapaengine.dll
2012-01-30 23:58:57 -------- d-----w- c:\programdata\youku
2012-01-30 23:58:48 161056 ----a-w- c:\windows\system32\ikutm.dll
2012-01-30 23:58:34 -------- d-----w- c:\program files\YouKu
2012-01-30 22:49:05 -------- d-----w- c:\program files\Conduit
2012-01-30 22:49:02 -------- d-----w- c:\users\jonathan\appdata\local\Conduit
2012-01-30 22:48:49 -------- d-----w- c:\users\jonathan\appdata\local\FLVService
.
==================== Find3M ====================
.
2012-02-27 04:06:13 114688 ----a-w- c:\windows\system32\msvos.dll
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 14:56:41.66 ===============


DDS Attach log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 16/07/2008 5:01:24 PM
System Uptime: 28/02/2012 2:39:06 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0F700C
Processor: Intel(R) Core(TM)2 Duo CPU T5850 @ 2.16GHz | Microprocessor | 2167/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 0.741 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.584 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.5
Advanced Audio FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
µTorrent
Audacity 1.3.13 (Unicode)
AuthenTec Fingerprint System
Awave Studio v10
Bandisoft MPEG-1 Decoder
Bonjour
Broadcom Gigabit NetLink Controller
Browser Address Error Redirector
BufferChm
Canon MX320 series MP Drivers
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Copy
Dell Dock
Dell Driver Download Manager
Dell Getting Started Guide
Dell Touchpad
Dell Webcam Central
Dell Wireless WLAN Card Utility
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Line Detect
DigitalPersona Personal 3.0.1
DJ_AIO_03_F4200_ProductContext
DJ_AIO_03_F4200_Software
DJ_AIO_03_F4200_Software_Min
DocProc
DocProcQFolder
Dropbox
DVD Decrypter (Remove Only)
Finale NotePad 2008
Garena
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
HP Imaging Device Functions 11.0
HP Update
Integrated Webcam Driver (1.00.08.0216)
Intel(R) Matrix Storage Manager
ITECIR Driver
iTunes
Japanese Fonts Support For Adobe Reader 8
Java Auto Updater
Java(TM) 6 Update 5
Java(TM) SE Development Kit 7 Update 1
JDownloader
Junk Mail filter update
K-Lite Mega Codec Pack 7.6.0
KB408682
Live! Cam Avatar Creator
LiveUpdate (Symantec Corporation)
M3 GAME Manager Uninstall
Malwarebytes Anti-Malware version 1.60.1.1000
Media Player Classic - Home Cinema v1.5.3.3699
MediaDirect
MHP3 ToolKit version 2.2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft AppLocale
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows Application Compatibility Database
Microsoft Works
mIRC
Modem Diagnostics Tool
MozBackup 1.5.1
Mozilla Firefox 10.0.2 (x86 en-US)
Mozilla Thunderbird 9.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
Nitro PDF Reader 2
OCR Software by I.R.I.S. 11.0
OGPlanet Game Launcher
Pando Media Booster
Pokemon Online 1.0.53
PrimoPDF -- brought to you by Nitro PDF Software
QuickSet
QuickTime
RealPlayer
Revo Uninstaller 1.85
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Update Manager
Scan
SD Gundam Capsule Fighter
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Skins
Slice Audio File Splitter
Spybot - Search & Destroy
SpywareBlaster 4.6
StarCraft II
Status
Steam
Synthesia (remove only)
SysTools PDF Unlocker - v3.1
Toolbox
TrayApp
Uniblue RegistryBooster
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb971933)
Ventrilo Client
VLC media player 0.9.8a
Warcraft III
Warcraft III: All Products
WBFS Manager 3.0
WebReg
Winamp
Winamp Detector Plug-in
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR 4.01 (32-bit)
YouTube Downloader 3.5
.
==== End Of File ===========================



Thanks for giving me your time

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==================================================================

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  
• Otherwise just double-click on RogueKiller.exe
• Click on SCAN.
  [/b]
• A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

 

[lunsk]

I have a problem with aswMBR, it just stalled while it was scanning on a file. I waited for 10 mins and there was no change, so I just saved the log and cancelled it. Should I redo the scan?
This also happened yesterday when I was using something called Dr Web and it would just stall on this one file.

