Svchost.exe
Closed
mirajp1
Posts
9
Registration date
Monday February 6, 2012
Status
Member
Last seen
November 5, 2012
-
Feb 6, 2012 at 09:22 PM
mirajp1 Posts 9 Registration date Monday February 6, 2012 Status Member Last seen November 5, 2012 - Feb 8, 2012 at 09:16 PM
mirajp1 Posts 9 Registration date Monday February 6, 2012 Status Member Last seen November 5, 2012 - Feb 8, 2012 at 09:16 PM
hello,
I have suddenly increasing CPU usage by a svchost.exe(localserviceandnoimpersonation).
It goes from 0-5% to suddenly 90% and stays there constantly untill I suspend the process. It happens everytime I boot.
here are my laptop specs:
HP G60 230
Windows 7 Ultimate
3.00 GB RAM
32 bit OS
Pentium Dual-core @2.00 GHz
Using AVG Free antivirus.
I have suddenly increasing CPU usage by a svchost.exe(localserviceandnoimpersonation).
It goes from 0-5% to suddenly 90% and stays there constantly untill I suspend the process. It happens everytime I boot.
here are my laptop specs:
HP G60 230
Windows 7 Ultimate
3.00 GB RAM
32 bit OS
Pentium Dual-core @2.00 GHz
Using AVG Free antivirus.
Related:
- Svchost.exe \device\harddisk0\dr0
- Looks like we can't get you in your account on this device. please try signing in from the device you use most often. - Yahoo Mail Forum
- Synaptics pointing device driver - Guide
- Ati hdmi audio device - Download - Drivers
- Www.facebook.com/device - Facebook Forum
- Can't ping device on same network - Guide
11 responses
Anonymous User
Feb 6, 2012 at 09:43 PM
Feb 6, 2012 at 09:43 PM
Lets see if your PC is infected
Download
https://support.kaspersky.com/downloads/utils/tdsskiller.exe
Launch it.Click on change parameters-Select TDLFS file system
Click on "[b]Scan[/b]".Please post the LOG report(log file should be in your C drive)
Please download GMER from here(doesnot work on 64 bit OS)
http://www2.gmer.net/download.php
Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Download
http://public.avast.com/~gmerek/aswMBR.exe
Launch it, allow it to download latest Avast! virus definitions
Click the "[b]Scan[/b]" button to start scan.After scan finishes,click on [b]Save log[/b]
Post the log results here
Download
https://support.kaspersky.com/downloads/utils/tdsskiller.exe
Launch it.Click on change parameters-Select TDLFS file system
Click on "[b]Scan[/b]".Please post the LOG report(log file should be in your C drive)
Please download GMER from here(doesnot work on 64 bit OS)
http://www2.gmer.net/download.php
Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Download
http://public.avast.com/~gmerek/aswMBR.exe
Launch it, allow it to download latest Avast! virus definitions
Click the "[b]Scan[/b]" button to start scan.After scan finishes,click on [b]Save log[/b]
Post the log results here
mirajp1
Posts
9
Registration date
Monday February 6, 2012
Status
Member
Last seen
November 5, 2012
Feb 6, 2012 at 10:01 PM
Feb 6, 2012 at 10:01 PM
this is tdss killer log:
---------------------------------------------------------
09:22:14.0091 5892 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
09:22:14.0563 5892 ============================================================
09:22:14.0563 5892 Current date / time: 2012/02/07 09:22:14.0563
09:22:14.0564 5892 SystemInfo:
09:22:14.0564 5892
09:22:14.0564 5892 OS Version: 6.1.7600 ServicePack: 0.0
09:22:14.0564 5892 Product type: Workstation
09:22:14.0564 5892 ComputerName: COM
09:22:14.0564 5892 UserName: user
09:22:14.0564 5892 Windows directory: C:\Windows
09:22:14.0564 5892 System windows directory: C:\Windows
09:22:14.0564 5892 Processor architecture: Intel x86
09:22:14.0564 5892 Number of processors: 2
09:22:14.0564 5892 Page size: 0x1000
09:22:14.0564 5892 Boot type: Normal boot
09:22:14.0564 5892 ============================================================
09:22:15.0890 5892 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xAD0A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
09:22:15.0897 5892 \Device\Harddisk0\DR0:
09:22:15.0897 5892 MBR used
09:22:15.0897 5892 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:22:15.0897 5892 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31E000
09:22:15.0897 5892 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0xC350000
09:22:15.0897 5892 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x186A0800, BlocksNum 0xCD8D800
09:22:16.0057 5892 Initialize success
09:22:16.0057 5892 ============================================================
09:22:33.0318 5632 ============================================================
09:22:33.0318 5632 Scan started
09:22:33.0318 5632 Mode: Manual; TDLFS;
09:22:33.0318 5632 ============================================================
09:22:34.0424 5632 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
09:22:34.0429 5632 1394ohci - ok
09:22:34.0472 5632 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
09:22:34.0477 5632 ACPI - ok
09:22:34.0496 5632 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
09:22:34.0498 5632 AcpiPmi - ok
09:22:34.0532 5632 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
09:22:34.0539 5632 adp94xx - ok
09:22:34.0574 5632 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
09:22:34.0580 5632 adpahci - ok
09:22:34.0602 5632 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
09:22:34.0606 5632 adpu320 - ok
09:22:34.0665 5632 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
09:22:34.0670 5632 AFD - ok
09:22:34.0689 5632 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
09:22:34.0691 5632 agp440 - ok
09:22:34.0711 5632 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
09:22:34.0714 5632 aic78xx - ok
09:22:34.0733 5632 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
09:22:34.0733 5632 aliide - ok
09:22:34.0749 5632 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
09:22:34.0749 5632 amdagp - ok
09:22:34.0764 5632 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
09:22:34.0764 5632 amdide - ok
09:22:34.0794 5632 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
09:22:34.0797 5632 AmdK8 - ok
09:22:34.0823 5632 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
09:22:34.0825 5632 AmdPPM - ok
09:22:34.0844 5632 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
09:22:34.0847 5632 amdsata - ok
09:22:34.0864 5632 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
09:22:34.0868 5632 amdsbs - ok
09:22:34.0890 5632 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
09:22:34.0893 5632 amdxata - ok
09:22:34.0941 5632 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\Windows\system32\Drivers\ssadadb.sys
09:22:34.0944 5632 androidusb - ok
09:22:34.0966 5632 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
09:22:34.0969 5632 AppID - ok
09:22:35.0042 5632 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
09:22:35.0045 5632 arc - ok
09:22:35.0071 5632 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
09:22:35.0073 5632 arcsas - ok
09:22:35.0107 5632 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
09:22:35.0110 5632 AsyncMac - ok
09:22:35.0124 5632 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
09:22:35.0125 5632 atapi - ok
09:22:35.0193 5632 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
09:22:35.0228 5632 athr - ok
09:22:35.0335 5632 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
09:22:35.0337 5632 AVGIDSDriver - ok
09:22:35.0376 5632 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
09:22:35.0378 5632 AVGIDSEH - ok
09:22:35.0393 5632 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
09:22:35.0394 5632 AVGIDSFilter - ok
09:22:35.0468 5632 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
09:22:35.0469 5632 AVGIDSShim - ok
09:22:35.0542 5632 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
09:22:35.0544 5632 Avgldx86 - ok
09:22:35.0561 5632 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
09:22:35.0563 5632 Avgmfx86 - ok
09:22:35.0624 5632 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
09:22:35.0626 5632 Avgrkx86 - ok
09:22:35.0672 5632 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
09:22:35.0675 5632 Avgtdix - ok
09:22:35.0735 5632 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
09:22:35.0743 5632 b06bdrv - ok
09:22:35.0774 5632 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
09:22:35.0774 5632 b57nd60x - ok
09:22:35.0805 5632 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
09:22:35.0805 5632 Beep - ok
09:22:35.0844 5632 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
09:22:35.0845 5632 blbdrive - ok
09:22:35.0907 5632 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
09:22:35.0909 5632 bowser - ok
09:22:35.0926 5632 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:22:35.0928 5632 BrFiltLo - ok
09:22:35.0951 5632 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:22:35.0952 5632 BrFiltUp - ok
09:22:35.0989 5632 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
09:22:35.0994 5632 Brserid - ok
09:22:36.0016 5632 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
09:22:36.0019 5632 BrSerWdm - ok
09:22:36.0035 5632 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:22:36.0037 5632 BrUsbMdm - ok
09:22:36.0048 5632 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
09:22:36.0050 5632 BrUsbSer - ok
09:22:36.0090 5632 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
09:22:36.0093 5632 BTHMODEM - ok
09:22:36.0111 5632 BzeekDM - ok
09:22:36.0127 5632 BzeekDP - ok
09:22:36.0146 5632 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
09:22:36.0149 5632 cdfs - ok
09:22:36.0172 5632 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
09:22:36.0174 5632 cdrom - ok
09:22:36.0194 5632 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
09:22:36.0196 5632 circlass - ok
09:22:36.0242 5632 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
09:22:36.0246 5632 CLFS - ok
09:22:36.0276 5632 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
09:22:36.0277 5632 CmBatt - ok
09:22:36.0296 5632 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
09:22:36.0298 5632 cmdide - ok
09:22:36.0327 5632 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
09:22:36.0333 5632 CNG - ok
09:22:36.0396 5632 cnnctfy2 (4eb6222be3c3c8071f4a9ca076241d1d) C:\Windows\system32\DRIVERS\cnnctfy2.sys
09:22:36.0411 5632 cnnctfy2 - ok
09:22:36.0473 5632 CnxtHdAudService (7c47786b58ae503777dbd12fae20ed42) C:\Windows\system32\drivers\CHDRT32.sys
09:22:36.0480 5632 CnxtHdAudService - ok
09:22:36.0503 5632 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
09:22:36.0505 5632 Compbatt - ok
09:22:36.0520 5632 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
09:22:36.0524 5632 CompositeBus - ok
09:22:36.0567 5632 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
09:22:36.0569 5632 crcdisk - ok
09:22:36.0599 5632 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
09:22:36.0605 5632 CSC - ok
09:22:36.0660 5632 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
09:22:36.0663 5632 DfsC - ok
09:22:36.0712 5632 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
09:22:36.0713 5632 discache - ok
09:22:36.0736 5632 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
09:22:36.0739 5632 Disk - ok
09:22:36.0796 5632 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
09:22:36.0798 5632 drmkaud - ok
09:22:36.0847 5632 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
09:22:36.0847 5632 DXGKrnl - ok
09:22:36.0958 5632 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
09:22:37.0038 5632 ebdrv - ok
09:22:37.0077 5632 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
09:22:37.0085 5632 elxstor - ok
09:22:37.0109 5632 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
09:22:37.0111 5632 ErrDev - ok
09:22:37.0156 5632 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
09:22:37.0160 5632 exfat - ok
09:22:37.0181 5632 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
09:22:37.0185 5632 fastfat - ok
09:22:37.0221 5632 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
09:22:37.0226 5632 fdc - ok
09:22:37.0256 5632 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
09:22:37.0259 5632 FileInfo - ok
09:22:37.0277 5632 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
09:22:37.0280 5632 Filetrace - ok
09:22:37.0304 5632 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
09:22:37.0307 5632 flpydisk - ok
09:22:37.0333 5632 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
09:22:37.0337 5632 FltMgr - ok
09:22:37.0373 5632 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
09:22:37.0375 5632 FsDepends - ok
09:22:37.0395 5632 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
09:22:37.0397 5632 Fs_Rec - ok
09:22:37.0446 5632 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
09:22:37.0449 5632 fvevol - ok
09:22:37.0476 5632 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:22:37.0478 5632 gagp30kx - ok
09:22:37.0530 5632 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:22:37.0532 5632 GEARAspiWDM - ok
09:22:37.0599 5632 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
09:22:37.0601 5632 ggflt - ok
09:22:37.0630 5632 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
09:22:37.0632 5632 ggsemc - ok
09:22:37.0677 5632 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
09:22:37.0680 5632 hcw85cir - ok
09:22:37.0717 5632 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
09:22:37.0723 5632 HdAudAddService - ok
09:22:37.0739 5632 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:22:37.0742 5632 HDAudBus - ok
09:22:37.0763 5632 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
09:22:37.0765 5632 HidBatt - ok
09:22:37.0784 5632 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
09:22:37.0787 5632 HidBth - ok
09:22:37.0805 5632 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
09:22:37.0807 5632 HidIr - ok
09:22:37.0828 5632 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
09:22:37.0831 5632 HidUsb - ok
09:22:37.0867 5632 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
09:22:37.0869 5632 HpSAMD - ok
09:22:37.0918 5632 HSF_DPV (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys
09:22:37.0966 5632 HSF_DPV - ok
09:22:38.0000 5632 HSXHWAZL (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
09:22:38.0005 5632 HSXHWAZL - ok
09:22:38.0033 5632 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
09:22:38.0041 5632 HTTP - ok
09:22:38.0065 5632 hwdatacard - ok
09:22:38.0097 5632 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
09:22:38.0098 5632 hwpolicy - ok
09:22:38.0153 5632 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
09:22:38.0156 5632 i8042prt - ok
09:22:38.0184 5632 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
09:22:38.0191 5632 iaStorV - ok
09:22:38.0395 5632 igfx (c7fee838fd0216ee0ad3d765ab4f40f4) C:\Windows\system32\DRIVERS\igdkmd32.sys
09:22:38.0521 5632 igfx - ok
09:22:38.0535 5632 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
09:22:38.0538 5632 iirsp - ok
09:22:38.0569 5632 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
09:22:38.0572 5632 intelide - ok
09:22:38.0589 5632 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
09:22:38.0591 5632 intelppm - ok
09:22:38.0619 5632 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:22:38.0622 5632 IpFilterDriver - ok
09:22:38.0641 5632 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
09:22:38.0643 5632 IPMIDRV - ok
09:22:38.0667 5632 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
09:22:38.0669 5632 IPNAT - ok
09:22:38.0717 5632 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
09:22:38.0720 5632 IRENUM - ok
09:22:38.0745 5632 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
09:22:38.0748 5632 isapnp - ok
09:22:38.0772 5632 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
09:22:38.0776 5632 iScsiPrt - ok
09:22:38.0801 5632 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:22:38.0802 5632 kbdclass - ok
09:22:38.0821 5632 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
09:22:38.0823 5632 kbdhid - ok
09:22:38.0844 5632 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
09:22:38.0847 5632 KSecDD - ok
09:22:38.0899 5632 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
09:22:38.0903 5632 KSecPkg - ok
09:22:38.0973 5632 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
09:22:38.0973 5632 lltdio - ok
09:22:39.0031 5632 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:22:39.0034 5632 LSI_FC - ok
09:22:39.0048 5632 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:22:39.0051 5632 LSI_SAS - ok
09:22:39.0077 5632 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:22:39.0079 5632 LSI_SAS2 - ok
09:22:39.0098 5632 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:22:39.0101 5632 LSI_SCSI - ok
09:22:39.0127 5632 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
09:22:39.0131 5632 luafv - ok
09:22:39.0183 5632 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
09:22:39.0184 5632 MBAMProtector - ok
09:22:39.0256 5632 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:22:39.0258 5632 mdmxsdk - ok
09:22:39.0299 5632 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
09:22:39.0301 5632 megasas - ok
09:22:39.0331 5632 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
09:22:39.0336 5632 MegaSR - ok
09:22:39.0376 5632 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
09:22:39.0378 5632 Modem - ok
09:22:39.0400 5632 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
09:22:39.0402 5632 monitor - ok
09:22:39.0642 5632 motmodem (8f408e9ed2feb8a8b8837c380faf7ad6) C:\Windows\system32\DRIVERS\motmodem.sys
09:22:39.0704 5632 motmodem - ok
09:22:39.0744 5632 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
09:22:39.0745 5632 mouclass - ok
09:22:39.0763 5632 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
09:22:39.0765 5632 mouhid - ok
09:22:39.0793 5632 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
09:22:39.0795 5632 mountmgr - ok
09:22:39.0817 5632 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
09:22:39.0821 5632 mpio - ok
09:22:39.0845 5632 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
09:22:39.0848 5632 mpsdrv - ok
09:22:39.0881 5632 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
09:22:39.0884 5632 MRxDAV - ok
09:22:39.0942 5632 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:22:39.0945 5632 mrxsmb - ok
09:22:39.0971 5632 mrxsmb10 (c108952d3660375dcb716b222912e868) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:22:39.0976 5632 mrxsmb10 - ok
09:22:39.0993 5632 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:22:39.0996 5632 mrxsmb20 - ok
09:22:40.0012 5632 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
09:22:40.0012 5632 msahci - ok
09:22:40.0028 5632 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
09:22:40.0044 5632 msdsm - ok
09:22:40.0077 5632 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
09:22:40.0079 5632 Msfs - ok
09:22:40.0100 5632 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
09:22:40.0102 5632 mshidkmdf - ok
