Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winrscmde Errors


  • Please log in to reply
10 replies to this topic

#1 Jesson125

Jesson125

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 07 February 2012 - 07:22 PM

Starting yesterday I have been receiving a constant string of "winrscmde stopped working" error messages; if I close one window, another pops up within seconds. Not knowing what winrscmde is, I did a google search and found this site and have noticed other people have been experiencing similar issues. I am not sure how to go about safely fixing this problem, and would appreciate any help.

BC AdBot (Login to Remove)

 


#2 Jesson125

Jesson125
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 07 February 2012 - 08:10 PM

Update: I ran malwarbytes and it identified an item as a trojan and removed the item. Upon restarting, I ran malwarbytes again and the trojan item was there again.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,908 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:54 PM

Posted 07 February 2012 - 08:17 PM

Hello and welcome.

EDIT: post that MBAM log too
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


>>>>

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

>>>>>
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

Edited by boopme, 07 February 2012 - 08:18 PM.

How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#4 Jesson125

Jesson125
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 07 February 2012 - 09:15 PM

Okay, I have run all 3 programs. TDSSkiller did find a rootkit thing and tried to cure it; TDSSkiller did have me reboot. Here are the MBAM, TDSSkiller, and aswmbr logs; the gmer log that was saved to the desktop came up blank when I opened it.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.07.01

Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 7.0.6001.18000
Jesson :: JESSON-PC [administrator]

2/7/2012 1:37:28 AM
mbam-log-2012-02-07 (01-37-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199461
Time elapsed: 6 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)


