1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Problem with Rootkit.Kryptik.FW trojan / dfsc.sys

Discussion in 'Virus & Other Malware Removal' started by E612, Dec 5, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. E612

    E612 Thread Starter

    Joined:
    Dec 5, 2011
    Messages:
    17
    Hello,
    my anti-virus program (NOD 32) alerts me about not being sufficiently protected because it cannot analyze POP3/HTTP protocols. On start-up it discovers a variant of Rootkit.Kryptik.FW trojan in C:\Windows\System32\Drivers\dfsc.sys, which it is unable to clean. The computer was also significantly slowed down at first, especially when firefox was used, but after running a few scans (with NOD 32, CCleaner, Malwarebytes' Anti-Malware, ComboFix) these symptoms disappeared. Now the only visible signs of infection is NOD 32 notifying me about the dfsc.sys file.
    Help much appreciated!

    Below HJT/DDS/GMER logs.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:32:59, on 2011-12-05
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Multimedia Keyboard\KBDAP32A.EXE
    C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Users\Kerkuk\Desktop\rensning\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Multimedia Keyboard\KbdAp32A.exe
    O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {68459DB3-59C9-449D-815B-65F729385C16} (VoiceSecure Control) - http://www.voice4web.com/vs.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: AMService - Unknown owner - C:\Windows\TEMP\yojerf\setup.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    --
    End of file - 6771 bytes


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by Kerkuk at 11:36:11 on 2011-12-05
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.3067.2088 [GMT 1:00]
    .
    AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
    SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\LSI SoftModem\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Multimedia Keyboard\KBDAP32A.EXE
    C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.se/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    mRun: [LManager] c:\program files\launch manager\LManager.exe
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
    mRun: [FLMK08KB] c:\program files\multimedia keyboard\KbdAp32A.exe
    mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xportera till Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {68459DB3-59C9-449D-815B-65F729385C16} - hxxp://www.voice4web.com/vs.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{DBD681D4-B463-40F5-8120-B57B82E40EE9} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{EA4D2A93-090C-4CFA-A6E9-0C6F575433DF} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{EA4D2A93-090C-4CFA-A6E9-0C6F575433DF}\24C4F4D41565943545 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{EA4D2A93-090C-4CFA-A6E9-0C6F575433DF}\3334F6D6 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{EA4D2A93-090C-4CFA-A6E9-0C6F575433DF}\35348475544454E4 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{EA4D2A93-090C-4CFA-A6E9-0C6F575433DF}\46C696E6B6F57657563747 : DhcpNameServer = 192.168.0.254
    TCP: Interfaces\{EA4D2A93-090C-4CFA-A6E9-0C6F575433DF}\7494741424954554 : DhcpNameServer = 192.168.1.254
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\kerkuk\appdata\roaming\mozilla\firefox\profiles\uur7f1ur.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.se
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\personal\bin\np_prsnl.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-6-30 172032]
    R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-9-29 735960]
    R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2010-2-16 727584]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-2 366152]
    R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-13 229888]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-2 22216]
    S2 AMService;AMService;c:\windows\temp\yojerf\setup.exe run --> c:\windows\temp\yojerf\setup.exe run [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-9-29 95896]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 NETw5s32;Kortdrivrutin för Windows 7 32-bitars Intel(R) Wireless WiFi Link;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 TdsNordecr;Nordea NCR1 SmartCard Reader;c:\windows\system32\drivers\nordecr.sys [2010-7-29 24064]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-7 52224]
    S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-29 1343400]
    .
    =============== Created Last 30 ================
    .
    2011-12-02 16:41:01 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-12-02 16:32:16 -------- d-----w- c:\programdata\AppData
    2011-12-02 13:25:31 -------- d-----w- c:\users\kerkuk\appdata\roaming\Malwarebytes
    2011-12-02 13:25:26 -------- d-----w- c:\programdata\Malwarebytes
    2011-12-02 13:25:22 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-02 13:25:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-02 12:48:00 -------- d-----w- c:\users\kerkuk\appdata\local\temp
    2011-12-02 12:33:13 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
    2011-12-02 12:31:07 98816 ----a-w- c:\windows\sed.exe
    2011-12-02 12:31:07 518144 ----a-w- c:\windows\SWREG.exe
    2011-12-02 12:31:07 256000 ----a-w- c:\windows\PEV.exe
    2011-12-02 12:31:07 208896 ----a-w- c:\windows\MBR.exe
    2011-12-02 12:17:34 -------- d-----w- c:\program files\CCleaner
    2011-12-02 09:27:43 -------- d-----w- c:\programdata\PC Tools
    2011-11-30 07:40:18 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7d87f28d-9f61-4007-9d51-6dc5d7d8baee}\mpengine.dll
    2011-11-09 13:49:42 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 13:49:41 708608 ----a-w- c:\program files\common files\system\wab32.dll
    2011-11-09 13:49:40 2341888 ----a-w- c:\windows\system32\win32k.sys
    .
    ==================== Find3M ====================
    .
    2011-11-14 07:52:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 11:37:06,05 ===============


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-05 12:04:36
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.0303
    Running: 28d38fnm.exe; Driver: C:\Users\Kerkuk\AppData\Local\Temp\kwlyafod.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKey + 13D1 83048349 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83081D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    ? System32\Drivers\spjv.sys Det går inte att hitta sökvägen. !
    .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9123D000, 0x2D0F70, 0xE8000020]
    .text USBPORT.SYS!DllUnload 911A7DB9 5 Bytes JMP 877151D8
    ? C:\Users\Kerkuk\AppData\Local\Temp\mbr.sys Det går inte att hitta filen. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1728] kernel32.dll!SetUnhandledExceptionFilter 768CF4FB 4 Bytes [C2, 04, 00, 00]

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 866391F8

    AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

    Device \FileSystem\fastfat \FatCdrom 8770F1F8

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernellägesdrivrutin för Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernellägesdrivrutin för Framework Runtime/Microsoft Corporation)

    Device \Driver\volmgr \Device\VolMgrControl 8597B1F8
    Device \Driver\usbuhci \Device\USBPDO-0 877141F8
    Device \Driver\usbuhci \Device\USBPDO-1 877141F8
    Device \Driver\usbehci \Device\USBPDO-2 866B4500
    Device \Driver\usbuhci \Device\USBPDO-3 877141F8
    Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
    Device \Driver\usbuhci \Device\USBPDO-4 877141F8
    Device \Driver\usbuhci \Device\USBPDO-5 877141F8
    Device \Driver\usbuhci \Device\USBPDO-6 877141F8
    Device \Driver\volmgr \Device\HarddiskVolume1 8597B1F8

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

    Device \Driver\usbehci \Device\USBPDO-7 866B4500
    Device \Driver\volmgr \Device\HarddiskVolume2 8597B1F8

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

    Device \Driver\cdrom \Device\CdRom0 875A71F8
    Device \Driver\volmgr \Device\HarddiskVolume3 8597B1F8

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

    Device \Driver\iaStor \Device\Ide\iaStor0 [8B76C360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8B76C360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8B76C360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\NetBT \Device\NetBt_Wins_Export 875B4438
    Device \Driver\usbuhci \Device\USBFDO-0 877141F8
    Device \Driver\usbuhci \Device\USBFDO-1 877141F8
    Device \Driver\usbehci \Device\USBFDO-2 866B4500
    Device \Driver\NetBT \Device\NetBT_Tcpip_{DBD681D4-B463-40F5-8120-B57B82E40EE9} 875B4438
    Device \Driver\usbuhci \Device\USBFDO-3 877141F8
    Device \Driver\usbuhci \Device\USBFDO-4 877141F8
    Device \Driver\usbuhci \Device\USBFDO-5 877141F8
    Device \Driver\usbuhci \Device\USBFDO-6 877141F8
    Device \Driver\usbehci \Device\USBFDO-7 866B4500
    Device \FileSystem\fastfat \Fat 8770F1F8

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Filterhanteraren för Microsofts filsystem/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat eamon.sys (Amon monitor/ESET)

    Device \Driver\00000810 \GLOBAL??\c0e426aa 876D9880

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x36 0xC6 0x00 0xE7 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xF8 0x06 0xA2 0xC9 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x43 0x61 0xAB 0xB9 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0x36 0xC6 0x00 0xE7 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xF8 0x06 0xA2 0xC9 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x43 0x61 0xAB 0xB9 ...

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
    Hi,

    If help still needed post fresh dds logs, please.
     
  3. E612

    E612 Thread Starter

    Joined:
    Dec 5, 2011
    Messages:
    17
    Yes, I do still need help, thanks. These are new dds logs:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by Kerkuk at 11:36:11 on 2011-12-05
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.3067.2088 [GMT 1:00]
    .
    AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
    SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\LSI SoftModem\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Multimedia Keyboard\KBDAP32A.EXE
    C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.se/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    mRun: [LManager] c:\program files\launch manager\LManager.exe
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
    mRun: [FLMK08KB] c:\program files\multimedia keyboard\KbdAp32A.exe
    mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xportera till Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {68459DB3-59C9-449D-815B-65F729385C16} - hxxp://www.voice4web.com/vs.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{DBD681D4-B463-40F5-8120-B57B82E40EE9} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{EA4D2A93-090C-4CFA-A6E9-0C6F575433DF} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{EA4D2A93-090C-4CFA-A6E9-0C6F575433DF}\24C4F4D41565943545 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{EA4D2A93-090C-4CFA-A6E9-0C6F575433DF}\3334F6D6 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{EA4D2A93-090C-4CFA-A6E9-0C6F575433DF}\35348475544454E4 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{EA4D2A93-090C-4CFA-A6E9-0C6F575433DF}\46C696E6B6F57657563747 : DhcpNameServer = 192.168.0.254
    TCP: Interfaces\{EA4D2A93-090C-4CFA-A6E9-0C6F575433DF}\7494741424954554 : DhcpNameServer = 192.168.1.254
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\kerkuk\appdata\roaming\mozilla\firefox\profiles\uur7f1ur.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.se
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\personal\bin\np_prsnl.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-6-30 172032]
    R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-9-29 735960]
    R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2010-2-16 727584]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-2 366152]
    R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-13 229888]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-2 22216]
    S2 AMService;AMService;c:\windows\temp\yojerf\setup.exe run --> c:\windows\temp\yojerf\setup.exe run [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-9-29 95896]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 NETw5s32;Kortdrivrutin för Windows 7 32-bitars Intel(R) Wireless WiFi Link;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 TdsNordecr;Nordea NCR1 SmartCard Reader;c:\windows\system32\drivers\nordecr.sys [2010-7-29 24064]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-7 52224]
    S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-29 1343400]
    .
    =============== Created Last 30 ================
    .
    2011-12-02 16:41:01 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-12-02 16:32:16 -------- d-----w- c:\programdata\AppData
    2011-12-02 13:25:31 -------- d-----w- c:\users\kerkuk\appdata\roaming\Malwarebytes
    2011-12-02 13:25:26 -------- d-----w- c:\programdata\Malwarebytes
    2011-12-02 13:25:22 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-02 13:25:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-02 12:48:00 -------- d-----w- c:\users\kerkuk\appdata\local\temp
    2011-12-02 12:33:13 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
    2011-12-02 12:31:07 98816 ----a-w- c:\windows\sed.exe
    2011-12-02 12:31:07 518144 ----a-w- c:\windows\SWREG.exe
    2011-12-02 12:31:07 256000 ----a-w- c:\windows\PEV.exe
    2011-12-02 12:31:07 208896 ----a-w- c:\windows\MBR.exe
    2011-12-02 12:17:34 -------- d-----w- c:\program files\CCleaner
    2011-12-02 09:27:43 -------- d-----w- c:\programdata\PC Tools
    2011-11-30 07:40:18 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7d87f28d-9f61-4007-9d51-6dc5d7d8baee}\mpengine.dll
    2011-11-09 13:49:42 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 13:49:41 708608 ----a-w- c:\program files\common files\system\wab32.dll
    2011-11-09 13:49:40 2341888 ----a-w- c:\windows\system32\win32k.sys
    .
    ==================== Find3M ====================
    .
    2011-11-14 07:52:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 11:37:06,05 ===============
     

    Attached Files:

  4. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
    Hi,

    uTorrent

    Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.


    It seems you've run ComboFix there which is not recommended without proper guidance. Look for c:\ComboFix.txt file and post back its contents.
     