I'll post the partial log from aswMBR:

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-28 22:03:45
-----------------------------
22:03:45.848 OS Version: Windows 6.0.6001 Service Pack 1
22:03:45.848 Number of processors: 2 586 0xF0D
22:03:45.850 ComputerName: JONATHAN-PC UserName: Jonathan
22:03:50.013 Initialize success
22:05:22.138 AVAST engine defs: 12022802
22:06:12.865 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:06:12.882 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
22:06:12.941 Disk 0 MBR read successfully
22:06:12.961 Disk 0 MBR scan
22:06:13.004 Disk 0 Windows VISTA default MBR code
22:06:13.015 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
22:06:13.100 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10000 MB offset 80325
22:06:13.181 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 295205 MB offset 20560325
22:06:13.202 Disk 0 scanning sectors +625140400
22:06:13.347 Disk 0 scanning C:\Windows\system32\drivers
22:06:24.437 File: C:\Windows\system32\drivers\afd.sys **INFECTED** Win32:Alureon-AQV [Rtk]
22:06:58.801 Disk 0 trace - called modules:
22:06:58.836 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87ff5fd0]<<
22:06:58.850 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86bedac8]
22:06:58.856 3 CLASSPNP.SYS[837a8745] -> nt!IofCallDriver -> [0x87fa1ae8]
22:06:58.865 \Driver\00000816[0x87fa1c20] -> IRP_MJ_CREATE -> 0x87ff5fd0
22:07:01.588 AVAST engine scan C:\Windows
22:07:14.198 AVAST engine scan C:\Windows\system32
22:08:52.962 File: C:\Windows\system32\eE0cm.com **INFECTED** Win32:Kryptik-HRL [Trj]
22:08:53.083 File: C:\Windows\system32\eE0cm.com_ **INFECTED** Win32:Kryptik-HRL [Trj]
22:18:08.628 AVAST engine scan C:\Windows\system32\drivers
22:18:16.691 File: C:\Windows\system32\drivers\afd.sys **INFECTED** Win32:Alureon-AQV [Rtk]
22:19:04.145 AVAST engine scan C:\Users\Jonathan
22:29:54.715 Disk 0 MBR has been saved successfully to "C:\Users\Jonathan\Desktop\MBR.dat"
22:29:54.734 The log file has been saved successfully to "C:\Users\Jonathan\Desktop\aswMBR.txt"


RogueKiller report didn't open automatically, but it was saved to the desktop, not sure if that is a problem or not.

RogueKiller V7.2.0 [02/27/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User: Jonathan [Admin rights]
Mode: Scan -- Date: 02/28/2012 22:32:47

¤¤¤ Bad processes: 2 ¤¤¤
[HJ NAME] svchost.exe -- \\.\globalroot\SystemRoot\system32\svchost.exe -> KILLED [TermProc]
[RESIDUE] svchost.exe -- \\.\globalroot\SystemRoot\system32\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 5 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-75ZCT1 +++++
--- User ---
[MBR] a8b76465bd75b989238d8ac2c1d7b9a9
[BSP] 3ded86fab9859a190a086440b067760c : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 10000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20560325 | Size: 295205 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt



Also, thank you very much for the help

 

[Broni]

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[lunsk]

I just got a message saying "Freeware implementation of XCACLS stopped working" should I close it? Combofix is still running I have think

 

[Broni]

Go ahead and close it.
Always post new reply.

 

[lunsk]

Combofix just said I had a rootkit and it needed to restart my computer, but I'm getting a BSOD everytime right before it goes to the desktop

 

[lunsk]

I went into safe mode and it says "The recycle bin on C:\ is corrupted. Doyou want to empty the recycle bin for this drive?

I definitely had security essentials turned off when I was using combofix, as soon as it finished it restarted

 

[Broni]

"The recycle bin on C:\ is corrupted. Doyou want to empty the recycle bin for this drive?

Did you say "Yes"?

 

[lunsk]

I accidentally pressed enter when I was trying to turn on the screen today and I emptied it. Is that a problem?

 

[Broni]

Go ahead and re-run Combofix.

 

[lunsk]

From safe mode? I can't get to my desktop because of a blue screen

Should I do a startup repair?

 

[Broni]

If safe mode works run Combofix from there.

 

[lunsk]

Combo fix just said it found a rootkit on my computer and it needs to restart, I can enter windows normally now, I can't find the log in C:\ though and my recycle bin is still corrupt

 

[Broni]

Re-run Combofix one more time.

 

[lunsk]

Should I empty the corrupted recycle bin when it asks?

 

[Broni]

Yes.........

 

[lunsk]

It finished scanning, but I still don't see a combofix text file, I see a combofix file though in my c:\ is that it?

 

[Broni]

It must be. Open it with Notepad and paste its content in your next reply.

 

[lunsk]

When I opened it with Notepad, it said access denied, I restarted my computer and now it's a folder. There's 2 files in that folder within a folder called Test4Max and still no log. When I open them in notepad it's just gibberish and I don't think it's the files you're looking for. Also, just one of them is too long to fit in one post.

