Ukash Hijacking

Fiery

Level 1
Jan 11, 2011
2,007
Hi and welcome to MalwareTips! :)

I'm Fiery and I would gladly assist you in removing the malware on your computer.

Before we start:
  • Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
  • Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
  • Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
  • Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
  • The absence of symptoms does not mean your PC is fully disinfected.
  • If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
  • Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 32 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST.exe" rel="nofollow external"><>Farbar Recovery Scan Tool</></a> and save it to a USB/flash drive.
</li>

<li>Plug the flashdrive into the infected PC.</li>

<li>Enter <>System Recovery Options</>.</li>

<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>

<li>On the System Recovery Options menu you will get the following options:</span>
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <><span style="color: #ff0000;">e</span>:\frst.exe</> and press <>Enter</>
<>Note:</><span style="color: #ff0000;"> Replace letter <>e</> with the drive letter of your flash drive.</span></li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Type exit</li>
<li>Please copy and paste FRST.txt in your next reply</li></li>
</ol>
</ul>
 
Last edited by a moderator:

ten9six

New Member
Thread author
Apr 23, 2013
10
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-04-2013 03
Ran by SYSTEM on 24-04-2013 13:24:53
Running from G:\Paul
Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet002

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [x]
HKLM\...\Run: [UsbMonitor] "C:\Program Files\TrueSuite Access Manager\usbnotify.exe" [x]
HKLM\...\Run: [PwdBank] "C:\Program Files\TrueSuite Access Manager\PwdBank.exe" [x]
HKLM\...\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [x]
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [x]
HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [x]
BootExecute: autocheck autochk * lsdelete

========================== Services (Whitelisted) =================

S2 Authentec memory manager; C:\Windows\system32\TAMSvr.exe [49152 2008-03-31] (AuthenTec Inc.)
S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-03-19] (Skype Technologies S.A.)
S2 AdobeARMservice; "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" [x]
S2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [x]
S2 AVGIDSAgent; "C:\Program Files\AVG\AVG2013\avgidsagent.exe" [x]
S2 avgwd; "C:\Program Files\AVG\AVG2013\avgwdsvc.exe" [x]
S2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [x]
S2 ConfigFree Service; "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" [x]
S3 fsssvc; "C:\Program Files\Windows Live\Family Safety\fsssvc.exe" [x]
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [x]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [x]
S3 gusvc; "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" [x]
S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [x]
S2 Lavasoft Ad-Aware Service; "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" [x]
S3 msiserver; %systemroot%\system32\msiexec /V [x]
S3 odserv; "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [x]
S3 ose; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [x]
S2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [x]
S2 SeaPort; "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [x]
S3 ServiceLayer; "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe" [x]
S2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [x]
S3 SmartFaceVWatchSrv; "C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe" [x]
S2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [x]
S2 TNaviSrv; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [x]
S2 TosCoSrv; "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe" [x]
S2 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [x]
S2 TOSHIBA SMART Log Service; "C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe" [x]
S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [x]
S2 vToolbarUpdater14.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x]
S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [x]
S4 wlcrasvc; "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" [x]
S2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [x]
S3 WMPNetworkSvc; "%ProgramFiles%\Windows Media Player\wmpnetwk.exe" [x]

==================== Drivers (Whitelisted) ====================

S0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [42608 2008-02-29] (Alfa Corporation)
S3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146944 2009-01-25] (AuthenTec, Inc.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [179936 2012-10-21] (AVG Technologies CZ, s.r.o. )
S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [55776 2012-10-14] (AVG Technologies CZ, s.r.o. )
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [19936 2012-09-20] (AVG Technologies CZ, s.r.o. )
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [159712 2012-10-01] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [177376 2012-09-20] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [94048 2012-11-15] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35552 2012-09-13] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [164832 2012-09-20] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [33112 2013-02-19] (AVG Technologies)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-05-10] ()
S0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64512 2011-06-19] (Lavasoft AB)
S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2007-07-13] (Printing Communications Assoc., Inc. (PCAUSA))
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [141408 2008-02-27] (Realtek Semiconductor Corp.)
S1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2010-05-22] ()
S3 SWNC8U55; C:\Windows\System32\DRIVERS\swnc8u55.sys [164480 2007-11-19] (Sierra Wireless Inc.)
S3 SWUMX55; C:\Windows\System32\DRIVERS\swumx55.sys [140672 2007-11-19] (Sierra Wireless Inc.)
S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S2 OpenLibSys; \??\C:\Program Files\NXP\FM Radio\OpenLibSys.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-04-24 13:24 - 2013-04-24 13:24 - 00000000 ____D C:\FRST

==================== One Month Modified Files and Folders ========

2013-04-24 13:24 - 2013-04-24 13:24 - 00000000 ____D C:\FRST
2013-04-24 13:14 - 2008-10-04 15:02 - 00000000 ____D C:\users\Michelle
2013-04-23 18:29 - 2008-10-04 13:17 - 01885255 ____A C:\Windows\WindowsUpdate.log
2013-04-23 18:29 - 2006-11-02 05:01 - 00032580 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-04-23 18:29 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-23 18:28 - 2012-08-11 22:09 - 00003415 ____A C:\Windows\setupact.log
2013-04-23 18:28 - 2010-02-25 03:05 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-23 18:26 - 2011-11-06 16:36 - 00091640 ____A C:\aaw7boot.log
2013-04-23 18:26 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-23 18:26 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-23 16:15 - 2006-11-02 02:33 - 00755350 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-23 15:32 - 2011-07-18 17:17 - 00000064 ____A C:\Windows\System32\rp_stats.dat
2013-04-23 15:32 - 2011-07-18 17:17 - 00000044 ____A C:\Windows\System32\rp_rules.dat
2013-04-23 15:09 - 2010-02-25 03:05 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-22 21:50 - 2006-11-02 04:47 - 00061440 ____A C:\Windows\System32\umstartup.etl
2013-04-18 22:48 - 2012-06-29 19:34 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3787745059-794909223-3978064198-1000\$d9e77c65513ee53e2d014397449dd4bc

==================== Known DLLs (ALL) =========================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-03-19 07:38:45
Restore point made on: 2013-03-20 02:57:13
Restore point made on: 2013-03-26 03:55:22
Restore point made on: 2013-03-30 21:12:08
Restore point made on: 2013-03-31 07:29:52
Restore point made on: 2013-03-31 18:44:40
Restore point made on: 2013-04-03 02:31:24
Restore point made on: 2013-04-09 00:09:07
Restore point made on: 2013-04-12 00:29:46
Restore point made on: 2013-04-15 05:34:16
Restore point made on: 2013-04-15 18:02:00
Restore point made on: 2013-04-16 16:25:40
Restore point made on: 2013-04-16 17:50:39

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 4093.07 MB
Available physical RAM: 3592.03 MB
Total Pagefile: 3949.34 MB
Available Pagefile: 3748.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1966.31 MB

==================== Drives ================================

Drive c: (S3A6597D005) (Fixed) (Total:176.6 GB) (Free:123.45 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:186.31 GB) (Free:154.73 GB) NTFS
Drive f: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.31 GB) NTFS
Drive g: () (Removable) (Total:1.95 GB) (Free:1.14 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 186 GB 6144 KB
Disk 1 Online 186 GB 0 B
Disk 2 Online 2001 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 1500 MB 1024 KB
Partition 2 Primary 177 GB 1501 MB
Partition 3 Primary 8 GB 178 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F TOSHIBA SYS NTFS Partition 1500 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C S3A6597D005 NTFS Partition 177 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 17
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 186 GB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D NTFS Partition 186 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 2001 MB 0 B

==================================================================================

Disk: 2
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================
============================== MBR & Partition Table ==================

====================================================================
Disk: 0 (MBR Code: Windows Vista) (Size: 186 GB) (Disk ID: 0101C97E)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=177 GB) - (Type=07) (NTFS)
Partition 3: (Not Active) - (Size=8 GB) - (Type=17)

====================================================================
Disk: 1 (MBR Code: Windows Vista) (Size: 186 GB) (Disk ID: 57ABCDAD)
Partition 1: (Not Active) - (Size=186 GB) - (Type=07) (NTFS)

====================================================================
Disk: 2 (Size: 2 GB) (Disk ID: 73696420)
Partition 1: (Not Active) - (Size=260 GB) - (Type=20)
Partition 2: (Not Active) - (Size=257 GB) - (Type=6B)
Partition 3: (Not Active) - (Size=667 GB) - (Type=53)
Partition 4: (Active) - (Size=10 MB) - (Type=49)


Last Boot: 2013-04-23 16:16

==================== End Of Log ============================
 

Fiery

Level 1
Jan 11, 2011
2,007
On another PC, open notepad and copy & paste the following:

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3787745059-794909223-3978064198-1000\$d9e77c65513ee53e2d014397449dd4bc

and save it as fixlist.txt onto your flash drive.

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

Then, attempt to reboot normally. If successful,

Download TDSSkiller from here
  • Double-Click on TDSSKiller.exe to run the application
  • When TDSSkiller opens, click change parameters , check the box next to Loaded modules . A reboot will be required.
  • After reboot, TDSSKiller will run again. Click Change parameters again and make sure everything is checked.
    clip.jpg
  • click Start scan .
  • If a suspicious object is detected, the default action will be Skip, click on Continue. (If it saids TDL4/TDSS file system, select delete)
  • If malicious objects are found, ensure Cure (default) is selected, then click Continue and Reboot now to finish the cleaning process.

Post the log after (usually C:\ folder in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt

Next, Download Malwarebytes Anti-Rootkit from here to your Desktop
  • Unzip the contents to a folder on your Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
  • After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
  • When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)
 

ten9six

New Member
Thread author
Apr 23, 2013
10
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-04-2013 03
Ran by SYSTEM at 2013-04-24 13:49:33 Run:1
Running from G:\Paul
Boot Mode: Recovery

==============================================

C:\$Recycle.Bin\S-1-5-21-3787745059-794909223-3978064198-1000\$d9e77c65513ee53e2d014397449dd4bc moved successfully.

==== End of Fixlog ====
 

ten9six

New Member
Thread author
Apr 23, 2013
10
unable to log on...

"The User Profile Service service failed logon. User profile cannot be loaded."
 

ten9six

New Member
Thread author
Apr 23, 2013
10
In safe mode, the following message was displayed

You have been logged on with the default profile for the system. Please see the event log for details or contact your administrator
 

Fiery

Level 1
Jan 11, 2011
2,007
The malware must have altered the registry. I would try a system restore back to April 15 or 16, a date before your infection to see if that fixes things. If not, we will have to edit the registry which can get rather complicated.
 