  5. E612

    E612 Thread Starter

    Joined:
    Dec 5, 2011
    Messages:
    17
    uTorrent is uninstalled and these are contents of ComboFix.txt:

    ComboFix 11-12-02.01 - Kerkuk 2011-12-02 17:34:27.2.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.3067.1967 [GMT 1:00]
    Körs från: c:\users\Kerkuk\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
    SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((( Filer skapade från 2011-11-02 till 2011-12-02 ))))))))))))))))))))))))))))))
    .
    .
    2011-12-02 16:39 . 2011-12-02 16:39 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-12-02 13:25 . 2011-12-02 13:25 -------- d-----w- c:\users\Kerkuk\AppData\Roaming\Malwarebytes
    2011-12-02 13:25 . 2011-12-02 13:25 -------- d-----w- c:\programdata\Malwarebytes
    2011-12-02 13:25 . 2011-12-02 13:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-02 13:25 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-02 12:48 . 2011-12-02 16:39 -------- d-----w- c:\users\Kerkuk\AppData\Local\temp
    2011-12-02 12:33 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
    2011-12-02 12:17 . 2011-12-02 12:17 -------- d-----w- c:\program files\CCleaner
    2011-12-02 09:27 . 2011-12-02 13:14 -------- d-----w- c:\programdata\PC Tools
    2011-11-30 07:40 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7D87F28D-9F61-4007-9D51-6DC5D7D8BAEE}\mpengine.dll
    2011-11-09 13:49 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 13:49 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-09 13:49 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-14 07:52 . 2011-05-17 15:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    2011-11-11 10:32 . 2011-05-01 09:31 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    (((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Not* tomma poster & legitima standardposter visas inte.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-27 1194504]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-30 98304]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-06 7600672]
    "FLMK08KB"="c:\program files\Multimedia Keyboard\KbdAp32A.exe" [2009-12-03 380928]
    "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-07-20 703008]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-18 1537320]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Maintenance^Startup^Personal.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Maintenance\Startup\Personal.lnk
    backup=c:\windows\pss\Personal.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Kerkuk^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Skärmurklipp och start för OneNote 2007.lnk]
    path=c:\users\Kerkuk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skärmurklipp och start för OneNote 2007.lnk
    backup=c:\windows\pss\Skärmurklipp och start för OneNote 2007.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    2006-09-11 10:56 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2010-04-06 00:27 26102056 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    R2 AMService;AMService;c:\windows\TEMP\yojerf\setup.exe run [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-29 95896]
    R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
    R3 NETw5s32;Kortdrivrutin för Windows 7 32-bitars Intel(R) Wireless WiFi Link;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-08-03 3591496]
    R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TdsNordecr;Nordea NCR1 SmartCard Reader;c:\windows\system32\DRIVERS\nordecr.sys [2007-10-30 24064]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-29 1343400]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-27 691696]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-10 218688]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-29 108792]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-30 172032]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-29 735960]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-07-20 727584]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
    S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
    .
    .
    .
    ------- Extra genomsökning -------
    .
    uStart Page = hxxp://www.google.se/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Kerkuk\AppData\Roaming\Mozilla\Firefox\Profiles\uur7f1ur.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.se
    .
    .
    ------- Filassociationer -------
    .
    .scr=REG_SZ
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LÅSTA REGISTERNYCKLAR ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLL'er som "laddats" under processer som körs ---------------------
    .
    - - - - - - - > 'Explorer.exe'(3244)
    c:\program files\Acer\Acer ePower Management\SysHook.dll
    .
    Sluttid: 2011-12-02 17:41:50
    ComboFix-quarantined-files.txt 2011-12-02 16:41
    ComboFix2.txt 2011-12-02 12:54
    .
    Före genomsökningen: 170 104 598 528 byte ledigt
    Efter genomsökningen: 170 047 795 200 byte ledigt
    .
    - - End Of File - - 05B6FF820C9D3484AC70786C0F82280C
     
  6. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
    Hi,

    Seems that ComboFix was run once before that. Please post contents of ComboFix2.txt file that should be in c:\combofix or c:\qoobox folder.
     
  7. E612

    E612 Thread Starter

    Joined:
    Dec 5, 2011
    Messages:
    17
    ComboFix2:

    ComboFix 11-12-02.01 - Kerkuk 2011-12-02 13:36:52.1.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.3067.2202 [GMT 1:00]
    Körs från: c:\users\Kerkuk\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
    SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Skapade en ny återställningspunkt
    * Resident AV är aktivt
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\$NtUninstallKB58958$\3220203580
    c:\windows\$NtUninstallKB58958$\3236177578\@
    c:\windows\$NtUninstallKB58958$\3236177578\bckfg.tmp
    c:\windows\$NtUninstallKB58958$\3236177578\cfg.ini
    c:\windows\$NtUninstallKB58958$\3236177578\Desktop.ini
    c:\windows\$NtUninstallKB58958$\3236177578\kwrd.dll
    c:\windows\$NtUninstallKB58958$\3236177578\L\xadqgnnk
    c:\windows\$NtUninstallKB58958$\3236177578\U\00000001.$
    c:\windows\$NtUninstallKB58958$\3236177578\U\[email protected]
    c:\windows\$NtUninstallKB58958$\3236177578\U\00000002.$
    c:\windows\$NtUninstallKB58958$\3236177578\U\[email protected]
    c:\windows\$NtUninstallKB58958$\3236177578\U\[email protected]
    c:\windows\$NtUninstallKB58958$\3236177578\U\[email protected]
    c:\windows\$NtUninstallKB58958$\3236177578\U\[email protected]
    c:\windows\$NtUninstallKB58958$\3236177578\U\80000032.$
    c:\windows\$NtUninstallKB58958$\3236177578\U\[email protected]
    c:\windows\$NtUninstallKB58958$ . . . . misslyckades radera
    .
    .
    (((((((((((((((((((((((( Filer skapade från 2011-11-02 till 2011-12-02 ))))))))))))))))))))))))))))))
    .
    .
    2011-12-02 12:17 . 2011-12-02 12:17 -------- d-----w- c:\program files\CCleaner
    2011-12-02 09:29 . 2010-07-16 13:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
    2011-12-02 09:29 . 2010-07-16 13:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
    2011-12-02 09:29 . 2011-01-17 08:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2011-12-02 09:29 . 2010-12-16 07:38 103232 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
    2011-12-02 09:29 . 2010-12-10 15:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2011-12-02 09:29 . 2010-12-10 12:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2011-12-02 09:29 . 2010-12-16 07:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2011-12-02 09:29 . 2011-12-02 09:38 -------- d-----w- c:\program files\PC Tools Security
    2011-12-02 09:29 . 2011-12-02 09:31 -------- d-----w- c:\program files\Common Files\PC Tools
    2011-12-02 09:29 . 2011-12-02 09:29 -------- d-----w- c:\users\Kerkuk\AppData\Roaming\PC Tools
    2011-12-02 09:27 . 2011-12-02 09:29 -------- d-----w- c:\programdata\PC Tools
    2011-11-30 07:40 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7D87F28D-9F61-4007-9D51-6DC5D7D8BAEE}\mpengine.dll
    2011-11-09 13:49 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 13:49 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-09 13:49 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-14 07:52 . 2011-05-17 15:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    2011-11-11 10:32 . 2011-05-01 09:31 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    (((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Not* tomma poster & legitima standardposter visas inte.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-27 1194504]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-30 98304]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-06 7600672]
    "FLMK08KB"="c:\program files\Multimedia Keyboard\KbdAp32A.exe" [2009-12-03 380928]
    "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-07-20 703008]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-18 1537320]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Maintenance^Startup^Personal.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Maintenance\Startup\Personal.lnk
    backup=c:\windows\pss\Personal.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Kerkuk^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Skärmurklipp och start för OneNote 2007.lnk]
    path=c:\users\Kerkuk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skärmurklipp och start för OneNote 2007.lnk
    backup=c:\windows\pss\Skärmurklipp och start för OneNote 2007.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    2006-09-11 10:56 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2010-04-06 00:27 26102056 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    R2 AMService;AMService;c:\windows\TEMP\yojerf\setup.exe run [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-29 95896]
    R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
    R3 NETw5s32;Kortdrivrutin för Windows 7 32-bitars Intel(R) Wireless WiFi Link;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-08-03 3591496]
    R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
    R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TdsNordecr;Nordea NCR1 SmartCard Reader;c:\windows\system32\DRIVERS\nordecr.sys [2007-10-30 24064]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-29 1343400]
    S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-12-10 239168]
    S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
    S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-27 691696]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-10 218688]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-29 108792]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-30 172032]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-29 735960]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-07-20 727584]
    S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
    .
    .
    Innehåll i mappen 'Schemalagda aktiviteter':
    .
    .
    ------- Extra genomsökning -------
    .
    uStart Page = hxxp://www.google.se/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    TCP: DhcpNameServer = 195.54.122.198 195.54.122.199
    FF - ProfilePath - c:\users\Kerkuk\AppData\Roaming\Mozilla\Firefox\Profiles\uur7f1ur.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.se
    .
    - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
    .
    MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
    MSConfigStartUp-PoivY - c:\program files\PoivY.com\PoivY\PoivY.exe
    AddRemove-LSI Soft Modem - c:\windows\agrsmdel
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LÅSTA REGISTERNYCKLAR ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Andra processer som körs ------------------------
    .
    c:\windows\system32\atieclxx.exe
    c:\windows\system32\taskhost.exe
    c:\program files\LSI SoftModem\agrsmsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\conhost.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Synaptics\SynTP\SynTPHelper.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\sppsvc.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Sluttid: 2011-12-02 13:54:33 - datorn startades om.
    ComboFix-quarantined-files.txt 2011-12-02 12:54
    .
    Före genomsökningen: 172 996 468 736 byte ledigt
    Efter genomsökningen: 172 881 428 480 byte ledigt
    .
    - - End Of File - - 449192145F2EFF48A640D9AD28884176
     
  8. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
    Hi,

    1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
    2. Execute the file TDSSKiller.exe.
    3. Click Start Scan. If threats are found, select skip and click Continue (tool may prompt for a reboot).
    4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
     
  9. E612

    E612 Thread Starter

    Joined:
    Dec 5, 2011
    Messages:
    17
    TDSSKiller log:

    20:29:46.0021 3072 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
    20:29:46.0149 3072 ============================================================
    20:29:46.0149 3072 Current date / time: 2011/12/12 20:29:46.0149
    20:29:46.0149 3072 SystemInfo:
    20:29:46.0149 3072
    20:29:46.0149 3072 OS Version: 6.1.7601 ServicePack: 1.0
    20:29:46.0149 3072 Product type: Workstation
    20:29:46.0149 3072 ComputerName: ASPIRE7735G
    20:29:46.0149 3072 UserName: Kerkuk
    20:29:46.0149 3072 Windows directory: C:\Windows
    20:29:46.0149 3072 System windows directory: C:\Windows
    20:29:46.0149 3072 Processor architecture: Intel x86
    20:29:46.0149 3072 Number of processors: 2
    20:29:46.0150 3072 Page size: 0x1000
    20:29:46.0150 3072 Boot type: Normal boot
    20:29:46.0150 3072 ============================================================
    20:29:46.0826 3072 Initialize success
    20:29:56.0974 0760 ============================================================
    20:29:56.0974 0760 Scan started
    20:29:56.0974 0760 Mode: Manual;
    20:29:56.0974 0760 ============================================================
    20:29:59.0226 0760 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
    20:29:59.0266 0760 1394ohci - ok
    20:29:59.0311 0760 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
    20:29:59.0316 0760 ACPI - ok
    20:29:59.0356 0760 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
    20:29:59.0375 0760 AcpiPmi - ok
    20:29:59.0431 0760 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    20:29:59.0487 0760 adp94xx - ok
    20:29:59.0536 0760 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    20:29:59.0575 0760 adpahci - ok
    20:29:59.0597 0760 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    20:29:59.0618 0760 adpu320 - ok
    20:29:59.0693 0760 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
    20:29:59.0715 0760 AFD - ok
    20:29:59.0793 0760 AgereSoftModem (faa5a0b80e011464c7654851ce3d7fe7) C:\Windows\system32\DRIVERS\AGRSM.sys
    20:29:59.0819 0760 AgereSoftModem - ok
    20:29:59.0861 0760 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
    20:29:59.0880 0760 agp440 - ok
    20:29:59.0930 0760 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    20:29:59.0950 0760 aic78xx - ok
    20:30:00.0006 0760 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
    20:30:00.0026 0760 aliide - ok
    20:30:00.0061 0760 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
    20:30:00.0081 0760 amdagp - ok
    20:30:00.0101 0760 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
    20:30:00.0120 0760 amdide - ok
    20:30:00.0168 0760 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    20:30:00.0188 0760 AmdK8 - ok
    20:30:00.0198 0760 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    20:30:00.0235 0760 AmdPPM - ok
    20:30:00.0282 0760 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
    20:30:00.0302 0760 amdsata - ok
    20:30:00.0324 0760 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    20:30:00.0357 0760 amdsbs - ok
    20:30:00.0392 0760 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
    20:30:00.0411 0760 amdxata - ok
    20:30:00.0454 0760 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
    20:30:00.0492 0760 AppID - ok
    20:30:00.0623 0760 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    20:30:00.0656 0760 arc - ok
    20:30:00.0694 0760 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    20:30:00.0728 0760 arcsas - ok
    20:30:00.0768 0760 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    20:30:00.0803 0760 AsyncMac - ok
    20:30:00.0862 0760 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
    20:30:00.0883 0760 atapi - ok
    20:30:01.0103 0760 atikmdag (21abd2d22c6cd33fdabfb937e6a97830) C:\Windows\system32\DRIVERS\atikmdag.sys
    20:30:01.0162 0760 atikmdag - ok
    20:30:01.0219 0760 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    20:30:01.0227 0760 b06bdrv - ok
    20:30:01.0268 0760 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    20:30:01.0313 0760 b57nd60x - ok
    20:30:01.0385 0760 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    20:30:01.0410 0760 Beep - ok
    20:30:01.0433 0760 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    20:30:01.0452 0760 blbdrive - ok
    20:30:01.0585 0760 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
    20:30:01.0604 0760 bowser - ok
    20:30:01.0635 0760 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    20:30:01.0637 0760 BrFiltLo - ok
    20:30:01.0655 0760 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    20:30:01.0658 0760 BrFiltUp - ok
    20:30:01.0690 0760 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    20:30:01.0699 0760 Brserid - ok
    20:30:01.0726 0760 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    20:30:01.0728 0760 BrSerWdm - ok
    20:30:01.0755 0760 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    20:30:01.0757 0760 BrUsbMdm - ok
    20:30:01.0777 0760 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    20:30:01.0779 0760 BrUsbSer - ok
    20:30:01.0795 0760 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    20:30:01.0829 0760 BTHMODEM - ok
    20:30:01.0936 0760 catchme - ok
    20:30:02.0017 0760 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    20:30:02.0062 0760 cdfs - ok
    20:30:02.0124 0760 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
    20:30:02.0160 0760 cdrom - ok
    20:30:02.0216 0760 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    20:30:02.0219 0760 circlass - ok
    20:30:02.0306 0760 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    20:30:02.0317 0760 CLFS - ok
    20:30:02.0510 0760 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    20:30:02.0523 0760 CmBatt - ok
    20:30:02.0593 0760 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
    20:30:02.0649 0760 cmdide - ok
    20:30:02.0679 0760 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    20:30:02.0688 0760 CNG - ok
    20:30:02.0731 0760 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    20:30:02.0758 0760 Compbatt - ok
    20:30:02.0804 0760 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
    20:30:02.0804 0760 CompositeBus - ok
    20:30:02.0851 0760 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    20:30:02.0882 0760 crcdisk - ok
    20:30:02.0960 0760 DfsC (dd067001fce2acd8332ed41cbaa8c52d) C:\Windows\system32\Drivers\dfsc.sys
    20:30:02.0991 0760 DfsC ( Rootkit.Win32.ZAccess.k ) - infected
    20:30:02.0991 0760 DfsC - detected Rootkit.Win32.ZAccess.k (0)
    20:30:03.0023 0760 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    20:30:03.0054 0760 discache - ok
    20:30:03.0116 0760 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    20:30:03.0147 0760 Disk - ok
    20:30:03.0194 0760 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
    20:30:03.0210 0760 DKbFltr - ok
    20:30:03.0257 0760 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    20:30:03.0272 0760 drmkaud - ok
    20:30:03.0335 0760 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
    20:30:03.0475 0760 DXGKrnl - ok
    20:30:03.0584 0760 eamon (1b5ca1caffc594bd37dcc8d7ef849e0b) C:\Windows\system32\DRIVERS\eamon.sys
    20:30:03.0584 0760 eamon - ok
    20:30:03.0693 0760 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    20:30:03.0803 0760 ebdrv - ok
    20:30:03.0849 0760 ehdrv (a4241545ecff3ee97041847d83936e1f) C:\Windows\system32\DRIVERS\ehdrv.sys
    20:30:03.0881 0760 ehdrv - ok
    20:30:04.0099 0760 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    20:30:04.0177 0760 elxstor - ok
    20:30:04.0239 0760 epfwwfpr (c7d800414eb8b87e835b5b236b118461) C:\Windows\system32\DRIVERS\epfwwfpr.sys
    20:30:04.0255 0760 epfwwfpr - ok
    20:30:04.0427 0760 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
    20:30:04.0458 0760 ErrDev - ok
    20:30:04.0489 0760 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    20:30:04.0536 0760 exfat - ok
    20:30:04.0567 0760 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    20:30:04.0614 0760 fastfat - ok
    20:30:04.0645 0760 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    20:30:04.0692 0760 fdc - ok
    20:30:04.0707 0760 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    20:30:04.0770 0760 FileInfo - ok
    20:30:04.0770 0760 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    20:30:04.0801 0760 Filetrace - ok
    20:30:04.0801 0760 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    20:30:04.0832 0760 flpydisk - ok
    20:30:04.0863 0760 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    20:30:04.0895 0760 FltMgr - ok
    20:30:04.0910 0760 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    20:30:04.0926 0760 FsDepends - ok
    20:30:04.0941 0760 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    20:30:04.0957 0760 Fs_Rec - ok
    20:30:05.0019 0760 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
    20:30:05.0066 0760 fvevol - ok
    20:30:05.0097 0760 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    20:30:05.0129 0760 gagp30kx - ok
    20:30:05.0191 0760 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    20:30:05.0191 0760 GEARAspiWDM - ok
    20:30:05.0207 0760 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    20:30:05.0238 0760 hcw85cir - ok
    20:30:05.0300 0760 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
    20:30:05.0347 0760 HdAudAddService - ok
    20:30:05.0409 0760 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
    20:30:05.0409 0760 HDAudBus - ok
    20:30:05.0441 0760 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    20:30:05.0472 0760 HidBatt - ok
    20:30:05.0487 0760 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    20:30:05.0503 0760 HidBth - ok
    20:30:05.0550 0760 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    20:30:05.0581 0760 HidIr - ok
    20:30:05.0612 0760 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
    20:30:05.0628 0760 HidUsb - ok
    20:30:05.0706 0760 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
    20:30:05.0753 0760 HpSAMD - ok
    20:30:05.0815 0760 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
    20:30:05.0846 0760 HTTP - ok
    20:30:05.0893 0760 hwdatacard - ok
    20:30:05.0924 0760 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
    20:30:05.0940 0760 hwpolicy - ok
    20:30:05.0971 0760 hwusbdev - ok
    20:30:06.0018 0760 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
    20:30:06.0049 0760 i8042prt - ok
    20:30:06.0080 0760 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
    20:30:06.0080 0760 iaStor - ok
    20:30:06.0127 0760 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
    20:30:06.0143 0760 iaStorV - ok
    20:30:06.0189 0760 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    20:30:06.0221 0760 iirsp - ok
    20:30:06.0392 0760 IntcAzAudAddService (f2baa4ff548f7f0317f7638951c1cd9c) C:\Windows\system32\drivers\RTKVHDA.sys
    20:30:06.0408 0760 IntcAzAudAddService - ok
    20:30:06.0455 0760 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
    20:30:06.0470 0760 intelide - ok
    20:30:06.0517 0760 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    20:30:06.0533 0760 intelppm - ok
    20:30:06.0548 0760 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    20:30:06.0579 0760 IpFilterDriver - ok
    20:30:06.0611 0760 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
    20:30:06.0642 0760 IPMIDRV - ok
    20:30:06.0657 0760 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    20:30:06.0704 0760 IPNAT - ok
    20:30:06.0735 0760 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    20:30:06.0751 0760 IRENUM - ok
    20:30:06.0782 0760 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
    20:30:06.0829 0760 isapnp - ok
    20:30:06.0860 0760 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
    20:30:06.0891 0760 iScsiPrt - ok
    20:30:06.0923 0760 k57nd60x (c4c95805b85bce1eb9d20f4a02fc5f9b) C:\Windows\system32\DRIVERS\k57nd60x.sys
    20:30:06.0969 0760 k57nd60x - ok
    20:30:07.0032 0760 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
    20:30:07.0063 0760 kbdclass - ok
    20:30:07.0094 0760 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
    20:30:07.0125 0760 kbdhid - ok
    20:30:07.0172 0760 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
    20:30:07.0172 0760 KSecDD - ok
    20:30:07.0203 0760 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
    20:30:07.0250 0760 KSecPkg - ok
    20:30:07.0297 0760 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    20:30:07.0328 0760 lltdio - ok
    20:30:07.0359 0760 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    20:30:07.0391 0760 LSI_FC - ok
    20:30:07.0406 0760 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    20:30:07.0437 0760 LSI_SAS - ok
    20:30:07.0469 0760 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    20:30:07.0515 0760 LSI_SAS2 - ok
    20:30:07.0547 0760 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    20:30:07.0578 0760 LSI_SCSI - ok
    20:30:07.0609 0760 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    20:30:07.0640 0760 luafv - ok
    20:30:07.0765 0760 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
    20:30:07.0765 0760 MBAMProtector - ok
    20:30:07.0827 0760 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    20:30:07.0859 0760 megasas - ok
    20:30:07.0905 0760 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    20:30:07.0952 0760 MegaSR - ok
    20:30:08.0030 0760 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    20:30:08.0077 0760 Modem - ok
    20:30:08.0093 0760 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    20:30:08.0139 0760 monitor - ok
    20:30:08.0186 0760 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
    20:30:08.0217 0760 mouclass - ok
    20:30:08.0264 0760 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    20:30:08.0295 0760 mouhid - ok
    20:30:08.0358 0760 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
    20:30:08.0373 0760 mountmgr - ok
    20:30:08.0420 0760 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
    20:30:08.0467 0760 mpio - ok
    20:30:08.0483 0760 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    20:30:08.0514 0760 mpsdrv - ok
    20:30:08.0545 0760 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
    20:30:08.0576 0760 MRxDAV - ok
    20:30:08.0639 0760 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
    20:30:08.0654 0760 mrxsmb - ok
    20:30:08.0701 0760 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    20:30:08.0717 0760 mrxsmb10 - ok
    20:30:08.0732 0760 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    20:30:08.0763 0760 mrxsmb20 - ok
    20:30:08.0795 0760 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
    20:30:08.0826 0760 msahci - ok
    20:30:08.0857 0760 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
    20:30:08.0873 0760 msdsm - ok
    20:30:08.0919 0760 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    20:30:08.0951 0760 Msfs - ok
    20:30:08.0951 0760 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    20:30:08.0982 0760 mshidkmdf - ok
    20:30:08.0997 0760 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
    20:30:09.0029 0760 msisadrv - ok
    20:30:09.0138 0760 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    20:30:09.0138 0760 MSKSSRV - ok
    20:30:09.0247 0760 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    20:30:09.0278 0760 MSPCLOCK - ok