 

[lunsk]

Also, I can't turn on my Firewall for some reason saying "Due to an unidentified problem, Windows cannot display Windows Firewall settings"

I don't get popups anymore when I open Firefox though

Edit: Nevermind, I'm still getting popups

 

[Broni]

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[lunsk]

It produced a log this time

15:31:03.0781 5344 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24
15:31:04.0246 5344 ============================================================
15:31:04.0246 5344 Current date / time: 2012/02/29 15:31:04.0246
15:31:04.0246 5344 SystemInfo:
15:31:04.0246 5344
15:31:04.0246 5344 OS Version: 6.0.6001 ServicePack: 1.0
15:31:04.0246 5344 Product type: Workstation
15:31:04.0246 5344 ComputerName: JONATHAN-PC
15:31:04.0246 5344 UserName: Jonathan
15:31:04.0246 5344 Windows directory: C:\Windows
15:31:04.0246 5344 System windows directory: C:\Windows
15:31:04.0246 5344 Processor architecture: Intel x86
15:31:04.0246 5344 Number of processors: 2
15:31:04.0247 5344 Page size: 0x1000
15:31:04.0247 5344 Boot type: Normal boot
15:31:04.0247 5344 ============================================================
15:31:05.0433 5344 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:31:05.0452 5344 \Device\Harddisk0\DR0:
15:31:05.0452 5344 MBR used
15:31:05.0452 5344 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1388000
15:31:05.0452 5344 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139B9C5, BlocksNum 0x240928EB
15:31:05.0531 5344 Initialize success
15:31:05.0531 5344 ============================================================
15:31:13.0118 7496 ============================================================
15:31:13.0119 7496 Scan started
15:31:13.0119 7496 Mode: Manual;
15:31:13.0119 7496 ============================================================
15:31:16.0135 7496 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
15:31:16.0139 7496 ACPI - ok
15:31:16.0243 7496 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
15:31:16.0265 7496 adp94xx - ok
15:31:16.0426 7496 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
15:31:16.0439 7496 adpahci - ok
15:31:16.0564 7496 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
15:31:16.0595 7496 adpu160m - ok
15:31:16.0738 7496 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
15:31:16.0791 7496 adpu320 - ok
15:31:16.0911 7496 AFD (a3ef19e838b95593607f2aaeb9c2a8db) C:\Windows\system32\drivers\afd.sys
15:31:16.0912 7496 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: a3ef19e838b95593607f2aaeb9c2a8db, Fake md5: 763e172a55177e478cb419f88fd0ba03
15:31:16.0913 7496 AFD ( Virus.Win32.ZAccess.c ) - infected
15:31:16.0913 7496 AFD - detected Virus.Win32.ZAccess.c (0)
15:31:17.0024 7496 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
15:31:17.0144 7496 agp440 - ok
15:31:17.0287 7496 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:31:17.0507 7496 aic78xx - ok
15:31:17.0623 7496 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
15:31:17.0637 7496 aliide - ok
15:31:17.0742 7496 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
15:31:17.0785 7496 amdagp - ok
15:31:17.0876 7496 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
15:31:17.0877 7496 amdide - ok
15:31:17.0928 7496 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
15:31:17.0952 7496 AmdK7 - ok
15:31:17.0993 7496 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
15:31:18.0026 7496 AmdK8 - ok
15:31:18.0095 7496 ApfiltrService (1de27858a431a5749e0f3df54ba935b9) C:\Windows\system32\DRIVERS\Apfiltr.sys
15:31:18.0140 7496 ApfiltrService - ok
15:31:18.0211 7496 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
15:31:18.0241 7496 arc - ok
15:31:18.0281 7496 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
15:31:18.0321 7496 arcsas - ok
15:31:18.0353 7496 ASPI32 - ok
15:31:18.0396 7496 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:31:18.0397 7496 AsyncMac - ok
15:31:18.0449 7496 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
15:31:18.0450 7496 atapi - ok
15:31:18.0585 7496 atikmdag (be4d8fdc6b2598c46b2b5e6e4fbaafc5) C:\Windows\system32\DRIVERS\atikmdag.sys
15:31:19.0037 7496 atikmdag - ok
15:31:19.0141 7496 ATSwpWDF (6d4bf9538e449d64c5413bc46afcd8ff) C:\Windows\system32\Drivers\ATSwpWDF.sys
15:31:19.0216 7496 ATSwpWDF - ok
15:31:19.0295 7496 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
15:31:19.0296 7496 BCM42RLY - ok
15:31:19.0393 7496 BCM43XX (b56999be8f22ba3071e4ceafa9e82e26) C:\Windows\system32\DRIVERS\bcmwl6.sys
15:31:19.0426 7496 BCM43XX - ok
15:31:19.0456 7496 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:31:19.0457 7496 Beep - ok
15:31:19.0496 7496 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
15:31:19.0521 7496 blbdrive - ok
15:31:19.0582 7496 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
15:31:19.0621 7496 bowser - ok
15:31:19.0666 7496 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:31:19.0667 7496 BrFiltLo - ok
15:31:19.0714 7496 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:31:19.0715 7496 BrFiltUp - ok
15:31:19.0757 7496 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:31:19.0836 7496 Brserid - ok