ten9six

New Member
Thread author
Apr 23, 2013
10
15:33:15.0783 3680 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:33:17.0203 3680 ============================================================
15:33:17.0203 3680 Current date / time: 2013/04/24 15:33:17.0203
15:33:17.0203 3680 SystemInfo:
15:33:17.0203 3680
15:33:17.0203 3680 OS Version: 6.0.6002 ServicePack: 2.0
15:33:17.0203 3680 Product type: Workstation
15:33:17.0203 3680 ComputerName: MICHELLE-PC
15:33:17.0203 3680 UserName: Michelle
15:33:17.0203 3680 Windows directory: C:\Windows
15:33:17.0203 3680 System windows directory: C:\Windows
15:33:17.0203 3680 Processor architecture: Intel x86
15:33:17.0203 3680 Number of processors: 2
15:33:17.0203 3680 Page size: 0x1000
15:33:17.0203 3680 Boot type: Normal boot
15:33:17.0203 3680 ============================================================
15:33:17.0951 3680 BG loaded
15:33:19.0121 3680 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:33:19.0387 3680 Drive \Device\Harddisk1\DR1 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:33:19.0402 3680 ============================================================
15:33:19.0402 3680 \Device\Harddisk0\DR0:
15:33:19.0433 3680 MBR partitions:
15:33:19.0433 3680 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x16133000
15:33:19.0433 3680 \Device\Harddisk1\DR1:
15:33:19.0433 3680 MBR partitions:
15:33:19.0433 3680 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1749E000
15:33:19.0433 3680 ============================================================
15:33:19.0496 3680 C: <-> \Device\Harddisk0\DR0\Partition1
15:33:19.0543 3680 D: <-> \Device\Harddisk1\DR1\Partition1
15:33:19.0543 3680 ============================================================
15:33:19.0543 3680 Initialize success
15:33:19.0543 3680 ============================================================
15:33:39.0486 1816 ============================================================
15:33:39.0486 1816 Scan started
15:33:39.0486 1816 Mode: Manual; SigCheck; TDLFS;
15:33:39.0486 1816 ============================================================
15:33:43.0011 1816 ================ Scan system memory ========================
15:33:43.0011 1816 System memory - ok
15:33:43.0011 1816 ================ Scan services =============================
15:33:43.0401 1816 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
15:33:43.0511 1816 ACPI - ok
15:33:43.0682 1816 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:33:43.0698 1816 AdobeARMservice - ok
15:33:43.0791 1816 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:33:43.0823 1816 AdobeFlashPlayerUpdateSvc - ok
15:33:43.0932 1816 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:33:44.0041 1816 adp94xx - ok
15:33:44.0103 1816 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:33:44.0135 1816 adpahci - ok
15:33:44.0166 1816 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
15:33:44.0197 1816 adpu160m - ok
15:33:44.0213 1816 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:33:44.0228 1816 adpu320 - ok
15:33:44.0306 1816 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:33:44.0462 1816 AeLookupSvc - ok
15:33:44.0556 1816 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
15:33:44.0634 1816 AFD - ok
15:33:44.0805 1816 [ 5D97943C128ED756D1B0A08302C1B1F8 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
15:33:45.0055 1816 AgereSoftModem - ok
15:33:45.0102 1816 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:33:45.0117 1816 agp440 - ok
15:33:45.0149 1816 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
15:33:45.0164 1816 aic78xx - ok
15:33:45.0242 1816 [ 4490B8BDF38750458EB9B24835FDA8FE ] AlfaFF C:\Windows\system32\Drivers\AlfaFF.sys
15:33:45.0289 1816 AlfaFF - ok
15:33:45.0305 1816 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
15:33:45.0461 1816 ALG - ok
15:33:45.0507 1816 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
15:33:45.0539 1816 aliide - ok
15:33:45.0585 1816 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:33:45.0601 1816 amdagp - ok
15:33:45.0648 1816 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
15:33:45.0663 1816 amdide - ok
15:33:45.0695 1816 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
15:33:45.0757 1816 AmdK7 - ok
15:33:45.0804 1816 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:33:45.0866 1816 AmdK8 - ok
15:33:45.0913 1816 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
15:33:45.0944 1816 Appinfo - ok
15:33:46.0100 1816 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:33:46.0116 1816 Apple Mobile Device - ok
15:33:46.0147 1816 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
15:33:46.0194 1816 arc - ok
15:33:46.0241 1816 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:33:46.0256 1816 arcsas - ok
15:33:46.0397 1816 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
15:33:46.0459 1816 aspnet_state - ok
15:33:46.0490 1816 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:33:46.0537 1816 AsyncMac - ok
15:33:46.0584 1816 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
15:33:46.0599 1816 atapi - ok
15:33:46.0677 1816 [ 54D715AF597C06E87418C50F481BDD2C ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
15:33:46.0787 1816 Ati External Event Utility - ok
15:33:47.0067 1816 [ BE4D8FDC6B2598C46B2B5E6E4FBAAFC5 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:33:47.0426 1816 atikmdag - ok
15:33:47.0489 1816 [ 7CEAAA478BD100ECBB1A2FC38F8F03DE ] ATSWPDRV C:\Windows\system32\DRIVERS\ATSwpDrv.sys
15:33:47.0489 1816 ATSWPDRV - ok
15:33:47.0551 1816 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:33:47.0613 1816 AudioEndpointBuilder - ok
15:33:47.0613 1816 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:33:47.0645 1816 Audiosrv - ok
15:33:47.0691 1816 [ 7012B259AE305BE0FF1A4930AE8806B4 ] Authentec memory manager C:\Windows\system32\TAMSvr.exe
15:33:47.0723 1816 Authentec memory manager ( UnsignedFile.Multi.Generic ) - warning
15:33:47.0723 1816 Authentec memory manager - detected UnsignedFile.Multi.Generic (1)
15:33:48.0237 1816 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
15:33:48.0783 1816 AVGIDSAgent - ok
15:33:48.0861 1816 [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
15:33:48.0861 1816 AVGIDSDriver - ok
15:33:48.0924 1816 [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
15:33:48.0924 1816 AVGIDSHX - ok
15:33:49.0049 1816 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
15:33:49.0064 1816 AVGIDSShim - ok
15:33:49.0127 1816 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
15:33:49.0142 1816 Avgldx86 - ok
15:33:49.0205 1816 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys
15:33:49.0205 1816 Avglogx - ok
15:33:49.0251 1816 [ AF7AA9BA434CD28833A66E90993E8DFD ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
15:33:49.0251 1816 Avgmfx86 - ok
15:33:49.0314 1816 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
15:33:49.0329 1816 Avgrkx86 - ok
15:33:49.0345 1816 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
15:33:49.0361 1816 Avgtdix - ok
15:33:49.0392 1816 [ CAE7B6E4D7EB17829C526153D19B9C95 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
15:33:49.0407 1816 avgtp - ok
15:33:49.0454 1816 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
15:33:49.0470 1816 avgwd - ok
15:33:49.0548 1816 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
15:33:49.0610 1816 Beep - ok
15:33:49.0673 1816 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
15:33:49.0735 1816 BFE - ok
15:33:49.0829 1816 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
15:33:49.0938 1816 BITS - ok
15:33:49.0969 1816 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
15:33:50.0047 1816 blbdrive - ok
15:33:50.0156 1816 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:33:50.0203 1816 Bonjour Service - ok
15:33:50.0234 1816 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:33:50.0281 1816 bowser - ok
15:33:50.0343 1816 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
15:33:50.0390 1816 BrFiltLo - ok
15:33:50.0406 1816 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
15:33:50.0453 1816 BrFiltUp - ok
15:33:50.0484 1816 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
15:33:50.0531 1816 Browser - ok
15:33:50.0593 1816 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
15:33:50.0687 1816 Brserid - ok
15:33:50.0702 1816 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
15:33:50.0765 1816 BrSerWdm - ok
15:33:50.0780 1816 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
15:33:50.0889 1816 BrUsbMdm - ok
15:33:50.0905 1816 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
15:33:50.0983 1816 BrUsbSer - ok
15:33:51.0014 1816 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:33:51.0092 1816 BTHMODEM - ok
15:33:51.0108 1816 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:33:51.0155 1816 cdfs - ok
15:33:51.0201 1816 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:33:51.0217 1816 cdrom - ok
15:33:51.0279 1816 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
15:33:51.0326 1816 CertPropSvc - ok
15:33:51.0357 1816 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
15:33:51.0404 1816 circlass - ok
15:33:51.0451 1816 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
15:33:51.0467 1816 CLFS - ok
15:33:51.0576 1816 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:33:51.0591 1816 clr_optimization_v2.0.50727_32 - ok
15:33:51.0654 1816 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:33:51.0747 1816 clr_optimization_v4.0.30319_32 - ok
15:33:51.0794 1816 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:33:51.0841 1816 CmBatt - ok
15:33:51.0857 1816 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:33:51.0872 1816 cmdide - ok
15:33:51.0888 1816 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:33:51.0903 1816 Compbatt - ok
15:33:51.0903 1816 COMSysApp - ok
15:33:52.0153 1816 [ D10D01B2DFCD8D2F32A32ED29E8DA1C2 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