    20:30:09.0294 0760 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    20:30:09.0294 0760 MSPQM - ok
    20:30:09.0325 0760 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    20:30:09.0325 0760 MsRPC - ok
    20:30:09.0372 0760 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
    20:30:09.0403 0760 mssmbios - ok
    20:30:09.0465 0760 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    20:30:09.0481 0760 MSTEE - ok
    20:30:09.0497 0760 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    20:30:09.0512 0760 MTConfig - ok
    20:30:09.0528 0760 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    20:30:09.0528 0760 Mup - ok
    20:30:09.0575 0760 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    20:30:09.0621 0760 NativeWifiP - ok
    20:30:09.0668 0760 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
    20:30:09.0731 0760 NDIS - ok
    20:30:09.0762 0760 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    20:30:09.0777 0760 NdisCap - ok
    20:30:09.0809 0760 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    20:30:09.0809 0760 NdisTapi - ok
    20:30:09.0871 0760 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
    20:30:09.0887 0760 Ndisuio - ok
    20:30:09.0933 0760 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
    20:30:09.0965 0760 NdisWan - ok
    20:30:09.0996 0760 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
    20:30:10.0043 0760 NDProxy - ok
    20:30:10.0105 0760 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    20:30:10.0167 0760 NetBIOS - ok
    20:30:10.0199 0760 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
    20:30:10.0214 0760 NetBT - ok
    20:30:10.0495 0760 NETw5s32 (ef51b405ad8acaae6f0231290d20f516) C:\Windows\system32\DRIVERS\NETw5s32.sys
    20:30:10.0542 0760 NETw5s32 - ok
    20:30:10.0682 0760 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
    20:30:10.0823 0760 netw5v32 - ok
    20:30:10.0901 0760 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    20:30:10.0947 0760 nfrd960 - ok
    20:30:10.0963 0760 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    20:30:10.0994 0760 Npfs - ok
    20:30:11.0135 0760 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    20:30:11.0166 0760 nsiproxy - ok
    20:30:11.0228 0760 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
    20:30:11.0275 0760 Ntfs - ok
    20:30:11.0291 0760 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    20:30:11.0306 0760 Null - ok
    20:30:11.0353 0760 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
    20:30:11.0384 0760 nvraid - ok
    20:30:11.0400 0760 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
    20:30:11.0431 0760 nvstor - ok
    20:30:11.0478 0760 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
    20:30:11.0509 0760 nv_agp - ok
    20:30:11.0525 0760 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
    20:30:11.0525 0760 ohci1394 - ok
    20:30:11.0587 0760 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    20:30:11.0618 0760 Parport - ok
    20:30:11.0649 0760 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
    20:30:11.0665 0760 partmgr - ok
    20:30:11.0681 0760 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    20:30:11.0696 0760 Parvdm - ok
    20:30:11.0743 0760 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
    20:30:11.0743 0760 pci - ok
    20:30:11.0774 0760 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
    20:30:11.0805 0760 pciide - ok
    20:30:11.0821 0760 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    20:30:11.0852 0760 pcmcia - ok
    20:30:11.0883 0760 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    20:30:11.0915 0760 pcw - ok
    20:30:11.0930 0760 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    20:30:11.0946 0760 PEAUTH - ok
    20:30:12.0008 0760 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    20:30:12.0039 0760 PptpMiniport - ok
    20:30:12.0055 0760 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    20:30:12.0071 0760 Processor - ok
    20:30:12.0117 0760 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    20:30:12.0149 0760 Psched - ok
    20:30:12.0195 0760 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    20:30:12.0305 0760 ql2300 - ok
    20:30:12.0336 0760 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    20:30:12.0383 0760 ql40xx - ok
    20:30:12.0398 0760 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    20:30:12.0414 0760 QWAVEdrv - ok
    20:30:12.0445 0760 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    20:30:12.0461 0760 RasAcd - ok
    20:30:12.0492 0760 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    20:30:12.0507 0760 RasAgileVpn - ok
    20:30:12.0539 0760 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    20:30:12.0570 0760 Rasl2tp - ok
    20:30:12.0617 0760 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    20:30:12.0648 0760 RasPppoe - ok
    20:30:12.0663 0760 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    20:30:12.0679 0760 RasSstp - ok
    20:30:12.0710 0760 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
    20:30:12.0757 0760 rdbss - ok
    20:30:12.0773 0760 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    20:30:12.0788 0760 rdpbus - ok
    20:30:12.0819 0760 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
    20:30:12.0835 0760 RDPCDD - ok
    20:30:12.0882 0760 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    20:30:12.0913 0760 RDPENCDD - ok
    20:30:12.0944 0760 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    20:30:12.0960 0760 RDPREFMP - ok
    20:30:13.0007 0760 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
    20:30:13.0022 0760 RDPWD - ok
    20:30:13.0069 0760 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
    20:30:13.0100 0760 rdyboost - ok
    20:30:13.0163 0760 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    20:30:13.0194 0760 rspndr - ok
    20:30:13.0225 0760 RTHDMIAzAudService (87407b31ea6ff0dc4765258164b98bea) C:\Windows\system32\drivers\RtHDMIV.sys
    20:30:13.0225 0760 RTHDMIAzAudService - ok
    20:30:13.0287 0760 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
    20:30:13.0319 0760 sbp2port - ok
    20:30:13.0365 0760 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
    20:30:13.0365 0760 scfilter - ok
    20:30:13.0412 0760 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    20:30:13.0428 0760 secdrv - ok
    20:30:13.0475 0760 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    20:30:13.0490 0760 Serenum - ok
    20:30:13.0521 0760 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    20:30:13.0537 0760 Serial - ok
    20:30:13.0568 0760 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    20:30:13.0584 0760 sermouse - ok
    20:30:13.0631 0760 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
    20:30:13.0662 0760 sffdisk - ok
    20:30:13.0677 0760 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
    20:30:13.0709 0760 sffp_mmc - ok
    20:30:13.0724 0760 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
    20:30:13.0740 0760 sffp_sd - ok
    20:30:13.0771 0760 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    20:30:13.0787 0760 sfloppy - ok
    20:30:13.0833 0760 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
    20:30:13.0849 0760 sisagp - ok
    20:30:13.0880 0760 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    20:30:13.0927 0760 SiSRaid2 - ok
    20:30:13.0943 0760 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    20:30:13.0974 0760 SiSRaid4 - ok
    20:30:14.0021 0760 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    20:30:14.0036 0760 Smb - ok
    20:30:14.0067 0760 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    20:30:14.0067 0760 spldr - ok
    20:30:14.0161 0760 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
    20:30:14.0161 0760 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    20:30:14.0177 0760 sptd ( LockedFile.Multi.Generic ) - warning
    20:30:14.0177 0760 sptd - detected LockedFile.Multi.Generic (1)
    20:30:14.0317 0760 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
    20:30:14.0364 0760 srv - ok
    20:30:14.0473 0760 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
    20:30:14.0504 0760 srv2 - ok
    20:30:14.0520 0760 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
    20:30:14.0551 0760 srvnet - ok
    20:30:14.0645 0760 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    20:30:14.0676 0760 stexstor - ok
    20:30:14.0738 0760 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
    20:30:14.0738 0760 swenum - ok
    20:30:14.0863 0760 SynTP (47183e3520c88fadd5b0c87d57040da5) C:\Windows\system32\DRIVERS\SynTP.sys
    20:30:14.0894 0760 SynTP - ok
    20:30:14.0972 0760 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
    20:30:15.0019 0760 Tcpip - ok
    20:30:15.0066 0760 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
    20:30:15.0066 0760 TCPIP6 - ok
    20:30:15.0113 0760 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
    20:30:15.0159 0760 tcpipreg - ok
    20:30:15.0222 0760 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
    20:30:15.0253 0760 TDPIPE - ok
    20:30:15.0300 0760 TdsNordecr (bbe81dbd2f4a095c16e2927da7eb0d1b) C:\Windows\system32\DRIVERS\nordecr.sys
    20:30:15.0315 0760 TdsNordecr - ok
    20:30:15.0347 0760 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
    20:30:15.0378 0760 TDTCP - ok
    20:30:15.0425 0760 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
    20:30:15.0456 0760 tdx - ok
    20:30:15.0487 0760 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
    20:30:15.0503 0760 TermDD - ok
    20:30:15.0612 0760 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
    20:30:15.0690 0760 tssecsrv - ok
    20:30:15.0737 0760 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
    20:30:15.0768 0760 TsUsbFlt - ok
    20:30:15.0815 0760 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
    20:30:15.0830 0760 tunnel - ok
    20:30:15.0861 0760 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    20:30:15.0877 0760 uagp35 - ok
    20:30:15.0924 0760 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
    20:30:15.0955 0760 udfs - ok
    20:30:16.0002 0760 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
    20:30:16.0033 0760 uliagpkx - ok
    20:30:16.0080 0760 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
    20:30:16.0111 0760 umbus - ok
    20:30:16.0158 0760 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    20:30:16.0189 0760 UmPass - ok
    20:30:16.0220 0760 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
    20:30:16.0236 0760 usbccgp - ok
    20:30:16.0283 0760 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
    20:30:16.0314 0760 usbcir - ok
    20:30:16.0329 0760 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
    20:30:16.0329 0760 usbehci - ok
    20:30:16.0361 0760 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
    20:30:16.0361 0760 usbhub - ok
    20:30:16.0376 0760 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
    20:30:16.0407 0760 usbohci - ok
    20:30:16.0439 0760 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    20:30:16.0470 0760 usbprint - ok
    20:30:16.0517 0760 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
    20:30:16.0548 0760 usbscan - ok
    20:30:16.0579 0760 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
    20:30:16.0610 0760 USBSTOR - ok
    20:30:16.0641 0760 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    20:30:16.0657 0760 usbuhci - ok
    20:30:16.0704 0760 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
    20:30:16.0704 0760 usbvideo - ok
    20:30:16.0766 0760 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
    20:30:16.0813 0760 vdrvroot - ok
    20:30:16.0860 0760 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    20:30:16.0891 0760 vga - ok
    20:30:16.0922 0760 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    20:30:16.0953 0760 VgaSave - ok
    20:30:17.0000 0760 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
    20:30:17.0031 0760 vhdmp - ok
    20:30:17.0078 0760 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
    20:30:17.0109 0760 viaagp - ok
    20:30:17.0141 0760 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    20:30:17.0156 0760 ViaC7 - ok
    20:30:17.0187 0760 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
    20:30:17.0234 0760 viaide - ok
    20:30:17.0265 0760 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
    20:30:17.0312 0760 volmgr - ok
    20:30:17.0328 0760 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    20:30:17.0375 0760 volmgrx - ok
    20:30:17.0421 0760 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
    20:30:17.0484 0760 volsnap - ok
    20:30:17.0515 0760 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    20:30:17.0531 0760 vsmraid - ok
    20:30:17.0546 0760 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    20:30:17.0562 0760 vwifibus - ok
    20:30:17.0609 0760 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
    20:30:17.0640 0760 vwififlt - ok
    20:30:17.0671 0760 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    20:30:17.0687 0760 WacomPen - ok
    20:30:17.0733 0760 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    20:30:17.0749 0760 WANARP - ok
    20:30:17.0765 0760 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    20:30:17.0765 0760 Wanarpv6 - ok
    20:30:17.0827 0760 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    20:30:17.0843 0760 Wd - ok
    20:30:17.0874 0760 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    20:30:17.0921 0760 Wdf01000 - ok
    20:30:17.0983 0760 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    20:30:17.0999 0760 WfpLwf - ok
    20:30:18.0014 0760 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    20:30:18.0030 0760 WIMMount - ok
    20:30:18.0155 0760 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
    20:30:18.0186 0760 WmiAcpi - ok
    20:30:18.0233 0760 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    20:30:18.0248 0760 ws2ifsl - ok
    20:30:18.0326 0760 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
    20:30:18.0357 0760 WudfPf - ok
    20:30:18.0389 0760 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
    20:30:18.0404 0760 WUDFRd - ok
    20:30:18.0451 0760 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    20:30:18.0467 0760 \Device\Harddisk0\DR0 - ok
    20:30:18.0467 0760 Boot (0x1200) (7556b6f255d8f681a9cef09969bde8a2) \Device\Harddisk0\DR0\Partition0
    20:30:18.0467 0760 \Device\Harddisk0\DR0\Partition0 - ok
    20:30:18.0482 0760 Boot (0x1200) (19e90bda286f86fb29d8beaa786658b2) \Device\Harddisk0\DR0\Partition1
    20:30:18.0482 0760 \Device\Harddisk0\DR0\Partition1 - ok
    20:30:18.0482 0760 ============================================================
    20:30:18.0482 0760 Scan finished
    20:30:18.0482 0760 ============================================================
    20:30:18.0498 1388 Detected object count: 2
    20:30:18.0498 1388 Actual detected object count: 2
    20:30:49.0428 1388 DfsC ( Rootkit.Win32.ZAccess.k ) - skipped by user
    20:30:49.0428 1388 DfsC ( Rootkit.Win32.ZAccess.k ) - User select action: Skip
    20:30:49.0430 1388 sptd ( LockedFile.Multi.Generic ) - skipped by user
    20:30:49.0430 1388 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
    20:31:11.0526 3288 Deinitialize success
     