15:31:19.0896 7496 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:31:20.0044 7496 BrSerWdm - ok
15:31:20.0097 7496 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:31:20.0098 7496 BrUsbMdm - ok
15:31:20.0149 7496 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:31:20.0153 7496 BrUsbSer - ok
15:31:20.0192 7496 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:31:20.0200 7496 BTHMODEM - ok
15:31:20.0305 7496 catchme - ok
15:31:20.0356 7496 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:31:20.0404 7496 cdfs - ok
15:31:20.0456 7496 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
15:31:20.0504 7496 cdrom - ok
15:31:20.0544 7496 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
15:31:20.0553 7496 circlass - ok
15:31:20.0601 7496 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
15:31:20.0604 7496 CLFS - ok
15:31:20.0640 7496 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:31:20.0663 7496 CmBatt - ok
15:31:20.0718 7496 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
15:31:20.0719 7496 cmdide - ok
15:31:20.0748 7496 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:31:20.0750 7496 Compbatt - ok
15:31:20.0769 7496 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
15:31:20.0770 7496 crcdisk - ok
15:31:20.0814 7496 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
15:31:20.0848 7496 Crusoe - ok
15:31:20.0906 7496 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
15:31:20.0960 7496 DfsC - ok
15:31:21.0072 7496 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
15:31:21.0107 7496 disk - ok
15:31:21.0244 7496 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
15:31:21.0265 7496 Dot4 - ok
15:31:21.0311 7496 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:31:21.0312 7496 Dot4Print - ok
15:31:21.0361 7496 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
15:31:21.0362 7496 dot4usb - ok
15:31:21.0449 7496 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:31:21.0451 7496 drmkaud - ok
15:31:21.0538 7496 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
15:31:21.0561 7496 DXGKrnl - ok
15:31:21.0600 7496 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
15:31:21.0805 7496 e1express - ok
15:31:21.0873 7496 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:31:21.0977 7496 E1G60 - ok
15:31:21.0990 7496 EagleNT - ok
15:31:22.0086 7496 EagleXNt (a8c4b2ae80afe54ec01d4591dbc1c396) C:\Windows\system32\drivers\EagleXNt.sys
15:31:25.0129 7496 EagleXNt - ok
15:31:25.0309 7496 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
15:31:25.0337 7496 Ecache - ok
15:31:25.0481 7496 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
15:31:25.0514 7496 elxstor - ok
15:31:25.0561 7496 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
15:31:25.0562 7496 ErrDev - ok
15:31:25.0619 7496 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
15:31:25.0656 7496 exfat - ok
15:31:25.0686 7496 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
15:31:25.0704 7496 fastfat - ok
15:31:25.0742 7496 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
15:31:25.0756 7496 fdc - ok
15:31:25.0777 7496 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:31:25.0884 7496 FileInfo - ok
15:31:25.0962 7496 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:31:25.0965 7496 Filetrace - ok
15:31:26.0013 7496 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:31:26.0014 7496 flpydisk - ok
15:31:26.0029 7496 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
15:31:26.0058 7496 FltMgr - ok
15:31:26.0116 7496 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:31:26.0131 7496 Fs_Rec - ok
15:31:26.0179 7496 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
15:31:26.0214 7496 gagp30kx - ok
15:31:26.0359 7496 GarenaPEngine - ok
15:31:26.0450 7496 GDISpyDevice (38303f4f86305cce7180b29ce902503b) C:\Windows\system32\GDISpy.sys
15:31:26.0489 7496 GDISpyDevice - ok
15:31:26.0585 7496 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:31:26.0587 7496 GEARAspiWDM - ok
15:31:26.0666 7496 GGSAFERDriver - ok
15:31:26.0731 7496 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
15:31:26.0734 7496 hamachi - ok
15:31:26.0784 7496 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
15:31:26.0809 7496 HdAudAddService - ok
15:31:26.0852 7496 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:31:26.0852 7496 HDAudBus - ok
15:31:26.0887 7496 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:31:26.0888 7496 HidBth - ok
15:31:26.0932 7496 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
15:31:26.0934 7496 HidIr - ok
15:31:26.0962 7496 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
15:31:26.0963 7496 HidUsb - ok
15:31:27.0010 7496 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
15:31:27.0064 7496 HpCISSs - ok
15:31:27.0122 7496 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
15:31:27.0199 7496 HTTP - ok
15:31:27.0226 7496 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
15:31:27.0260 7496 i2omp - ok
15:31:27.0298 7496 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:31:27.0330 7496 i8042prt - ok
15:31:27.0386 7496 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys
15:31:27.0388 7496 iaStor - ok
15:31:27.0422 7496 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
15:31:27.0466 7496 iaStorV - ok
15:31:27.0518 7496 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:31:27.0537 7496 iirsp - ok
15:31:27.0598 7496 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:31:27.0613 7496 intelide - ok
15:31:27.0646 7496 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:31:27.0647 7496 intelppm - ok
15:31:27.0690 7496 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:31:27.0721 7496 IpFilterDriver - ok
15:31:27.0737 7496 IpInIp - ok
15:31:27.0781 7496 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
15:31:27.0815 7496 IPMIDRV - ok
15:31:27.0869 7496 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:31:27.0888 7496 IPNAT - ok
15:31:27.0927 7496 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:31:27.0928 7496 IRENUM - ok
15:31:27.0958 7496 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
15:31:27.0987 7496 isapnp - ok
15:31:28.0040 7496 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
15:31:28.0043 7496 iScsiPrt - ok
15:31:28.0074 7496 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:31:28.0078 7496 iteatapi - ok
15:31:28.0142 7496 itecir (8bcd857c7932ad005d5f9c89329da2e1) C:\Windows\system32\DRIVERS\itecir.sys
15:31:28.0216 7496 itecir - ok
15:31:28.0270 7496 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:31:28.0275 7496 iteraid - ok
15:31:28.0331 7496 k57nd60x (a67e8cfcad7d4f8b35643d6c79ba64c3) C:\Windows\system32\DRIVERS\k57nd60x.sys
15:31:28.0442 7496 k57nd60x - ok
15:31:28.0473 7496 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:31:28.0497 7496 kbdclass - ok
15:31:28.0522 7496 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
15:31:28.0524 7496 kbdhid - ok
15:31:28.0585 7496 KSecDD (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
15:31:28.0683 7496 KSecDD - ok
15:31:28.0755 7496 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:31:28.0787 7496 lltdio - ok
15:31:28.0846 7496 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
15:31:28.0948 7496 LSI_FC - ok
15:31:28.0983 7496 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
15:31:29.0031 7496 LSI_SAS - ok
15:31:29.0062 7496 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
15:31:29.0123 7496 LSI_SCSI - ok
15:31:29.0136 7496 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:31:29.0258 7496 luafv - ok
15:31:29.0284 7496 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
15:31:29.0285 7496 megasas - ok
15:31:29.0331 7496 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
15:31:29.0416 7496 MegaSR - ok
15:31:29.0452 7496 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:31:29.0456 7496 Modem - ok
15:31:29.0483 7496 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:31:29.0484 7496 monitor - ok
15:31:29.0510 7496 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:31:29.0512 7496 mouclass - ok
15:31:29.0529 7496 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:31:29.0531 7496 mouhid - ok
15:31:29.0545 7496 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:31:29.0582 7496 MountMgr - ok
15:31:29.0624 7496 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
15:31:29.0626 7496 MpFilter - ok
15:31:29.0692 7496 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
15:31:29.0772 7496 mpio - ok
15:31:29.0823 7496 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
15:31:29.0824 7496 MpNWMon - ok
15:31:29.0937 7496 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:31:29.0959 7496 mpsdrv - ok
15:31:29.0987 7496 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:31:29.0989 7496 Mraid35x - ok
15:31:30.0032 7496 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
15:31:30.0054 7496 MRxDAV - ok
15:31:30.0100 7496 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:31:30.0139 7496 mrxsmb - ok
15:31:30.0205 7496 mrxsmb10 (0a986b34f1678a2697574d7b1664e2dd) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:31:30.0282 7496 mrxsmb10 - ok
15:31:30.0319 7496 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:31:30.0376 7496 mrxsmb20 - ok
15:31:30.0409 7496 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
15:31:30.0411 7496 msahci - ok
15:31:30.0454 7496 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
15:31:30.0478 7496 msdsm - ok
15:31:30.0522 7496 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:31:30.0535 7496 Msfs - ok
15:31:30.0561 7496 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:31:30.0562 7496 msisadrv - ok
15:31:30.0590 7496 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:31:30.0591 7496 MSKSSRV - ok
15:31:30.0622 7496 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:31:30.0623 7496 MSPCLOCK - ok
15:31:30.0647 7496 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:31:30.0649 7496 MSPQM - ok
15:31:30.0675 7496 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
15:31:30.0778 7496 MsRPC - ok
15:31:30.0817 7496 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:31:30.0817 7496 mssmbios - ok
15:31:30.0841 7496 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:31:30.0843 7496 MSTEE - ok