15:33:52.0169 1816 ConfigFree Service ( UnsignedFile.Multi.Generic ) - warning
15:33:52.0169 1816 ConfigFree Service - detected UnsignedFile.Multi.Generic (1)
15:33:52.0200 1816 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:33:52.0215 1816 crcdisk - ok
15:33:52.0262 1816 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
15:33:52.0325 1816 Crusoe - ok
15:33:52.0387 1816 [ FB27772BEAF8E1D28CCD825C09DA939B ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:33:52.0403 1816 CryptSvc - ok
15:33:52.0481 1816 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:33:52.0543 1816 DcomLaunch - ok
15:33:52.0574 1816 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:33:52.0652 1816 DfsC - ok
15:33:52.0761 1816 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
15:33:52.0917 1816 DFSR - ok
15:33:52.0995 1816 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
15:33:53.0042 1816 Dhcp - ok
15:33:53.0105 1816 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
15:33:53.0120 1816 disk - ok
15:33:53.0167 1816 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:33:53.0229 1816 Dnscache - ok
15:33:53.0276 1816 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:33:53.0323 1816 dot3svc - ok
15:33:53.0370 1816 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
15:33:53.0417 1816 DPS - ok
15:33:53.0463 1816 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:33:53.0510 1816 drmkaud - ok
15:33:53.0573 1816 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:33:53.0604 1816 DXGKrnl - ok
15:33:53.0666 1816 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
15:33:53.0682 1816 E1G60 - ok
15:33:53.0744 1816 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
15:33:53.0775 1816 EapHost - ok
15:33:53.0838 1816 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
15:33:53.0853 1816 Ecache - ok
15:33:53.0947 1816 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:33:53.0963 1816 ehRecvr - ok
15:33:53.0978 1816 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
15:33:54.0009 1816 ehSched - ok
15:33:54.0041 1816 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
15:33:54.0072 1816 ehstart - ok
15:33:54.0181 1816 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:33:54.0275 1816 elxstor - ok
15:33:54.0399 1816 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
15:33:54.0462 1816 EMDMgmt - ok
15:33:54.0524 1816 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:33:54.0571 1816 ErrDev - ok
15:33:54.0680 1816 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
15:33:54.0727 1816 EventSystem - ok
15:33:54.0774 1816 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
15:33:54.0836 1816 exfat - ok
15:33:54.0867 1816 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:33:54.0899 1816 fastfat - ok
15:33:54.0945 1816 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:33:54.0992 1816 fdc - ok
15:33:55.0023 1816 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
15:33:55.0070 1816 fdPHost - ok
15:33:55.0086 1816 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
15:33:55.0148 1816 FDResPub - ok
15:33:55.0179 1816 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:33:55.0195 1816 FileInfo - ok
15:33:55.0211 1816 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:33:55.0257 1816 Filetrace - ok
15:33:55.0289 1816 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:33:55.0367 1816 flpydisk - ok
15:33:55.0413 1816 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:33:55.0429 1816 FltMgr - ok
15:33:55.0647 1816 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
15:33:55.0679 1816 FontCache - ok
15:33:55.0757 1816 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:33:55.0772 1816 FontCache3.0.0.0 - ok
15:33:55.0835 1816 [ D909075FA72C090F27AA926C32CB4612 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
15:33:55.0850 1816 fssfltr - ok
15:33:56.0115 1816 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
15:33:56.0303 1816 fsssvc - ok
15:33:56.0349 1816 [ 790A4CA68F44BE35967B3DF61F3E4675 ] FsUsbExDisk C:\Windows\system32\FsUsbExDisk.SYS
15:33:56.0381 1816 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
15:33:56.0381 1816 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
15:33:56.0396 1816 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:33:56.0443 1816 Fs_Rec - ok
15:33:56.0490 1816 [ CBC22823628544735625B280665E434E ] FwLnk C:\Windows\system32\DRIVERS\FwLnk.sys
15:33:56.0552 1816 FwLnk - ok
15:33:56.0568 1816 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:33:56.0583 1816 gagp30kx - ok
15:33:56.0630 1816 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:33:56.0646 1816 GEARAspiWDM - ok
15:33:56.0693 1816 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
15:33:56.0755 1816 gpsvc - ok
15:33:56.0911 1816 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
15:33:56.0927 1816 gupdate - ok
15:33:56.0973 1816 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:33:56.0973 1816 gupdatem - ok
15:33:57.0020 1816 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:33:57.0067 1816 gusvc - ok
15:33:57.0114 1816 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:33:57.0176 1816 HdAudAddService - ok
15:33:57.0223 1816 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:33:57.0239 1816 HDAudBus - ok
15:33:57.0270 1816 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:33:57.0348 1816 HidBth - ok
15:33:57.0379 1816 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
15:33:57.0457 1816 HidIr - ok
15:33:57.0504 1816 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
15:33:57.0551 1816 hidserv - ok
15:33:57.0582 1816 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:33:57.0629 1816 HidUsb - ok
15:33:57.0660 1816 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:33:57.0707 1816 hkmsvc - ok
15:33:57.0769 1816 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
15:33:57.0800 1816 HpCISSs - ok
15:33:57.0831 1816 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:33:57.0909 1816 HTTP - ok
15:33:57.0972 1816 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
15:33:57.0972 1816 i2omp - ok
15:33:58.0019 1816 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:33:58.0065 1816 i8042prt - ok
15:33:58.0097 1816 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:33:58.0097 1816 iaStor - ok
15:33:58.0159 1816 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
15:33:58.0190 1816 iaStorV - ok
15:33:58.0393 1816 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:33:58.0471 1816 idsvc - ok
15:33:58.0518 1816 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:33:58.0549 1816 iirsp - ok
15:33:58.0580 1816 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
15:33:58.0658 1816 IKEEXT - ok
15:33:59.0033 1816 [ B9CBD3DEA7CA02868621173BF7A2AF9F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:33:59.0173 1816 IntcAzAudAddService - ok
15:33:59.0235 1816 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
15:33:59.0251 1816 intelide - ok
15:33:59.0282 1816 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:33:59.0329 1816 intelppm - ok
15:33:59.0376 1816 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:33:59.0438 1816 IPBusEnum - ok
15:33:59.0532 1816 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:33:59.0579 1816 IpFilterDriver - ok
15:33:59.0625 1816 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:33:59.0672 1816 iphlpsvc - ok
15:33:59.0672 1816 IpInIp - ok
15:33:59.0703 1816 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
15:33:59.0750 1816 IPMIDRV - ok
15:33:59.0797 1816 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
15:33:59.0859 1816 IPNAT - ok
15:33:59.0984 1816 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:34:00.0249 1816 iPod Service - ok
15:34:00.0296 1816 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:34:00.0343 1816 IRENUM - ok
15:34:00.0405 1816 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:34:00.0437 1816 isapnp - ok
15:34:00.0499 1816 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:34:00.0515 1816 iScsiPrt - ok
15:34:00.0561 1816 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
15:34:00.0577 1816 iteatapi - ok
15:34:00.0624 1816 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
15:34:00.0655 1816 iteraid - ok
15:34:00.0702 1816 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:34:00.0717 1816 kbdclass - ok
15:34:00.0749 1816 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:34:00.0795 1816 kbdhid - ok
15:34:00.0827 1816 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
15:34:00.0873 1816 KeyIso - ok
15:34:00.0889 1816 [ 2B2F1638466E8CB091400C9019CC730E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:34:00.0920 1816 KSecDD - ok
15:34:00.0983 1816 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
15:34:01.0061 1816 KtmRm - ok
15:34:01.0107 1816 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
15:34:01.0139 1816 LanmanServer - ok
15:34:01.0217 1816 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:34:01.0279 1816 LanmanWorkstation - ok
15:34:01.0981 1816 [ 61323B88EFE90F6B144A3611B3ED1D7D ] Lavasoft Ad-Aware Service C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
15:34:02.0293 1816 Lavasoft Ad-Aware Service ( UnsignedFile.Multi.Generic ) - warning
15:34:02.0293 1816 Lavasoft Ad-Aware Service - detected UnsignedFile.Multi.Generic (1)
15:34:02.0449 1816 [ 6C4A3804510AD8E0F0C07B5BE3D44DDB ] Lavasoft Kernexplorer C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
15:34:02.0496 1816 Lavasoft Kernexplorer - ok
15:34:02.0543 1816 [ 336ABE8721CBC3110F1C6426DA633417 ] Lbd C:\Windows\system32\DRIVERS\Lbd.sys
15:34:02.0558 1816 Lbd - ok
15:34:02.0605 1816 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:34:02.0621 1816 lltdio - ok
15:34:02.0714 1816 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:34:02.0777 1816 lltdsvc - ok
15:34:02.0792 1816 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:34:02.0839 1816 lmhosts - ok