20:30:12.0350 2904 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46
20:30:14.0353 2904 ============================================================
20:30:14.0353 2904 Current date / time: 2012/02/07 20:30:14.0353
20:30:14.0353 2904 SystemInfo:
20:30:14.0353 2904
20:30:14.0353 2904 OS Version: 6.0.6001 ServicePack: 1.0
20:30:14.0353 2904 Product type: Workstation
20:30:14.0353 2904 ComputerName: JESSON-PC
20:30:14.0353 2904 UserName: Jesson
20:30:14.0353 2904 Windows directory: C:\Windows
20:30:14.0353 2904 System windows directory: C:\Windows
20:30:14.0353 2904 Running under WOW64
20:30:14.0353 2904 Processor architecture: Intel x64
20:30:14.0353 2904 Number of processors: 3
20:30:14.0353 2904 Page size: 0x1000
20:30:14.0353 2904 Boot type: Normal boot
20:30:14.0353 2904 ============================================================
20:30:17.0304 2904 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:30:17.0403 2904 \Device\Harddisk0\DR0:
20:30:17.0436 2904 MBR used
20:30:17.0436 2904 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1EEAD23
20:30:17.0436 2904 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1EEAD62, BlocksNum 0x38499EDF
20:30:17.0721 2904 Initialize success
20:30:17.0721 2904 ============================================================
20:30:47.0232 3428 ============================================================
20:30:47.0232 3428 Scan started
20:30:47.0232 3428 Mode: Manual; TDLFS;
20:30:47.0232 3428 ============================================================
20:30:48.0913 3428 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
20:30:48.0917 3428 ACPI - ok
20:30:48.0949 3428 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
20:30:48.0971 3428 adp94xx - ok
20:30:49.0086 3428 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
20:30:49.0125 3428 adpahci - ok
20:30:49.0143 3428 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
20:30:49.0146 3428 adpu160m - ok
20:30:49.0161 3428 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
20:30:49.0165 3428 adpu320 - ok
20:30:49.0202 3428 AFD (9bb97042fa331a0fb4bdd98b9280a50a) C:\Windows\system32\drivers\afd.sys
20:30:49.0208 3428 AFD - ok
20:30:49.0233 3428 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
20:30:49.0236 3428 agp440 - ok
20:30:49.0250 3428 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
20:30:49.0267 3428 aic78xx - ok
20:30:49.0289 3428 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
20:30:49.0291 3428 aliide - ok
20:30:49.0313 3428 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
20:30:49.0315 3428 amdide - ok
20:30:49.0338 3428 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
20:30:49.0340 3428 AmdK8 - ok
20:30:50.0412 3428 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
20:30:50.0578 3428 amdkmdag - ok
20:30:50.0895 3428 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
20:30:50.0900 3428 amdkmdap - ok
20:30:50.0919 3428 AmdLLD64 (f5761675da9d15d7ae0e40907a8f4404) C:\Windows\system32\DRIVERS\AmdLLD64.sys
20:30:50.0921 3428 AmdLLD64 - ok
20:30:50.0963 3428 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
20:30:51.0004 3428 arc - ok
20:30:51.0028 3428 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
20:30:51.0031 3428 arcsas - ok
20:30:51.0073 3428 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
20:30:51.0090 3428 AsyncMac - ok
20:30:51.0120 3428 atapi (62bd869afa2bf2e30f9d3ff428c87d5c) C:\Windows\system32\drivers\atapi.sys
20:30:51.0121 3428 atapi - ok
20:30:51.0671 3428 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
20:30:51.0728 3428 atikmdag - ok
20:30:51.0769 3428 AtiPcie (69eebb256503cded9bd0e9e43128c626) C:\Windows\system32\DRIVERS\AtiPcie.sys
20:30:51.0770 3428 AtiPcie - ok
20:30:51.0809 3428 b57nd60a (1777e5ac9fc74f7991b2aba25ea34759) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:30:51.0822 3428 b57nd60a - ok
20:30:51.0856 3428 BCM43XV (a2160c5d70f3517fc7356b689abd6fcd) C:\Windows\system32\DRIVERS\bcmwl664.sys
20:30:51.0872 3428 BCM43XV - ok
20:30:52.0319 3428 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20120121.002\BHDrvx64.sys
20:30:52.0345 3428 BHDrvx64 - ok
20:30:52.0406 3428 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
20:30:52.0417 3428 blbdrive - ok
20:30:52.0447 3428 bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
20:30:52.0449 3428 bowser - ok
20:30:52.0478 3428 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
20:30:52.0482 3428 BrFiltLo - ok
20:30:52.0498 3428 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
20:30:52.0500 3428 BrFiltUp - ok
20:30:52.0522 3428 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
20:30:52.0525 3428 Brserid - ok
20:30:52.0537 3428 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
20:30:52.0539 3428 BrSerWdm - ok
20:30:52.0556 3428 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
20:30:52.0558 3428 BrUsbMdm - ok
20:30:52.0573 3428 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
20:30:52.0576 3428 BrUsbSer - ok
20:30:52.0595 3428 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
20:30:52.0597 3428 BTHMODEM - ok
20:30:52.0636 3428 CAXHWBS2 (551be1536b27dc056ea4d48275efb089) C:\Windows\system32\DRIVERS\CAXHWBS2.sys
20:30:52.0642 3428 CAXHWBS2 - ok
20:30:52.0849 3428 ccHP (37f1baec39b505b3b51893a35c8337ea) C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys
20:30:52.0875 3428 ccHP - ok
20:30:52.0901 3428 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
20:30:52.0903 3428 cdfs - ok
20:30:52.0914 3428 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
20:30:52.0916 3428 cdrom - ok
20:30:52.0962 3428 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
20:30:52.0974 3428 circlass - ok
20:30:53.0003 3428 CLFS (caeda2572b7042b11062f327f099251d) C:\Windows\system32\CLFS.sys
20:30:53.0009 3428 CLFS - ok
20:30:53.0046 3428 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
20:30:53.0048 3428 CmBatt - ok
20:30:53.0060 3428 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