15:31:30.0858 7496 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
15:31:30.0888 7496 Mup - ok
15:31:31.0000 7496 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
15:31:31.0003 7496 NativeWifiP - ok
15:31:31.0054 7496 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys
15:31:31.0064 7496 NDIS - ok
15:31:31.0084 7496 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:31:31.0123 7496 NdisTapi - ok
15:31:31.0138 7496 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:31:31.0149 7496 Ndisuio - ok
15:31:31.0183 7496 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
15:31:31.0218 7496 NdisWan - ok
15:31:31.0296 7496 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:31:31.0884 7496 NDProxy - ok
15:31:31.0974 7496 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:31:32.0018 7496 NetBIOS - ok
15:31:32.0030 7496 netbt - ok
15:31:32.0142 7496 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:31:32.0144 7496 nfrd960 - ok
15:31:32.0202 7496 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:31:32.0207 7496 NisDrv - ok
15:31:32.0279 7496 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
15:31:32.0310 7496 Npfs - ok
15:31:32.0345 7496 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:31:32.0396 7496 nsiproxy - ok
15:31:32.0470 7496 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
15:31:32.0560 7496 Ntfs - ok
15:31:32.0590 7496 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:31:32.0592 7496 ntrigdigi - ok
15:31:32.0626 7496 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:31:32.0628 7496 Null - ok
15:31:32.0661 7496 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
15:31:32.0668 7496 nvraid - ok
15:31:32.0701 7496 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
15:31:32.0726 7496 nvstor - ok
15:31:32.0755 7496 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
15:31:32.0774 7496 nv_agp - ok
15:31:32.0786 7496 NwlnkFlt - ok
15:31:32.0803 7496 NwlnkFwd - ok
15:31:32.0872 7496 OA001Ufd (9b7cd7151a7c4009c383396155f02b95) C:\Windows\system32\DRIVERS\OA001Ufd.sys
15:31:32.0877 7496 OA001Ufd - ok
15:31:32.0914 7496 OA001Vid (cdcdad303a9208cf3513400ef2a05f80) C:\Windows\system32\DRIVERS\OA001Vid.sys
15:31:32.0920 7496 OA001Vid - ok
15:31:32.0954 7496 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
15:31:32.0955 7496 ohci1394 - ok
15:31:33.0026 7496 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:31:33.0034 7496 Parport - ok
15:31:33.0093 7496 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
15:31:33.0095 7496 partmgr - ok
15:31:33.0126 7496 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:31:33.0127 7496 Parvdm - ok
15:31:33.0178 7496 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
15:31:33.0181 7496 pci - ok
15:31:33.0214 7496 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
15:31:33.0222 7496 pciide - ok
15:31:33.0282 7496 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
15:31:33.0299 7496 pcmcia - ok
15:31:33.0366 7496 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:31:33.0389 7496 PEAUTH - ok
15:31:33.0565 7496 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:31:33.0567 7496 PptpMiniport - ok
15:31:33.0726 7496 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
15:31:33.0728 7496 Processor - ok
15:31:33.0817 7496 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
15:31:33.0827 7496 PSched - ok
15:31:33.0916 7496 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
15:31:33.0922 7496 PxHelp20 - ok
15:31:34.0118 7496 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
15:31:34.0157 7496 ql2300 - ok
15:31:34.0273 7496 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:31:34.0308 7496 ql40xx - ok
15:31:34.0413 7496 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:31:34.0418 7496 QWAVEdrv - ok
15:31:34.0825 7496 R300 (be4d8fdc6b2598c46b2b5e6e4fbaafc5) C:\Windows\system32\DRIVERS\atikmdag.sys
15:31:34.0848 7496 R300 - ok
15:31:34.0935 7496 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:31:34.0941 7496 RasAcd - ok
15:31:35.0092 7496 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:31:35.0190 7496 Rasl2tp - ok
15:31:35.0296 7496 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
15:31:35.0298 7496 RasPppoe - ok
15:31:35.0394 7496 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
15:31:35.0435 7496 RasSstp - ok
15:31:35.0902 7496 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
15:31:36.0002 7496 rdbss - ok
15:31:36.0093 7496 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:31:36.0100 7496 RDPCDD - ok
15:31:36.0251 7496 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
15:31:36.0256 7496 rdpdr - ok
15:31:36.0428 7496 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:31:36.0429 7496 RDPENCDD - ok
15:31:36.0653 7496 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
15:31:36.0776 7496 RDPWD - ok
15:31:37.0247 7496 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
15:31:37.0271 7496 rimmptsk - ok
15:31:37.0659 7496 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
15:31:37.0660 7496 rimsptsk - ok
15:31:37.0858 7496 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
15:31:37.0874 7496 RimUsb - ok