15:34:02.0901 1816 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:34:02.0933 1816 LSI_FC - ok
15:34:02.0995 1816 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:34:03.0026 1816 LSI_SAS - ok
15:34:03.0042 1816 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:34:03.0057 1816 LSI_SCSI - ok
15:34:03.0073 1816 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
15:34:03.0089 1816 luafv - ok
15:34:03.0135 1816 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:34:03.0198 1816 Mcx2Svc - ok
15:34:03.0245 1816 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
15:34:03.0260 1816 megasas - ok
15:34:03.0276 1816 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
15:34:03.0323 1816 MegaSR - ok
15:34:03.0354 1816 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
15:34:03.0369 1816 MMCSS - ok
15:34:03.0416 1816 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
15:34:03.0463 1816 Modem - ok
15:34:03.0479 1816 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:34:03.0525 1816 monitor - ok
15:34:03.0541 1816 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:34:03.0557 1816 mouclass - ok
15:34:03.0572 1816 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:34:03.0650 1816 mouhid - ok
15:34:03.0666 1816 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
15:34:03.0681 1816 MountMgr - ok
15:34:03.0728 1816 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
15:34:03.0759 1816 mpio - ok
15:34:03.0775 1816 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:34:03.0806 1816 mpsdrv - ok
15:34:03.0884 1816 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
15:34:03.0931 1816 MpsSvc - ok
15:34:03.0978 1816 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
15:34:03.0978 1816 Mraid35x - ok
15:34:04.0025 1816 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:34:04.0071 1816 MRxDAV - ok
15:34:04.0134 1816 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:34:04.0196 1816 mrxsmb - ok
15:34:04.0259 1816 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:34:04.0274 1816 mrxsmb10 - ok
15:34:04.0305 1816 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:34:04.0352 1816 mrxsmb20 - ok
15:34:04.0399 1816 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys
15:34:04.0415 1816 msahci - ok
15:34:04.0446 1816 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:34:04.0477 1816 msdsm - ok
15:34:04.0524 1816 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
15:34:04.0586 1816 MSDTC - ok
15:34:04.0617 1816 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:34:04.0680 1816 Msfs - ok
15:34:04.0727 1816 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:34:04.0727 1816 msisadrv - ok
15:34:04.0820 1816 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:34:04.0851 1816 MSiSCSI - ok
15:34:04.0851 1816 msiserver - ok
15:34:04.0914 1816 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:34:04.0945 1816 MSKSSRV - ok
15:34:04.0976 1816 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:34:05.0023 1816 MSPCLOCK - ok
15:34:05.0054 1816 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:34:05.0101 1816 MSPQM - ok
15:34:05.0179 1816 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:34:05.0195 1816 MsRPC - ok
15:34:05.0241 1816 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:34:05.0257 1816 mssmbios - ok
15:34:05.0304 1816 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:34:05.0351 1816 MSTEE - ok
15:34:05.0366 1816 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
15:34:05.0382 1816 Mup - ok
15:34:05.0460 1816 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
15:34:05.0507 1816 napagent - ok
15:34:05.0538 1816 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:34:05.0585 1816 NativeWifiP - ok
15:34:05.0631 1816 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:34:05.0663 1816 NDIS - ok
15:34:05.0694 1816 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:34:05.0741 1816 NdisTapi - ok
15:34:05.0756 1816 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:34:05.0787 1816 Ndisuio - ok
15:34:05.0850 1816 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:34:05.0897 1816 NdisWan - ok
15:34:05.0928 1816 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:34:05.0943 1816 NDProxy - ok
15:34:05.0959 1816 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:34:05.0990 1816 NetBIOS - ok
15:34:06.0021 1816 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
15:34:06.0084 1816 netbt - ok
15:34:06.0099 1816 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
15:34:06.0115 1816 Netlogon - ok
15:34:06.0177 1816 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
15:34:06.0224 1816 Netman - ok
15:34:06.0240 1816 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:34:06.0302 1816 NetMsmqActivator - ok
15:34:06.0302 1816 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:34:06.0302 1816 NetPipeActivator - ok
15:34:06.0365 1816 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
15:34:06.0427 1816 netprofm - ok
15:34:06.0427 1816 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:34:06.0443 1816 NetTcpActivator - ok
15:34:06.0443 1816 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:34:06.0458 1816 NetTcpPortSharing - ok
15:34:06.0755 1816 [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
15:34:07.0176 1816 NETw5v32 - ok
15:34:07.0254 1816 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:34:07.0254 1816 nfrd960 - ok
15:34:07.0316 1816 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:34:07.0347 1816 NlaSvc - ok
15:34:07.0379 1816 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:34:07.0394 1816 Npfs - ok
15:34:07.0425 1816 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
15:34:07.0488 1816 nsi - ok
15:34:07.0503 1816 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:34:07.0566 1816 nsiproxy - ok
15:34:07.0847 1816 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:34:07.0893 1816 Ntfs - ok
15:34:07.0956 1816 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
15:34:08.0018 1816 ntrigdigi - ok
15:34:08.0034 1816 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
15:34:08.0096 1816 Null - ok
15:34:08.0112 1816 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:34:08.0143 1816 nvraid - ok
15:34:08.0159 1816 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:34:08.0159 1816 nvstor - ok
15:34:08.0190 1816 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:34:08.0205 1816 nv_agp - ok
15:34:08.0205 1816 NwlnkFlt - ok
15:34:08.0205 1816 NwlnkFwd - ok
15:34:08.0346 1816 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:34:08.0424 1816 odserv - ok
15:34:08.0486 1816 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
15:34:08.0517 1816 ohci1394 - ok
15:34:08.0642 1816 [ F44242B8D3ED249895A3E9268E9FA012 ] OpenLibSys C:\Program Files\NXP\FM Radio\OpenLibSys.sys
15:34:08.0642 1816 OpenLibSys - ok
15:34:08.0767 1816 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:34:08.0814 1816 ose - ok
15:34:08.0861 1816 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
15:34:08.0876 1816 p2pimsvc - ok
15:34:08.0923 1816 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
15:34:08.0970 1816 p2psvc - ok
15:34:09.0017 1816 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
15:34:09.0079 1816 Parport - ok
15:34:09.0110 1816 [ 57389FA59A36D96B3EB09D0CB91E9CDC ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:34:09.0126 1816 partmgr - ok
15:34:09.0141 1816 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
15:34:09.0251 1816 Parvdm - ok
15:34:09.0297 1816 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] PCASp50 C:\Windows\system32\Drivers\PCASp50.sys
15:34:09.0297 1816 PCASp50 - ok
15:34:09.0329 1816 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
15:34:09.0375 1816 PcaSvc - ok
15:34:09.0407 1816 [ 175CC28DCF819F78CAA3FBD44AD9E52A ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
15:34:09.0438 1816 pccsmcfd - ok
15:34:09.0453 1816 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
15:34:09.0469 1816 pci - ok
15:34:09.0485 1816 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\DRIVERS\pciide.sys
15:34:09.0485 1816 pciide - ok
15:34:09.0516 1816 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:34:09.0547 1816 pcmcia - ok
15:34:09.0609 1816 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:34:09.0656 1816 PEAUTH - ok
15:34:09.0734 1816 [ 6DBF2AC2BDAFF355995AB25ECCC4CFE1 ] pinger C:\TOSHIBA\IVP\ISM\pinger.exe
15:34:09.0734 1816 pinger - ok
15:34:09.0921 1816 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
15:34:10.0031 1816 pla - ok
15:34:10.0124 1816 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:34:10.0187 1816 PlugPlay - ok
15:34:10.0249 1816 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
15:34:10.0280 1816 PNRPAutoReg - ok
15:34:10.0421 1816 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
15:34:10.0467 1816 PNRPsvc - ok
15:34:10.0561 1816 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:34:10.0639 1816 PolicyAgent - ok
15:34:10.0701 1816 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:34:10.0748 1816 PptpMiniport - ok
15:34:10.0764 1816 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
15:34:10.0795 1816 Processor - ok
15:34:10.0857 1816 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
15:34:10.0873 1816 ProfSvc - ok
15:34:10.0889 1816 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
15:34:10.0904 1816 ProtectedStorage - ok
15:34:10.0951 1816 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
15:34:10.0998 1816 PSched - ok
15:34:11.0138 1816 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:34:11.0247 1816 ql2300 - ok
15:34:11.0279 1816 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:34:11.0310 1816 ql40xx - ok
15:34:11.0372 1816 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
15:34:11.0419 1816 QWAVE - ok
15:34:11.0450 1816 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:34:11.0497 1816 QWAVEdrv - ok
15:34:11.0591 1816 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
15:34:11.0606 1816 RapiMgr - ok
15:34:11.0622 1816 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:34:11.0653 1816 RasAcd - ok
15:34:11.0715 1816 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
15:34:11.0778 1816 RasAuto - ok
15:34:11.0809 1816 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:34:11.0856 1816 Rasl2tp - ok
15:34:11.0903 1816 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
15:34:11.0949 1816 RasMan - ok
15:34:11.0996 1816 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:34:12.0027 1816 RasPppoe - ok
15:34:12.0074 1816 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:34:12.0090 1816 RasSstp - ok
15:34:12.0152 1816 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:34:12.0168 1816 rdbss - ok
15:34:12.0199 1816 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:34:12.0246 1816 RDPCDD - ok
15:34:12.0277 1816 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
15:34:12.0308 1816 rdpdr - ok
15:34:12.0308 1816 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:34:12.0339 1816 RDPENCDD - ok
15:34:12.0386 1816 [ 30BFBDFB7F95559EDE971F9DDB9A00BA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:34:12.0433 1816 RDPWD - ok
15:34:12.0464 1816 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:34:12.0495 1816 RemoteAccess - ok
15:34:12.0542 1816 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:34:12.0589 1816 RemoteRegistry - ok
15:34:12.0636 1816 [ C2EF513BBE069F0D4EE0938A76F975D3 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
15:34:12.0651 1816 rimmptsk - ok
15:34:12.0683 1816 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
15:34:12.0745 1816 rimsptsk - ok
15:34:12.0745 1816 [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
15:34:12.0807 1816 rismxdp - ok
15:34:12.0870 1816 [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
15:34:12.0917 1816 ROOTMODEM - ok
15:34:12.0948 1816 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
15:34:12.0979 1816 RpcLocator - ok
15:34:13.0010 1816 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
15:34:13.0041 1816 RpcSs - ok
15:34:13.0057 1816 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:34:13.0104 1816 rspndr - ok
15:34:13.0151 1816 [ C853AE16CCF5033C0CBA0855390F5C7F ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
15:34:13.0166 1816 RTHDMIAzAudService - ok
15:34:13.0229 1816 [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
15:34:13.0244 1816 RTL8169 - ok
15:34:13.0244 1816 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
15:34:13.0260 1816 SamSs - ok
15:34:13.0275 1816 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:34:13.0322 1816 sbp2port - ok
15:34:13.0369 1816 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:34:13.0385 1816 SCardSvr - ok
15:34:13.0525 1816 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
15:34:13.0572 1816 Schedule - ok
15:34:13.0603 1816 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
15:34:13.0634 1816 SCPolicySvc - ok
15:34:13.0697 1816 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
15:34:13.0712 1816 sdbus - ok
15:34:13.0775 1816 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:34:13.0790 1816 SDRSVC - ok
15:34:13.0915 1816 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
15:34:13.0931 1816 SeaPort - ok
15:34:13.0946 1816 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:34:14.0024 1816 secdrv - ok
15:34:14.0071 1816 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
15:34:14.0133 1816 seclogon - ok
15:34:14.0149 1816 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
15:34:14.0196 1816 SENS - ok
15:34:14.0227 1816 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
15:34:14.0289 1816 Serenum - ok
15:34:14.0305 1816 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
15:34:14.0383 1816 Serial - ok
15:34:14.0414 1816 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:34:14.0461 1816 sermouse - ok
15:34:14.0570 1816 [ 9D38320BB32230349379DF5DDBBF7FCE ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
15:34:14.0633 1816 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
15:34:14.0633 1816 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
15:34:14.0664 1816 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
15:34:14.0695 1816 SessionEnv - ok
15:34:14.0726 1816 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
15:34:14.0742 1816 sffdisk - ok
15:34:14.0773 1816 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:34:14.0835 1816 sffp_mmc - ok
15:34:14.0867 1816 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
15:34:14.0898 1816 sffp_sd - ok
15:34:14.0913 1816 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:34:14.0945 1816 sfloppy - ok
15:34:15.0007 1816 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:34:15.0069 1816 SharedAccess - ok
15:34:15.0132 1816 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:34:15.0163 1816 ShellHWDetection - ok
15:34:15.0194 1816 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
15:34:15.0194 1816 sisagp - ok
15:34:15.0225 1816 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
15:34:15.0241 1816 SiSRaid2 - ok
15:34:15.0241 1816 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:34:15.0257 1816 SiSRaid4 - ok
15:34:15.0631 1816 [ E42D201B0B53A94BD8E5B032EC83D843 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
15:34:15.0865 1816 Skype C2C Service - ok
15:34:16.0161 1816 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
15:34:16.0177 1816 SkypeUpdate - ok
15:34:16.0629 1816 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
15:34:16.0785 1816 slsvc - ok
15:34:16.0848 1816 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
15:34:16.0895 1816 SLUINotify - ok
15:34:16.0973 1816 [ 3566310DF25EA5C3B2E9F50F5B50EAC1 ] SmartFaceVWatchSrv C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
15:34:17.0004 1816 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - warning
15:34:17.0004 1816 SmartFaceVWatchSrv - detected UnsignedFile.Multi.Generic (1)
15:34:17.0051 1816 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:34:17.0066 1816 Smb - ok
15:34:17.0097 1816 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:34:17.0113 1816 SNMPTRAP - ok
15:34:17.0160 1816 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
15:34:17.0175 1816 spldr - ok
15:34:17.0207 1816 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
15:34:17.0253 1816 Spooler - ok
15:34:17.0347 1816 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:34:17.0425 1816 srv - ok
15:34:17.0472 1816 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:34:17.0534 1816 srv2 - ok
15:34:17.0565 1816 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:34:17.0612 1816 srvnet - ok
15:34:17.0643 1816 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:34:17.0675 1816 SSDPSRV - ok
15:34:17.0721 1816 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:34:17.0784 1816 SstpSvc - ok
15:34:17.0831 1816 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
15:34:17.0831 1816 StarOpen ( UnsignedFile.Multi.Generic ) - warning
15:34:17.0831 1816 StarOpen - detected UnsignedFile.Multi.Generic (1)
15:34:17.0862 1816 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
15:34:17.0893 1816 stisvc - ok
15:34:17.0924 1816 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:34:17.0940 1816 swenum - ok
15:34:18.0002 1816 [ AC41C4005F0F9C327719D945C62D16B2 ] SWNC8U55 C:\Windows\system32\DRIVERS\swnc8u55.sys
15:34:18.0018 1816 SWNC8U55 - ok
15:34:18.0096 1816 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
15:34:18.0158 1816 swprv - ok
15:34:18.0252 1816 [ D1930779033657480CC1D3CF92B52400 ] SWUMX55 C:\Windows\system32\DRIVERS\swumx55.sys
15:34:18.0283 1816 SWUMX55 - ok
15:34:18.0361 1816 [ 4A5BB3E94B31063718228187CEAB619E ] Swupdtmr c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
15:34:18.0377 1816 Swupdtmr - ok
15:34:18.0455 1816 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
15:34:18.0470 1816 Symc8xx - ok
15:34:18.0470 1816 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
15:34:18.0486 1816 Sym_hi - ok
15:34:18.0501 1816 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
15:34:18.0533 1816 Sym_u3 - ok
15:34:18.0579 1816 [ 70534D1E4F9AC990536D5FB5B550B3DE ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
15:34:18.0579 1816 SynTP - ok
15:34:18.0735 1816 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
15:34:18.0767 1816 SysMain - ok
15:34:18.0798 1816 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:34:18.0829 1816 TabletInputService - ok
15:34:18.0954 1816 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:34:19.0001 1816 TapiSrv - ok
15:34:19.0016 1816 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
15:34:19.0047 1816 TBS - ok
15:34:19.0141 1816 [ 814A1C66FBD4E1B310A517221F1456BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:34:19.0188 1816 Tcpip - ok
15:34:19.0297 1816 [ 814A1C66FBD4E1B310A517221F1456BF ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
15:34:19.0344 1816 Tcpip6 - ok
15:34:19.0437 1816 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:34:19.0453 1816 tcpipreg - ok
15:34:19.0469 1816 [ 6FDFBA25002CE4BAC463AC866AE71405 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
15:34:19.0484 1816 tdcmdpst - ok
15:34:19.0515 1816 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:34:19.0562 1816 TDPIPE - ok
15:34:19.0562 1816 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:34:19.0609 1816 TDTCP - ok
15:34:19.0640 1816 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:34:19.0687 1816 tdx - ok
15:34:19.0734 1816 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:34:19.0749 1816 TermDD - ok
15:34:19.0796 1816 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
15:34:19.0905 1816 TermService - ok
15:34:19.0937 1816 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
15:34:19.0952 1816 Themes - ok
15:34:19.0968 1816 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
15:34:19.0983 1816 THREADORDER - ok
15:34:20.0139 1816 [ 6BADBB0B16B25643075A6FFAFC489940 ] TNaviSrv C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
15:34:20.0139 1816 TNaviSrv - ok
15:34:20.0186 1816 [ C5AC715B65B01788ABC22D10749DDDD8 ] TODDSrv C:\Windows\system32\TODDSrv.exe
15:34:20.0202 1816 TODDSrv - ok
15:34:20.0358 1816 [ 44DBAC611B11646683B5B066A049B8E4 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
15:34:20.0405 1816 TosCoSrv - ok
15:34:20.0514 1816 [ 8E10E654E354CF330ED75882769A0107 ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
15:34:20.0514 1816 TOSHIBA Bluetooth Service - ok
15:34:20.0607 1816 [ 22690DFFC7F2A18279A7A0489AA02BAC ] TOSHIBA SMART Log Service C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
15:34:20.0639 1816 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - warning
15:34:20.0639 1816 TOSHIBA SMART Log Service - detected UnsignedFile.Multi.Generic (1)
15:34:20.0670 1816 [ 2C15B4856F929AC7DD144044D8334B54 ] tosporte C:\Windows\system32\DRIVERS\tosporte.sys
15:34:20.0717 1816 tosporte - ok
15:34:20.0795 1816 [ EAEDDB6C8BBE3E1B753753C2E847FECB ] tosrfbd C:\Windows\system32\DRIVERS\tosrfbd.sys
15:34:20.0795 1816 tosrfbd - ok
15:34:20.0857 1816 [ 181E217A7A326817D97946D045B3CB46 ] tosrfbnp C:\Windows\system32\Drivers\tosrfbnp.sys
15:34:20.0873 1816 tosrfbnp - ok
15:34:20.0935 1816 [ E90ACE3B4FA7A85F992BC21EB779C407 ] Tosrfcom C:\Windows\system32\Drivers\tosrfcom.sys
15:34:20.0982 1816 Tosrfcom - ok
15:34:21.0013 1816 [ C063B8E2DB85420438EBCE3FC8D2752E ] tosrfec C:\Windows\system32\DRIVERS\tosrfec.sys
15:34:21.0029 1816 tosrfec - ok
15:34:21.0075 1816 [ D3F87C46C7C9E5DB99FBD3D17121B891 ] Tosrfhid C:\Windows\system32\DRIVERS\Tosrfhid.sys
15:34:21.0122 1816 Tosrfhid - ok
15:34:21.0169 1816 [ C52FD27B9ADF3A1F22CB90E6BCF9B0CB ] tosrfnds C:\Windows\system32\DRIVERS\tosrfnds.sys
15:34:21.0216 1816 tosrfnds - ok
15:34:21.0231 1816 [ 156D63F6898E4D95F2962F2B72862868 ] TosRfSnd C:\Windows\system32\drivers\tosrfsnd.sys
15:34:21.0263 1816 TosRfSnd - ok
15:34:21.0309 1816 [ 98C04A6432CE9C2AD328F57B9384D348 ] Tosrfusb C:\Windows\system32\DRIVERS\tosrfusb.sys
15:34:21.0341 1816 Tosrfusb - ok
15:34:21.0419 1816 [ 4399A9BF7D8F49991A07FD86590A1619 ] tos_sps32 C:\Windows\system32\DRIVERS\tos_sps32.sys
15:34:21.0434 1816 tos_sps32 - ok
15:34:21.0465 1816 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
15:34:21.0528 1816 TrkWks - ok
15:34:21.0590 1816 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:34:21.0668 1816 TrustedInstaller - ok
15:34:21.0731 1816 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:34:21.0762 1816 tssecsrv - ok
15:34:21.0793 1816 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
15:34:21.0840 1816 tunmp - ok
15:34:21.0871 1816 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:34:21.0933 1816 tunnel - ok
15:34:21.0965 1816 [ 792A8B80F8188ABA4B2BE271583F3E46 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
15:34:21.0980 1816 TVALZ - ok
15:34:21.0996 1816 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:34:22.0011 1816 uagp35 - ok
15:34:22.0074 1816 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:34:22.0121 1816 udfs - ok
15:34:22.0152 1816 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:34:22.0183 1816 UI0Detect - ok
15:34:22.0277 1816 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
15:34:22.0292 1816 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
15:34:22.0292 1816 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
15:34:22.0323 1816 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:34:22.0339 1816 uliagpkx - ok
15:34:22.0401 1816 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
15:34:22.0417 1816 uliahci - ok
15:34:22.0448 1816 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
15:34:22.0464 1816 UlSata - ok
15:34:22.0495 1816 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
15:34:22.0511 1816 ulsata2 - ok
15:34:22.0526 1816 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:34:22.0557 1816 umbus - ok
15:34:22.0604 1816 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
15:34:22.0651 1816 upnphost - ok
15:34:22.0682 1816 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
15:34:22.0729 1816 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
15:34:22.0729 1816 USBAAPL - detected UnsignedFile.Multi.Generic (1)
15:34:22.0760 1816 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:34:22.0791 1816 usbccgp - ok
15:34:22.0823 1816 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:34:22.0869 1816 usbcir - ok
15:34:22.0916 1816 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:34:22.0963 1816 usbehci - ok
15:34:22.0979 1816 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:34:23.0025 1816 usbhub - ok
15:34:23.0057 1816 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:34:23.0088 1816 usbohci - ok
15:34:23.0103 1816 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:34:23.0166 1816 usbprint - ok
15:34:23.0213 1816 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:34:23.0259 1816 usbscan - ok
15:34:23.0291 1816 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:34:23.0322 1816 USBSTOR - ok
15:34:23.0337 1816 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:34:23.0369 1816 usbuhci - ok
15:34:23.0447 1816 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:34:23.0493 1816 usbvideo - ok
15:34:23.0556 1816 [ 35C9095FA7076466AFBFC5B9EC4B779E ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
15:34:23.0571 1816 usb_rndisx - ok
15:34:23.0587 1816 [ 8C5094A8AB24DE7496C7C19942F2DF04 ] UVCFTR C:\Windows\system32\Drivers\UVCFTR_S.SYS
15:34:23.0618 1816 UVCFTR - ok
15:34:23.0649 1816 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
15:34:23.0665 1816 UxSms - ok
15:34:23.0759 1816 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
15:34:23.0868 1816 vds - ok
15:34:23.0915 1816 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:34:23.0977 1816 vga - ok
15:34:24.0008 1816 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
15:34:24.0024 1816 VgaSave - ok
15:34:24.0039 1816 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
15:34:24.0055 1816 viaagp - ok
15:34:24.0102 1816 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
15:34:24.0133 1816 ViaC7 - ok
15:34:24.0164 1816 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
15:34:24.0195 1816 viaide - ok
15:34:24.0227 1816 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:34:24.0227 1816 volmgr - ok
15:34:24.0273 1816 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:34:24.0289 1816 volmgrx - ok
15:34:24.0351 1816 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:34:24.0367 1816 volsnap - ok
15:34:24.0445 1816 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:34:24.0461 1816 vsmraid - ok
15:34:24.0695 1816 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
15:34:24.0773 1816 VSS - ok
15:34:24.0960 1816 [ 3AD1E72748978D8B0B3B674741E4C3E2 ] vToolbarUpdater14.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
15:34:25.0007 1816 vToolbarUpdater14.2.0 - ok
15:34:25.0069 1816 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
15:34:25.0085 1816 W32Time - ok
15:34:25.0147 1816 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:34:25.0194 1816 WacomPen - ok
15:34:25.0209 1816 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
15:34:25.0241 1816 Wanarp - ok
15:34:25.0241 1816 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:34:25.0272 1816 Wanarpv6 - ok
15:34:25.0334 1816 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
15:34:25.0475 1816 WcesComm - ok
15:34:25.0584 1816 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:34:25.0677 1816 wcncsvc - ok
15:34:25.0709 1816 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:34:25.0740 1816 WcsPlugInService - ok
15:34:25.0802 1816 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
15:34:25.0818 1816 Wd - ok
15:34:25.0927 1816 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:34:25.0943 1816 Wdf01000 - ok
15:34:25.0974 1816 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:34:26.0036 1816 WdiServiceHost - ok
15:34:26.0036 1816 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:34:26.0067 1816 WdiSystemHost - ok
15:34:26.0130 1816 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
15:34:26.0161 1816 WebClient - ok
15:34:26.0208 1816 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:34:26.0239 1816 Wecsvc - ok
15:34:26.0270 1816 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:34:26.0333 1816 wercplsupport - ok
15:34:26.0379 1816 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
15:34:26.0411 1816 WerSvc - ok
15:34:26.0504 1816 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
15:34:26.0520 1816 WinDefend - ok
15:34:26.0520 1816 WinHttpAutoProxySvc - ok
15:34:26.0613 1816 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:34:26.0629 1816 Winmgmt - ok
15:34:26.0832 1816 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
15:34:26.0863 1816 WinRM - ok
15:34:26.0957 1816 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:34:27.0019 1816 Wlansvc - ok
15:34:27.0175 1816 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:34:27.0222 1816 wlcrasvc - ok
15:34:27.0534 1816 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:34:27.0627 1816 wlidsvc - ok
15:34:27.0659 1816 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:34:27.0737 1816 WmiAcpi - ok
15:34:27.0799 1816 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:34:27.0846 1816 wmiApSrv - ok
15:34:28.0158 1816 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:34:28.0189 1816 WMPNetworkSvc - ok
15:34:28.0283 1816 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:34:28.0298 1816 WPCSvc - ok
15:34:28.0345 1816 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:34:28.0392 1816 WPDBusEnum - ok
15:34:28.0454 1816 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
15:34:28.0485 1816 WpdUsb -
 

ten9six

New Member
Thread author
Apr 23, 2013
10
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.24.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Michelle :: MICHELLE-PC [administrator]

24/04/2013 4:02:18 PM
mbar-log-2013-04-24 (16-02-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29056
Time elapsed: 12 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\.pox (Rogue.FixTool) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\pofile (Rogue.FixTool) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-21-3787745059-794909223-3978064198-1000\$d9e77c65513ee53e2d014397449dd4bc\n.) Good: (shell32.dll) -> Delete on reboot.

Folders Detected: 1
c:\Program Files\Perfect Optimizer (PUP.PerfectOptimizer) -> Delete on reboot.

Files Detected: 1
c:\Program Files\Perfect Optimizer\PerfectOptimizer.ini (PUP.PerfectOptimizer) -> Delete on reboot.

(end)

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.24.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Michelle :: MICHELLE-PC [administrator]

24/04/2013 4:17:30 PM
mbar-log-2013-04-24 (16-17-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29065
Time elapsed: 14 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.24.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Michelle :: MICHELLE-PC [administrator]

24/04/2013 4:30:49 PM
mbar-log-2013-04-24 (16-30-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29054
Time elapsed: 12 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_26

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 3218157568, free: 1951375360

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_26

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 3218157568, free: 1953083392

------------ Kernel report ------------
04/24/2013 15:48:43
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\Drivers\AlfaFF.sys
\SystemRoot\system32\Drivers\ksecdd.sys
\SystemRoot\system32\DRIVERS\Lbd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps32.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\avgrkx86.sys
\SystemRoot\system32\DRIVERS\avglogx.sys
\SystemRoot\system32\DRIVERS\avgmfx86.sys
\SystemRoot\system32\DRIVERS\avgidshx.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\FwLnk.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\tosrfec.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\DRIVERS\NETw5v32.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\rixdptsk.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\Drivers\tosrfcom.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\tosporte.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtHDMIV.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx86.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tosrfusb.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tosrfbd.sys
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\system32\DRIVERS\Tosrfhid.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\tosrfbnp.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\DRIVERS\tosrfnds.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\ATSwpDrv.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\System32\Drivers\StarOpen.SYS
\SystemRoot\System32\Drivers\UVCFTR_S.SYS
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\DRIVERS\avgidsdriverx.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\??\C:\Program Files\NXP\FM Radio\OpenLibSys.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8703d5e8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xffffffff86164028
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8703d030
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff86702028
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Downloaded database version: v2013.04.24.01
Downloaded database version: v2013.04.22.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8703d030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8703dd20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8703d030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86702028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffa43c6028, 0xffffffff8703d030, 0xffffffff965836d0
Lower DeviceData: 0xffffffffac73da80, 0xffffffff86702028, 0xffffffff8a9b2410
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 101C97E

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 3074048 Numsec = 370356224
Partition file system is NTFS
Partition is bootable

Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 373430272 Numsec = 17274880
Partition is not bootable
Hidden partition VBR is not infected.

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 200049647616 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-390701968-390721968)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8703d5e8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8703e020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8703d5e8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86164028, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffac7bd548, 0xffffffff8703d5e8, 0xffffffff96506ac8
Lower DeviceData: 0xffffffffac74e728, 0xffffffff86164028, 0xffffffffab314268
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 57ABCDAD

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 390717440

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 200049647616 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Read File: File "c:\ProgramData\AVG2013\chjw\5a900f7c900f5dbf.dat" is sparse (flags = 32768)
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} --> [Hijack.Trojan.Siredef.C]
Infected: HKLM\SOFTWARE\CLASSES\.pox --> [Rogue.FixTool]
Infected: HKLM\SOFTWARE\CLASSES\pofile --> [Rogue.FixTool]
Infected: c:\Program Files\Perfect Optimizer --> [PUP.PerfectOptimizer]
Infected: c:\Program Files\Perfect Optimizer\PerfectOptimizer.ini --> [PUP.PerfectOptimizer]
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| --> [Trojan.0Access]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Executing an action fixdamage.exe...
Success!
Removal successful. No system shutdown is required.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_26

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 3218157568, free: 1954988032

------------ Kernel report ------------
04/24/2013 16:03:09
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\Drivers\AlfaFF.sys
\SystemRoot\system32\Drivers\ksecdd.sys
\SystemRoot\system32\DRIVERS\Lbd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps32.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\avgrkx86.sys
\SystemRoot\system32\DRIVERS\avglogx.sys
\SystemRoot\system32\DRIVERS\avgmfx86.sys
\SystemRoot\system32\DRIVERS\avgidshx.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\FwLnk.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\tosrfec.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\DRIVERS\NETw5v32.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\rixdptsk.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\Drivers\tosrfcom.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\tosporte.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtHDMIV.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx86.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tosrfusb.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tosrfbd.sys
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\system32\DRIVERS\Tosrfhid.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\tosrfbnp.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\DRIVERS\tosrfnds.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\ATSwpDrv.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\System32\Drivers\StarOpen.SYS
\SystemRoot\System32\Drivers\UVCFTR_S.SYS
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\DRIVERS\avgidsdriverx.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\??\C:\Program Files\NXP\FM Radio\OpenLibSys.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8703d5e8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xffffffff86164028
Lower Device Driver Name: \Driver\iaStor\
Device already Exists: 0xffffffffab314268
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8703d030
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff86702028
Lower Device Driver Name: \Driver\iaStor\
Device already Exists: 0xffffffff8a9b2410
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8703d030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8703dd20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8703d030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86702028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffaaa3e748, 0xffffffff8703d030, 0xffffffff965836d0
Lower DeviceData: 0xffffffffb29277f8, 0xffffffff86702028, 0xffffffff8a9b2410
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 101C97E

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 3074048 Numsec = 370356224
Partition file system is NTFS
Partition is bootable

Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 373430272 Numsec = 17274880
Partition is not bootable
Hidden partition VBR is not infected.

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 200049647616 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-390701968-390721968)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8703d5e8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8703e020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8703d5e8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86164028, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffff99f94620, 0xffffffff8703d5e8, 0xffffffff96506ac8
Lower DeviceData: 0xffffffffa9af9710, 0xffffffff86164028, 0xffffffffab314268
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 57ABCDAD

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 390717440

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 200049647616 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Read File: File "c:\ProgramData\AVG2013\chjw\5a900f7c900f5dbf.dat" is sparse (flags = 32768)
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9} --> [Hijack.Trojan.Siredef.C]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Executing an action fixdamage.exe...
Success!
Removal successful. No system shutdown is required.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_26

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 3218157568, free: 1927581696

------------ Kernel report ------------
04/24/2013 16:18:24
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\Drivers\AlfaFF.sys
\SystemRoot\system32\Drivers\ksecdd.sys
\SystemRoot\system32\DRIVERS\Lbd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps32.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\avgrkx86.sys
\SystemRoot\system32\DRIVERS\avglogx.sys
\SystemRoot\system32\DRIVERS\avgmfx86.sys
\SystemRoot\system32\DRIVERS\avgidshx.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\FwLnk.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\tosrfec.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\DRIVERS\NETw5v32.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\rixdptsk.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\Drivers\tosrfcom.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\tosporte.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtHDMIV.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx86.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tosrfusb.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tosrfbd.sys
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\system32\DRIVERS\Tosrfhid.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\tosrfbnp.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\DRIVERS\tosrfnds.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\ATSwpDrv.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\System32\Drivers\StarOpen.SYS
\SystemRoot\System32\Drivers\UVCFTR_S.SYS
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\DRIVERS\avgidsdriverx.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\??\C:\Program Files\NXP\FM Radio\OpenLibSys.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8703d5e8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xffffffff86164028
Lower Device Driver Name: \Driver\iaStor\
Device already Exists: 0xffffffffab314268
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8703d030
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff86702028
Lower Device Driver Name: \Driver\iaStor\
Device already Exists: 0xffffffff8a9b2410
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8703d030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8703dd20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8703d030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86702028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffb53522d8, 0xffffffff8703d030, 0xffffffff965836d0
Lower DeviceData: 0xffffffffb1b69c10, 0xffffffff86702028, 0xffffffff8a9b2410
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 101C97E

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 3074048 Numsec = 370356224
Partition file system is NTFS
Partition is bootable

Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 373430272 Numsec = 17274880
Partition is not bootable
Hidden partition VBR is not infected.

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 200049647616 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-390701968-390721968)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8703d5e8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8703e020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8703d5e8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86164028, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffb10c02a8, 0xffffffff8703d5e8, 0xffffffff96506ac8
Lower DeviceData: 0xffffffffadc32100, 0xffffffff86164028, 0xffffffffab314268
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 57ABCDAD

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 390717440

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 200049647616 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Read File: File "c:\ProgramData\AVG2013\chjw\5a900f7c900f5dbf.dat" is sparse (flags = 32768)
Done!
Scan finished
=======================================
 

ten9six

New Member
Thread author
Apr 23, 2013
10
Is there anything further we should do? The (previously infected) computer, that we communicating on now, seems to be working well. The only issue we've discovered is that the .pdf files that were on the desktop have disappeared. Not a big problem, but we'd like to get them back if possible.
 

Fiery

Level 1
Jan 11, 2011
2,007
Good to hear!

Do you remember what the PDF files were called?

Also, can you attach the TDSSkiller log? Click New Reply, scroll down to the attachment section. Click Choose File, select the log. Click Add attachment and reply :)

Please download Malwarebytes' Anti-Malware from here to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • When it prompts you to try their 30-day trail, click decline
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next, Run Eset NOD32 Online AntiVirus here

Note: You will need to use Internet Explorer for this scan.
Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
    • Scan unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log in your next reply to this topic.
  • The log can also be found in logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top