09:22:40.0123 5632 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
09:22:40.0125 5632 msisadrv - ok
09:22:40.0147 5632 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
09:22:40.0149 5632 MSKSSRV - ok
09:22:40.0168 5632 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
09:22:40.0170 5632 MSPCLOCK - ok
09:22:40.0192 5632 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
09:22:40.0194 5632 MSPQM - ok
09:22:40.0219 5632 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
09:22:40.0223 5632 MsRPC - ok
09:22:40.0257 5632 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
09:22:40.0258 5632 mssmbios - ok
09:22:40.0273 5632 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
09:22:40.0275 5632 MSTEE - ok
09:22:40.0298 5632 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
09:22:40.0300 5632 MTConfig - ok
09:22:40.0319 5632 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
09:22:40.0321 5632 Mup - ok
09:22:40.0349 5632 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
09:22:40.0354 5632 NativeWifiP - ok
09:22:40.0393 5632 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
09:22:40.0413 5632 NDIS - ok
09:22:40.0429 5632 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
09:22:40.0431 5632 NdisCap - ok
09:22:40.0456 5632 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
09:22:40.0458 5632 NdisTapi - ok
09:22:40.0484 5632 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
09:22:40.0487 5632 Ndisuio - ok
09:22:40.0507 5632 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
09:22:40.0510 5632 NdisWan - ok
09:22:40.0524 5632 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
09:22:40.0526 5632 NDProxy - ok
09:22:40.0553 5632 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
09:22:40.0555 5632 NetBIOS - ok
09:22:40.0576 5632 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
09:22:40.0580 5632 NetBT - ok
09:22:40.0681 5632 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
09:22:40.0683 5632 nfrd960 - ok
09:22:40.0756 5632 nmwcdnsu (99145c5d4b6c4d6f5ce83ee6abffe294) C:\Windows\system32\drivers\nmwcdnsu.sys
09:22:40.0760 5632 nmwcdnsu - ok
09:22:40.0839 5632 nmwcdnsuc (578117c0c0cf10d99c8853e83c4bc63c) C:\Windows\system32\drivers\nmwcdnsuc.sys
09:22:40.0842 5632 nmwcdnsuc - ok
09:22:40.0862 5632 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
09:22:40.0865 5632 Npfs - ok
09:22:40.0895 5632 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
09:22:40.0897 5632 nsiproxy - ok
09:22:40.0947 5632 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
09:22:40.0982 5632 Ntfs - ok
09:22:41.0027 5632 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
09:22:41.0029 5632 Null - ok
09:22:41.0052 5632 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
09:22:41.0052 5632 nvraid - ok
09:22:41.0068 5632 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
09:22:41.0068 5632 nvstor - ok
09:22:41.0083 5632 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
09:22:41.0099 5632 nv_agp - ok
09:22:41.0133 5632 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
09:22:41.0136 5632 ohci1394 - ok
09:22:41.0185 5632 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
09:22:41.0187 5632 Parport - ok
09:22:41.0207 5632 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
09:22:41.0209 5632 partmgr - ok
09:22:41.0228 5632 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
09:22:41.0230 5632 Parvdm - ok
09:22:41.0261 5632 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
09:22:41.0265 5632 pci - ok
09:22:41.0282 5632 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
09:22:41.0285 5632 pciide - ok
09:22:41.0307 5632 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
09:22:41.0311 5632 pcmcia - ok
09:22:41.0335 5632 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
09:22:41.0337 5632 pcw - ok
09:22:41.0370 5632 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
09:22:41.0387 5632 PEAUTH - ok
09:22:41.0470 5632 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
09:22:41.0472 5632 PptpMiniport - ok
09:22:41.0491 5632 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
09:22:41.0494 5632 Processor - ok
09:22:41.0531 5632 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
09:22:41.0533 5632 Psched - ok
09:22:41.0591 5632 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
09:22:41.0626 5632 ql2300 - ok
09:22:41.0656 5632 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
09:22:41.0660 5632 ql40xx - ok
09:22:41.0691 5632 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
09:22:41.0692 5632 QWAVEdrv - ok
09:22:41.0712 5632 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
09:22:41.0714 5632 RasAcd - ok
09:22:41.0744 5632 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:22:41.0746 5632 RasAgileVpn - ok
09:22:41.0773 5632 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:22:41.0775 5632 Rasl2tp - ok
09:22:41.0805 5632 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
09:22:41.0808 5632 RasPppoe - ok
09:22:41.0828 5632 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
09:22:41.0830 5632 RasSstp - ok
09:22:41.0851 5632 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
09:22:41.0856 5632 rdbss - ok
09:22:41.0875 5632 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
09:22:41.0877 5632 rdpbus - ok
09:22:41.0898 5632 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:22:41.0900 5632 RDPCDD - ok
09:22:41.0932 5632 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
09:22:41.0936 5632 RDPDR - ok
09:22:41.0958 5632 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
09:22:41.0959 5632 RDPENCDD - ok
09:22:41.0986 5632 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
09:22:41.0987 5632 RDPREFMP - ok
09:22:42.0015 5632 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
09:22:42.0020 5632 RDPWD - ok
09:22:42.0041 5632 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
09:22:42.0045 5632 rdyboost - ok
09:22:42.0103 5632 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
09:22:42.0119 5632 rspndr - ok
09:22:42.0167 5632 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
09:22:42.0171 5632 RTL8167 - ok
09:22:42.0213 5632 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
09:22:42.0215 5632 s3cap - ok
09:22:42.0246 5632 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
09:22:42.0249 5632 sbp2port - ok
09:22:42.0281 5632 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
09:22:42.0284 5632 scfilter - ok
09:22:42.0327 5632 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:22:42.0329 5632 secdrv - ok
09:22:42.0374 5632 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
09:22:42.0376 5632 Serenum - ok
09:22:42.0401 5632 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
09:22:42.0404 5632 Serial - ok
09:22:42.0443 5632 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
09:22:42.0445 5632 sermouse - ok
09:22:42.0492 5632 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
09:22:42.0494 5632 sffdisk - ok
09:22:42.0510 5632 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
09:22:42.0513 5632 sffp_mmc - ok
09:22:42.0534 5632 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
09:22:42.0536 5632 sffp_sd - ok
09:22:42.0563 5632 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
09:22:42.0565 5632 sfloppy - ok
09:22:42.0621 5632 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
09:22:42.0624 5632 sisagp - ok
09:22:42.0647 5632 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:22:42.0650 5632 SiSRaid2 - ok
09:22:42.0675 5632 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
09:22:42.0678 5632 SiSRaid4 - ok
09:22:42.0698 5632 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
09:22:42.0701 5632 Smb - ok
09:22:42.0787 5632 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
09:22:42.0789 5632 spldr - ok
09:22:42.0883 5632 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
09:22:42.0927 5632 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
09:22:42.0933 5632 sptd ( LockedFile.Multi.Generic ) - warning
09:22:42.0933 5632 sptd - detected LockedFile.Multi.Generic (1)
09:22:43.0111 5632 SRS_SSCFilter (53ff9a8b3748399f143d7572b7888dd7) C:\Windows\system32\drivers\srs_sscfilter_i386.sys
09:22:43.0121 5632 SRS_SSCFilter - ok
09:22:43.0190 5632 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
09:22:43.0196 5632 srv - ok
09:22:43.0245 5632 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
09:22:43.0251 5632 srv2 - ok
09:22:43.0312 5632 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
09:22:43.0318 5632 SrvHsfHDA - ok
09:22:43.0365 5632 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
09:22:43.0398 5632 SrvHsfV92 - ok
09:22:43.0435 5632 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
09:22:43.0454 5632 SrvHsfWinac - ok
09:22:43.0505 5632 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
09:22:43.0508 5632 srvnet - ok
09:22:43.0587 5632 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\Windows\system32\DRIVERS\ssadbus.sys
09:22:43.0590 5632 ssadbus - ok
09:22:43.0633 5632 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\Windows\system32\DRIVERS\ssadmdfl.sys
09:22:43.0635 5632 ssadmdfl - ok
09:22:43.0683 5632 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\Windows\system32\DRIVERS\ssadmdm.sys
09:22:43.0686 5632 ssadmdm - ok
09:22:43.0710 5632 ssadserd (1a5a397bc459f346ab56492b61ef79f6) C:\Windows\system32\DRIVERS\ssadserd.sys
09:22:43.0714 5632 ssadserd - ok
09:22:43.0768 5632 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
09:22:43.0770 5632 stexstor - ok
09:22:43.0795 5632 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
09:22:43.0798 5632 storflt - ok
09:22:43.0822 5632 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
09:22:43.0824 5632 storvsc - ok
09:22:43.0850 5632 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
09:22:43.0851 5632 swenum - ok
09:22:43.0902 5632 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
09:22:43.0905 5632 SynTP - ok
09:22:44.0007 5632 Tcpip (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\drivers\tcpip.sys
09:22:44.0042 5632 Tcpip - ok
09:22:44.0089 5632 TCPIP6 (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\DRIVERS\tcpip.sys
09:22:44.0099 5632 TCPIP6 - ok
09:22:44.0159 5632 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
09:22:44.0161 5632 tcpipreg - ok
09:22:44.0178 5632 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
09:22:44.0178 5632 TDPIPE - ok
09:22:44.0209 5632 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
09:22:44.0209 5632 TDTCP - ok
09:22:44.0249 5632 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
09:22:44.0258 5632 tdx - ok
09:22:44.0292 5632 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
09:22:44.0294 5632 TermDD - ok
09:22:44.0511 5632 trutil - ok
09:22:44.0538 5632 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:22:44.0540 5632 tssecsrv - ok
09:22:44.0572 5632 TuneUpUtilitiesDrv - ok
09:22:44.0603 5632 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
09:22:44.0606 5632 tunnel - ok
09:22:44.0630 5632 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
09:22:44.0633 5632 uagp35 - ok
09:22:44.0683 5632 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
09:22:44.0688 5632 udfs - ok
09:22:44.0733 5632 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
09:22:44.0735 5632 uliagpkx - ok
09:22:44.0753 5632 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
09:22:44.0755 5632 umbus - ok
09:22:44.0780 5632 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
09:22:44.0782 5632 UmPass - ok
09:22:44.0843 5632 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
09:22:44.0845 5632 USBAAPL - ok
09:22:44.0892 5632 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
09:22:44.0896 5632 usbaudio - ok
09:22:44.0922 5632 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
09:22:44.0925 5632 usbccgp - ok
09:22:44.0957 5632 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
09:22:44.0961 5632 usbcir - ok
09:22:44.0988 5632 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
09:22:44.0991 5632 usbehci - ok
09:22:45.0016 5632 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
09:22:45.0021 5632 usbhub - ok
09:22:45.0039 5632 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
09:22:45.0041 5632 usbohci - ok
09:22:45.0070 5632 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
09:22:45.0072 5632 usbprint - ok
09:22:45.0099 5632 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:22:45.0102 5632 USBSTOR - ok
09:22:45.0120 5632 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
09:22:45.0122 5632 usbuhci - ok
09:22:45.0171 5632 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
09:22:45.0175 5632 usbvideo - ok
09:22:45.0227 5632 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
09:22:45.0227 5632 vdrvroot - ok
09:22:45.0242 5632 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
09:22:45.0242 5632 vga - ok
09:22:45.0284 5632 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
09:22:45.0286 5632 VgaSave - ok
09:22:45.0307 5632 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
09:22:45.0311 5632 vhdmp - ok
09:22:45.0330 5632 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
09:22:45.0332 5632 viaagp - ok
09:22:45.0353 5632 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
09:22:45.0356 5632 ViaC7 - ok
09:22:45.0385 5632 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
09:22:45.0387 5632 viaide - ok
09:22:45.0404 5632 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
09:22:45.0408 5632 vmbus - ok
09:22:45.0426 5632 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
09:22:45.0429 5632 VMBusHID - ok
09:22:45.0461 5632 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
09:22:45.0464 5632 volmgr - ok
09:22:45.0483 5632 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
09:22:45.0487 5632 volmgrx - ok
09:22:45.0518 5632 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
09:22:45.0523 5632 volsnap - ok
09:22:45.0549 5632 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
09:22:45.0552 5632 vsmraid - ok
09:22:45.0585 5632 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
09:22:45.0587 5632 vwifibus - ok
09:22:45.0613 5632 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
09:22:45.0615 5632 vwififlt - ok
09:22:45.0637 5632 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
09:22:45.0639 5632 vwifimp - ok
09:22:45.0684 5632 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
09:22:45.0686 5632 WacomPen - ok
09:22:45.0710 5632 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
09:22:45.0713 5632 WANARP - ok
09:22:45.0723 5632 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
09:22:45.0725 5632 Wanarpv6 - ok
09:22:45.0785 5632 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
09:22:45.0787 5632 Wd - ok
09:22:45.0827 5632 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
09:22:45.0834 5632 Wdf01000 - ok
09:22:45.0911 5632 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
09:22:45.0913 5632 WfpLwf - ok
09:22:45.0941 5632 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
09:22:45.0943 5632 WIMMount - ok
09:22:45.0996 5632 winachsf (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
09:22:46.0013 5632 winachsf - ok
09:22:46.0136 5632 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
09:22:46.0139 5632 WinUsb - ok
09:22:46.0192 5632 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:22:46.0193 5632 WmiAcpi - ok
09:22:46.0252 5632 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
09:22:46.0254 5632 ws2ifsl - ok
09:22:46.0302 5632 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
09:22:46.0302 5632 WudfPf - ok
09:22:46.0317 5632 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:22:46.0333 5632 WUDFRd - ok
09:22:46.0391 5632 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
09:22:46.0393 5632 XAudio - ok
09:22:46.0415 5632 ztemtusbser - ok
09:22:46.0466 5632 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:22:46.0590 5632 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:22:46.0590 5632 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:22:46.0594 5632 Boot (0x1200) (9f3c67a4ad4f7c086a5e6161323c6e6d) \Device\Harddisk0\DR0\Partition0
09:22:46.0596 5632 \Device\Harddisk0\DR0\Partition0 - ok
09:22:46.0633 5632 Boot (0x1200) (f60ca14b8f6aeb0a5efea312fc28739b) \Device\Harddisk0\DR0\Partition1
09:22:46.0634 5632 \Device\Harddisk0\DR0\Partition1 - ok
09:22:46.0654 5632 Boot (0x1200) (343c0295d93bcba7d55ff4864df55fe1) \Device\Harddisk0\DR0\Partition2
09:22:46.0655 5632 \Device\Harddisk0\DR0\Partition2 - ok
09:22:46.0679 5632 Boot (0x1200) (b4ccfa712db5bdf2337c96cc740471ff) \Device\Harddisk0\DR0\Partition3
09:22:46.0680 5632 \Device\Harddisk0\DR0\Partition3 - ok
09:22:46.0681 5632 ============================================================
09:22:46.0681 5632 Scan finished
09:22:46.0681 5632 ============================================================
09:22:46.0699 5684 Detected object count: 2
09:22:46.0699 5684 Actual detected object count: 2
09:22:59.0499 5684 sptd ( LockedFile.Multi.Generic ) - skipped by user
09:22:59.0499 5684 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
09:22:59.0502 5684 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:22:59.0502 5684 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
09:23:35.0919 5540 Deinitialize success
---------------------------------------------------------
09:22:14.0091 5892 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
09:22:14.0563 5892 ============================================================
09:22:14.0563 5892 Current date / time: 2012/02/07 09:22:14.0563
09:22:14.0564 5892 SystemInfo:
09:22:14.0564 5892
09:22:14.0564 5892 OS Version: 6.1.7600 ServicePack: 0.0
09:22:14.0564 5892 Product type: Workstation
09:22:14.0564 5892 ComputerName: COM
09:22:14.0564 5892 UserName: user
09:22:14.0564 5892 Windows directory: C:\Windows
09:22:14.0564 5892 System windows directory: C:\Windows
09:22:14.0564 5892 Processor architecture: Intel x86
09:22:14.0564 5892 Number of processors: 2
09:22:14.0564 5892 Page size: 0x1000
09:22:14.0564 5892 Boot type: Normal boot
09:22:14.0564 5892 ============================================================
09:22:15.0890 5892 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xAD0A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
09:22:15.0897 5892 \Device\Harddisk0\DR0:
09:22:15.0897 5892 MBR used
09:22:15.0897 5892 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:22:15.0897 5892 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31E000
09:22:15.0897 5892 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0xC350000
09:22:15.0897 5892 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x186A0800, BlocksNum 0xCD8D800
09:22:16.0057 5892 Initialize success
09:22:16.0057 5892 ============================================================
09:22:33.0318 5632 ============================================================