15:31:38.0124 7496 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
15:31:38.0134 7496 RimVSerPort - ok
15:31:38.0223 7496 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
15:31:38.0226 7496 rismxdp - ok
15:31:38.0412 7496 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
15:31:38.0421 7496 ROOTMODEM - ok
15:31:38.0522 7496 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:31:38.0525 7496 rspndr - ok
15:31:38.0945 7496 s916bus (fec4f19c80f623c3bfb386fc815bcd30) C:\Windows\system32\DRIVERS\s916bus.sys
15:31:38.0948 7496 s916bus - ok
15:31:39.0102 7496 s916mdfl (a6f154da17cafd5743f552b1a88b2c32) C:\Windows\system32\DRIVERS\s916mdfl.sys
15:31:39.0103 7496 s916mdfl - ok
15:31:39.0236 7496 s916mdm (b4362e96e0a9d258cf5c7ca7ad28958a) C:\Windows\system32\DRIVERS\s916mdm.sys
15:31:39.0296 7496 s916mdm - ok
15:31:39.0483 7496 s916mgmt (16926a57dcc885691e34aafc42e1f652) C:\Windows\system32\DRIVERS\s916mgmt.sys
15:31:39.0498 7496 s916mgmt - ok
15:31:40.0196 7496 s916obex (c04f59dd93625883357953cf367373fb) C:\Windows\system32\DRIVERS\s916obex.sys
15:31:40.0216 7496 s916obex - ok
15:31:40.0354 7496 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:31:40.0368 7496 sbp2port - ok
15:31:40.0485 7496 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
15:31:40.0489 7496 sdbus - ok
15:31:41.0103 7496 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:31:41.0104 7496 secdrv - ok
15:31:41.0567 7496 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
15:31:41.0777 7496 Serenum - ok
15:31:42.0186 7496 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:31:42.0217 7496 Serial - ok
15:31:42.0676 7496 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:31:42.0677 7496 sermouse - ok
15:31:43.0015 7496 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
15:31:43.0043 7496 sffdisk - ok
15:31:43.0231 7496 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
15:31:43.0235 7496 sffp_mmc - ok
15:31:43.0352 7496 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:31:43.0354 7496 sffp_sd - ok
15:31:43.0591 7496 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:31:43.0896 7496 sfloppy - ok
15:31:44.0037 7496 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
15:31:44.0053 7496 sisagp - ok
15:31:44.0263 7496 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
15:31:44.0280 7496 SiSRaid2 - ok
15:31:44.0431 7496 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
15:31:44.0436 7496 SiSRaid4 - ok
15:31:44.0653 7496 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
15:31:44.0713 7496 Smb - ok
15:31:45.0196 7496 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:31:45.0210 7496 spldr - ok
15:31:45.0339 7496 sptd (7f1b7c4d446cd3f926af45b8c48bd593) C:\Windows\system32\Drivers\sptd.sys
15:31:45.0339 7496 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 7f1b7c4d446cd3f926af45b8c48bd593
15:31:45.0341 7496 sptd ( LockedFile.Multi.Generic ) - warning
15:31:45.0342 7496 sptd - detected LockedFile.Multi.Generic (1)
15:31:45.0500 7496 srv (73dddbeec61e78568082916a27aadaee) C:\Windows\system32\DRIVERS\srv.sys
15:31:45.0506 7496 srv - ok
15:31:45.0711 7496 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
15:31:45.0717 7496 srv2 - ok
15:31:46.0462 7496 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
15:31:46.0464 7496 srvnet - ok
15:31:46.0749 7496 STEC3 (e4ebf293d1f612bda19b646c36715b20) C:\Windows\system32\STEC3.sys
15:31:46.0760 7496 STEC3 - ok
15:31:46.0909 7496 STHDA (87b7fc4cde516c40ab84e786b97953dd) C:\Windows\system32\DRIVERS\stwrt.sys
15:31:46.0917 7496 STHDA - ok
15:31:47.0170 7496 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:31:47.0171 7496 swenum - ok
15:31:47.0288 7496 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:31:47.0289 7496 Symc8xx - ok
15:31:47.0386 7496 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:31:47.0387 7496 Sym_hi - ok
15:31:47.0828 7496 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:31:47.0830 7496 Sym_u3 - ok
15:31:48.0116 7496 Tcpip (a6a02ef5b5e40fbd31a1adc577da54bb) C:\Windows\system32\drivers\tcpip.sys
15:31:48.0513 7496 Tcpip - ok
15:31:48.0694 7496 Tcpip6 (a6a02ef5b5e40fbd31a1adc577da54bb) C:\Windows\system32\DRIVERS\tcpip.sys
15:31:48.0700 7496 Tcpip6 - ok
15:31:49.0043 7496 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
15:31:49.0045 7496 tcpipreg - ok
15:31:49.0177 7496 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:31:49.0179 7496 TDPIPE - ok
15:31:49.0281 7496 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:31:49.0282 7496 TDTCP - ok
15:31:49.0404 7496 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
15:31:49.0472 7496 tdx - ok
15:31:49.0564 7496 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
15:31:49.0623 7496 TermDD - ok
15:31:49.0829 7496 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:31:49.0836 7496 tssecsrv - ok
15:31:49.0925 7496 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:31:49.0936 7496 tunmp - ok
15:31:50.0357 7496 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
15:31:50.0402 7496 tunnel - ok
15:31:50.0562 7496 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
15:31:50.0564 7496 uagp35 - ok