  10. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
    Good. Now let's run the tool again. This time select cure to dfsc.sys item. Reboot and run the scan again. Post back the log.
     
  11. E612

    E612 Thread Starter

    Joined:
    Dec 5, 2011
    Messages:
    17
    Done! Posting both logs.

    21:42:23.0950 3872 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
    21:42:24.0074 3872 ============================================================
    21:42:24.0074 3872 Current date / time: 2011/12/12 21:42:24.0074
    21:42:24.0074 3872 SystemInfo:
    21:42:24.0074 3872
    21:42:24.0074 3872 OS Version: 6.1.7601 ServicePack: 1.0
    21:42:24.0074 3872 Product type: Workstation
    21:42:24.0074 3872 ComputerName: ASPIRE7735G
    21:42:24.0074 3872 UserName: Kerkuk
    21:42:24.0074 3872 Windows directory: C:\Windows
    21:42:24.0074 3872 System windows directory: C:\Windows
    21:42:24.0074 3872 Processor architecture: Intel x86
    21:42:24.0074 3872 Number of processors: 2
    21:42:24.0074 3872 Page size: 0x1000
    21:42:24.0074 3872 Boot type: Normal boot
    21:42:24.0074 3872 ============================================================
    21:42:24.0854 3872 Initialize success
    21:42:26.0383 2560 ============================================================
    21:42:26.0383 2560 Scan started
    21:42:26.0383 2560 Mode: Manual;
    21:42:26.0383 2560 ============================================================
    21:42:27.0085 2560 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
    21:42:27.0101 2560 1394ohci - ok
    21:42:27.0148 2560 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
    21:42:27.0148 2560 ACPI - ok
    21:42:27.0194 2560 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
    21:42:27.0210 2560 AcpiPmi - ok
    21:42:27.0272 2560 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    21:42:27.0319 2560 adp94xx - ok
    21:42:27.0350 2560 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    21:42:27.0366 2560 adpahci - ok
    21:42:27.0382 2560 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    21:42:27.0413 2560 adpu320 - ok
    21:42:27.0491 2560 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
    21:42:27.0506 2560 AFD - ok
    21:42:27.0616 2560 AgereSoftModem (faa5a0b80e011464c7654851ce3d7fe7) C:\Windows\system32\DRIVERS\AGRSM.sys
    21:42:27.0647 2560 AgereSoftModem - ok
    21:42:27.0678 2560 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
    21:42:27.0709 2560 agp440 - ok
    21:42:27.0756 2560 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    21:42:27.0772 2560 aic78xx - ok
    21:42:27.0834 2560 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
    21:42:27.0850 2560 aliide - ok
    21:42:27.0896 2560 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
    21:42:27.0912 2560 amdagp - ok
    21:42:27.0974 2560 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
    21:42:28.0006 2560 amdide - ok
    21:42:28.0021 2560 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    21:42:28.0052 2560 AmdK8 - ok
    21:42:28.0130 2560 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    21:42:28.0177 2560 AmdPPM - ok
    21:42:28.0224 2560 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
    21:42:28.0255 2560 amdsata - ok
    21:42:28.0286 2560 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    21:42:28.0318 2560 amdsbs - ok
    21:42:28.0364 2560 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
    21:42:28.0380 2560 amdxata - ok
    21:42:28.0427 2560 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
    21:42:28.0474 2560 AppID - ok
    21:42:28.0598 2560 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    21:42:28.0630 2560 arc - ok
    21:42:28.0645 2560 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    21:42:28.0676 2560 arcsas - ok
    21:42:28.0708 2560 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    21:42:28.0708 2560 AsyncMac - ok
    21:42:28.0754 2560 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
    21:42:28.0786 2560 atapi - ok
    21:42:28.0973 2560 atikmdag (21abd2d22c6cd33fdabfb937e6a97830) C:\Windows\system32\DRIVERS\atikmdag.sys
    21:42:29.0035 2560 atikmdag - ok
    21:42:29.0082 2560 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    21:42:29.0098 2560 b06bdrv - ok
    21:42:29.0144 2560 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    21:42:29.0191 2560 b57nd60x - ok
    21:42:29.0222 2560 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    21:42:29.0238 2560 Beep - ok
    21:42:29.0254 2560 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    21:42:29.0269 2560 blbdrive - ok
    21:42:29.0394 2560 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
    21:42:29.0425 2560 bowser - ok
    21:42:29.0456 2560 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    21:42:29.0456 2560 BrFiltLo - ok
    21:42:29.0488 2560 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    21:42:29.0488 2560 BrFiltUp - ok
    21:42:29.0550 2560 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    21:42:29.0550 2560 Brserid - ok
    21:42:29.0597 2560 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    21:42:29.0597 2560 BrSerWdm - ok
    21:42:29.0628 2560 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    21:42:29.0644 2560 BrUsbMdm - ok
    21:42:29.0659 2560 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    21:42:29.0659 2560 BrUsbSer - ok
    21:42:29.0675 2560 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    21:42:29.0690 2560 BTHMODEM - ok
    21:42:29.0800 2560 catchme - ok
    21:42:29.0893 2560 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    21:42:29.0924 2560 cdfs - ok
    21:42:29.0971 2560 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
    21:42:30.0018 2560 cdrom - ok
    21:42:30.0080 2560 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    21:42:30.0080 2560 circlass - ok
    21:42:30.0112 2560 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    21:42:30.0112 2560 CLFS - ok
    21:42:30.0283 2560 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    21:42:30.0314 2560 CmBatt - ok
    21:42:30.0346 2560 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
    21:42:30.0361 2560 cmdide - ok
    21:42:30.0377 2560 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    21:42:30.0392 2560 CNG - ok
    21:42:30.0408 2560 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    21:42:30.0424 2560 Compbatt - ok
    21:42:30.0486 2560 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
    21:42:30.0486 2560 CompositeBus - ok
    21:42:30.0533 2560 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    21:42:30.0564 2560 crcdisk - ok
    21:42:30.0626 2560 DfsC (dd067001fce2acd8332ed41cbaa8c52d) C:\Windows\system32\Drivers\dfsc.sys
    21:42:30.0673 2560 DfsC ( Rootkit.Win32.ZAccess.k ) - infected
    21:42:30.0673 2560 DfsC - detected Rootkit.Win32.ZAccess.k (0)
    21:42:30.0704 2560 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    21:42:30.0736 2560 discache - ok
    21:42:30.0782 2560 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    21:42:30.0782 2560 Disk - ok
    21:42:30.0814 2560 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
    21:42:30.0845 2560 DKbFltr - ok
    21:42:30.0907 2560 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    21:42:30.0923 2560 drmkaud - ok
    21:42:30.0970 2560 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
    21:42:31.0094 2560 DXGKrnl - ok
    21:42:31.0204 2560 eamon (1b5ca1caffc594bd37dcc8d7ef849e0b) C:\Windows\system32\DRIVERS\eamon.sys
    21:42:31.0204 2560 eamon - ok
    21:42:31.0328 2560 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    21:42:31.0375 2560 ebdrv - ok
    21:42:31.0438 2560 ehdrv (a4241545ecff3ee97041847d83936e1f) C:\Windows\system32\DRIVERS\ehdrv.sys
    21:42:31.0469 2560 ehdrv - ok
    21:42:31.0625 2560 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    21:42:31.0687 2560 elxstor - ok
    21:42:31.0734 2560 epfwwfpr (c7d800414eb8b87e835b5b236b118461) C:\Windows\system32\DRIVERS\epfwwfpr.sys
    21:42:31.0734 2560 epfwwfpr - ok
    21:42:31.0859 2560 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
    21:42:31.0874 2560 ErrDev - ok
    21:42:31.0921 2560 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    21:42:31.0937 2560 exfat - ok
    21:42:31.0968 2560 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    21:42:31.0984 2560 fastfat - ok
    21:42:32.0015 2560 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    21:42:32.0046 2560 fdc - ok
    21:42:32.0062 2560 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    21:42:32.0077 2560 FileInfo - ok
    21:42:32.0093 2560 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    21:42:32.0124 2560 Filetrace - ok
    21:42:32.0124 2560 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    21:42:32.0155 2560 flpydisk - ok
    21:42:32.0171 2560 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    21:42:32.0171 2560 FltMgr - ok
    21:42:32.0202 2560 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    21:42:32.0218 2560 FsDepends - ok
    21:42:32.0233 2560 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    21:42:32.0249 2560 Fs_Rec - ok
    21:42:32.0311 2560 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
    21:42:32.0358 2560 fvevol - ok
    21:42:32.0405 2560 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    21:42:32.0420 2560 gagp30kx - ok
    21:42:32.0483 2560 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    21:42:32.0483 2560 GEARAspiWDM - ok
    21:42:32.0498 2560 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    21:42:32.0514 2560 hcw85cir - ok
    21:42:32.0592 2560 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
    21:42:32.0654 2560 HdAudAddService - ok
    21:42:32.0701 2560 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
    21:42:32.0701 2560 HDAudBus - ok
    21:42:32.0732 2560 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    21:42:32.0748 2560 HidBatt - ok
    21:42:32.0779 2560 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    21:42:32.0795 2560 HidBth - ok
    21:42:32.0826 2560 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    21:42:32.0842 2560 HidIr - ok
    21:42:32.0873 2560 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
    21:42:32.0904 2560 HidUsb - ok
    21:42:32.0966 2560 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
    21:42:33.0013 2560 HpSAMD - ok
    21:42:33.0076 2560 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
    21:42:33.0122 2560 HTTP - ok
    21:42:33.0200 2560 hwdatacard - ok
    21:42:33.0247 2560 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
    21:42:33.0278 2560 hwpolicy - ok
    21:42:33.0310 2560 hwusbdev - ok
    21:42:33.0356 2560 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
    21:42:33.0388 2560 i8042prt - ok
    21:42:33.0419 2560 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
    21:42:33.0434 2560 iaStor - ok
    21:42:33.0466 2560 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
    21:42:33.0497 2560 iaStorV - ok
    21:42:33.0544 2560 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    21:42:33.0559 2560 iirsp - ok
    21:42:33.0684 2560 IntcAzAudAddService (f2baa4ff548f7f0317f7638951c1cd9c) C:\Windows\system32\drivers\RTKVHDA.sys
    21:42:33.0700 2560 IntcAzAudAddService - ok
    21:42:33.0731 2560 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
    21:42:33.0746 2560 intelide - ok
    21:42:33.0793 2560 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    21:42:33.0824 2560 intelppm - ok
    21:42:33.0840 2560 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:42:33.0871 2560 IpFilterDriver - ok
    21:42:33.0902 2560 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
    21:42:33.0918 2560 IPMIDRV - ok
    21:42:33.0934 2560 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    21:42:33.0980 2560 IPNAT - ok
    21:42:34.0012 2560 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    21:42:34.0027 2560 IRENUM - ok
    21:42:34.0058 2560 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
    21:42:34.0105 2560 isapnp - ok
    21:42:34.0136 2560 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
    21:42:34.0183 2560 iScsiPrt - ok
    21:42:34.0214 2560 k57nd60x (c4c95805b85bce1eb9d20f4a02fc5f9b) C:\Windows\system32\DRIVERS\k57nd60x.sys
    21:42:34.0214 2560 k57nd60x - ok
    21:42:34.0277 2560 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
    21:42:34.0308 2560 kbdclass - ok
    21:42:34.0339 2560 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
    21:42:34.0355 2560 kbdhid - ok
    21:42:34.0402 2560 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
    21:42:34.0402 2560 KSecDD - ok
    21:42:34.0448 2560 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
    21:42:34.0464 2560 KSecPkg - ok
    21:42:34.0511 2560 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    21:42:34.0542 2560 lltdio - ok
    21:42:34.0589 2560 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    21:42:34.0604 2560 LSI_FC - ok
    21:42:34.0620 2560 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    21:42:34.0636 2560 LSI_SAS - ok
    21:42:34.0651 2560 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    21:42:34.0682 2560 LSI_SAS2 - ok
    21:42:34.0714 2560 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    21:42:34.0745 2560 LSI_SCSI - ok
    21:42:34.0776 2560 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    21:42:34.0792 2560 luafv - ok
    21:42:34.0901 2560 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
    21:42:34.0901 2560 MBAMProtector - ok
    21:42:34.0948 2560 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    21:42:34.0994 2560 megasas - ok
    21:42:35.0041 2560 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    21:42:35.0057 2560 MegaSR - ok
    21:42:35.0088 2560 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    21:42:35.0104 2560 Modem - ok
    21:42:35.0135 2560 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    21:42:35.0166 2560 monitor - ok
    21:42:35.0213 2560 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
    21:42:35.0244 2560 mouclass - ok
    21:42:35.0322 2560 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    21:42:35.0353 2560 mouhid - ok
    21:42:35.0384 2560 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
    21:42:35.0400 2560 mountmgr - ok
    21:42:35.0447 2560 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
    21:42:35.0478 2560 mpio - ok
    21:42:35.0494 2560 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    21:42:35.0525 2560 mpsdrv - ok
    21:42:35.0556 2560 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
    21:42:35.0587 2560 MRxDAV - ok
    21:42:35.0634 2560 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:42:35.0665 2560 mrxsmb - ok
    21:42:35.0712 2560 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:42:35.0743 2560 mrxsmb10 - ok
    21:42:35.0759 2560 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:42:35.0774 2560 mrxsmb20 - ok
    21:42:35.0821 2560 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
    21:42:35.0837 2560 msahci - ok
    21:42:35.0884 2560 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
    21:42:35.0899 2560 msdsm - ok
    21:42:35.0930 2560 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    21:42:35.0946 2560 Msfs - ok
    21:42:35.0962 2560 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    21:42:35.0993 2560 mshidkmdf - ok
    21:42:36.0008 2560 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
    21:42:36.0040 2560 msisadrv - ok
    21:42:36.0118 2560 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    21:42:36.0118 2560 MSKSSRV - ok