09:22:33.0318 5632 Scan started
09:22:33.0318 5632 Mode: Manual; TDLFS;
09:22:33.0318 5632 ============================================================
09:22:34.0424 5632 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
09:22:34.0429 5632 1394ohci - ok
09:22:34.0472 5632 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
09:22:34.0477 5632 ACPI - ok
09:22:34.0496 5632 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
09:22:34.0498 5632 AcpiPmi - ok
09:22:34.0532 5632 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
09:22:34.0539 5632 adp94xx - ok
09:22:34.0574 5632 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
09:22:34.0580 5632 adpahci - ok
09:22:34.0602 5632 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
09:22:34.0606 5632 adpu320 - ok
09:22:34.0665 5632 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
09:22:34.0670 5632 AFD - ok
09:22:34.0689 5632 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
09:22:34.0691 5632 agp440 - ok
09:22:34.0711 5632 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
09:22:34.0714 5632 aic78xx - ok
09:22:34.0733 5632 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
09:22:34.0733 5632 aliide - ok
09:22:34.0749 5632 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
09:22:34.0749 5632 amdagp - ok
09:22:34.0764 5632 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
09:22:34.0764 5632 amdide - ok
09:22:34.0794 5632 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
09:22:34.0797 5632 AmdK8 - ok
09:22:34.0823 5632 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
09:22:34.0825 5632 AmdPPM - ok
09:22:34.0844 5632 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
09:22:34.0847 5632 amdsata - ok
09:22:34.0864 5632 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
09:22:34.0868 5632 amdsbs - ok
09:22:34.0890 5632 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
09:22:34.0893 5632 amdxata - ok
09:22:34.0941 5632 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\Windows\system32\Drivers\ssadadb.sys
09:22:34.0944 5632 androidusb - ok
09:22:34.0966 5632 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
09:22:34.0969 5632 AppID - ok
09:22:35.0042 5632 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
09:22:35.0045 5632 arc - ok
09:22:35.0071 5632 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
09:22:35.0073 5632 arcsas - ok
09:22:35.0107 5632 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
09:22:35.0110 5632 AsyncMac - ok
09:22:35.0124 5632 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
09:22:35.0125 5632 atapi - ok
09:22:35.0193 5632 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
09:22:35.0228 5632 athr - ok
09:22:35.0335 5632 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
09:22:35.0337 5632 AVGIDSDriver - ok
09:22:35.0376 5632 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
09:22:35.0378 5632 AVGIDSEH - ok
09:22:35.0393 5632 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
09:22:35.0394 5632 AVGIDSFilter - ok
09:22:35.0468 5632 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
09:22:35.0469 5632 AVGIDSShim - ok
09:22:35.0542 5632 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
09:22:35.0544 5632 Avgldx86 - ok
09:22:35.0561 5632 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
09:22:35.0563 5632 Avgmfx86 - ok
09:22:35.0624 5632 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
09:22:35.0626 5632 Avgrkx86 - ok
09:22:35.0672 5632 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
09:22:35.0675 5632 Avgtdix - ok
09:22:35.0735 5632 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
09:22:35.0743 5632 b06bdrv - ok
09:22:35.0774 5632 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
09:22:35.0774 5632 b57nd60x - ok
09:22:35.0805 5632 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
09:22:35.0805 5632 Beep - ok
09:22:35.0844 5632 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
09:22:35.0845 5632 blbdrive - ok
09:22:35.0907 5632 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
09:22:35.0909 5632 bowser - ok
09:22:35.0926 5632 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:22:35.0928 5632 BrFiltLo - ok
09:22:35.0951 5632 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:22:35.0952 5632 BrFiltUp - ok
09:22:35.0989 5632 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
09:22:35.0994 5632 Brserid - ok
09:22:36.0016 5632 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
09:22:36.0019 5632 BrSerWdm - ok
09:22:36.0035 5632 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:22:36.0037 5632 BrUsbMdm - ok
09:22:36.0048 5632 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
09:22:36.0050 5632 BrUsbSer - ok
09:22:36.0090 5632 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
09:22:36.0093 5632 BTHMODEM - ok
09:22:36.0111 5632 BzeekDM - ok
09:22:36.0127 5632 BzeekDP - ok
09:22:36.0146 5632 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
09:22:36.0149 5632 cdfs - ok
09:22:36.0172 5632 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
09:22:36.0174 5632 cdrom - ok
09:22:36.0194 5632 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
09:22:36.0196 5632 circlass - ok
09:22:36.0242 5632 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
09:22:36.0246 5632 CLFS - ok
09:22:36.0276 5632 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
09:22:36.0277 5632 CmBatt - ok
09:22:36.0296 5632 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
09:22:36.0298 5632 cmdide - ok
09:22:36.0327 5632 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
09:22:36.0333 5632 CNG - ok
09:22:36.0396 5632 cnnctfy2 (4eb6222be3c3c8071f4a9ca076241d1d) C:\Windows\system32\DRIVERS\cnnctfy2.sys
09:22:36.0411 5632 cnnctfy2 - ok
09:22:36.0473 5632 CnxtHdAudService (7c47786b58ae503777dbd12fae20ed42) C:\Windows\system32\drivers\CHDRT32.sys
09:22:36.0480 5632 CnxtHdAudService - ok
09:22:36.0503 5632 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
09:22:36.0505 5632 Compbatt - ok
09:22:36.0520 5632 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
09:22:36.0524 5632 CompositeBus - ok
09:22:36.0567 5632 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
09:22:36.0569 5632 crcdisk - ok
09:22:36.0599 5632 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
09:22:36.0605 5632 CSC - ok
09:22:36.0660 5632 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
09:22:36.0663 5632 DfsC - ok
09:22:36.0712 5632 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
09:22:36.0713 5632 discache - ok
09:22:36.0736 5632 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
09:22:36.0739 5632 Disk - ok
09:22:36.0796 5632 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
09:22:36.0798 5632 drmkaud - ok
09:22:36.0847 5632 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
09:22:36.0847 5632 DXGKrnl - ok
09:22:36.0958 5632 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
09:22:37.0038 5632 ebdrv - ok
09:22:37.0077 5632 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
09:22:37.0085 5632 elxstor - ok
09:22:37.0109 5632 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
09:22:37.0111 5632 ErrDev - ok
09:22:37.0156 5632 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
09:22:37.0160 5632 exfat - ok
09:22:37.0181 5632 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
09:22:37.0185 5632 fastfat - ok
09:22:37.0221 5632 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
09:22:37.0226 5632 fdc - ok
09:22:37.0256 5632 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
09:22:37.0259 5632 FileInfo - ok
09:22:37.0277 5632 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
09:22:37.0280 5632 Filetrace - ok
09:22:37.0304 5632 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
09:22:37.0307 5632 flpydisk - ok
09:22:37.0333 5632 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
09:22:37.0337 5632 FltMgr - ok
09:22:37.0373 5632 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
09:22:37.0375 5632 FsDepends - ok
09:22:37.0395 5632 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
09:22:37.0397 5632 Fs_Rec - ok
09:22:37.0446 5632 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
09:22:37.0449 5632 fvevol - ok
09:22:37.0476 5632 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:22:37.0478 5632 gagp30kx - ok
09:22:37.0530 5632 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:22:37.0532 5632 GEARAspiWDM - ok
09:22:37.0599 5632 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
09:22:37.0601 5632 ggflt - ok
09:22:37.0630 5632 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
09:22:37.0632 5632 ggsemc - ok
09:22:37.0677 5632 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
09:22:37.0680 5632 hcw85cir - ok
09:22:37.0717 5632 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
09:22:37.0723 5632 HdAudAddService - ok
09:22:37.0739 5632 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:22:37.0742 5632 HDAudBus - ok
09:22:37.0763 5632 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
09:22:37.0765 5632 HidBatt - ok
09:22:37.0784 5632 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
09:22:37.0787 5632 HidBth - ok
09:22:37.0805 5632 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
09:22:37.0807 5632 HidIr - ok
09:22:37.0828 5632 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
09:22:37.0831 5632 HidUsb - ok
09:22:37.0867 5632 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
09:22:37.0869 5632 HpSAMD - ok
09:22:37.0918 5632 HSF_DPV (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys
09:22:37.0966 5632 HSF_DPV - ok
09:22:38.0000 5632 HSXHWAZL (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
09:22:38.0005 5632 HSXHWAZL - ok
09:22:38.0033 5632 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
09:22:38.0041 5632 HTTP - ok
09:22:38.0065 5632 hwdatacard - ok
09:22:38.0097 5632 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
09:22:38.0098 5632 hwpolicy - ok
09:22:38.0153 5632 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
09:22:38.0156 5632 i8042prt - ok
09:22:38.0184 5632 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
09:22:38.0191 5632 iaStorV - ok
09:22:38.0395 5632 igfx (c7fee838fd0216ee0ad3d765ab4f40f4) C:\Windows\system32\DRIVERS\igdkmd32.sys
09:22:38.0521 5632 igfx - ok
09:22:38.0535 5632 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
09:22:38.0538 5632 iirsp - ok
09:22:38.0569 5632 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
09:22:38.0572 5632 intelide - ok
09:22:38.0589 5632 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
09:22:38.0591 5632 intelppm - ok
09:22:38.0619 5632 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:22:38.0622 5632 IpFilterDriver - ok
09:22:38.0641 5632 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
09:22:38.0643 5632 IPMIDRV - ok
09:22:38.0667 5632 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
09:22:38.0669 5632 IPNAT - ok
09:22:38.0717 5632 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
09:22:38.0720 5632 IRENUM - ok
09:22:38.0745 5632 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
09:22:38.0748 5632 isapnp - ok
09:22:38.0772 5632 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
09:22:38.0776 5632 iScsiPrt - ok
09:22:38.0801 5632 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:22:38.0802 5632 kbdclass - ok
09:22:38.0821 5632 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
09:22:38.0823 5632 kbdhid - ok
09:22:38.0844 5632 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
09:22:38.0847 5632 KSecDD - ok
09:22:38.0899 5632 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
09:22:38.0903 5632 KSecPkg - ok
09:22:38.0973 5632 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
09:22:38.0973 5632 lltdio - ok
09:22:39.0031 5632 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:22:39.0034 5632 LSI_FC - ok
09:22:39.0048 5632 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:22:39.0051 5632 LSI_SAS - ok
09:22:39.0077 5632 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:22:39.0079 5632 LSI_SAS2 - ok
09:22:39.0098 5632 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:22:39.0101 5632 LSI_SCSI - ok
09:22:39.0127 5632 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
09:22:39.0131 5632 luafv - ok
09:22:39.0183 5632 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
09:22:39.0184 5632 MBAMProtector - ok
09:22:39.0256 5632 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:22:39.0258 5632 mdmxsdk - ok
09:22:39.0299 5632 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
09:22:39.0301 5632 megasas - ok
09:22:39.0331 5632 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
09:22:39.0336 5632 MegaSR - ok
09:22:39.0376 5632 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
09:22:39.0378 5632 Modem - ok
09:22:39.0400 5632 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
09:22:39.0402 5632 monitor - ok
09:22:39.0642 5632 motmodem (8f408e9ed2feb8a8b8837c380faf7ad6) C:\Windows\system32\DRIVERS\motmodem.sys
09:22:39.0704 5632 motmodem - ok
09:22:39.0744 5632 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
09:22:39.0745 5632 mouclass - ok
09:22:39.0763 5632 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
09:22:39.0765 5632 mouhid - ok
09:22:39.0793 5632 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
09:22:39.0795 5632 mountmgr - ok
09:22:39.0817 5632 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
09:22:39.0821 5632 mpio - ok
09:22:39.0845 5632 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
09:22:39.0848 5632 mpsdrv - ok
09:22:39.0881 5632 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
09:22:39.0884 5632 MRxDAV - ok
09:22:39.0942 5632 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:22:39.0945 5632 mrxsmb - ok
09:22:39.0971 5632 mrxsmb10 (c108952d3660375dcb716b222912e868) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:22:39.0976 5632 mrxsmb10 - ok
09:22:39.0993 5632 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:22:39.0996 5632 mrxsmb20 - ok
09:22:40.0012 5632 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
09:22:40.0012 5632 msahci - ok
09:22:40.0028 5632 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
09:22:40.0044 5632 msdsm - ok
09:22:40.0077 5632 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
09:22:40.0079 5632 Msfs - ok
09:22:40.0100 5632 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
09:22:40.0102 5632 mshidkmdf - ok
09:22:40.0123 5632 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
09:22:40.0125 5632 msisadrv - ok
09:22:40.0147 5632 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
09:22:40.0149 5632 MSKSSRV - ok
09:22:40.0168 5632 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
09:22:40.0170 5632 MSPCLOCK - ok
09:22:40.0192 5632 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
09:22:40.0194 5632 MSPQM - ok
09:22:40.0219 5632 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
09:22:40.0223 5632 MsRPC - ok
09:22:40.0257 5632 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
09:22:40.0258 5632 mssmbios - ok
09:22:40.0273 5632 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
09:22:40.0275 5632 MSTEE - ok
09:22:40.0298 5632 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
09:22:40.0300 5632 MTConfig - ok
09:22:40.0319 5632 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
09:22:40.0321 5632 Mup - ok
09:22:40.0349 5632 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
09:22:40.0354 5632 NativeWifiP - ok
09:22:40.0393 5632 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
09:22:40.0413 5632 NDIS - ok
09:22:40.0429 5632 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
09:22:40.0431 5632 NdisCap - ok
09:22:40.0456 5632 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
09:22:40.0458 5632 NdisTapi - ok
09:22:40.0484 5632 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
09:22:40.0487 5632 Ndisuio - ok
09:22:40.0507 5632 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
09:22:40.0510 5632 NdisWan - ok
09:22:40.0524 5632 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
09:22:40.0526 5632 NDProxy - ok
09:22:40.0553 5632 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
09:22:40.0555 5632 NetBIOS - ok
09:22:40.0576 5632 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
09:22:40.0580 5632 NetBT - ok
09:22:40.0681 5632 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
09:22:40.0683 5632 nfrd960 - ok
09:22:40.0756 5632 nmwcdnsu (99145c5d4b6c4d6f5ce83ee6abffe294) C:\Windows\system32\drivers\nmwcdnsu.sys
09:22:40.0760 5632 nmwcdnsu - ok
09:22:40.0839 5632 nmwcdnsuc (578117c0c0cf10d99c8853e83c4bc63c) C:\Windows\system32\drivers\nmwcdnsuc.sys
09:22:40.0842 5632 nmwcdnsuc - ok
09:22:40.0862 5632 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
09:22:40.0865 5632 Npfs - ok
09:22:40.0895 5632 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
09:22:40.0897 5632 nsiproxy - ok
09:22:40.0947 5632 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
09:22:40.0982 5632 Ntfs - ok
09:22:41.0027 5632 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
09:22:41.0029 5632 Null - ok
09:22:41.0052 5632 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
09:22:41.0052 5632 nvraid - ok
09:22:41.0068 5632 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
09:22:41.0068 5632 nvstor - ok
09:22:41.0083 5632 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
09:22:41.0099 5632 nv_agp - ok
09:22:41.0133 5632 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
09:22:41.0136 5632 ohci1394 - ok
09:22:41.0185 5632 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
09:22:41.0187 5632 Parport - ok
09:22:41.0207 5632 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
09:22:41.0209 5632 partmgr - ok
09:22:41.0228 5632 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
09:22:41.0230 5632 Parvdm - ok
09:22:41.0261 5632 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
09:22:41.0265 5632 pci - ok
09:22:41.0282 5632 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
09:22:41.0285 5632 pciide - ok
09:22:41.0307 5632 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
09:22:41.0311 5632 pcmcia - ok
09:22:41.0335 5632 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
09:22:41.0337 5632 pcw - ok
09:22:41.0370 5632 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
09:22:41.0387 5632 PEAUTH - ok
09:22:41.0470 5632 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
09:22:41.0472 5632 PptpMiniport - ok
09:22:41.0491 5632 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
09:22:41.0494 5632 Processor - ok
09:22:41.0531 5632 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
09:22:41.0533 5632 Psched - ok
09:22:41.0591 5632 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
09:22:41.0626 5632 ql2300 - ok
09:22:41.0656 5632 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
09:22:41.0660 5632 ql40xx - ok