20:30:53.0062 3428 cmdide - ok
20:30:53.0078 3428 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
20:30:53.0079 3428 Compbatt - ok
20:30:53.0098 3428 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
20:30:53.0099 3428 crcdisk - ok
20:30:53.0135 3428 DfsC (3725c43c9e90731eca651d506cc599a3) C:\Windows\system32\Drivers\dfsc.sys
20:30:53.0137 3428 DfsC - ok
20:30:53.0183 3428 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
20:30:53.0185 3428 disk - ok
20:30:53.0225 3428 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
20:30:53.0257 3428 drmkaud - ok
20:30:53.0300 3428 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
20:30:53.0316 3428 DXGKrnl - ok
20:30:53.0355 3428 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
20:30:53.0358 3428 E1G60 - ok
20:30:53.0370 3428 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
20:30:53.0373 3428 Ecache - ok
20:30:53.0587 3428 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:30:53.0613 3428 eeCtrl - ok
20:30:53.0648 3428 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
20:30:53.0655 3428 elxstor - ok
20:30:53.0692 3428 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:30:53.0695 3428 EraserUtilRebootDrv - ok
20:30:53.0735 3428 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
20:30:53.0737 3428 ErrDev - ok
20:30:53.0765 3428 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
20:30:53.0795 3428 exfat - ok
20:30:53.0815 3428 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
20:30:53.0846 3428 fastfat - ok
20:30:53.0899 3428 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
20:30:53.0901 3428 fdc - ok
20:30:53.0914 3428 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
20:30:53.0916 3428 FileInfo - ok
20:30:53.0927 3428 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
20:30:53.0929 3428 Filetrace - ok
20:30:53.0945 3428 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:30:53.0948 3428 flpydisk - ok
20:30:53.0967 3428 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
20:30:53.0971 3428 FltMgr - ok
20:30:53.0982 3428 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
20:30:53.0983 3428 Fs_Rec - ok
20:30:54.0001 3428 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
20:30:54.0014 3428 gagp30kx - ok
20:30:54.0063 3428 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys
20:30:54.0064 3428 GEARAspiWDM - ok
20:30:54.0159 3428 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
20:30:54.0180 3428 HdAudAddService - ok
20:30:54.0197 3428 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:30:54.0198 3428 HDAudBus - ok
20:30:54.0216 3428 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
20:30:54.0218 3428 HidBth - ok
20:30:54.0226 3428 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
20:30:54.0228 3428 HidIr - ok
20:30:54.0307 3428 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
20:30:54.0308 3428 HidUsb - ok
20:30:54.0330 3428 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
20:30:54.0332 3428 HpCISSs - ok
20:30:54.0453 3428 HSF_DPV (9c369cbc5f19da9968223197b5205f68) C:\Windows\system32\DRIVERS\CAX_DPV.sys
20:30:54.0500 3428 HSF_DPV - ok
20:30:54.0527 3428 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
20:30:54.0544 3428 HTTP - ok
20:30:54.0561 3428 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
20:30:54.0564 3428 i2omp - ok
20:30:54.0584 3428 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
20:30:54.0586 3428 i8042prt - ok
20:30:54.0609 3428 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
20:30:54.0627 3428 iaStorV - ok
20:30:55.0021 3428 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20120207.005\IDSvia64.sys
20:30:55.0070 3428 IDSVia64 - ok
20:30:55.0078 3428 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
20:30:55.0080 3428 iirsp - ok
20:30:55.0128 3428 IntcAzAudAddService (e28d6b50a12bfa3df0bd7c31e19599f3) C:\Windows\system32\drivers\RTKVHD64.sys
20:30:55.0152 3428 IntcAzAudAddService - ok
20:30:55.0172 3428 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
20:30:55.0174 3428 intelide - ok
20:30:55.0187 3428 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
20:30:55.0189 3428 intelppm - ok
20:30:55.0224 3428 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:30:55.0226 3428 IpFilterDriver - ok
20:30:55.0245 3428 IpInIp - ok
20:30:55.0268 3428 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
20:30:55.0282 3428 IPMIDRV - ok
20:30:55.0299 3428 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
20:30:55.0302 3428 IPNAT - ok
20:30:55.0334 3428 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
20:30:55.0357 3428 IRENUM - ok
20:30:55.0381 3428 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
20:30:55.0384 3428 isapnp - ok
20:30:55.0414 3428 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
20:30:55.0417 3428 iScsiPrt - ok
20:30:55.0435 3428 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
20:30:55.0437 3428 iteatapi - ok
20:30:55.0450 3428 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
20:30:55.0452 3428 iteraid - ok
20:30:55.0473 3428 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
20:30:55.0475 3428 kbdclass - ok
20:30:55.0489 3428 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:30:55.0491 3428 kbdhid - ok
20:30:55.0528 3428 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
20:30:55.0544 3428 KSecDD - ok
20:30:55.0560 3428 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
20:30:55.0561 3428 ksthunk - ok
20:30:55.0580 3428 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
20:30:55.0582 3428 lltdio - ok
20:30:55.0616 3428 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
20:30:55.0619 3428 LSI_FC - ok
20:30:55.0642 3428 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
20:30:55.0645 3428 LSI_SAS - ok
20:30:55.0664 3428 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
20:30:55.0667 3428 LSI_SCSI - ok
20:30:55.0685 3428 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
20:30:55.0687 3428 luafv - ok