15:31:50.0668 7496 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
15:31:50.0673 7496 udfs - ok
15:31:50.0813 7496 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
15:31:50.0815 7496 uliagpkx - ok
15:31:51.0177 7496 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
15:31:51.0182 7496 uliahci - ok
15:31:51.0386 7496 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:31:51.0388 7496 UlSata - ok
15:31:51.0493 7496 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:31:51.0499 7496 ulsata2 - ok
15:31:51.0634 7496 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:31:51.0635 7496 umbus - ok
15:31:51.0954 7496 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
15:31:51.0965 7496 USBAAPL - ok
15:31:52.0765 7496 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:31:52.0768 7496 usbccgp - ok
15:31:52.0860 7496 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:31:52.0861 7496 usbcir - ok
15:31:53.0535 7496 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
15:31:53.0536 7496 usbehci - ok
15:31:53.0735 7496 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
15:31:53.0740 7496 usbhub - ok
15:31:54.0154 7496 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:31:54.0160 7496 usbohci - ok
15:31:54.0384 7496 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
15:31:54.0428 7496 usbprint - ok
15:31:54.0577 7496 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
15:31:54.0579 7496 usbscan - ok
15:31:54.0717 7496 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:31:54.0720 7496 USBSTOR - ok
15:31:55.0051 7496 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:31:55.0056 7496 usbuhci - ok
15:31:55.0383 7496 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
15:31:55.0384 7496 vga - ok
15:31:55.0537 7496 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:31:55.0539 7496 VgaSave - ok
15:31:55.0705 7496 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
15:31:55.0708 7496 viaagp - ok
15:31:56.0138 7496 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
15:31:56.0140 7496 ViaC7 - ok
15:31:56.0330 7496 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
15:31:56.0331 7496 viaide - ok
15:31:56.0462 7496 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:31:56.0464 7496 volmgr - ok
15:31:56.0558 7496 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
15:31:56.0564 7496 volmgrx - ok
15:31:56.0661 7496 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
15:31:56.0663 7496 volsnap - ok
15:31:56.0762 7496 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
15:31:56.0765 7496 vsmraid - ok
15:31:56.0901 7496 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:31:56.0904 7496 WacomPen - ok
15:31:57.0269 7496 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:31:57.0273 7496 Wanarp - ok
15:31:57.0278 7496 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:31:57.0279 7496 Wanarpv6 - ok
15:31:57.0464 7496 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
15:31:57.0465 7496 Wd - ok
15:31:57.0594 7496 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:31:57.0616 7496 Wdf01000 - ok
15:31:57.0788 7496 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:31:57.0789 7496 WmiAcpi - ok
15:31:58.0073 7496 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
15:31:58.0074 7496 WpdUsb - ok
15:31:58.0191 7496 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:31:58.0192 7496 ws2ifsl - ok
15:31:58.0370 7496 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:31:58.0374 7496 WUDFRd - ok
15:31:58.0487 7496 xbdtm - ok
15:31:58.0626 7496 XDva189 (dd9b676c862449f5f70a953ba5db6f44) C:\Windows\system32\XDva189.sys
15:31:58.0668 7496 XDva189 - ok
15:31:58.0725 7496 XDva195 - ok
15:31:58.0814 7496 XDva391 - ok
15:31:58.0874 7496 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
15:31:58.0958 7496 \Device\Harddisk0\DR0 - ok
15:31:58.0989 7496 Boot (0x1200) (a431838945ca4aead0b42711b8ca0e9b) \Device\Harddisk0\DR0\Partition0
15:31:59.0035 7496 \Device\Harddisk0\DR0\Partition0 - ok
15:31:59.0081 7496 Boot (0x1200) (86628e57b823531841ea55830fe00bd8) \Device\Harddisk0\DR0\Partition1
15:31:59.0082 7496 \Device\Harddisk0\DR0\Partition1 - ok
15:31:59.0083 7496 ============================================================
15:31:59.0083 7496 Scan finished
15:31:59.0083 7496 ============================================================
15:31:59.0122 9720 Detected object count: 2
15:31:59.0122 9720 Actual detected object count: 2
15:32:17.0584 9720 C:\Windows\system32\drivers\afd.sys - copied to quarantine
15:32:21.0903 9720 Backup copy not found, trying to cure infected file..
15:32:21.0944 9720 Cure success, using it..
15:32:22.0042 9720 C:\Windows\system32\drivers\afd.sys - will be cured on reboot
15:32:41.0817 9720 AFD ( Virus.Win32.ZAccess.c ) - User select action: Cure
15:32:41.0819 9720 sptd ( LockedFile.Multi.Generic ) - skipped by user
15:32:41.0819 9720 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
15:33:49.0983 4340 Deinitialize success

 

[lunsk]

Uh Security Essentials just started scanning by itself when it detected something and now it's telling me to restart, should I?

 

[Broni]

Go ahead.

Then re-run TDSSKiller one more time.