09:22:41.0691 5632 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
09:22:41.0692 5632 QWAVEdrv - ok
09:22:41.0712 5632 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
09:22:41.0714 5632 RasAcd - ok
09:22:41.0744 5632 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:22:41.0746 5632 RasAgileVpn - ok
09:22:41.0773 5632 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:22:41.0775 5632 Rasl2tp - ok
09:22:41.0805 5632 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
09:22:41.0808 5632 RasPppoe - ok
09:22:41.0828 5632 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
09:22:41.0830 5632 RasSstp - ok
09:22:41.0851 5632 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
09:22:41.0856 5632 rdbss - ok
09:22:41.0875 5632 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
09:22:41.0877 5632 rdpbus - ok
09:22:41.0898 5632 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:22:41.0900 5632 RDPCDD - ok
09:22:41.0932 5632 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
09:22:41.0936 5632 RDPDR - ok
09:22:41.0958 5632 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
09:22:41.0959 5632 RDPENCDD - ok
09:22:41.0986 5632 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
09:22:41.0987 5632 RDPREFMP - ok
09:22:42.0015 5632 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
09:22:42.0020 5632 RDPWD - ok
09:22:42.0041 5632 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
09:22:42.0045 5632 rdyboost - ok
09:22:42.0103 5632 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
09:22:42.0119 5632 rspndr - ok
09:22:42.0167 5632 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
09:22:42.0171 5632 RTL8167 - ok
09:22:42.0213 5632 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
09:22:42.0215 5632 s3cap - ok
09:22:42.0246 5632 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
09:22:42.0249 5632 sbp2port - ok
09:22:42.0281 5632 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
09:22:42.0284 5632 scfilter - ok
09:22:42.0327 5632 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:22:42.0329 5632 secdrv - ok
09:22:42.0374 5632 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
09:22:42.0376 5632 Serenum - ok
09:22:42.0401 5632 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
09:22:42.0404 5632 Serial - ok
09:22:42.0443 5632 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
09:22:42.0445 5632 sermouse - ok
09:22:42.0492 5632 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
09:22:42.0494 5632 sffdisk - ok
09:22:42.0510 5632 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
09:22:42.0513 5632 sffp_mmc - ok
09:22:42.0534 5632 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
09:22:42.0536 5632 sffp_sd - ok
09:22:42.0563 5632 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
09:22:42.0565 5632 sfloppy - ok
09:22:42.0621 5632 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
09:22:42.0624 5632 sisagp - ok
09:22:42.0647 5632 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:22:42.0650 5632 SiSRaid2 - ok
09:22:42.0675 5632 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
09:22:42.0678 5632 SiSRaid4 - ok
09:22:42.0698 5632 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
09:22:42.0701 5632 Smb - ok
09:22:42.0787 5632 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
09:22:42.0789 5632 spldr - ok
09:22:42.0883 5632 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
09:22:42.0927 5632 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
09:22:42.0933 5632 sptd ( LockedFile.Multi.Generic ) - warning
09:22:42.0933 5632 sptd - detected LockedFile.Multi.Generic (1)
09:22:43.0111 5632 SRS_SSCFilter (53ff9a8b3748399f143d7572b7888dd7) C:\Windows\system32\drivers\srs_sscfilter_i386.sys
09:22:43.0121 5632 SRS_SSCFilter - ok
09:22:43.0190 5632 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
09:22:43.0196 5632 srv - ok
09:22:43.0245 5632 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
09:22:43.0251 5632 srv2 - ok
09:22:43.0312 5632 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
09:22:43.0318 5632 SrvHsfHDA - ok
09:22:43.0365 5632 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
09:22:43.0398 5632 SrvHsfV92 - ok
09:22:43.0435 5632 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
09:22:43.0454 5632 SrvHsfWinac - ok
09:22:43.0505 5632 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
09:22:43.0508 5632 srvnet - ok
09:22:43.0587 5632 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\Windows\system32\DRIVERS\ssadbus.sys
09:22:43.0590 5632 ssadbus - ok
09:22:43.0633 5632 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\Windows\system32\DRIVERS\ssadmdfl.sys
09:22:43.0635 5632 ssadmdfl - ok
09:22:43.0683 5632 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\Windows\system32\DRIVERS\ssadmdm.sys
09:22:43.0686 5632 ssadmdm - ok
09:22:43.0710 5632 ssadserd (1a5a397bc459f346ab56492b61ef79f6) C:\Windows\system32\DRIVERS\ssadserd.sys
09:22:43.0714 5632 ssadserd - ok
09:22:43.0768 5632 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
09:22:43.0770 5632 stexstor - ok
09:22:43.0795 5632 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
09:22:43.0798 5632 storflt - ok
09:22:43.0822 5632 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
09:22:43.0824 5632 storvsc - ok
09:22:43.0850 5632 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
09:22:43.0851 5632 swenum - ok
09:22:43.0902 5632 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
09:22:43.0905 5632 SynTP - ok
09:22:44.0007 5632 Tcpip (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\drivers\tcpip.sys
09:22:44.0042 5632 Tcpip - ok
09:22:44.0089 5632 TCPIP6 (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\DRIVERS\tcpip.sys
09:22:44.0099 5632 TCPIP6 - ok
09:22:44.0159 5632 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
09:22:44.0161 5632 tcpipreg - ok
09:22:44.0178 5632 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
09:22:44.0178 5632 TDPIPE - ok
09:22:44.0209 5632 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
09:22:44.0209 5632 TDTCP - ok
09:22:44.0249 5632 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
09:22:44.0258 5632 tdx - ok
09:22:44.0292 5632 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
09:22:44.0294 5632 TermDD - ok
09:22:44.0511 5632 trutil - ok
09:22:44.0538 5632 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:22:44.0540 5632 tssecsrv - ok
09:22:44.0572 5632 TuneUpUtilitiesDrv - ok
09:22:44.0603 5632 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
09:22:44.0606 5632 tunnel - ok
09:22:44.0630 5632 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
09:22:44.0633 5632 uagp35 - ok
09:22:44.0683 5632 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
09:22:44.0688 5632 udfs - ok
09:22:44.0733 5632 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
09:22:44.0735 5632 uliagpkx - ok
09:22:44.0753 5632 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
09:22:44.0755 5632 umbus - ok
09:22:44.0780 5632 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
09:22:44.0782 5632 UmPass - ok
09:22:44.0843 5632 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
09:22:44.0845 5632 USBAAPL - ok
09:22:44.0892 5632 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
09:22:44.0896 5632 usbaudio - ok
09:22:44.0922 5632 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
09:22:44.0925 5632 usbccgp - ok
09:22:44.0957 5632 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
09:22:44.0961 5632 usbcir - ok
09:22:44.0988 5632 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
09:22:44.0991 5632 usbehci - ok
09:22:45.0016 5632 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
09:22:45.0021 5632 usbhub - ok
09:22:45.0039 5632 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
09:22:45.0041 5632 usbohci - ok
09:22:45.0070 5632 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
09:22:45.0072 5632 usbprint - ok
09:22:45.0099 5632 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:22:45.0102 5632 USBSTOR - ok
09:22:45.0120 5632 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
09:22:45.0122 5632 usbuhci - ok
09:22:45.0171 5632 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
09:22:45.0175 5632 usbvideo - ok
09:22:45.0227 5632 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
09:22:45.0227 5632 vdrvroot - ok
09:22:45.0242 5632 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
09:22:45.0242 5632 vga - ok
09:22:45.0284 5632 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
09:22:45.0286 5632 VgaSave - ok
09:22:45.0307 5632 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
09:22:45.0311 5632 vhdmp - ok
09:22:45.0330 5632 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
09:22:45.0332 5632 viaagp - ok
09:22:45.0353 5632 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
09:22:45.0356 5632 ViaC7 - ok
09:22:45.0385 5632 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
09:22:45.0387 5632 viaide - ok
09:22:45.0404 5632 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
09:22:45.0408 5632 vmbus - ok
09:22:45.0426 5632 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
09:22:45.0429 5632 VMBusHID - ok
09:22:45.0461 5632 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
09:22:45.0464 5632 volmgr - ok
09:22:45.0483 5632 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
09:22:45.0487 5632 volmgrx - ok
09:22:45.0518 5632 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
09:22:45.0523 5632 volsnap - ok
09:22:45.0549 5632 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
09:22:45.0552 5632 vsmraid - ok
09:22:45.0585 5632 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
09:22:45.0587 5632 vwifibus - ok
09:22:45.0613 5632 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
09:22:45.0615 5632 vwififlt - ok
09:22:45.0637 5632 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
09:22:45.0639 5632 vwifimp - ok
09:22:45.0684 5632 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
09:22:45.0686 5632 WacomPen - ok
09:22:45.0710 5632 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
09:22:45.0713 5632 WANARP - ok
09:22:45.0723 5632 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
09:22:45.0725 5632 Wanarpv6 - ok
09:22:45.0785 5632 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
09:22:45.0787 5632 Wd - ok
09:22:45.0827 5632 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
09:22:45.0834 5632 Wdf01000 - ok
09:22:45.0911 5632 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
09:22:45.0913 5632 WfpLwf - ok
09:22:45.0941 5632 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
09:22:45.0943 5632 WIMMount - ok
09:22:45.0996 5632 winachsf (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
09:22:46.0013 5632 winachsf - ok
09:22:46.0136 5632 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
09:22:46.0139 5632 WinUsb - ok
09:22:46.0192 5632 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:22:46.0193 5632 WmiAcpi - ok
09:22:46.0252 5632 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
09:22:46.0254 5632 ws2ifsl - ok
09:22:46.0302 5632 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
09:22:46.0302 5632 WudfPf - ok
09:22:46.0317 5632 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:22:46.0333 5632 WUDFRd - ok
09:22:46.0391 5632 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
09:22:46.0393 5632 XAudio - ok
09:22:46.0415 5632 ztemtusbser - ok
09:22:46.0466 5632 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:22:46.0590 5632 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:22:46.0590 5632 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:22:46.0594 5632 Boot (0x1200) (9f3c67a4ad4f7c086a5e6161323c6e6d) \Device\Harddisk0\DR0\Partition0
09:22:46.0596 5632 \Device\Harddisk0\DR0\Partition0 - ok
09:22:46.0633 5632 Boot (0x1200) (f60ca14b8f6aeb0a5efea312fc28739b) \Device\Harddisk0\DR0\Partition1
09:22:46.0634 5632 \Device\Harddisk0\DR0\Partition1 - ok
09:22:46.0654 5632 Boot (0x1200) (343c0295d93bcba7d55ff4864df55fe1) \Device\Harddisk0\DR0\Partition2
09:22:46.0655 5632 \Device\Harddisk0\DR0\Partition2 - ok
09:22:46.0679 5632 Boot (0x1200) (b4ccfa712db5bdf2337c96cc740471ff) \Device\Harddisk0\DR0\Partition3
09:22:46.0680 5632 \Device\Harddisk0\DR0\Partition3 - ok
09:22:46.0681 5632 ============================================================
09:22:46.0681 5632 Scan finished
09:22:46.0681 5632 ============================================================
09:22:46.0699 5684 Detected object count: 2
09:22:46.0699 5684 Actual detected object count: 2
09:22:59.0499 5684 sptd ( LockedFile.Multi.Generic ) - skipped by user
09:22:59.0499 5684 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
09:22:59.0502 5684 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:22:59.0502 5684 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
09:23:35.0919 5540 Deinitialize success
mirajp1
Posts
9
Registration date
Monday February 6, 2012
Status
Member
Last seen
November 5, 2012
Feb 6, 2012 at 10:35 PM
Feb 6, 2012 at 10:35 PM
this is gmer log
-------------------------------------------------------------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-07 10:01:57
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-60ZCT1 rev.13.01A13
Running: olg4dmi7.exe; Driver: C:\Users\user\AppData\Local\Temp\pxldqpow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xAE2A1F3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xAE2A1FE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xAE2A2080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xAE2A211C]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 8447E569 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 844A3092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 844AAAF8 4 Bytes [3C, 1F, 2A, AE]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 844AADC8 8 Bytes [E4, 1F, 2A, AE, 80, 20, 2A, ...] {IN AL, 0x1f; SUB CH, [ESI-0x51d5df80]}
.text ntkrnlpa.exe!RtlSidHashLookup + 82C 844AAE3C 4 Bytes [1C, 21, 2A, AE]
? System32\Drivers\spxc.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 94375CA0 5 Bytes JMP 880614E0
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 AF6B1000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 AF6B1123 32 Bytes [C5, 6A, AF, FE, 05, 34, C5, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50D4 AF6B1144 423 Bytes [6A, AF, A0, 34, C5, 6A, AF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 527C AF6B12EC 172 Bytes CALL AF6D1D3F \SystemRoot\system32\drivers\spsys.sys (security processor/Microsoft Corporation)
PAGE spsys.sys!?SPRevision@@3PADA + 5329 AF6B1399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtCreateFile + 6 76FD4876 4 Bytes [28, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtCreateFile + B 76FD487B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtMapViewOfSection + 6 76FD4ED6 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtMapViewOfSection + 6 76FD4ED6 4 Bytes [28, 03, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtMapViewOfSection + B 76FD4EDB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenFile + 6 76FD4F86 4 Bytes [68, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenFile + B 76FD4F8B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenProcess + 6 76FD5036 4 Bytes [A8, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenProcess + B 76FD503B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenProcessToken + 6 76FD5046 4 Bytes CALL 75FD674C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenProcessToken + B 76FD504B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenProcessTokenEx + 6 76FD5056 4 Bytes [A8, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenProcessTokenEx + B 76FD505B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenThread + 6 76FD50B6 4 Bytes [68, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenThread + B 76FD50BB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenThreadToken + 6 76FD50C6 4 Bytes [68, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenThreadToken + B 76FD50CB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenThreadTokenEx + 6 76FD50D6 4 Bytes CALL 75FD67DD
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenThreadTokenEx + B 76FD50DB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtQueryAttributesFile + 6 76FD51E6 4 Bytes [A8, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtQueryAttributesFile + B 76FD51EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtQueryFullAttributesFile + 6 76FD5296 4 Bytes CALL 75FD699B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtQueryFullAttributesFile + B 76FD529B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtSetInformationFile + 6 76FD58E6 4 Bytes [28, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtSetInformationFile + B 76FD58EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtSetInformationThread + 6 76FD5946 4 Bytes [28, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtSetInformationThread + B 76FD594B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtUnmapViewOfSection + 6 76FD5C66 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtUnmapViewOfSection + 6 76FD5C66 4 Bytes [68, 03, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtUnmapViewOfSection + B 76FD5C6B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtCreateFile + 6 76FD4876 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtCreateFile + B 76FD487B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtMapViewOfSection + 6 76FD4ED6 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtMapViewOfSection + 6 76FD4ED6 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtMapViewOfSection + B 76FD4EDB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenFile + 6 76FD4F86 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenFile + B 76FD4F8B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenProcess + 6 76FD5036 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenProcess + B 76FD503B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenProcessToken + 6 76FD5046 4 Bytes CALL 75FD574C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenProcessToken + B 76FD504B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenProcessTokenEx + 6 76FD5056 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenProcessTokenEx + B 76FD505B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenThread + 6 76FD50B6 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenThread + B 76FD50BB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenThreadToken + 6 76FD50C6 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenThreadToken + B 76FD50CB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenThreadTokenEx + 6 76FD50D6 4 Bytes CALL 75FD57DD