20:30:55.0723 3428 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:30:55.0724 3428 mdmxsdk - ok
20:30:55.0739 3428 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
20:30:55.0751 3428 megasas - ok
20:30:55.0769 3428 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
20:30:55.0776 3428 MegaSR - ok
20:30:55.0797 3428 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
20:30:55.0798 3428 Modem - ok
20:30:55.0826 3428 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
20:30:55.0827 3428 monitor - ok
20:30:55.0835 3428 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
20:30:55.0836 3428 mouclass - ok
20:30:55.0901 3428 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
20:30:55.0903 3428 mouhid - ok
20:30:55.0920 3428 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
20:30:55.0922 3428 MountMgr - ok
20:30:55.0948 3428 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
20:30:55.0951 3428 mpio - ok
20:30:55.0978 3428 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
20:30:55.0980 3428 mpsdrv - ok
20:30:56.0019 3428 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
20:30:56.0021 3428 Mraid35x - ok
20:30:56.0030 3428 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
20:30:56.0033 3428 MRxDAV - ok
20:30:56.0058 3428 mrxsmb (b698eb9acc7ecd4927d99d268918f912) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:30:56.0061 3428 mrxsmb - ok
20:30:56.0082 3428 mrxsmb10 (9a797e27fd28500ee13d43000c931435) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:30:56.0086 3428 mrxsmb10 - ok
20:30:56.0102 3428 mrxsmb20 (f9425d610712533107a264e2d5b2154b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:30:56.0104 3428 mrxsmb20 - ok
20:30:56.0120 3428 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
20:30:56.0123 3428 msahci - ok
20:30:56.0145 3428 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
20:30:56.0148 3428 msdsm - ok
20:30:56.0166 3428 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
20:30:56.0168 3428 Msfs - ok
20:30:56.0197 3428 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
20:30:56.0198 3428 msisadrv - ok
20:30:56.0215 3428 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
20:30:56.0217 3428 MSKSSRV - ok
20:30:56.0242 3428 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
20:30:56.0244 3428 MSPCLOCK - ok
20:30:56.0271 3428 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
20:30:56.0273 3428 MSPQM - ok
20:30:56.0337 3428 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
20:30:56.0341 3428 MsRPC - ok
20:30:56.0365 3428 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
20:30:56.0366 3428 mssmbios - ok
20:30:56.0407 3428 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
20:30:56.0422 3428 MSTEE - ok
20:30:56.0439 3428 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
20:30:56.0441 3428 Mup - ok
20:30:56.0489 3428 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
20:30:56.0492 3428 NativeWifiP - ok
20:30:56.0638 3428 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20120207.005\ENG64.SYS
20:30:56.0640 3428 NAVENG - ok
20:30:56.0725 3428 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20120207.005\EX64.SYS
20:30:56.0769 3428 NAVEX15 - ok
20:30:56.0815 3428 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys
20:30:56.0830 3428 NDIS - ok
20:30:56.0842 3428 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
20:30:56.0843 3428 NdisTapi - ok
20:30:56.0857 3428 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
20:30:56.0858 3428 Ndisuio - ok
20:30:56.0876 3428 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
20:30:56.0880 3428 NdisWan - ok
20:30:56.0891 3428 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
20:30:56.0939 3428 NDProxy - ok
20:30:56.0947 3428 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
20:30:56.0949 3428 NetBIOS - ok
20:30:56.0975 3428 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
20:30:56.0979 3428 netbt - ok
20:30:57.0118 3428 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
20:30:57.0148 3428 nfrd960 - ok
20:30:57.0180 3428 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
20:30:57.0182 3428 Npfs - ok
20:30:57.0198 3428 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
20:30:57.0200 3428 nsiproxy - ok
20:30:57.0243 3428 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
20:30:57.0277 3428 Ntfs - ok
20:30:57.0295 3428 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
20:30:57.0306 3428 Null - ok
20:30:57.0340 3428 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
20:30:57.0354 3428 nvraid - ok
20:30:57.0374 3428 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
20:30:57.0377 3428 nvstor - ok
20:30:57.0395 3428 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
20:30:57.0398 3428 nv_agp - ok
20:30:57.0411 3428 NwlnkFlt - ok
20:30:57.0422 3428 NwlnkFwd - ok
20:30:57.0452 3428 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
20:30:57.0453 3428 ohci1394 - ok
20:30:57.0491 3428 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
20:30:57.0493 3428 Parport - ok
20:30:57.0503 3428 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
20:30:57.0505 3428 partmgr - ok
20:30:57.0523 3428 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
20:30:57.0526 3428 pci - ok
20:30:57.0557 3428 pciide (4423e6d4d20c5d9ae27608bbe55347f7) C:\Windows\system32\drivers\pciide.sys
20:30:57.0559 3428 pciide - ok
20:30:57.0596 3428 pcmcia (a2d6b9c3f532baa27cb0c158d8ef4da6) C:\Windows\system32\DRIVERS\pcmcia.sys
20:30:57.0601 3428 pcmcia - ok
20:30:57.0636 3428 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
20:30:57.0737 3428 PEAUTH - ok
20:30:57.0775 3428 PnkBstrK - ok
20:30:57.0811 3428 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
20:30:57.0814 3428 PptpMiniport - ok
20:30:57.0841 3428 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
20:30:57.0842 3428 Processor - ok
20:30:57.0882 3428 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
20:30:57.0884 3428 PSched - ok
20:30:58.0204 3428 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
20:30:58.0259 3428 ql2300 - ok
20:30:58.0284 3428 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
20:30:58.0291 3428 ql40xx - ok
20:30:58.0320 3428 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
20:30:58.0356 3428 QWAVEdrv - ok
20:30:59.0363 3428 R300 (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
20:30:59.0423 3428 R300 - ok
20:30:59.0744 3428 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
20:30:59.0764 3428 RasAcd - ok
20:30:59.0870 3428 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:30:59.0898 3428 Rasl2tp - ok
20:30:59.0926 3428 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
20:30:59.0928 3428 RasPppoe - ok
20:30:59.0946 3428 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
20:30:59.0948 3428 RasSstp - ok
20:30:59.0963 3428 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
20:30:59.0968 3428 rdbss - ok
20:30:59.0979 3428 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:30:59.0980 3428 RDPCDD - ok
20:31:00.0013 3428 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
20:31:00.0025 3428 rdpdr - ok
20:31:00.0034 3428 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
20:31:00.0035 3428 RDPENCDD - ok
20:31:00.0064 3428 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
20:31:00.0068 3428 RDPWD - ok
20:31:00.0222 3428 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
20:31:00.0255 3428 rspndr - ok
20:31:00.0304 3428 RTHDMIAzAudService (0328ffdf9d805723d0e420018136fa7b) C:\Windows\system32\drivers\RtHDMIVX.sys
20:31:00.0307 3428 RTHDMIAzAudService - ok
20:31:00.0338 3428 RTSTOR (15c2f0082d5e1ce5124eda4050e77986) C:\Windows\system32\drivers\RTSTOR64.SYS
20:31:00.0339 3428 RTSTOR - ok
20:31:00.0362 3428 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
20:31:00.0375 3428 sbp2port - ok
20:31:00.0420 3428 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
20:31:00.0423 3428 sdbus - ok
20:31:00.0463 3428 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:31:00.0487 3428 secdrv - ok
20:31:00.0525 3428 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
20:31:00.0527 3428 Serenum - ok
20:31:00.0538 3428 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
20:31:00.0541 3428 Serial - ok
20:31:00.0564 3428 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
20:31:00.0567 3428 sermouse - ok
20:31:00.0617 3428 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
20:31:00.0643 3428 sffdisk - ok
20:31:00.0666 3428 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
20:31:00.0668 3428 sffp_mmc - ok
20:31:00.0685 3428 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
20:31:00.0687 3428 sffp_sd - ok
20:31:00.0703 3428 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
20:31:00.0707 3428 sfloppy - ok
20:31:00.0762 3428 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
20:31:00.0764 3428 SiSRaid2 - ok
20:31:00.0783 3428 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
20:31:00.0787 3428 SiSRaid4 - ok
20:31:00.0816 3428 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
20:31:00.0819 3428 Smb - ok
20:31:00.0843 3428 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
20:31:00.0844 3428 spldr - ok
20:31:01.0111 3428 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS
20:31:01.0141 3428 SRTSP - ok
20:31:01.0171 3428 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS
20:31:01.0189 3428 SRTSPX - ok
20:31:01.0279 3428 srv (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
20:31:01.0292 3428 srv - ok
20:31:01.0363 3428 srv2 (6c72eea39e1c37b436a6d1532999f9ec) C:\Windows\system32\DRIVERS\srv2.sys
20:31:01.0458 3428 srv2 - ok
20:31:01.0562 3428 srvnet (7f69bcf9e6fa3d93c82ee6b87812666d) C:\Windows\system32\DRIVERS\srvnet.sys
20:31:01.0566 3428 srvnet - ok
20:31:01.0749 3428 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
20:31:01.0777 3428 swenum - ok
20:31:01.0802 3428 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
20:31:01.0815 3428 Symc8xx - ok
20:31:01.0840 3428 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS
20:31:01.0856 3428 SymDS - ok
20:31:01.0903 3428 SymEFA (9f5783a4a03d0091cdbdaa858b566926) C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS
20:31:01.0907 3428 SymEFA - ok
20:31:01.0941 3428 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
20:31:01.0944 3428 SymEvent - ok
20:31:01.0962 3428 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS
20:31:01.0965 3428 SymIRON - ok
20:31:01.0983 3428 SYMTDIv (3adfb72f0797ae3832509fe030755e21) C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS
20:31:01.0998 3428 SYMTDIv - ok
20:31:02.0014 3428 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
20:31:02.0016 3428 Sym_hi - ok
20:31:02.0032 3428 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
20:31:02.0035 3428 Sym_u3 - ok
20:31:02.0099 3428 Tcpip (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\drivers\tcpip.sys
20:31:02.0124 3428 Tcpip - ok
20:31:02.0153 3428 Tcpip6 (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\DRIVERS\tcpip.sys
20:31:02.0163 3428 Tcpip6 - ok
20:31:02.0290 3428 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
20:31:02.0312 3428 tcpipreg - ok
20:31:02.0335 3428 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
20:31:02.0337 3428 TDPIPE - ok
20:31:02.0355 3428 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
20:31:02.0356 3428 TDTCP - ok
20:31:02.0368 3428 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
20:31:02.0371 3428 tdx - ok
20:31:02.0386 3428 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
20:31:02.0387 3428 TermDD - ok
20:31:02.0410 3428 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:31:02.0411 3428 tssecsrv - ok
20:31:02.0440 3428 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
20:31:02.0442 3428 tunmp - ok
20:31:02.0470 3428 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
20:31:02.0472 3428 tunnel - ok
20:31:02.0493 3428 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
20:31:02.0506 3428 uagp35 - ok