    21:42:36.0133 2560 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    21:42:36.0164 2560 MSPCLOCK - ok
    21:42:36.0164 2560 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    21:42:36.0180 2560 MSPQM - ok
    21:42:36.0196 2560 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    21:42:36.0196 2560 MsRPC - ok
    21:42:36.0305 2560 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
    21:42:36.0336 2560 mssmbios - ok
    21:42:36.0430 2560 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    21:42:36.0445 2560 MSTEE - ok
    21:42:36.0461 2560 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    21:42:36.0476 2560 MTConfig - ok
    21:42:36.0492 2560 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    21:42:36.0492 2560 Mup - ok
    21:42:36.0539 2560 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    21:42:36.0554 2560 NativeWifiP - ok
    21:42:36.0617 2560 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
    21:42:36.0679 2560 NDIS - ok
    21:42:36.0726 2560 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    21:42:36.0757 2560 NdisCap - ok
    21:42:36.0773 2560 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    21:42:36.0788 2560 NdisTapi - ok
    21:42:36.0804 2560 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
    21:42:36.0820 2560 Ndisuio - ok
    21:42:36.0866 2560 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
    21:42:36.0898 2560 NdisWan - ok
    21:42:36.0929 2560 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
    21:42:36.0960 2560 NDProxy - ok
    21:42:37.0007 2560 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    21:42:37.0054 2560 NetBIOS - ok
    21:42:37.0085 2560 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
    21:42:37.0100 2560 NetBT - ok
    21:42:37.0366 2560 NETw5s32 (ef51b405ad8acaae6f0231290d20f516) C:\Windows\system32\DRIVERS\NETw5s32.sys
    21:42:37.0428 2560 NETw5s32 - ok
    21:42:37.0568 2560 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
    21:42:37.0615 2560 netw5v32 - ok
    21:42:37.0662 2560 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    21:42:37.0693 2560 nfrd960 - ok
    21:42:37.0724 2560 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    21:42:37.0740 2560 Npfs - ok
    21:42:37.0865 2560 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    21:42:37.0896 2560 nsiproxy - ok
    21:42:37.0958 2560 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
    21:42:37.0990 2560 Ntfs - ok
    21:42:38.0005 2560 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    21:42:38.0021 2560 Null - ok
    21:42:38.0068 2560 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
    21:42:38.0083 2560 nvraid - ok
    21:42:38.0099 2560 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
    21:42:38.0130 2560 nvstor - ok
    21:42:38.0177 2560 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
    21:42:38.0208 2560 nv_agp - ok
    21:42:38.0224 2560 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
    21:42:38.0224 2560 ohci1394 - ok
    21:42:38.0286 2560 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    21:42:38.0302 2560 Parport - ok
    21:42:38.0333 2560 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
    21:42:38.0364 2560 partmgr - ok
    21:42:38.0364 2560 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    21:42:38.0395 2560 Parvdm - ok
    21:42:38.0426 2560 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
    21:42:38.0442 2560 pci - ok
    21:42:38.0473 2560 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
    21:42:38.0504 2560 pciide - ok
    21:42:38.0520 2560 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    21:42:38.0536 2560 pcmcia - ok
    21:42:38.0567 2560 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    21:42:38.0582 2560 pcw - ok
    21:42:38.0614 2560 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    21:42:38.0614 2560 PEAUTH - ok
    21:42:38.0676 2560 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    21:42:38.0707 2560 PptpMiniport - ok
    21:42:38.0723 2560 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    21:42:38.0738 2560 Processor - ok
    21:42:38.0785 2560 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    21:42:38.0801 2560 Psched - ok
    21:42:38.0863 2560 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    21:42:38.0894 2560 ql2300 - ok
    21:42:38.0926 2560 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    21:42:38.0941 2560 ql40xx - ok
    21:42:38.0957 2560 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    21:42:38.0988 2560 QWAVEdrv - ok
    21:42:39.0004 2560 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    21:42:39.0019 2560 RasAcd - ok
    21:42:39.0066 2560 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    21:42:39.0082 2560 RasAgileVpn - ok
    21:42:39.0113 2560 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:42:39.0128 2560 Rasl2tp - ok
    21:42:39.0175 2560 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    21:42:39.0191 2560 RasPppoe - ok
    21:42:39.0238 2560 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    21:42:39.0253 2560 RasSstp - ok
    21:42:39.0300 2560 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
    21:42:39.0331 2560 rdbss - ok
    21:42:39.0347 2560 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    21:42:39.0362 2560 rdpbus - ok
    21:42:39.0394 2560 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:42:39.0425 2560 RDPCDD - ok
    21:42:39.0472 2560 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    21:42:39.0503 2560 RDPENCDD - ok
    21:42:39.0518 2560 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    21:42:39.0534 2560 RDPREFMP - ok
    21:42:39.0565 2560 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
    21:42:39.0596 2560 RDPWD - ok
    21:42:39.0628 2560 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
    21:42:39.0674 2560 rdyboost - ok
    21:42:39.0721 2560 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    21:42:39.0752 2560 rspndr - ok
    21:42:39.0799 2560 RTHDMIAzAudService (87407b31ea6ff0dc4765258164b98bea) C:\Windows\system32\drivers\RtHDMIV.sys
    21:42:39.0799 2560 RTHDMIAzAudService - ok
    21:42:39.0862 2560 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
    21:42:39.0893 2560 sbp2port - ok
    21:42:39.0924 2560 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
    21:42:39.0924 2560 scfilter - ok
    21:42:39.0971 2560 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    21:42:39.0986 2560 secdrv - ok
    21:42:40.0018 2560 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    21:42:40.0049 2560 Serenum - ok
    21:42:40.0080 2560 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    21:42:40.0096 2560 Serial - ok
    21:42:40.0127 2560 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    21:42:40.0142 2560 sermouse - ok
    21:42:40.0189 2560 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
    21:42:40.0205 2560 sffdisk - ok
    21:42:40.0220 2560 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
    21:42:40.0252 2560 sffp_mmc - ok
    21:42:40.0267 2560 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
    21:42:40.0283 2560 sffp_sd - ok
    21:42:40.0314 2560 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    21:42:40.0330 2560 sfloppy - ok
    21:42:40.0376 2560 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
    21:42:40.0392 2560 sisagp - ok
    21:42:40.0423 2560 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    21:42:40.0470 2560 SiSRaid2 - ok
    21:42:40.0486 2560 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    21:42:40.0532 2560 SiSRaid4 - ok
    21:42:40.0564 2560 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    21:42:40.0579 2560 Smb - ok
    21:42:40.0610 2560 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    21:42:40.0610 2560 spldr - ok
    21:42:40.0688 2560 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
    21:42:40.0688 2560 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    21:42:40.0704 2560 sptd ( LockedFile.Multi.Generic ) - warning
    21:42:40.0704 2560 sptd - detected LockedFile.Multi.Generic (1)
    21:42:40.0751 2560 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
    21:42:40.0782 2560 srv - ok
    21:42:40.0798 2560 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
    21:42:40.0829 2560 srv2 - ok
    21:42:40.0860 2560 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
    21:42:40.0891 2560 srvnet - ok
    21:42:40.0938 2560 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    21:42:40.0954 2560 stexstor - ok
    21:42:41.0000 2560 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
    21:42:41.0000 2560 swenum - ok
    21:42:41.0141 2560 SynTP (47183e3520c88fadd5b0c87d57040da5) C:\Windows\system32\DRIVERS\SynTP.sys
    21:42:41.0172 2560 SynTP - ok
    21:42:41.0250 2560 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
    21:42:41.0297 2560 Tcpip - ok
    21:42:41.0344 2560 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
    21:42:41.0359 2560 TCPIP6 - ok
    21:42:41.0406 2560 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
    21:42:41.0437 2560 tcpipreg - ok
    21:42:41.0484 2560 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
    21:42:41.0515 2560 TDPIPE - ok
    21:42:41.0562 2560 TdsNordecr (bbe81dbd2f4a095c16e2927da7eb0d1b) C:\Windows\system32\DRIVERS\nordecr.sys
    21:42:41.0593 2560 TdsNordecr - ok
    21:42:41.0624 2560 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
    21:42:41.0640 2560 TDTCP - ok
    21:42:41.0687 2560 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
    21:42:41.0734 2560 tdx - ok
    21:42:41.0765 2560 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
    21:42:41.0780 2560 TermDD - ok
    21:42:41.0843 2560 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:42:41.0905 2560 tssecsrv - ok
    21:42:41.0999 2560 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
    21:42:42.0046 2560 TsUsbFlt - ok
    21:42:42.0077 2560 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
    21:42:42.0108 2560 tunnel - ok
    21:42:42.0124 2560 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    21:42:42.0155 2560 uagp35 - ok
    21:42:42.0186 2560 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
    21:42:42.0217 2560 udfs - ok
    21:42:42.0872 2560 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
    21:42:42.0904 2560 uliagpkx - ok
    21:42:42.0966 2560 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
    21:42:42.0997 2560 umbus - ok
    21:42:43.0013 2560 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    21:42:43.0044 2560 UmPass - ok
    21:42:43.0075 2560 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
    21:42:43.0138 2560 usbccgp - ok
    21:42:43.0169 2560 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
    21:42:43.0184 2560 usbcir - ok
    21:42:43.0200 2560 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
    21:42:43.0216 2560 usbehci - ok
    21:42:43.0262 2560 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
    21:42:43.0278 2560 usbhub - ok
    21:42:43.0309 2560 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
    21:42:43.0325 2560 usbohci - ok
    21:42:43.0372 2560 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    21:42:43.0387 2560 usbprint - ok
    21:42:43.0418 2560 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
    21:42:43.0434 2560 usbscan - ok
    21:42:43.0481 2560 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
    21:42:43.0496 2560 USBSTOR - ok
    21:42:43.0528 2560 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    21:42:43.0543 2560 usbuhci - ok
    21:42:43.0590 2560 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
    21:42:43.0590 2560 usbvideo - ok
    21:42:43.0652 2560 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
    21:42:43.0668 2560 vdrvroot - ok
    21:42:43.0699 2560 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    21:42:43.0730 2560 vga - ok
    21:42:43.0730 2560 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    21:42:43.0777 2560 VgaSave - ok
    21:42:43.0824 2560 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
    21:42:43.0855 2560 vhdmp - ok
    21:42:43.0902 2560 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
    21:42:43.0918 2560 viaagp - ok
    21:42:43.0964 2560 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    21:42:43.0980 2560 ViaC7 - ok
    21:42:44.0011 2560 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
    21:42:44.0042 2560 viaide - ok
    21:42:44.0074 2560 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
    21:42:44.0105 2560 volmgr - ok
    21:42:44.0136 2560 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    21:42:44.0167 2560 volmgrx - ok
    21:42:44.0198 2560 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
    21:42:44.0245 2560 volsnap - ok
    21:42:44.0276 2560 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    21:42:44.0292 2560 vsmraid - ok
    21:42:44.0308 2560 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    21:42:44.0339 2560 vwifibus - ok
    21:42:44.0370 2560 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
    21:42:44.0401 2560 vwififlt - ok
    21:42:44.0432 2560 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    21:42:44.0448 2560 WacomPen - ok
    21:42:44.0495 2560 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    21:42:44.0526 2560 WANARP - ok
    21:42:44.0542 2560 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    21:42:44.0542 2560 Wanarpv6 - ok
    21:42:44.0604 2560 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    21:42:44.0620 2560 Wd - ok
    21:42:44.0651 2560 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    21:42:44.0682 2560 Wdf01000 - ok
    21:42:44.0729 2560 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    21:42:44.0760 2560 WfpLwf - ok
    21:42:44.0760 2560 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    21:42:44.0791 2560 WIMMount - ok
    21:42:44.0885 2560 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
    21:42:44.0916 2560 WmiAcpi - ok
    21:42:44.0963 2560 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    21:42:44.0978 2560 ws2ifsl - ok
    21:42:45.0041 2560 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
    21:42:45.0056 2560 WudfPf - ok
    21:42:45.0103 2560 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
    21:42:45.0103 2560 WUDFRd - ok
    21:42:45.0150 2560 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    21:42:45.0166 2560 \Device\Harddisk0\DR0 - ok
    21:42:45.0181 2560 Boot (0x1200) (7556b6f255d8f681a9cef09969bde8a2) \Device\Harddisk0\DR0\Partition0
    21:42:45.0181 2560 \Device\Harddisk0\DR0\Partition0 - ok
    21:42:45.0197 2560 Boot (0x1200) (19e90bda286f86fb29d8beaa786658b2) \Device\Harddisk0\DR0\Partition1
    21:42:45.0197 2560 \Device\Harddisk0\DR0\Partition1 - ok
    21:42:45.0197 2560 ============================================================
    21:42:45.0197 2560 Scan finished
    21:42:45.0197 2560 ============================================================
    21:42:45.0212 2448 Detected object count: 2
    21:42:45.0212 2448 Actual detected object count: 2
    21:42:54.0822 2448 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\dfsc.sys) error 1813
    21:42:57.0443 2448 Backup copy not found, trying to cure infected file..
    21:42:57.0443 2448 C:\Windows\system32\Drivers\dfsc.sys - Cure failed (FFFFFFFF)
    21:42:57.0443 2448 C:\Windows\system32\Drivers\dfsc.sys - processing error
    21:42:59.0018 2448 DfsC ( Rootkit.Win32.ZAccess.k ) - User select action: Cure
    21:42:59.0018 2448 sptd ( LockedFile.Multi.Generic ) - skipped by user
    21:42:59.0018 2448 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
    21:43:19.0891 1900 Deinitialize success