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenThreadTokenEx + B 76FD50DB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtQueryAttributesFile + 6 76FD51E6 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtQueryAttributesFile + B 76FD51EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtQueryFullAttributesFile + 6 76FD5296 4 Bytes CALL 75FD599B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtQueryFullAttributesFile + B 76FD529B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtSetInformationFile + 6 76FD58E6 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtSetInformationFile + B 76FD58EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtSetInformationThread + 6 76FD5946 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtSetInformationThread + B 76FD594B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtUnmapViewOfSection + 6 76FD5C66 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtUnmapViewOfSection + 6 76FD5C66 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtUnmapViewOfSection + B 76FD5C6B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtCreateFile + 6 76FD4876 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtCreateFile + B 76FD487B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtMapViewOfSection + 6 76FD4ED6 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtMapViewOfSection + 6 76FD4ED6 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtMapViewOfSection + B 76FD4EDB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenFile + 6 76FD4F86 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenFile + B 76FD4F8B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenProcess + 6 76FD5036 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenProcess + B 76FD503B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenProcessToken + 6 76FD5046 4 Bytes CALL 75FD574C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenProcessToken + B 76FD504B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenProcessTokenEx + 6 76FD5056 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenProcessTokenEx + B 76FD505B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenThread + 6 76FD50B6 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenThread + B 76FD50BB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenThreadToken + 6 76FD50C6 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenThreadToken + B 76FD50CB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenThreadTokenEx + 6 76FD50D6 4 Bytes CALL 75FD57DD
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenThreadTokenEx + B 76FD50DB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtQueryAttributesFile + 6 76FD51E6 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtQueryAttributesFile + B 76FD51EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtQueryFullAttributesFile + 6 76FD5296 4 Bytes CALL 75FD599B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtQueryFullAttributesFile + B 76FD529B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtSetInformationFile + 6 76FD58E6 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtSetInformationFile + B 76FD58EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtSetInformationThread + 6 76FD5946 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtSetInformationThread + B 76FD594B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtUnmapViewOfSection + 6 76FD5C66 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtUnmapViewOfSection + 6 76FD5C66 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtUnmapViewOfSection + B 76FD5C6B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtCreateFile + 6 76FD4876 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtCreateFile + B 76FD487B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtMapViewOfSection + 6 76FD4ED6 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtMapViewOfSection + 6 76FD4ED6 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtMapViewOfSection + B 76FD4EDB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenFile + 6 76FD4F86 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenFile + B 76FD4F8B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenProcess + 6 76FD5036 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenProcess + B 76FD503B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenProcessToken + 6 76FD5046 4 Bytes CALL 75FD574C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenProcessToken + B 76FD504B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenProcessTokenEx + 6 76FD5056 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenProcessTokenEx + B 76FD505B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenThread + 6 76FD50B6 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenThread + B 76FD50BB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenThreadToken + 6 76FD50C6 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenThreadToken + B 76FD50CB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenThreadTokenEx + 6 76FD50D6 4 Bytes CALL 75FD57DD
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenThreadTokenEx + B 76FD50DB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtQueryAttributesFile + 6 76FD51E6 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtQueryAttributesFile + B 76FD51EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtQueryFullAttributesFile + 6 76FD5296 4 Bytes CALL 75FD599B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtQueryFullAttributesFile + B 76FD529B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtSetInformationFile + 6 76FD58E6 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtSetInformationFile + B 76FD58EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtSetInformationThread + 6 76FD5946 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtSetInformationThread + B 76FD594B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtUnmapViewOfSection + 6 76FD5C66 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtUnmapViewOfSection + 6 76FD5C66 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtUnmapViewOfSection + B 76FD5C6B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtCreateFile + 6 76FD4876 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtCreateFile + B 76FD487B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtMapViewOfSection + 6 76FD4ED6 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtMapViewOfSection + 6 76FD4ED6 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtMapViewOfSection + B 76FD4EDB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenFile + 6 76FD4F86 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenFile + B 76FD4F8B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenProcess + 6 76FD5036 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenProcess + B 76FD503B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenProcessToken + 6 76FD5046 4 Bytes CALL 75FD574C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenProcessToken + B 76FD504B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenProcessTokenEx + 6 76FD5056 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenProcessTokenEx + B 76FD505B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenThread + 6 76FD50B6 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenThread + B 76FD50BB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenThreadToken + 6 76FD50C6 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenThreadToken + B 76FD50CB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenThreadTokenEx + 6 76FD50D6 4 Bytes CALL 75FD57DD
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenThreadTokenEx + B 76FD50DB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtQueryAttributesFile + 6 76FD51E6 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtQueryAttributesFile + B 76FD51EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtQueryFullAttributesFile + 6 76FD5296 4 Bytes CALL 75FD599B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtQueryFullAttributesFile + B 76FD529B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtSetInformationFile + 6 76FD58E6 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtSetInformationFile + B 76FD58EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtSetInformationThread + 6 76FD5946 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtSetInformationThread + B 76FD594B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtUnmapViewOfSection + 6 76FD5C66 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtUnmapViewOfSection + 6 76FD5C66 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtUnmapViewOfSection + B 76FD5C6B 1 Byte [E2]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8C613042] \SystemRoot\System32\Drivers\spxc.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8C6136D6] \SystemRoot\System32\Drivers\spxc.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8C613800] \SystemRoot\System32\Drivers\spxc.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8C61313E] \SystemRoot\System32\Drivers\spxc.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\DAP\DAP.EXE[4976] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadCursorW] 017AC7B0
IAT C:\Program Files\DAP\DAP.EXE[4976] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadIconW] 017AC810
IAT C:\Program Files\DAP\DAP.EXE[4976] @ C:\Windows\system32\ole32.dll [USER32.dll!CreateDialogParamW] 017ACA00
IAT C:\Program Files\DAP\DAP.EXE[4976] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] 017ACAA0
IAT C:\Program Files\DAP\DAP.EXE[4976] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalLock] 017AC1B0
IAT C:\Program Files\DAP\DAP.EXE[4976] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 017AC170
IAT C:\Program Files\DAP\DAP.EXE[4976] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 017A99A0
IAT C:\Program Files\DAP\DAP.EXE[4976] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 017A9920
IAT C:\Program Files\DAP\DAP.EXE[4976] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetVersion] 017AC540
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 86D0E1F8
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
Device \Driver\volmgr \Device\VolMgrControl 86D091F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{449793EB-9474-44ED-8FBC-5C9904212206} 87E421F8
Device \Driver\usbuhci \Device\USBPDO-0 880CC500
Device \Driver\usbuhci \Device\USBPDO-1 880CC500
Device \Driver\usbuhci \Device\USBPDO-2 880CC500
Device \Driver\usbehci \Device\USBPDO-3 8817A500
Device \Driver\usbuhci \Device\USBPDO-4 880CC500
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBPDO-5 880CC500
Device \Driver\NetBT \Device\NetBT_Tcpip_{19224388-719F-4E59-AFF3-3EC04BD8EE34} 87E421F8
Device \Driver\usbuhci \Device\USBPDO-6 880CC500
Device \Driver\volmgr \Device\HarddiskVolume1 86D091F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-7 8817A500
Device \Driver\volmgr \Device\HarddiskVolume2 86D091F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 87DD61F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 86D0B1F8
Device \Driver\atapi \Device\Ide\IdePort0 86D0B1F8
Device \Driver\atapi \Device\Ide\IdePort1 86D0B1F8
Device \Driver\atapi \Device\Ide\IdePort2
-------------------------------------------------------------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-07 10:01:57
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-60ZCT1 rev.13.01A13
Running: olg4dmi7.exe; Driver: C:\Users\user\AppData\Local\Temp\pxldqpow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xAE2A1F3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xAE2A1FE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xAE2A2080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xAE2A211C]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 8447E569 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 844A3092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 844AAAF8 4 Bytes [3C, 1F, 2A, AE]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 844AADC8 8 Bytes [E4, 1F, 2A, AE, 80, 20, 2A, ...] {IN AL, 0x1f; SUB CH, [ESI-0x51d5df80]}
.text ntkrnlpa.exe!RtlSidHashLookup + 82C 844AAE3C 4 Bytes [1C, 21, 2A, AE]
? System32\Drivers\spxc.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 94375CA0 5 Bytes JMP 880614E0
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 AF6B1000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 AF6B1123 32 Bytes [C5, 6A, AF, FE, 05, 34, C5, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50D4 AF6B1144 423 Bytes [6A, AF, A0, 34, C5, 6A, AF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 527C AF6B12EC 172 Bytes CALL AF6D1D3F \SystemRoot\system32\drivers\spsys.sys (security processor/Microsoft Corporation)
PAGE spsys.sys!?SPRevision@@3PADA + 5329 AF6B1399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtCreateFile + 6 76FD4876 4 Bytes [28, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtCreateFile + B 76FD487B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtMapViewOfSection + 6 76FD4ED6 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtMapViewOfSection + 6 76FD4ED6 4 Bytes [28, 03, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtMapViewOfSection + B 76FD4EDB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenFile + 6 76FD4F86 4 Bytes [68, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenFile + B 76FD4F8B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenProcess + 6 76FD5036 4 Bytes [A8, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenProcess + B 76FD503B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenProcessToken + 6 76FD5046 4 Bytes CALL 75FD674C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenProcessToken + B 76FD504B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenProcessTokenEx + 6 76FD5056 4 Bytes [A8, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenProcessTokenEx + B 76FD505B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenThread + 6 76FD50B6 4 Bytes [68, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenThread + B 76FD50BB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenThreadToken + 6 76FD50C6 4 Bytes [68, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenThreadToken + B 76FD50CB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenThreadTokenEx + 6 76FD50D6 4 Bytes CALL 75FD67DD
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtOpenThreadTokenEx + B 76FD50DB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtQueryAttributesFile + 6 76FD51E6 4 Bytes [A8, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtQueryAttributesFile + B 76FD51EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtQueryFullAttributesFile + 6 76FD5296 4 Bytes CALL 75FD699B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtQueryFullAttributesFile + B 76FD529B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtSetInformationFile + 6 76FD58E6 4 Bytes [28, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtSetInformationFile + B 76FD58EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtSetInformationThread + 6 76FD5946 4 Bytes [28, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtSetInformationThread + B 76FD594B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtUnmapViewOfSection + 6 76FD5C66 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtUnmapViewOfSection + 6 76FD5C66 4 Bytes [68, 03, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[580] ntdll.dll!NtUnmapViewOfSection + B 76FD5C6B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtCreateFile + 6 76FD4876 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtCreateFile + B 76FD487B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtMapViewOfSection + 6 76FD4ED6 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtMapViewOfSection + 6 76FD4ED6 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtMapViewOfSection + B 76FD4EDB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenFile + 6 76FD4F86 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenFile + B 76FD4F8B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenProcess + 6 76FD5036 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenProcess + B 76FD503B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenProcessToken + 6 76FD5046 4 Bytes CALL 75FD574C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenProcessToken + B 76FD504B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenProcessTokenEx + 6 76FD5056 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenProcessTokenEx + B 76FD505B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenThread + 6 76FD50B6 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenThread + B 76FD50BB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenThreadToken + 6 76FD50C6 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenThreadToken + B 76FD50CB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenThreadTokenEx + 6 76FD50D6 4 Bytes CALL 75FD57DD
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtOpenThreadTokenEx + B 76FD50DB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtQueryAttributesFile + 6 76FD51E6 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtQueryAttributesFile + B 76FD51EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtQueryFullAttributesFile + 6 76FD5296 4 Bytes CALL 75FD599B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtQueryFullAttributesFile + B 76FD529B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtSetInformationFile + 6 76FD58E6 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtSetInformationFile + B 76FD58EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtSetInformationThread + 6 76FD5946 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtSetInformationThread + B 76FD594B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtUnmapViewOfSection + 6 76FD5C66 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtUnmapViewOfSection + 6 76FD5C66 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2076] ntdll.dll!NtUnmapViewOfSection + B 76FD5C6B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtCreateFile + 6 76FD4876 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtCreateFile + B 76FD487B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtMapViewOfSection + 6 76FD4ED6 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtMapViewOfSection + 6 76FD4ED6 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtMapViewOfSection + B 76FD4EDB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenFile + 6 76FD4F86 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenFile + B 76FD4F8B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenProcess + 6 76FD5036 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenProcess + B 76FD503B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenProcessToken + 6 76FD5046 4 Bytes CALL 75FD574C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenProcessToken + B 76FD504B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenProcessTokenEx + 6 76FD5056 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenProcessTokenEx + B 76FD505B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenThread + 6 76FD50B6 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenThread + B 76FD50BB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenThreadToken + 6 76FD50C6 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenThreadToken + B 76FD50CB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenThreadTokenEx + 6 76FD50D6 4 Bytes CALL 75FD57DD
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenThreadTokenEx + B 76FD50DB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtQueryAttributesFile + 6 76FD51E6 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtQueryAttributesFile + B 76FD51EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtQueryFullAttributesFile + 6 76FD5296 4 Bytes CALL 75FD599B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtQueryFullAttributesFile + B 76FD529B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtSetInformationFile + 6 76FD58E6 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtSetInformationFile + B 76FD58EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtSetInformationThread + 6 76FD5946 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtSetInformationThread + B 76FD594B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtUnmapViewOfSection + 6 76FD5C66 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtUnmapViewOfSection + 6 76FD5C66 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtUnmapViewOfSection + B 76FD5C6B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtCreateFile + 6 76FD4876 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtCreateFile + B 76FD487B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtMapViewOfSection + 6 76FD4ED6 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtMapViewOfSection + 6 76FD4ED6 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtMapViewOfSection + B 76FD4EDB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenFile + 6 76FD4F86 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenFile + B 76FD4F8B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenProcess + 6 76FD5036 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenProcess + B 76FD503B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenProcessToken + 6 76FD5046 4 Bytes CALL 75FD574C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenProcessToken + B 76FD504B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenProcessTokenEx + 6 76FD5056 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenProcessTokenEx + B 76FD505B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenThread + 6 76FD50B6 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenThread + B 76FD50BB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenThreadToken + 6 76FD50C6 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenThreadToken + B 76FD50CB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenThreadTokenEx + 6 76FD50D6 4 Bytes CALL 75FD57DD
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenThreadTokenEx + B 76FD50DB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtQueryAttributesFile + 6 76FD51E6 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtQueryAttributesFile + B 76FD51EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtQueryFullAttributesFile + 6 76FD5296 4 Bytes CALL 75FD599B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtQueryFullAttributesFile + B 76FD529B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtSetInformationFile + 6 76FD58E6 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtSetInformationFile + B 76FD58EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtSetInformationThread + 6 76FD5946 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtSetInformationThread + B 76FD594B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtUnmapViewOfSection + 6 76FD5C66 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtUnmapViewOfSection + 6 76FD5C66 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtUnmapViewOfSection + B 76FD5C6B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtCreateFile + 6 76FD4876 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtCreateFile + B 76FD487B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtMapViewOfSection + 6 76FD4ED6 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtMapViewOfSection + 6 76FD4ED6 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtMapViewOfSection + B 76FD4EDB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenFile + 6 76FD4F86 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenFile + B 76FD4F8B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenProcess + 6 76FD5036 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenProcess + B 76FD503B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenProcessToken + 6 76FD5046 4 Bytes CALL 75FD574C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenProcessToken + B 76FD504B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenProcessTokenEx + 6 76FD5056 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenProcessTokenEx + B 76FD505B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenThread + 6 76FD50B6 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenThread + B 76FD50BB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenThreadToken + 6 76FD50C6 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenThreadToken + B 76FD50CB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenThreadTokenEx + 6 76FD50D6 4 Bytes CALL 75FD57DD
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtOpenThreadTokenEx + B 76FD50DB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtQueryAttributesFile + 6 76FD51E6 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtQueryAttributesFile + B 76FD51EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtQueryFullAttributesFile + 6 76FD5296 4 Bytes CALL 75FD599B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtQueryFullAttributesFile + B 76FD529B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtSetInformationFile + 6 76FD58E6 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtSetInformationFile + B 76FD58EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtSetInformationThread + 6 76FD5946 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtSetInformationThread + B 76FD594B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtUnmapViewOfSection + 6 76FD5C66 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtUnmapViewOfSection + 6 76FD5C66 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5864] ntdll.dll!NtUnmapViewOfSection + B 76FD5C6B 1 Byte [E2]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8C613042] \SystemRoot\System32\Drivers\spxc.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8C6136D6] \SystemRoot\System32\Drivers\spxc.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8C613800] \SystemRoot\System32\Drivers\spxc.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8C61313E] \SystemRoot\System32\Drivers\spxc.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\DAP\DAP.EXE[4976] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadCursorW] 017AC7B0
IAT C:\Program Files\DAP\DAP.EXE[4976] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadIconW] 017AC810
IAT C:\Program Files\DAP\DAP.EXE[4976] @ C:\Windows\system32\ole32.dll [USER32.dll!CreateDialogParamW] 017ACA00
IAT C:\Program Files\DAP\DAP.EXE[4976] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] 017ACAA0
IAT C:\Program Files\DAP\DAP.EXE[4976] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalLock] 017AC1B0
IAT C:\Program Files\DAP\DAP.EXE[4976] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 017AC170
IAT C:\Program Files\DAP\DAP.EXE[4976] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 017A99A0
IAT C:\Program Files\DAP\DAP.EXE[4976] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 017A9920
IAT C:\Program Files\DAP\DAP.EXE[4976] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetVersion] 017AC540
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 86D0E1F8
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
Device \Driver\volmgr \Device\VolMgrControl 86D091F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{449793EB-9474-44ED-8FBC-5C9904212206} 87E421F8
Device \Driver\usbuhci \Device\USBPDO-0 880CC500
Device \Driver\usbuhci \Device\USBPDO-1 880CC500
Device \Driver\usbuhci \Device\USBPDO-2 880CC500
Device \Driver\usbehci \Device\USBPDO-3 8817A500
Device \Driver\usbuhci \Device\USBPDO-4 880CC500
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBPDO-5 880CC500
Device \Driver\NetBT \Device\NetBT_Tcpip_{19224388-719F-4E59-AFF3-3EC04BD8EE34} 87E421F8
Device \Driver\usbuhci \Device\USBPDO-6 880CC500
Device \Driver\volmgr \Device\HarddiskVolume1 86D091F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-7 8817A500
Device \Driver\volmgr \Device\HarddiskVolume2 86D091F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 87DD61F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 86D0B1F8
Device \Driver\atapi \Device\Ide\IdePort0 86D0B1F8
Device \Driver\atapi \Device\Ide\IdePort1 86D0B1F8
Device \Driver\atapi \Device\Ide\IdePort2
mirajp1
Posts
9
Registration date
Monday February 6, 2012
Status
Member
Last seen
November 5, 2012
Feb 6, 2012 at 11:06 PM
Feb 6, 2012 at 11:06 PM
this saswMBR log:
------------------------------------------------------
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-07 09:35:06
-----------------------------
09:35:06.141 OS Version: Windows 6.1.7600
09:35:06.141 Number of processors: 2 586 0x170A
09:35:06.141 ComputerName: COM UserName:
09:35:08.278 Initialize success
10:04:43.242 AVAST engine defs: 12020601
10:05:10.668 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:05:10.668 Disk 0 Vendor: WDC_WD3200BEVT-60ZCT1 13.01A13 Size: 305245MB BusType: 11
10:05:10.746 Disk 0 MBR read successfully
10:05:10.761 Disk 0 MBR scan
10:05:10.761 Disk 0 Windows 7 default MBR code
10:05:10.777 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:05:10.792 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99900 MB offset 206848
10:05:10.886 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 100000 MB offset 204802048
10:05:10.902 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 105243 MB offset 409602048
10:05:11.073 Disk 0 scanning sectors +625139712
10:05:11.229 Disk 0 scanning C:\Windows\system32\drivers
10:05:27.165 Service scanning
10:05:28.335 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
10:05:29.673 Modules scanning
10:05:37.123 Disk 0 trace - called modules:
10:05:37.142 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86d0b1f8]<<
10:05:37.148 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87bfc648]
10:05:37.156 3 CLASSPNP.SYS[8ceee59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x87aa3030]
10:05:37.162 \Driver\atapi[0x87a66030] -> IRP_MJ_CREATE -> 0x86d0b1f8
10:05:38.295 AVAST engine scan C:\Windows
10:05:45.175 AVAST engine scan C:\Windows\system32
10:11:36.800 AVAST engine scan C:\Windows\system32\drivers
10:11:53.774 AVAST engine scan C:\Users\user
10:35:07.789 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
10:35:07.799 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
------------------------------------------------------
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-07 09:35:06
-----------------------------
09:35:06.141 OS Version: Windows 6.1.7600
09:35:06.141 Number of processors: 2 586 0x170A
09:35:06.141 ComputerName: COM UserName:
09:35:08.278 Initialize success
10:04:43.242 AVAST engine defs: 12020601
10:05:10.668 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:05:10.668 Disk 0 Vendor: WDC_WD3200BEVT-60ZCT1 13.01A13 Size: 305245MB BusType: 11
10:05:10.746 Disk 0 MBR read successfully
10:05:10.761 Disk 0 MBR scan
10:05:10.761 Disk 0 Windows 7 default MBR code
10:05:10.777 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:05:10.792 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99900 MB offset 206848
10:05:10.886 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 100000 MB offset 204802048
10:05:10.902 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 105243 MB offset 409602048
10:05:11.073 Disk 0 scanning sectors +625139712
10:05:11.229 Disk 0 scanning C:\Windows\system32\drivers
10:05:27.165 Service scanning
10:05:28.335 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
10:05:29.673 Modules scanning
10:05:37.123 Disk 0 trace - called modules:
10:05:37.142 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86d0b1f8]<<
10:05:37.148 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87bfc648]
10:05:37.156 3 CLASSPNP.SYS[8ceee59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x87aa3030]
10:05:37.162 \Driver\atapi[0x87a66030] -> IRP_MJ_CREATE -> 0x86d0b1f8
10:05:38.295 AVAST engine scan C:\Windows
10:05:45.175 AVAST engine scan C:\Windows\system32
10:11:36.800 AVAST engine scan C:\Windows\system32\drivers
10:11:53.774 AVAST engine scan C:\Users\user
10:35:07.789 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
10:35:07.799 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
Didn't find the answer you are looking for?
Ask a question
Anonymous User
Feb 7, 2012 at 01:45 AM
Feb 7, 2012 at 01:45 AM
That looks clean
Download
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Install,update and run a full scan
Post the clean log
Download
http://download.eset.com/special/eos/esetsmartinstaller_enu.exe
Install it
Click on [b]START[/b],it should download the virus definitions
When scan gets completed,click on LIST of found threats
Export the list to desktop,copy the contents of the text file in your reply
Download
https://download.bleepingcomputer.com/farbar/MiniToolBox.exe
Checkmark following boxes:
Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
Click Go and post the result.
Download
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Install,update and run a full scan
Post the clean log
Download
http://download.eset.com/special/eos/esetsmartinstaller_enu.exe
Install it
Click on [b]START[/b],it should download the virus definitions
When scan gets completed,click on LIST of found threats
Export the list to desktop,copy the contents of the text file in your reply
Download
https://download.bleepingcomputer.com/farbar/MiniToolBox.exe
Checkmark following boxes:
Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
Click Go and post the result.
mirajp1
Posts
9
Registration date
Monday February 6, 2012
Status
Member
Last seen
November 5, 2012
Feb 7, 2012 at 03:19 AM
Feb 7, 2012 at 03:19 AM
minitoolbox result:
MiniToolBox by Farbar Version: 18-01-2012
Ran by Hereeee on 07-02-2012 at 14:47:22
Windows 7 Ultimate (X86)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= FF Proxy Settings: ==============================
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20) = Local Area Connection 3 (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Connected)
Atheros AR5009 802.11a/g/n WiFi Adapter = Wireless Network Connection (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=172.16.100.1 publish=Yes
add route prefix=0.0.0.0/0 interface="Local Area Connection 3" nexthop=172.16.100.1 publish=Yes
add address name="Local Area Connection" address=172.16.100.32
add address name="Local Area Connection 3" address=172.16.100.32
add address name="Wireless Network Connection" address=169.254.25.141
add address name="Wireless Network Connection 2" address=192.168.106.1
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : com
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : connectify
Ethernet adapter Local Area Connection 3:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 00-1F-16-57-23-13
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 172.16.100.32(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.100.1
DNS Servers . . . . . . . . . . . : 119.160.192.2
4.2.2.2
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wireless Network Connection 2:
Connection-specific DNS Suffix . : connectify
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 06-23-4E-04-5F-E2
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.106.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.106.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : connectify
Description . . . . . . . . . . . : Atheros AR5009 802.11a/g/n WiFi Adapter
Physical Address. . . . . . . . . : 00-23-4E-04-5F-E2
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{19224388-719F-4E59-AFF3-3EC04BD8EE34}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.connectify:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 567:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 119.160.192.2
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 74.125.236.113
74.125.236.114
74.125.236.115
74.125.236.116
74.125.236.112
Pinging google.com [74.125.236.112] with 32 bytes of data:
Reply from 74.125.236.112: bytes=32 time=1465ms TTL=55
Reply from 74.125.236.112: bytes=32 time=1254ms TTL=55
Ping statistics for 74.125.236.112:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1254ms, Maximum = 1465ms, Average = 1359ms
Server: ns1.ishannetsol.com
Address: 119.160.192.2
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Request timed out.
Reply from 72.30.2.43: bytes=32 time=2211ms TTL=52
Ping statistics for 72.30.2.43:
Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 2211ms, Maximum = 2211ms, Average = 2211ms
Server: ns1.ishannetsol.com
Address: 119.160.192.2
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.
Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
130...00 1f 16 57 23 13 ......Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
14...06 23 4e 04 5f e2 ......Microsoft Virtual WiFi Miniport Adapter
12...00 23 4e 04 5f e2 ......Atheros AR5009 802.11a/g/n WiFi Adapter
1...........................Software Loopback Interface 1
178...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
188...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
189...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.16.100.1 172.16.100.32 286
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
172.16.100.0 255.255.255.0 On-link 172.16.100.32 286
172.16.100.32 255.255.255.255 On-link 172.16.100.32 286
172.16.100.255 255.255.255.255 On-link 172.16.100.32 286
192.168.106.0 255.255.255.0 On-link 192.168.106.1 281
192.168.106.1 255.255.255.255 On-link 192.168.106.1 281
192.168.106.255 255.255.255.255 On-link 192.168.106.1 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 172.16.100.32 286
224.0.0.0 240.0.0.0 On-link 192.168.106.1 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 172.16.100.32 286
255.255.255.255 255.255.255.255 On-link 192.168.106.1 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 172.16.100.1 Default
0.0.0.0 0.0.0.0 172.16.100.1 Default
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 mswsock.dll [File Not found] ()
Catalog5 03 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
========================= Event log errors: ================================
Could not start eventlog service, could not read events.
System error 5 has occurred.
Access is denied.
=========================== Installed Programs ============================
AC3Filter (remove only)
Adobe Flash Player 10 ActiveX (Version: 10.2.153.1)
Adobe Flash Player 10 Plugin (Version: 10.3.181.26)
Adobe Reader 9.4.3 (Version: 9.4.3)
Adobe Shockwave Player 11.5 (Version: 11.5.7.609)
Akimbo
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
Atheros Driver Installation Program (Version: 5.2)
µTorrent (Version: 2.0.4)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2112)
AVG 2012 (Version: 2012.0.1913)
Bonjour (Version: 3.0.0.2)
CCleaner (remove only)
Conduit Engine (Version: )
Conexant HD Audio (Version: 4.98.4.60)
Connectify Beta (Version: 3.0.0.20868)
CyberLink YouCam (Version: 3.0.1811.7429)
DFX for Windows Media Player (Version: 9.301.0.0)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904)
DivX Setup (Version: 2.5.0.8)
Download Accelerator Plus (DAP) (Version: 9606 (Build 2121))
Facebook Video Calling 1.1.1.1 (Version: 1.1.1)
Google Chrome (Version: 16.0.912.77)
Google Earth (Version: 6.1.0.5001)
Google Talk (remove only)
Google Talk Plugin (Version: 2.1.8.0)
Google Update Helper (Version: 1.3.21.99)
Gordon's Gate Flash Driver 2.2.0.11 (Version: 2.2.0.11)
Graph 4.3
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.80.4.50)
IMBooster4Web (Version: 1.0)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1872)
Intel(R) TV Wizard
iTunes (Version: 10.4.0.80)
Java Auto Updater (Version: 2.0.1.2)
Java(TM) 6 Update 18 (Version: 6.0.180)
Macromedia Extension Manager (Version: 1.7.240)
Macromedia Flash 8 Video Encoder (Version: 1.00.0000)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft SOAP Toolkit 3.0 (Version: 3.0.1325.4)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
MotoHelper MergeModules (Version: 1.2.0)
Motorola Mobile Drivers Installation 4.8.0 (Version: 4.8.0)
Mozilla Firefox 9.0 (x86 en-US) (Version: 9.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML4 Parser (Version: 1.0.0)
MyPhoneExplorer (Version: 1.8.1)
Nero 7 Essentials (Version: 7.03.0920)
neroxml (Version: 1.0.0)
Opera 11.11 (Version: 11.11.2109)
PhotoScape
Picasa 3 (Version: 3.8)
QuickTime (Version: 7.69.80.9)
Skype(TM) 5.3 (Version: 5.3.120)
Sony Ericsson PC Companion 2.01.217 (Version: 2.01.217)
Synaptics Pointing Device Driver (Version: 11.0.7.0)
TeamViewer 6 (Version: 6.0.10722)
TeraCopy 2.2
Total Video Converter 3.50
TuneUp Utilities 2011 (Version: 10.0.4100.76)
TuneUp Utilities Language Pack (en-US) (Version: 10.0.4100.76)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VLC media player 1.1.8 (Version: 1.1.8)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Movie Maker 2.6 (Version: 2.6.4037.0)
WinRAR archiver
WinZip 11.1 (Version: 11.1.7466)
Xilisoft Video Converter Ultimate 6 (Version: 6.0.3.0528)
Yahoo! Messenger
========================= Memory info: ===================================
Percentage of memory in use: 35%
Total physical RAM: 3003.2 MB
Available physical RAM: 1939.75 MB
Total Pagefile: 7097.47 MB
Available Pagefile: 5889.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1939.58 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:97.56 GB) (Free:13.94 GB) NTFS
2 Drive d: () (Fixed) (Total:97.66 GB) (Free:29.87 GB) NTFS
3 Drive e: () (Fixed) (Total:102.78 GB) (Free:58.95 GB) NTFS
6 Drive z: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS
========================= Users: ========================================
User accounts for \\COM
Administrator Guest Hereeee
user
**** End of log ****
MiniToolBox by Farbar Version: 18-01-2012
Ran by Hereeee on 07-02-2012 at 14:47:22
Windows 7 Ultimate (X86)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= FF Proxy Settings: ==============================
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20) = Local Area Connection 3 (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Connected)
Atheros AR5009 802.11a/g/n WiFi Adapter = Wireless Network Connection (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=172.16.100.1 publish=Yes
add route prefix=0.0.0.0/0 interface="Local Area Connection 3" nexthop=172.16.100.1 publish=Yes
add address name="Local Area Connection" address=172.16.100.32
add address name="Local Area Connection 3" address=172.16.100.32
add address name="Wireless Network Connection" address=169.254.25.141
add address name="Wireless Network Connection 2" address=192.168.106.1
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : com
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : connectify
Ethernet adapter Local Area Connection 3:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 00-1F-16-57-23-13
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 172.16.100.32(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.100.1
DNS Servers . . . . . . . . . . . : 119.160.192.2
4.2.2.2
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wireless Network Connection 2:
Connection-specific DNS Suffix . : connectify
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 06-23-4E-04-5F-E2
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.106.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.106.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : connectify
Description . . . . . . . . . . . : Atheros AR5009 802.11a/g/n WiFi Adapter
Physical Address. . . . . . . . . : 00-23-4E-04-5F-E2
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{19224388-719F-4E59-AFF3-3EC04BD8EE34}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.connectify:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 567:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 119.160.192.2
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 74.125.236.113
74.125.236.114
74.125.236.115
74.125.236.116
74.125.236.112
Pinging google.com [74.125.236.112] with 32 bytes of data:
Reply from 74.125.236.112: bytes=32 time=1465ms TTL=55
Reply from 74.125.236.112: bytes=32 time=1254ms TTL=55
Ping statistics for 74.125.236.112:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1254ms, Maximum = 1465ms, Average = 1359ms
Server: ns1.ishannetsol.com
Address: 119.160.192.2
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Request timed out.
Reply from 72.30.2.43: bytes=32 time=2211ms TTL=52
Ping statistics for 72.30.2.43:
Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 2211ms, Maximum = 2211ms, Average = 2211ms
Server: ns1.ishannetsol.com
Address: 119.160.192.2
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.
Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
130...00 1f 16 57 23 13 ......Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
14...06 23 4e 04 5f e2 ......Microsoft Virtual WiFi Miniport Adapter
12...00 23 4e 04 5f e2 ......Atheros AR5009 802.11a/g/n WiFi Adapter
1...........................Software Loopback Interface 1
178...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
188...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
189...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.16.100.1 172.16.100.32 286
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
172.16.100.0 255.255.255.0 On-link 172.16.100.32 286
172.16.100.32 255.255.255.255 On-link 172.16.100.32 286
172.16.100.255 255.255.255.255 On-link 172.16.100.32 286
192.168.106.0 255.255.255.0 On-link 192.168.106.1 281
192.168.106.1 255.255.255.255 On-link 192.168.106.1 281
192.168.106.255 255.255.255.255 On-link 192.168.106.1 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 172.16.100.32 286
224.0.0.0 240.0.0.0 On-link 192.168.106.1 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 172.16.100.32 286
255.255.255.255 255.255.255.255 On-link 192.168.106.1 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 172.16.100.1 Default
0.0.0.0 0.0.0.0 172.16.100.1 Default
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 mswsock.dll [File Not found] ()
Catalog5 03 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
========================= Event log errors: ================================
Could not start eventlog service, could not read events.
System error 5 has occurred.
Access is denied.
=========================== Installed Programs ============================
AC3Filter (remove only)
Adobe Flash Player 10 ActiveX (Version: 10.2.153.1)
Adobe Flash Player 10 Plugin (Version: 10.3.181.26)
Adobe Reader 9.4.3 (Version: 9.4.3)
Adobe Shockwave Player 11.5 (Version: 11.5.7.609)
Akimbo
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
Atheros Driver Installation Program (Version: 5.2)
µTorrent (Version: 2.0.4)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2112)
AVG 2012 (Version: 2012.0.1913)
Bonjour (Version: 3.0.0.2)
CCleaner (remove only)
Conduit Engine (Version: )
Conexant HD Audio (Version: 4.98.4.60)
Connectify Beta (Version: 3.0.0.20868)
CyberLink YouCam (Version: 3.0.1811.7429)
DFX for Windows Media Player (Version: 9.301.0.0)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904)
DivX Setup (Version: 2.5.0.8)
Download Accelerator Plus (DAP) (Version: 9606 (Build 2121))
Facebook Video Calling 1.1.1.1 (Version: 1.1.1)
Google Chrome (Version: 16.0.912.77)
Google Earth (Version: 6.1.0.5001)
Google Talk (remove only)
Google Talk Plugin (Version: 2.1.8.0)
Google Update Helper (Version: 1.3.21.99)
Gordon's Gate Flash Driver 2.2.0.11 (Version: 2.2.0.11)
Graph 4.3
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.80.4.50)
IMBooster4Web (Version: 1.0)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1872)
Intel(R) TV Wizard
iTunes (Version: 10.4.0.80)
Java Auto Updater (Version: 2.0.1.2)
Java(TM) 6 Update 18 (Version: 6.0.180)
Macromedia Extension Manager (Version: 1.7.240)
Macromedia Flash 8 Video Encoder (Version: 1.00.0000)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft SOAP Toolkit 3.0 (Version: 3.0.1325.4)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
MotoHelper MergeModules (Version: 1.2.0)
Motorola Mobile Drivers Installation 4.8.0 (Version: 4.8.0)
Mozilla Firefox 9.0 (x86 en-US) (Version: 9.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML4 Parser (Version: 1.0.0)
MyPhoneExplorer (Version: 1.8.1)
Nero 7 Essentials (Version: 7.03.0920)
neroxml (Version: 1.0.0)
Opera 11.11 (Version: 11.11.2109)
PhotoScape
Picasa 3 (Version: 3.8)
QuickTime (Version: 7.69.80.9)
Skype(TM) 5.3 (Version: 5.3.120)
Sony Ericsson PC Companion 2.01.217 (Version: 2.01.217)
Synaptics Pointing Device Driver (Version: 11.0.7.0)
TeamViewer 6 (Version: 6.0.10722)
TeraCopy 2.2
Total Video Converter 3.50
TuneUp Utilities 2011 (Version: 10.0.4100.76)
TuneUp Utilities Language Pack (en-US) (Version: 10.0.4100.76)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VLC media player 1.1.8 (Version: 1.1.8)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Movie Maker 2.6 (Version: 2.6.4037.0)
WinRAR archiver
WinZip 11.1 (Version: 11.1.7466)
Xilisoft Video Converter Ultimate 6 (Version: 6.0.3.0528)
Yahoo! Messenger
========================= Memory info: ===================================
Percentage of memory in use: 35%
Total physical RAM: 3003.2 MB
Available physical RAM: 1939.75 MB
Total Pagefile: 7097.47 MB
Available Pagefile: 5889.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1939.58 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:97.56 GB) (Free:13.94 GB) NTFS
2 Drive d: () (Fixed) (Total:97.66 GB) (Free:29.87 GB) NTFS
3 Drive e: () (Fixed) (Total:102.78 GB) (Free:58.95 GB) NTFS
6 Drive z: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS
========================= Users: ========================================
User accounts for \\COM
Administrator Guest Hereeee
user
**** End of log ****
mirajp1
Posts
9
Registration date
Monday February 6, 2012
Status
Member
Last seen
November 5, 2012
Feb 7, 2012 at 10:23 AM
Feb 7, 2012 at 10:23 AM
minitoolbox report:
-------------------------------------------------------------------
MiniToolBox by Farbar Version: 18-01-2012
Ran by Hereeee on 07-02-2012 at 21:51:53
Windows 7 Ultimate (X86)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= FF Proxy Settings: ==============================
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20) = Local Area Connection 3 (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Connected)
Atheros AR5009 802.11a/g/n WiFi Adapter = Wireless Network Connection (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=172.16.100.1 publish=Yes
add route prefix=0.0.0.0/0 interface="Local Area Connection 3" nexthop=172.16.100.1 publish=Yes
add address name="Local Area Connection" address=172.16.100.32
add address name="Local Area Connection 3" address=172.16.100.32
add address name="Wireless Network Connection" address=169.254.25.141
add address name="Wireless Network Connection 2" address=192.168.106.1
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : com
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : connectify
Ethernet adapter Local Area Connection 3:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 00-1F-16-57-23-13
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 172.16.100.32(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.100.1
DNS Servers . . . . . . . . . . . : 119.160.192.2
4.2.2.2
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wireless Network Connection 2:
Connection-specific DNS Suffix . : connectify
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 06-23-4E-04-5F-E2
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.106.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.106.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : connectify
Description . . . . . . . . . . . : Atheros AR5009 802.11a/g/n WiFi Adapter
Physical Address. . . . . . . . . : 00-23-4E-04-5F-E2
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{19224388-719F-4E59-AFF3-3EC04BD8EE34}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.connectify:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 567:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: ns1.ishannetsol.com
Address: 119.160.192.2
Name: google.com
Addresses: 74.125.236.114
74.125.236.115
74.125.236.116
74.125.236.112
74.125.236.113
Pinging google.com [74.125.236.113] with 32 bytes of data:
Reply from 74.125.236.113: bytes=32 time=16ms TTL=55
Reply from 74.125.236.113: bytes=32 time=25ms TTL=55
Ping statistics for 74.125.236.113:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 16ms, Maximum = 25ms, Average = 20ms
Server: ns1.ishannetsol.com
Address: 119.160.192.2
Name: yahoo.com
Addresses: 72.30.2.43
98.137.149.56
98.139.180.149
209.191.122.70
Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=293ms TTL=52
Reply from 209.191.122.70: bytes=32 time=285ms TTL=51
Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 285ms, Maximum = 293ms, Average = 289ms
Server: ns1.ishannetsol.com
Address: 119.160.192.2
Name: bleepingcomputer.com
Address: 208.43.87.2
Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.
Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
130...00 1f 16 57 23 13 ......Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
14...06 23 4e 04 5f e2 ......Microsoft Virtual WiFi Miniport Adapter
12...00 23 4e 04 5f e2 ......Atheros AR5009 802.11a/g/n WiFi Adapter
1...........................Software Loopback Interface 1
178...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
188...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
189...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.16.100.1 172.16.100.32 286
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
172.16.100.0 255.255.255.0 On-link 172.16.100.32 286
172.16.100.32 255.255.255.255 On-link 172.16.100.32 286
172.16.100.255 255.255.255.255 On-link 172.16.100.32 286
192.168.106.0 255.255.255.0 On-link 192.168.106.1 281
192.168.106.1 255.255.255.255 On-link 192.168.106.1 281
192.168.106.255 255.255.255.255 On-link 192.168.106.1 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 172.16.100.32 286
224.0.0.0 240.0.0.0 On-link 192.168.106.1 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 172.16.100.32 286
255.255.255.255 255.255.255.255 On-link 192.168.106.1 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 172.16.100.1 Default
0.0.0.0 0.0.0.0 172.16.100.1 Default
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 mswsock.dll [File Not found] ()
Catalog5 03 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
========================= Event log errors: ================================
Could not start eventlog service, could not read events.