20:31:02.0526 3428 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
20:31:02.0532 3428 udfs - ok
20:31:02.0561 3428 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
20:31:02.0565 3428 uliagpkx - ok
20:31:02.0585 3428 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
20:31:02.0591 3428 uliahci - ok
20:31:02.0616 3428 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
20:31:02.0619 3428 UlSata - ok
20:31:02.0640 3428 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
20:31:02.0644 3428 ulsata2 - ok
20:31:02.0660 3428 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
20:31:02.0661 3428 umbus - ok
20:31:02.0694 3428 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
20:31:02.0702 3428 UMPass - ok
20:31:02.0752 3428 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
20:31:02.0770 3428 USBAAPL64 - ok
20:31:02.0787 3428 usbccgp (66627c6008319def7909f21fb75a8991) C:\Windows\system32\DRIVERS\usbccgp.sys
20:31:02.0791 3428 usbccgp - ok
20:31:02.0810 3428 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
20:31:02.0813 3428 usbcir - ok
20:31:02.0837 3428 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys
20:31:02.0838 3428 usbehci - ok
20:31:02.0888 3428 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys
20:31:02.0911 3428 usbhub - ok
20:31:02.0937 3428 usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys
20:31:02.0938 3428 usbohci - ok
20:31:02.0955 3428 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
20:31:02.0957 3428 usbprint - ok
20:31:02.0973 3428 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:31:02.0976 3428 USBSTOR - ok
20:31:02.0983 3428 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
20:31:02.0986 3428 usbuhci - ok
20:31:03.0015 3428 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
20:31:03.0024 3428 vga - ok
20:31:03.0043 3428 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
20:31:03.0044 3428 VgaSave - ok
20:31:03.0060 3428 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
20:31:03.0062 3428 viaide - ok
20:31:03.0070 3428 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
20:31:03.0072 3428 volmgr - ok
20:31:03.0095 3428 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
20:31:03.0102 3428 volmgrx - ok
20:31:03.0122 3428 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
20:31:03.0126 3428 volsnap - ok
20:31:03.0146 3428 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
20:31:03.0150 3428 vsmraid - ok
20:31:03.0173 3428 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
20:31:03.0175 3428 WacomPen - ok
20:31:03.0192 3428 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
20:31:03.0194 3428 Wanarp - ok
20:31:03.0198 3428 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
20:31:03.0199 3428 Wanarpv6 - ok
20:31:03.0218 3428 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
20:31:03.0228 3428 Wd - ok
20:31:03.0260 3428 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
20:31:03.0295 3428 Wdf01000 - ok
20:31:03.0601 3428 winachsf (d36af55c2c09b55aacf4a65c7fea9c37) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
20:31:03.0629 3428 winachsf - ok
20:31:03.0674 3428 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
20:31:03.0676 3428 WmiAcpi - ok
20:31:03.0718 3428 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
20:31:03.0741 3428 WpdUsb - ok
20:31:03.0762 3428 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
20:31:03.0764 3428 ws2ifsl - ok
20:31:03.0805 3428 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:31:03.0807 3428 WUDFRd - ok
20:31:03.0825 3428 XAudio (e288fa83c178a3458bac1fa80b346c06) C:\Windows\system32\DRIVERS\xaudio64.sys
20:31:03.0826 3428 XAudio - ok
20:31:03.0848 3428 yukonx64 (2ae06b41b36549fabf0886b2af89a599) C:\Windows\system32\DRIVERS\yk60x64.sys
20:31:03.0854 3428 yukonx64 - ok
20:31:03.0881 3428 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0
20:31:03.0905 3428 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
20:31:03.0906 3428 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
20:31:04.0321 3428 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:31:04.0322 3428 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:31:04.0325 3428 Boot (0x1200) (65687d4fc3d8fd0e2d61fe44e7f65b80) \Device\Harddisk0\DR0\Partition0
20:31:04.0326 3428 \Device\Harddisk0\DR0\Partition0 - ok
20:31:04.0371 3428 Boot (0x1200) (d0c606c55fe7039a3eaf3a68911679b3) \Device\Harddisk0\DR0\Partition1
20:31:04.0401 3428 \Device\Harddisk0\DR0\Partition1 - ok
20:31:04.0402 3428 ============================================================
20:31:04.0402 3428 Scan finished
20:31:04.0402 3428 ============================================================
20:31:04.0412 3636 Detected object count: 2
20:31:04.0412 3636 Actual detected object count: 2
20:31:45.0031 3636 \Device\Harddisk0\DR0\# - copied to quarantine
20:31:45.0035 3636 \Device\Harddisk0\DR0 - copied to quarantine
20:31:45.0129 3636 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
20:31:45.0683 3636 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
20:31:47.0216 3636 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
20:31:47.0470 3636 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
20:31:48.0149 3636 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
20:31:48.0201 3636 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
20:31:48.0228 3636 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
20:31:48.0250 3636 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
20:31:48.0742 3636 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
20:31:49.0378 3636 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
20:31:49.0502 3636 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
20:31:49.0510 3636 \Device\Harddisk0\DR0 - ok
20:31:49.0511 3636 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
20:31:49.0511 3636 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:31:49.0511 3636 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
20:32:00.0501 3444 Deinitialize success




aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-07 20:41:27
-----------------------------
20:41:27.201 OS Version: Windows x64 6.0.6001 Service Pack 1
20:41:27.201 Number of processors: 3 586 0x203
20:41:27.202 ComputerName: JESSON-PC UserName: Jesson
20:41:28.814 Initialize success
20:41:49.298 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:41:49.300 Disk 0 Vendor: WDC_WD5000AAKS-22A7B0 01.03B01 Size: 476940MB BusType: 3
20:41:49.333 Disk 0 MBR read successfully
20:41:49.335 Disk 0 MBR scan
20:41:49.337 Disk 0 Windows VISTA default MBR code
20:41:49.339 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 15829 MB offset 63
20:41:49.348 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 461107 MB offset 32419170
20:41:49.351 Service scanning
20:41:51.620 Modules scanning
20:41:51.623 Disk 0 trace - called modules:
20:41:51.649 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys
20:41:51.652 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cb3790]
20:41:51.656 3 CLASSPNP.SYS[fffffa60007c7b3a] -> nt!IofCallDriver -> [0xfffffa8004a579b0]
20:41:51.659 5 acpi.sys[fffffa60008f4ff6] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004a57060]
20:41:51.995 Scan finished successfully
20:42:30.836 Disk 0 MBR has been saved successfully to "C:\Users\Jesson\Desktop\MBR.dat"
20:42:30.870 The log file has been saved successfully to "C:\Users\Jesson\Desktop\aswMBR.txt"

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,908 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:54 PM

Posted 07 February 2012 - 09:29 PM

OK good, this is always a problem maker
:31:49.0511 3636 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
The reboot completes rge disinfectiion.

Let's run one more scan,,,
Is the error gone?

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#6 Jesson125

Jesson125
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 07 February 2012 - 09:40 PM

Yes, after the reboot TDSSkiller had me do, the error message didnt appear again. I will run this online scan and post my results.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,908 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:54 PM

Posted 07 February 2012 - 10:18 PM

Cool we should be able to mop up after it.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#8 Jesson125

Jesson125
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 08 February 2012 - 12:46 AM

Okay, that actually took longer than I had anticipated, but here is the log from the eset online scan.


C:\Program Files (x86)\Vuze\.install4j\i4j_extf_8_5p83tu.exe a variant of Win32/AdInstaller application cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\Nurech1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Users\Jesson\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\6b1e720a-6c42c74f Java/Agent.BV trojan deleted - quarantined
C:\Users\Jesson\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\afb22cf-1009923d probably a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\Jesson\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\2ef758e6-31400298 Java/Agent.BV trojan deleted - quarantined
C:\Users\Jesson\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\d126230-4b6bccdc Java/Agent.BV trojan deleted - quarantined
C:\Users\Jesson\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1d87cc08-10ba4a5c probably a variant of Java/Agent.BR trojan deleted - quarantined

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,908 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:54 PM

Posted 08 February 2012 - 04:42 PM

Great! was good to fihd those bagle's. Win32/Bagle. is the generic detection for trojans that download worms from the Win32/Bagle family. They are usually distributed as attachments of spammed e-mail messages. They may also change certain system settings.


If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#10 Jesson125

Jesson125
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 08 February 2012 - 07:33 PM

Excellent. Restore point has been created. Thank you so much for your help. One more question, can I now delete the programs I downloaded, including the mbr.dat I was told to keep?

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,908 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:54 PM

Posted 08 February 2012 - 09:20 PM

Yes you can remove it all now if you wish.


You're welcome!!
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users