    21:46:56.0701 3832 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
    21:46:56.0796 3832 ============================================================
    21:46:56.0796 3832 Current date / time: 2011/12/12 21:46:56.0796
    21:46:56.0796 3832 SystemInfo:
    21:46:56.0797 3832
    21:46:56.0797 3832 OS Version: 6.1.7601 ServicePack: 1.0
    21:46:56.0797 3832 Product type: Workstation
    21:46:56.0797 3832 ComputerName: ASPIRE7735G
    21:46:56.0797 3832 UserName: Kerkuk
    21:46:56.0797 3832 Windows directory: C:\Windows
    21:46:56.0797 3832 System windows directory: C:\Windows
    21:46:56.0797 3832 Processor architecture: Intel x86
    21:46:56.0797 3832 Number of processors: 2
    21:46:56.0797 3832 Page size: 0x1000
    21:46:56.0797 3832 Boot type: Normal boot
    21:46:56.0797 3832 ============================================================
    21:46:59.0165 3832 Initialize success
    21:47:07.0002 2476 ============================================================
    21:47:07.0002 2476 Scan started
    21:47:07.0002 2476 Mode: Manual;
    21:47:07.0003 2476 ============================================================
    21:47:08.0011 2476 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
    21:47:08.0013 2476 1394ohci - ok
    21:47:08.0051 2476 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
    21:47:08.0053 2476 ACPI - ok
    21:47:08.0108 2476 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
    21:47:08.0127 2476 AcpiPmi - ok
    21:47:08.0183 2476 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    21:47:08.0185 2476 adp94xx - ok
    21:47:08.0210 2476 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    21:47:08.0212 2476 adpahci - ok
    21:47:08.0238 2476 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    21:47:08.0239 2476 adpu320 - ok
    21:47:08.0322 2476 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
    21:47:08.0325 2476 AFD - ok
    21:47:08.0400 2476 AgereSoftModem (faa5a0b80e011464c7654851ce3d7fe7) C:\Windows\system32\DRIVERS\AGRSM.sys
    21:47:08.0407 2476 AgereSoftModem - ok
    21:47:08.0435 2476 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
    21:47:08.0435 2476 agp440 - ok
    21:47:08.0471 2476 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    21:47:08.0473 2476 aic78xx - ok
    21:47:08.0525 2476 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
    21:47:08.0526 2476 aliide - ok
    21:47:08.0569 2476 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
    21:47:08.0569 2476 amdagp - ok
    21:47:08.0586 2476 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
    21:47:08.0607 2476 amdide - ok
    21:47:08.0654 2476 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    21:47:08.0655 2476 AmdK8 - ok
    21:47:08.0665 2476 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    21:47:08.0666 2476 AmdPPM - ok
    21:47:08.0701 2476 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
    21:47:08.0702 2476 amdsata - ok
    21:47:08.0742 2476 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    21:47:08.0744 2476 amdsbs - ok
    21:47:08.0766 2476 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
    21:47:08.0786 2476 amdxata - ok
    21:47:08.0839 2476 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
    21:47:08.0840 2476 AppID - ok
    21:47:08.0974 2476 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    21:47:08.0976 2476 arc - ok
    21:47:08.0991 2476 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    21:47:08.0992 2476 arcsas - ok
    21:47:09.0020 2476 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    21:47:09.0021 2476 AsyncMac - ok
    21:47:09.0070 2476 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
    21:47:09.0070 2476 atapi - ok
    21:47:09.0229 2476 atikmdag (21abd2d22c6cd33fdabfb937e6a97830) C:\Windows\system32\DRIVERS\atikmdag.sys
    21:47:09.0263 2476 atikmdag - ok
    21:47:09.0371 2476 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    21:47:09.0375 2476 b06bdrv - ok
    21:47:09.0432 2476 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    21:47:09.0434 2476 b57nd60x - ok
    21:47:09.0470 2476 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    21:47:09.0493 2476 Beep - ok
    21:47:09.0518 2476 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    21:47:09.0519 2476 blbdrive - ok
    21:47:09.0648 2476 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
    21:47:09.0650 2476 bowser - ok
    21:47:09.0687 2476 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    21:47:09.0688 2476 BrFiltLo - ok
    21:47:09.0707 2476 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    21:47:09.0712 2476 BrFiltUp - ok
    21:47:09.0742 2476 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    21:47:09.0745 2476 Brserid - ok
    21:47:09.0767 2476 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    21:47:09.0768 2476 BrSerWdm - ok
    21:47:09.0784 2476 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    21:47:09.0789 2476 BrUsbMdm - ok
    21:47:09.0806 2476 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    21:47:09.0809 2476 BrUsbSer - ok
    21:47:09.0825 2476 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    21:47:09.0826 2476 BTHMODEM - ok
    21:47:09.0933 2476 catchme - ok
    21:47:10.0014 2476 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    21:47:10.0015 2476 cdfs - ok
    21:47:10.0076 2476 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
    21:47:10.0078 2476 cdrom - ok
    21:47:10.0124 2476 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    21:47:10.0125 2476 circlass - ok
    21:47:10.0158 2476 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    21:47:10.0161 2476 CLFS - ok
    21:47:10.0262 2476 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    21:47:10.0294 2476 CmBatt - ok
    21:47:10.0323 2476 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
    21:47:10.0343 2476 cmdide - ok
    21:47:10.0365 2476 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    21:47:10.0368 2476 CNG - ok
    21:47:10.0394 2476 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    21:47:10.0414 2476 Compbatt - ok
    21:47:10.0474 2476 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
    21:47:10.0475 2476 CompositeBus - ok
    21:47:10.0512 2476 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    21:47:10.0513 2476 crcdisk - ok
    21:47:10.0579 2476 DfsC (dd067001fce2acd8332ed41cbaa8c52d) C:\Windows\system32\Drivers\dfsc.sys
    21:47:10.0580 2476 DfsC ( Rootkit.Win32.ZAccess.k ) - infected
    21:47:10.0580 2476 DfsC - detected Rootkit.Win32.ZAccess.k (0)
    21:47:10.0639 2476 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    21:47:10.0640 2476 discache - ok
    21:47:10.0680 2476 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    21:47:10.0682 2476 Disk - ok
    21:47:10.0725 2476 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
    21:47:10.0726 2476 DKbFltr - ok
    21:47:10.0776 2476 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    21:47:10.0808 2476 drmkaud - ok
    21:47:10.0863 2476 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
    21:47:10.0868 2476 DXGKrnl - ok
    21:47:10.0939 2476 eamon (1b5ca1caffc594bd37dcc8d7ef849e0b) C:\Windows\system32\DRIVERS\eamon.sys
    21:47:10.0940 2476 eamon - ok
    21:47:11.0052 2476 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    21:47:11.0081 2476 ebdrv - ok
    21:47:11.0169 2476 ehdrv (a4241545ecff3ee97041847d83936e1f) C:\Windows\system32\DRIVERS\ehdrv.sys
    21:47:11.0170 2476 ehdrv - ok
    21:47:11.0333 2476 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    21:47:11.0337 2476 elxstor - ok
    21:47:11.0383 2476 epfwwfpr (c7d800414eb8b87e835b5b236b118461) C:\Windows\system32\DRIVERS\epfwwfpr.sys
    21:47:11.0385 2476 epfwwfpr - ok
    21:47:11.0458 2476 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
    21:47:11.0490 2476 ErrDev - ok
    21:47:11.0540 2476 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    21:47:11.0542 2476 exfat - ok
    21:47:11.0567 2476 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    21:47:11.0569 2476 fastfat - ok
    21:47:11.0602 2476 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    21:47:11.0603 2476 fdc - ok
    21:47:11.0634 2476 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    21:47:11.0635 2476 FileInfo - ok
    21:47:11.0648 2476 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    21:47:11.0649 2476 Filetrace - ok
    21:47:11.0668 2476 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    21:47:11.0669 2476 flpydisk - ok
    21:47:11.0705 2476 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    21:47:11.0706 2476 FltMgr - ok
    21:47:11.0726 2476 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    21:47:11.0727 2476 FsDepends - ok
    21:47:11.0748 2476 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    21:47:11.0768 2476 Fs_Rec - ok
    21:47:11.0825 2476 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
    21:47:11.0828 2476 fvevol - ok
    21:47:11.0863 2476 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    21:47:11.0864 2476 gagp30kx - ok
    21:47:11.0937 2476 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    21:47:11.0938 2476 GEARAspiWDM - ok
    21:47:11.0963 2476 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    21:47:11.0964 2476 hcw85cir - ok
    21:47:12.0024 2476 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
    21:47:12.0027 2476 HdAudAddService - ok
    21:47:12.0075 2476 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
    21:47:12.0076 2476 HDAudBus - ok
    21:47:12.0110 2476 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    21:47:12.0111 2476 HidBatt - ok
    21:47:12.0130 2476 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    21:47:12.0132 2476 HidBth - ok
    21:47:12.0171 2476 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    21:47:12.0172 2476 HidIr - ok
    21:47:12.0208 2476 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
    21:47:12.0209 2476 HidUsb - ok
    21:47:12.0264 2476 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
    21:47:12.0265 2476 HpSAMD - ok
    21:47:12.0326 2476 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
    21:47:12.0332 2476 HTTP - ok
    21:47:12.0405 2476 hwdatacard - ok
    21:47:12.0449 2476 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
    21:47:12.0450 2476 hwpolicy - ok
    21:47:12.0464 2476 hwusbdev - ok
    21:47:12.0516 2476 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
    21:47:12.0518 2476 i8042prt - ok
    21:47:12.0554 2476 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
    21:47:12.0558 2476 iaStor - ok
    21:47:12.0642 2476 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
    21:47:12.0646 2476 iaStorV - ok
    21:47:12.0688 2476 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    21:47:12.0689 2476 iirsp - ok
    21:47:12.0873 2476 IntcAzAudAddService (f2baa4ff548f7f0317f7638951c1cd9c) C:\Windows\system32\drivers\RTKVHDA.sys
    21:47:12.0892 2476 IntcAzAudAddService - ok
    21:47:12.0923 2476 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
    21:47:12.0942 2476 intelide - ok
    21:47:12.0987 2476 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    21:47:12.0988 2476 intelppm - ok
    21:47:13.0016 2476 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:47:13.0042 2476 IpFilterDriver - ok
    21:47:13.0086 2476 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
    21:47:13.0107 2476 IPMIDRV - ok
    21:47:13.0125 2476 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    21:47:13.0162 2476 IPNAT - ok
    21:47:13.0209 2476 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    21:47:13.0229 2476 IRENUM - ok
    21:47:13.0283 2476 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
    21:47:13.0332 2476 isapnp - ok
    21:47:13.0372 2476 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
    21:47:13.0399 2476 iScsiPrt - ok
    21:47:13.0441 2476 k57nd60x (c4c95805b85bce1eb9d20f4a02fc5f9b) C:\Windows\system32\DRIVERS\k57nd60x.sys
    21:47:13.0480 2476 k57nd60x - ok
    21:47:13.0520 2476 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
    21:47:13.0540 2476 kbdclass - ok
    21:47:13.0573 2476 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
    21:47:13.0593 2476 kbdhid - ok
    21:47:13.0638 2476 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
    21:47:13.0644 2476 KSecDD - ok
    21:47:13.0682 2476 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
    21:47:13.0711 2476 KSecPkg - ok
    21:47:13.0753 2476 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    21:47:13.0773 2476 lltdio - ok
    21:47:13.0814 2476 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    21:47:13.0835 2476 LSI_FC - ok
    21:47:13.0859 2476 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    21:47:13.0880 2476 LSI_SAS - ok
    21:47:13.0903 2476 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    21:47:13.0940 2476 LSI_SAS2 - ok
    21:47:13.0969 2476 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    21:47:13.0994 2476 LSI_SCSI - ok
    21:47:14.0023 2476 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    21:47:14.0044 2476 luafv - ok
    21:47:14.0144 2476 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
    21:47:14.0145 2476 MBAMProtector - ok
    21:47:14.0205 2476 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    21:47:14.0247 2476 megasas - ok
    21:47:14.0285 2476 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    21:47:14.0309 2476 MegaSR - ok
    21:47:14.0337 2476 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    21:47:14.0337 2476 Modem - ok
    21:47:14.0356 2476 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    21:47:14.0357 2476 monitor - ok
    21:47:14.0391 2476 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
    21:47:14.0410 2476 mouclass - ok
    21:47:14.0457 2476 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    21:47:14.0485 2476 mouhid - ok
    21:47:14.0528 2476 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
    21:47:14.0554 2476 mountmgr - ok
    21:47:14.0591 2476 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
    21:47:14.0640 2476 mpio - ok
    21:47:14.0661 2476 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    21:47:14.0682 2476 mpsdrv - ok
    21:47:14.0723 2476 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
    21:47:14.0745 2476 MRxDAV - ok
    21:47:14.0797 2476 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:47:14.0818 2476 mrxsmb - ok
    21:47:14.0863 2476 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:47:14.0896 2476 mrxsmb10 - ok
    21:47:14.0911 2476 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:47:14.0932 2476 mrxsmb20 - ok
    21:47:14.0972 2476 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
    21:47:14.0993 2476 msahci - ok
    21:47:15.0007 2476 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
    21:47:15.0029 2476 msdsm - ok
    21:47:15.0073 2476 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    21:47:15.0092 2476 Msfs - ok
    21:47:15.0108 2476 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    21:47:15.0127 2476 mshidkmdf - ok
    21:47:15.0143 2476 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
    21:47:15.0164 2476 msisadrv - ok
    21:47:15.0205 2476 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    21:47:15.0209 2476 MSKSSRV - ok
    21:47:15.0226 2476 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    21:47:15.0300 2476 MSPCLOCK - ok
    21:47:15.0321 2476 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    21:47:15.0326 2476 MSPQM - ok
    21:47:15.0349 2476 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    21:47:15.0358 2476 MsRPC - ok
    21:47:15.0406 2476 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
    21:47:15.0437 2476 mssmbios - ok
    21:47:15.0448 2476 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    21:47:15.0469 2476 MSTEE - ok
    21:47:15.0496 2476 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    21:47:15.0515 2476 MTConfig - ok
    21:47:15.0535 2476 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    21:47:15.0539 2476 Mup - ok
    21:47:15.0587 2476 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    21:47:15.0620 2476 NativeWifiP - ok
    21:47:15.0679 2476 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
    21:47:15.0702 2476 NDIS - ok
    21:47:15.0745 2476 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    21:47:15.0771 2476 NdisCap - ok
    21:47:15.0797 2476 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    21:47:15.0800 2476 NdisTapi - ok
    21:47:15.0836 2476 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
    21:47:15.0856 2476 Ndisuio - ok
    21:47:15.0890 2476 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
    21:47:15.0911 2476 NdisWan - ok
    21:47:15.0946 2476 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
    21:47:15.0982 2476 NDProxy - ok
    21:47:16.0000 2476 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    21:47:16.0034 2476 NetBIOS - ok
    21:47:16.0066 2476 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
    21:47:16.0089 2476 NetBT - ok
    21:47:16.0301 2476 NETw5s32 (ef51b405ad8acaae6f0231290d20f516) C:\Windows\system32\DRIVERS\NETw5s32.sys
    21:47:16.0517 2476 NETw5s32 - ok
    21:47:16.0715 2476 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
    21:47:16.0874 2476 netw5v32 - ok
    21:47:16.0975 2476 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    21:47:17.0008 2476 nfrd960 - ok
    21:47:17.0038 2476 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    21:47:17.0058 2476 Npfs - ok
    21:47:17.0167 2476 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    21:47:17.0200 2476 nsiproxy - ok
    21:47:17.0266 2476 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
    21:47:17.0395 2476 Ntfs - ok
    21:47:17.0420 2476 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    21:47:17.0447 2476 Null - ok
    21:47:17.0489 2476 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
    21:47:17.0510 2476 nvraid - ok
    21:47:17.0527 2476 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
    21:47:17.0567 2476 nvstor - ok
    21:47:17.0607 2476 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
    21:47:17.0628 2476 nv_agp - ok
    21:47:17.0667 2476 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
    21:47:17.0671 2476 ohci1394 - ok
    21:47:17.0732 2476 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    21:47:17.0753 2476 Parport - ok
    21:47:17.0789 2476 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
    21:47:17.0810 2476 partmgr - ok
    21:47:17.0832 2476 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    21:47:17.0852 2476 Parvdm - ok
    21:47:17.0888 2476 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
    21:47:17.0891 2476 pci - ok
    21:47:17.0919 2476 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
    21:47:17.0951 2476 pciide - ok
    21:47:17.0973 2476 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    21:47:18.0000 2476 pcmcia - ok
    21:47:18.0016 2476 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    21:47:18.0036 2476 pcw - ok
    21:47:18.0087 2476 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    21:47:18.0115 2476 PEAUTH - ok
    21:47:18.0308 2476 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    21:47:18.0335 2476 PptpMiniport - ok
    21:47:18.0371 2476 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    21:47:18.0394 2476 Processor - ok
    21:47:18.0560 2476 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    21:47:18.0585 2476 Psched - ok
    21:47:18.0690 2476 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    21:47:18.0757 2476 ql2300 - ok
    21:47:18.0858 2476 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    21:47:18.0886 2476 ql40xx - ok
    21:47:18.0980 2476 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    21:47:19.0010 2476 QWAVEdrv - ok
    21:47:19.0061 2476 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    21:47:19.0082 2476 RasAcd - ok
    21:47:19.0156 2476 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    21:47:19.0186 2476 RasAgileVpn - ok
    21:47:19.0238 2476 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:47:19.0259 2476 Rasl2tp - ok
    21:47:19.0373 2476 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    21:47:19.0400 2476 RasPppoe - ok
    21:47:19.0495 2476 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    21:47:19.0518 2476 RasSstp - ok
    21:47:19.0578 2476 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
    21:47:19.0638 2476 rdbss - ok
    21:47:19.0844 2476 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    21:47:19.0875 2476 rdpbus - ok
    21:47:20.0028 2476 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:47:20.0061 2476 RDPCDD - ok
    21:47:20.0283 2476 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    21:47:20.0317 2476 RDPENCDD - ok
    21:47:20.0497 2476 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    21:47:20.0523 2476 RDPREFMP - ok
    21:47:20.0742 2476 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
    21:47:20.0853 2476 RDPWD - ok
    21:47:21.0118 2476 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
    21:47:21.0200 2476 rdyboost - ok
    21:47:21.0407 2476 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    21:47:21.0453 2476 rspndr - ok
    21:47:21.0567 2476 RTHDMIAzAudService (87407b31ea6ff0dc4765258164b98bea) C:\Windows\system32\drivers\RtHDMIV.sys
    21:47:21.0572 2476 RTHDMIAzAudService - ok
    21:47:21.0843 2476 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
    21:47:21.0876 2476 sbp2port - ok
    21:47:21.0916 2476 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
    21:47:21.0920 2476 scfilter - ok
    21:47:21.0961 2476 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    21:47:21.0981 2476 secdrv - ok
    21:47:22.0017 2476 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    21:47:22.0037 2476 Serenum - ok
    21:47:22.0068 2476 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    21:47:22.0089 2476 Serial - ok
    21:47:22.0140 2476 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    21:47:22.0167 2476 sermouse - ok
    21:47:22.0220 2476 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
    21:47:22.0239 2476 sffdisk - ok
    21:47:22.0254 2476 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
    21:47:22.0273 2476 sffp_mmc - ok
    21:47:22.0289 2476 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
    21:47:22.0309 2476 sffp_sd - ok
    21:47:22.0325 2476 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    21:47:22.0345 2476 sfloppy - ok
    21:47:22.0373 2476 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
    21:47:22.0393 2476 sisagp - ok
    21:47:22.0423 2476 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    21:47:22.0460 2476 SiSRaid2 - ok
    21:47:22.0494 2476 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    21:47:22.0531 2476 SiSRaid4 - ok
    21:47:22.0561 2476 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    21:47:22.0582 2476 Smb - ok
    21:47:22.0610 2476 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    21:47:22.0613 2476 spldr - ok
    21:47:22.0705 2476 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
    21:47:22.0705 2476 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    21:47:22.0720 2476 sptd ( LockedFile.Multi.Generic ) - warning
    21:47:22.0720 2476 sptd - detected LockedFile.Multi.Generic (1)
    21:47:22.0761 2476 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
    21:47:22.0791 2476 srv - ok
    21:47:22.0840 2476 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
    21:47:22.0876 2476 srv2 - ok
    21:47:22.0916 2476 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
    21:47:22.0953 2476 srvnet - ok
    21:47:22.0999 2476 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    21:47:23.0019 2476 stexstor - ok
    21:47:23.0069 2476 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
    21:47:23.0072 2476 swenum - ok
    21:47:23.0217 2476 SynTP (47183e3520c88fadd5b0c87d57040da5) C:\Windows\system32\DRIVERS\SynTP.sys
    21:47:23.0250 2476 SynTP - ok
    21:47:23.0345 2476 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
    21:47:23.0425 2476 Tcpip - ok
    21:47:23.0489 2476 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
    21:47:23.0501 2476 TCPIP6 - ok
    21:47:23.0560 2476 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
    21:47:23.0608 2476 tcpipreg - ok
    21:47:23.0653 2476 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
    21:47:23.0684 2476 TDPIPE - ok
    21:47:23.0791 2476 TdsNordecr (bbe81dbd2f4a095c16e2927da7eb0d1b) C:\Windows\system32\DRIVERS\nordecr.sys
    21:47:23.0818 2476 TdsNordecr - ok
    21:47:23.0846 2476 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
    21:47:23.0871 2476 TDTCP - ok
    21:47:23.0912 2476 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
    21:47:23.0957 2476 tdx - ok
    21:47:23.0991 2476 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
    21:47:24.0010 2476 TermDD - ok
    21:47:24.0077 2476 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:47:24.0145 2476 tssecsrv - ok
    21:47:24.0198 2476 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
    21:47:24.0228 2476 TsUsbFlt - ok
    21:47:24.0277 2476 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
    21:47:24.0298 2476 tunnel - ok
    21:47:24.0323 2476 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    21:47:24.0344 2476 uagp35 - ok
    21:47:24.0391 2476 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
    21:47:24.0433 2476 udfs - ok
    21:47:24.0478 2476 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
    21:47:24.0499 2476 uliagpkx - ok
    21:47:24.0566 2476 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
    21:47:24.0599 2476 umbus - ok
    21:47:24.0645 2476 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    21:47:24.0675 2476 UmPass - ok
    21:47:24.0731 2476 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
    21:47:24.0779 2476 usbccgp - ok
    21:47:24.0812 2476 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
    21:47:24.0837 2476 usbcir - ok
    21:47:24.0852 2476 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
    21:47:24.0872 2476 usbehci - ok
    21:47:24.0913 2476 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
    21:47:24.0947 2476 usbhub - ok
    21:47:24.0964 2476 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
    21:47:24.0985 2476 usbohci - ok
    21:47:25.0028 2476 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    21:47:25.0060 2476 usbprint - ok
    21:47:25.0105 2476 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
    21:47:25.0125 2476 usbscan - ok
    21:47:25.0142 2476 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
    21:47:25.0164 2476 USBSTOR - ok
    21:47:25.0183 2476 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    21:47:25.0204 2476 usbuhci - ok
    21:47:25.0282 2476 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
    21:47:25.0292 2476 usbvideo - ok
    21:47:25.0352 2476 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
    21:47:25.0379 2476 vdrvroot - ok
    21:47:25.0419 2476 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    21:47:25.0440 2476 vga - ok
    21:47:25.0463 2476 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    21:47:25.0500 2476 VgaSave - ok
    21:47:25.0522 2476 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
    21:47:25.0545 2476 vhdmp - ok
    21:47:25.0577 2476 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
    21:47:25.0597 2476 viaagp - ok
    21:47:25.0628 2476 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    21:47:25.0649 2476 ViaC7 - ok
    21:47:25.0666 2476 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
    21:47:25.0686 2476 viaide - ok
    21:47:25.0709 2476 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
    21:47:25.0747 2476 volmgr - ok
    21:47:25.0771 2476 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    21:47:25.0804 2476 volmgrx - ok
    21:47:25.0831 2476 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
    21:47:25.0872 2476 volsnap - ok
    21:47:25.0904 2476 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    21:47:25.0927 2476 vsmraid - ok
    21:47:25.0952 2476 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    21:47:25.0973 2476 vwifibus - ok
    21:47:26.0009 2476 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
    21:47:26.0046 2476 vwififlt - ok
    21:47:26.0073 2476 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    21:47:26.0094 2476 WacomPen - ok
    21:47:26.0139 2476 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    21:47:26.0171 2476 WANARP - ok
    21:47:26.0175 2476 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    21:47:26.0177 2476 Wanarpv6 - ok
    21:47:26.0240 2476 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    21:47:26.0260 2476 Wd - ok
    21:47:26.0285 2476 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    21:47:26.0329 2476 Wdf01000 - ok
    21:47:26.0383 2476 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    21:47:26.0402 2476 WfpLwf - ok
    21:47:26.0416 2476 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    21:47:26.0436 2476 WIMMount - ok
    21:47:26.0513 2476 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
    21:47:26.0515 2476 WmiAcpi - ok
    21:47:26.0565 2476 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    21:47:26.0585 2476 ws2ifsl - ok
    21:47:26.0648 2476 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
    21:47:26.0681 2476 WudfPf - ok
    21:47:26.0720 2476 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
    21:47:26.0726 2476 WUDFRd - ok
    21:47:26.0772 2476 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    21:47:26.0787 2476 \Device\Harddisk0\DR0 - ok
    21:47:26.0798 2476 Boot (0x1200) (7556b6f255d8f681a9cef09969bde8a2) \Device\Harddisk0\DR0\Partition0
    21:47:26.0800 2476 \Device\Harddisk0\DR0\Partition0 - ok
    21:47:26.0813 2476 Boot (0x1200) (19e90bda286f86fb29d8beaa786658b2) \Device\Harddisk0\DR0\Partition1
    21:47:26.0815 2476 \Device\Harddisk0\DR0\Partition1 - ok
    21:47:26.0816 2476 ============================================================
    21:47:26.0816 2476 Scan finished
    21:47:26.0816 2476 ============================================================
    21:47:26.0829 3768 Detected object count: 2
    21:47:26.0829 3768 Actual detected object count: 2
    21:47:41.0649 3768 DfsC ( Rootkit.Win32.ZAccess.k ) - skipped by user
    21:47:41.0650 3768 DfsC ( Rootkit.Win32.ZAccess.k ) - User select action: Skip
    21:47:41.0652 3768 sptd ( LockedFile.Multi.Generic ) - skipped by user
    21:47:41.0652 3768 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
    21:47:44.0149 1516 Deinitialize success
     