System error 5 has occurred.
Access is denied.
=========================== Installed Programs ============================
AC3Filter (remove only)
Adobe Flash Player 10 ActiveX (Version: 10.2.153.1)
Adobe Flash Player 10 Plugin (Version: 10.3.181.26)
Adobe Reader 9.4.3 (Version: 9.4.3)
Adobe Shockwave Player 11.5 (Version: 11.5.7.609)
Akimbo
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
Atheros Driver Installation Program (Version: 5.2)
µTorrent (Version: 2.0.4)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2112)
AVG 2012 (Version: 2012.0.1913)
Bonjour (Version: 3.0.0.2)
CCleaner (remove only)
Conduit Engine (Version: )
Conexant HD Audio (Version: 4.98.4.60)
Connectify Beta (Version: 3.0.0.20868)
CyberLink YouCam (Version: 3.0.1811.7429)
DFX for Windows Media Player (Version: 9.301.0.0)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904)
DivX Setup (Version: 2.5.0.8)
Download Accelerator Plus (DAP) (Version: 9606 (Build 2121))
ESET Online Scanner v3
Facebook Video Calling 1.1.1.1 (Version: 1.1.1)
Google Chrome (Version: 16.0.912.77)
Google Earth (Version: 6.1.0.5001)
Google Talk (remove only)
Google Talk Plugin (Version: 2.1.8.0)
Google Update Helper (Version: 1.3.21.99)
Gordon's Gate Flash Driver 2.2.0.11 (Version: 2.2.0.11)
Graph 4.3
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.80.4.50)
IMBooster4Web (Version: 1.0)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1872)
Intel(R) TV Wizard
iTunes (Version: 10.4.0.80)
Java Auto Updater (Version: 2.0.1.2)
Java(TM) 6 Update 18 (Version: 6.0.180)
Macromedia Extension Manager (Version: 1.7.240)
Macromedia Flash 8 Video Encoder (Version: 1.00.0000)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft SOAP Toolkit 3.0 (Version: 3.0.1325.4)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
MotoHelper MergeModules (Version: 1.2.0)
Motorola Mobile Drivers Installation 4.8.0 (Version: 4.8.0)
Mozilla Firefox 9.0 (x86 en-US) (Version: 9.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML4 Parser (Version: 1.0.0)
MyPhoneExplorer (Version: 1.8.1)
Nero 7 Essentials (Version: 7.03.0920)
neroxml (Version: 1.0.0)
Opera 11.11 (Version: 11.11.2109)
PhotoScape
Picasa 3 (Version: 3.8)
QuickTime (Version: 7.69.80.9)
Skype(TM) 5.3 (Version: 5.3.120)
Sony Ericsson PC Companion 2.01.217 (Version: 2.01.217)
Synaptics Pointing Device Driver (Version: 11.0.7.0)
TeamViewer 6 (Version: 6.0.10722)
TeraCopy 2.2
Total Video Converter 3.50
TuneUp Utilities 2011 (Version: 10.0.4100.76)
TuneUp Utilities Language Pack (en-US) (Version: 10.0.4100.76)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VLC media player 1.1.8 (Version: 1.1.8)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Movie Maker 2.6 (Version: 2.6.4037.0)
WinRAR archiver
WinZip 11.1 (Version: 11.1.7466)
Xilisoft Video Converter Ultimate 6 (Version: 6.0.3.0528)
Yahoo! Messenger
========================= Memory info: ===================================
Percentage of memory in use: 34%
Total physical RAM: 3003.2 MB
Available physical RAM: 1976.26 MB
Total Pagefile: 7097.47 MB
Available Pagefile: 5879.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1931.58 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:97.56 GB) (Free:13.69 GB) NTFS
2 Drive d: () (Fixed) (Total:97.66 GB) (Free:29.87 GB) NTFS
3 Drive e: () (Fixed) (Total:102.78 GB) (Free:58.95 GB) NTFS
6 Drive z: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS
========================= Users: ========================================
User accounts for \\COM
Administrator Guest Hereeee
user
**** End of log ****
-------------------------------------------------------------------
MiniToolBox by Farbar Version: 18-01-2012
Ran by Hereeee on 07-02-2012 at 21:51:53
Windows 7 Ultimate (X86)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= FF Proxy Settings: ==============================
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20) = Local Area Connection 3 (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Connected)
Atheros AR5009 802.11a/g/n WiFi Adapter = Wireless Network Connection (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=172.16.100.1 publish=Yes
add route prefix=0.0.0.0/0 interface="Local Area Connection 3" nexthop=172.16.100.1 publish=Yes
add address name="Local Area Connection" address=172.16.100.32
add address name="Local Area Connection 3" address=172.16.100.32
add address name="Wireless Network Connection" address=169.254.25.141
add address name="Wireless Network Connection 2" address=192.168.106.1
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : com
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : connectify
Ethernet adapter Local Area Connection 3:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 00-1F-16-57-23-13
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 172.16.100.32(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.100.1
DNS Servers . . . . . . . . . . . : 119.160.192.2
4.2.2.2
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wireless Network Connection 2:
Connection-specific DNS Suffix . : connectify
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 06-23-4E-04-5F-E2
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.106.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.106.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : connectify
Description . . . . . . . . . . . : Atheros AR5009 802.11a/g/n WiFi Adapter
Physical Address. . . . . . . . . : 00-23-4E-04-5F-E2
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{19224388-719F-4E59-AFF3-3EC04BD8EE34}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.connectify:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 567:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: ns1.ishannetsol.com
Address: 119.160.192.2
Name: google.com
Addresses: 74.125.236.114
74.125.236.115
74.125.236.116
74.125.236.112
74.125.236.113
Pinging google.com [74.125.236.113] with 32 bytes of data:
Reply from 74.125.236.113: bytes=32 time=16ms TTL=55
Reply from 74.125.236.113: bytes=32 time=25ms TTL=55
Ping statistics for 74.125.236.113:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 16ms, Maximum = 25ms, Average = 20ms
Server: ns1.ishannetsol.com
Address: 119.160.192.2
Name: yahoo.com
Addresses: 72.30.2.43
98.137.149.56
98.139.180.149
209.191.122.70
Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=293ms TTL=52
Reply from 209.191.122.70: bytes=32 time=285ms TTL=51
Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 285ms, Maximum = 293ms, Average = 289ms
Server: ns1.ishannetsol.com
Address: 119.160.192.2
Name: bleepingcomputer.com
Address: 208.43.87.2
Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.
Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
130...00 1f 16 57 23 13 ......Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
14...06 23 4e 04 5f e2 ......Microsoft Virtual WiFi Miniport Adapter
12...00 23 4e 04 5f e2 ......Atheros AR5009 802.11a/g/n WiFi Adapter
1...........................Software Loopback Interface 1
178...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
188...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
189...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.16.100.1 172.16.100.32 286
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
172.16.100.0 255.255.255.0 On-link 172.16.100.32 286
172.16.100.32 255.255.255.255 On-link 172.16.100.32 286
172.16.100.255 255.255.255.255 On-link 172.16.100.32 286
192.168.106.0 255.255.255.0 On-link 192.168.106.1 281
192.168.106.1 255.255.255.255 On-link 192.168.106.1 281
192.168.106.255 255.255.255.255 On-link 192.168.106.1 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 172.16.100.32 286
224.0.0.0 240.0.0.0 On-link 192.168.106.1 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 172.16.100.32 286
255.255.255.255 255.255.255.255 On-link 192.168.106.1 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 172.16.100.1 Default
0.0.0.0 0.0.0.0 172.16.100.1 Default
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 mswsock.dll [File Not found] ()
Catalog5 03 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
========================= Event log errors: ================================
Could not start eventlog service, could not read events.
System error 5 has occurred.
Access is denied.
=========================== Installed Programs ============================
AC3Filter (remove only)
Adobe Flash Player 10 ActiveX (Version: 10.2.153.1)
Adobe Flash Player 10 Plugin (Version: 10.3.181.26)
Adobe Reader 9.4.3 (Version: 9.4.3)
Adobe Shockwave Player 11.5 (Version: 11.5.7.609)
Akimbo
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
Atheros Driver Installation Program (Version: 5.2)
µTorrent (Version: 2.0.4)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2112)
AVG 2012 (Version: 2012.0.1913)
Bonjour (Version: 3.0.0.2)
CCleaner (remove only)
Conduit Engine (Version: )
Conexant HD Audio (Version: 4.98.4.60)
Connectify Beta (Version: 3.0.0.20868)
CyberLink YouCam (Version: 3.0.1811.7429)
DFX for Windows Media Player (Version: 9.301.0.0)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904)
DivX Setup (Version: 2.5.0.8)
Download Accelerator Plus (DAP) (Version: 9606 (Build 2121))
ESET Online Scanner v3
Facebook Video Calling 1.1.1.1 (Version: 1.1.1)
Google Chrome (Version: 16.0.912.77)
Google Earth (Version: 6.1.0.5001)
Google Talk (remove only)
Google Talk Plugin (Version: 2.1.8.0)
Google Update Helper (Version: 1.3.21.99)
Gordon's Gate Flash Driver 2.2.0.11 (Version: 2.2.0.11)
Graph 4.3
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.80.4.50)
IMBooster4Web (Version: 1.0)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1872)
Intel(R) TV Wizard
iTunes (Version: 10.4.0.80)
Java Auto Updater (Version: 2.0.1.2)
Java(TM) 6 Update 18 (Version: 6.0.180)
Macromedia Extension Manager (Version: 1.7.240)
Macromedia Flash 8 Video Encoder (Version: 1.00.0000)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft SOAP Toolkit 3.0 (Version: 3.0.1325.4)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
MotoHelper MergeModules (Version: 1.2.0)
Motorola Mobile Drivers Installation 4.8.0 (Version: 4.8.0)
Mozilla Firefox 9.0 (x86 en-US) (Version: 9.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML4 Parser (Version: 1.0.0)
MyPhoneExplorer (Version: 1.8.1)
Nero 7 Essentials (Version: 7.03.0920)
neroxml (Version: 1.0.0)
Opera 11.11 (Version: 11.11.2109)
PhotoScape
Picasa 3 (Version: 3.8)
QuickTime (Version: 7.69.80.9)
Skype(TM) 5.3 (Version: 5.3.120)
Sony Ericsson PC Companion 2.01.217 (Version: 2.01.217)
Synaptics Pointing Device Driver (Version: 11.0.7.0)
TeamViewer 6 (Version: 6.0.10722)
TeraCopy 2.2
Total Video Converter 3.50
TuneUp Utilities 2011 (Version: 10.0.4100.76)
TuneUp Utilities Language Pack (en-US) (Version: 10.0.4100.76)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VLC media player 1.1.8 (Version: 1.1.8)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Movie Maker 2.6 (Version: 2.6.4037.0)
WinRAR archiver
WinZip 11.1 (Version: 11.1.7466)
Xilisoft Video Converter Ultimate 6 (Version: 6.0.3.0528)
Yahoo! Messenger
========================= Memory info: ===================================
Percentage of memory in use: 34%
Total physical RAM: 3003.2 MB
Available physical RAM: 1976.26 MB
Total Pagefile: 7097.47 MB
Available Pagefile: 5879.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1931.58 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:97.56 GB) (Free:13.69 GB) NTFS
2 Drive d: () (Fixed) (Total:97.66 GB) (Free:29.87 GB) NTFS
3 Drive e: () (Fixed) (Total:102.78 GB) (Free:58.95 GB) NTFS
6 Drive z: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS
========================= Users: ========================================
User accounts for \\COM
Administrator Guest Hereeee
user
**** End of log ****
mirajp1
Posts
9
Registration date
Monday February 6, 2012
Status
Member
Last seen
November 5, 2012
Feb 7, 2012 at 10:23 AM
Feb 7, 2012 at 10:23 AM
malwarebytes scan log:
--------------------------------------------------------------
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 912020701
Windows 6.1.7600
Internet Explorer 9.0.8112.16421
07-02-2012 15:19:45
mbam-log-2012-02-07 (15-19-21).txt
Scan type: Full scan (C:\|)
Objects scanned: 146076
Time elapsed: 24 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Hereeee\AppData\Local\Google\Chrome\user data\Default\Cache\f_001a99 (Trojan.Agent) -> No action taken.
c:\Users\Hereeee\AppData\Local\Temp\wzf5e3\[thuthuat.chiplove.biz] - idm 6.07 full\[thuthuat.chiplove.biz] - keygen idm 6xx.exe (RiskWare.Tool.CK) -> No action taken.
c:\Users\Hereeee\AppData\Local\virtualstore\program files\internet download manager\idman.exe.bak (Trojan.Agent) -> No action taken.
--------------------------------------------------------------
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 912020701
Windows 6.1.7600
Internet Explorer 9.0.8112.16421
07-02-2012 15:19:45
mbam-log-2012-02-07 (15-19-21).txt
Scan type: Full scan (C:\|)
Objects scanned: 146076
Time elapsed: 24 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Hereeee\AppData\Local\Google\Chrome\user data\Default\Cache\f_001a99 (Trojan.Agent) -> No action taken.
c:\Users\Hereeee\AppData\Local\Temp\wzf5e3\[thuthuat.chiplove.biz] - idm 6.07 full\[thuthuat.chiplove.biz] - keygen idm 6xx.exe (RiskWare.Tool.CK) -> No action taken.
c:\Users\Hereeee\AppData\Local\virtualstore\program files\internet download manager\idman.exe.bak (Trojan.Agent) -> No action taken.
mirajp1
Posts
9
Registration date
Monday February 6, 2012
Status
Member
Last seen
November 5, 2012
Feb 8, 2012 at 12:43 AM
Feb 8, 2012 at 12:43 AM
this is esset log.
though it shows one threat,its not really a big threat as its a android root exploit
---------------------------------------------------
C:\AC_SWM\super\Exploits\psneuter Linux/Exploit.Lotoor.AK trojan
though it shows one threat,its not really a big threat as its a android root exploit
---------------------------------------------------
C:\AC_SWM\super\Exploits\psneuter Linux/Exploit.Lotoor.AK trojan
Anonymous User
Feb 8, 2012 at 07:31 AM
Feb 8, 2012 at 07:31 AM
You have not removed malwarebytes infection
Run the malwarebytes again-click on SHOW results
Select all and click on REMOVE
Run once to make sure it comes out clean
Download
http://download.sysinternals.com/Files/ProcessExplorer.zip
Extract and launch it
Let me know if any of the svchost process takes high CPU usage
Run the malwarebytes again-click on SHOW results
Select all and click on REMOVE
Run once to make sure it comes out clean
Download
http://download.sysinternals.com/Files/ProcessExplorer.zip
Extract and launch it
Let me know if any of the svchost process takes high CPU usage
mirajp1
Posts
9
Registration date
Monday February 6, 2012
Status
Member
Last seen
November 5, 2012
Feb 8, 2012 at 09:16 PM
Feb 8, 2012 at 09:16 PM
I opened task manager and saw the process which was using CPU high and then it came out to be uPnP hist device.I disabled it in services and now everything is fine.
I just wanted to know that is it safe to disable it?
thanx for your replies :)
I just wanted to know that is it safe to disable it?
thanx for your replies :)