  12. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
    Download and Run SystemLook

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :filefind
      dfsc.sys
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  13. E612

    E612 Thread Starter

    Joined:
    Dec 5, 2011
    Messages:
    17
    Log from SystemLook:

    SystemLook 30.07.11 by jpshortstuff
    Log created at 22:00 on 12/12/2011 by Kerkuk
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "dfsc.sys"
    C:\Windows\System32\drivers\dfsc.sys ------- 78336 bytes [09:22 07/06/2011] [08:42 20/11/2010] DD067001FCE2ACD8332ED41CBAA8C52D
    C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16385_none_87708401476f7a4f\dfsc.sys --a---- 78336 bytes [23:14 13/07/2009] [23:14 13/07/2009] 8E09E52EE2E3CEB199EF3DD99CF9E3FB

    -= EOF =-
     
  14. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
    Hi,

    Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
    Code:
    @ECHO OFF
    COPY /Y C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16385_none_87708401476f7a4f\dfsc.sys C:\Windows\System32\drivers\dfsc.sys.bak
    
    Right-click on fixes.bat file and select 'run as administrator' to execute it. Verify that C:\Windows\System32\drivers\dfsc.sys.bak file exists.




    Next, restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

    Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

    In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.

    At the prompt, type in the following and press Enter:

    cd /d c:\

    ( Note - there is a space between cd and /d and another space between /d and c:\ )

    You should now be at the C:\> prompt.

    Type in the following commands and press Enter (one by one):

    COPY /Y C:\Windows\System32\drivers\dfsc.sys C:\Windows\System32\drivers\dfsc.sys.vir
    COPY /Y C:\Windows\System32\drivers\dfsc.sys.bak C:\Windows\System32\drivers\dfsc.sys



    Next, type exit and press Enter and restart the machine.

    Run TDSSKiller again.
     
  15. E612

    E612 Thread Starter

    Joined:
    Dec 5, 2011
    Messages:
    17
    I'm unable to follow you latest instructions. The commands ment to be entered in the C:\> prompt result in a message saying "unable to find path", even though I've tried several times and can't find any errors in the command lines I've entered. I can find both dfsc.sys and dfsc.sys.bak files in C:\Windows\System32\drivers when starting the computer normally.
    Also, pressing F8 at startup does not lead to an Advanced Menu option, instead I get to choose Repair Computer right away. I'm guessing that's not important since I can open the command prompt anyway, but I might aswell mention it.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1029770

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice