Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Help with svchost.exe trojan; winrscmde

Started by KyleNeil , Feb 09 2012 11:11 PM

Please log in to reply

10 replies to this topic

#1 KyleNeil

New Member

Members
4 posts

Posted 09 February 2012 - 11:11 PM

Any help would be appreciated. Here is what I can tell you. Malwarebytes, running in both SafeMode and Normal Mode, has detected, quarantined and deleted the file svchost.exe recognizing it as a trojan. Yet the file continues to return, slow my speeds and appears to launch several "svchost" services, thus slowing down CPU. These appear separate from the normal svchost processes. I also ran ran Spybot S&D, and I found something called "Smitfraud Trojan" which after some Google searches might explain why I keep getting popups like "[Some program] has stopped working" and eventually blue screens. One thing I must point out is that the blue screens look different....? Although I am not certain the Smitfraud virus is gone, the popups and blue screens have stopped for the moment, nevertheless I am unable to get the svchost.exe trojan removed. If there is any information I can provide please let me know. One other thing that jumped out is the image name is "svchost.exe *32" and the description is "winrscmde" in the Task Manager. Also several reports of this file on the site....

Here is my Malwarebytes log to start [Run in Normal Mode after trojan detection and deletion]:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.09.08

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Kyle Hawkins :: HAWKINS-PC [administrator]

Protection: Enabled

2/9/2012 7:53:31 PM
mbam-log-2012-02-09 (19-53-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232197
Time elapsed: 17 minute(s),

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 3144 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

Back to top

BC Ads
BleepingComputer.com

#2 narenxp

Forum Addict

BC Advisor
16,366 posts

Gender:Male
Location:India

Posted 09 February 2012 - 11:22 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Back to top

#3 KyleNeil

New Member

Members
4 posts

Posted 12 February 2012 - 06:05 PM

Here are the logs requested (note that the GMER wasn't run because I am running 64-bit Vista):

14:41:10.0688 3768 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
14:41:12.0696 3768 ============================================================
14:41:12.0697 3768 Current date / time: 2012/02/12 14:41:12.0696
14:41:12.0697 3768 SystemInfo:
14:41:12.0697 3768
14:41:12.0697 3768 OS Version: 6.0.6002 ServicePack: 2.0
14:41:12.0697 3768 Product type: Workstation
14:41:12.0697 3768 ComputerName: HAWKINS-PC
14:41:12.0697 3768 UserName: Kyle Hawkins
14:41:12.0697 3768 Windows directory: C:\Windows
14:41:12.0697 3768 System windows directory: C:\Windows
14:41:12.0697 3768 Running under WOW64
14:41:12.0697 3768 Processor architecture: Intel x64
14:41:12.0697 3768 Number of processors: 4
14:41:12.0697 3768 Page size: 0x1000
14:41:12.0697 3768 Boot type: Normal boot
14:41:12.0697 3768 ============================================================
14:41:14.0698 3768 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:41:14.0701 3768 Drive \Device\Harddisk1\DR1 - Size: 0x15D4EF00000 (1397.23 Gb), SectorSize: 0x200, Cylinders: 0x2C87D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:41:15.0215 3768 \Device\Harddisk0\DR0:
14:41:15.0244 3768 MBR used
14:41:15.0244 3768 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1389000, BlocksNum 0x494CE800
14:41:15.0244 3768 \Device\Harddisk1\DR1:
14:41:15.0246 3768 MBR used
14:41:15.0246 3768 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA77000
14:41:15.0319 3768 Initialize success
14:41:15.0319 3768 ============================================================
14:42:51.0187 6804 ============================================================
14:42:51.0187 6804 Scan started
14:42:51.0187 6804 Mode: Manual; TDLFS;
14:42:51.0187 6804 ============================================================
14:42:51.0693 6804 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
14:42:51.0698 6804 ACPI - ok
14:42:51.0764 6804 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
14:42:51.0781 6804 adp94xx - ok
14:42:51.0799 6804 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
14:42:51.0805 6804 adpahci - ok
14:42:51.0822 6804 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
14:42:51.0825 6804 adpu160m - ok
14:42:51.0837 6804 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
14:42:51.0840 6804 adpu320 - ok
14:42:51.0903 6804 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
14:42:51.0909 6804 AFD - ok
14:42:51.0950 6804 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
14:42:51.0956 6804 agp440 - ok
14:42:52.0000 6804 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
14:42:52.0002 6804 aic78xx - ok
14:42:52.0040 6804 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
14:42:52.0041 6804 aliide - ok
14:42:52.0055 6804 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
14:42:52.0056 6804 amdide - ok
14:42:52.0068 6804 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
14:42:52.0070 6804 AmdK8 - ok
14:42:52.0123 6804 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
14:42:52.0125 6804 arc - ok
14:42:52.0149 6804 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
14:42:52.0151 6804 arcsas - ok
14:42:52.0174 6804 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
14:42:52.0176 6804 AsyncMac - ok
14:42:52.0204 6804 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
14:42:52.0204 6804 atapi - ok
14:42:52.0373 6804 atikmdag (9303f8386cadc369248152e4fb508221) C:\Windows\system32\DRIVERS\atikmdag.sys
14:42:52.0449 6804 atikmdag - ok
14:42:52.0489 6804 AtiPcie (db0d3de15edc96e7529fc0d3f7760894) C:\Windows\system32\DRIVERS\AtiPcie.sys
14:42:52.0491 6804 AtiPcie - ok
14:42:52.0562 6804 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
14:42:52.0564 6804 Avgfwfd - ok
14:42:52.0624 6804 AVGIDSDriver (fa46adf6e497cf185160f09e603ce2a3) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
14:42:52.0625 6804 AVGIDSDriver - ok
14:42:52.0665 6804 AVGIDSEH (d6b93e5d8b96a66f55a4d2ee7f24667c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
14:42:52.0665 6804 AVGIDSEH - ok
14:42:52.0683 6804 AVGIDSFilter (ff6551f1ab0da3b30c9dec923f21b504) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
14:42:52.0684 6804 AVGIDSFilter - ok
14:42:52.0746 6804 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
14:42:52.0748 6804 Avgldx64 - ok
14:42:52.0773 6804 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
14:42:52.0774 6804 Avgmfx64 - ok
14:42:52.0792 6804 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
14:42:52.0793 6804 Avgrkx64 - ok
14:42:52.0814 6804 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
14:42:52.0817 6804 Avgtdia - ok
14:42:52.0855 6804 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
14:42:52.0857 6804 blbdrive - ok
14:42:52.0892 6804 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
14:42:52.0895 6804 bowser - ok
14:42:52.0924 6804 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
14:42:52.0926 6804 BrFiltLo - ok
14:42:52.0949 6804 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
14:42:52.0955 6804 BrFiltUp - ok
14:42:52.0998 6804 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
14:42:53.0000 6804 Brserid - ok
14:42:53.0021 6804 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
14:42:53.0023 6804 BrSerWdm - ok
14:42:53.0038 6804 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
14:42:53.0039 6804 BrUsbMdm - ok
14:42:53.0051 6804 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
14:42:53.0053 6804 BrUsbSer - ok
14:42:53.0067 6804 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
14:42:53.0069 6804 BTHMODEM - ok
14:42:53.0128 6804 CAXHWBS2 (551be1536b27dc056ea4d48275efb089) C:\Windows\system32\DRIVERS\CAXHWBS2.sys
14:42:53.0135 6804 CAXHWBS2 - ok
14:42:53.0147 6804 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
14:42:53.0149 6804 cdfs - ok
14:42:53.0168 6804 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
14:42:53.0171 6804 cdrom - ok
14:42:53.0197 6804 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
14:42:53.0198 6804 circlass - ok
14:42:53.0270 6804 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
14:42:53.0348 6804 CLFS - ok
14:42:53.0443 6804 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
14:42:53.0445 6804 cmdide - ok
14:42:53.0463 6804 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
14:42:53.0464 6804 Compbatt - ok
14:42:53.0488 6804 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
14:42:53.0489 6804 crcdisk - ok
14:42:53.0549 6804 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
14:42:53.0551 6804 DfsC - ok
14:42:53.0611 6804 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
14:42:53.0613 6804 disk - ok
14:42:53.0674 6804 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
14:42:53.0677 6804 Dot4 - ok
14:42:53.0738 6804 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:42:53.0739 6804 Dot4Print - ok
14:42:53.0775 6804 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
14:42:53.0777 6804 dot4usb - ok
14:42:53.0817 6804 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
14:42:53.0819 6804 drmkaud - ok
14:42:53.0856 6804 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
14:42:53.0873 6804 DXGKrnl - ok
14:42:53.0888 6804 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
14:42:53.0891 6804 E1G60 - ok
14:42:53.0907 6804 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
14:42:53.0910 6804 Ecache - ok
14:42:53.0953 6804 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
14:42:53.0959 6804 elxstor - ok
14:42:53.0999 6804 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
14:42:54.0001 6804 ErrDev - ok
14:42:54.0101 6804 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
14:42:54.0104 6804 exfat - ok
14:42:54.0132 6804 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
14:42:54.0136 6804 fastfat - ok
14:42:54.0166 6804 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
14:42:54.0168 6804 fdc - ok
14:42:54.0195 6804 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
14:42:54.0198 6804 FileInfo - ok
14:42:54.0219 6804 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
14:42:54.0220 6804 Filetrace - ok
14:42:54.0237 6804 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:42:54.0238 6804 flpydisk - ok
14:42:54.0271 6804 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
14:42:54.0275 6804 FltMgr - ok
14:42:54.0333 6804 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
14:42:54.0334 6804 Fs_Rec - ok
14:42:54.0358 6804 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
14:42:54.0360 6804 gagp30kx - ok
14:42:54.0389 6804 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:42:54.0391 6804 GEARAspiWDM - ok
14:42:54.0459 6804 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
14:42:54.0463 6804 HdAudAddService - ok
14:42:54.0512 6804 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:42:54.0530 6804 HDAudBus - ok
14:42:54.0557 6804 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
14:42:54.0558 6804 HidBth - ok
14:42:54.0577 6804 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
14:42:54.0579 6804 HidIr - ok
14:42:54.0611 6804 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
14:42:54.0613 6804 HidUsb - ok
14:42:54.0645 6804 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
14:42:54.0647 6804 HpCISSs - ok
14:42:54.0720 6804 HSF_DPV (9c369cbc5f19da9968223197b5205f68) C:\Windows\system32\DRIVERS\CAX_DPV.sys
14:42:54.0745 6804 HSF_DPV - ok
14:42:54.0774 6804 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
14:42:54.0778 6804 HTTP - ok
14:42:54.0808 6804 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
14:42:54.0810 6804 i2omp - ok
14:42:54.0842 6804 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
14:42:54.0844 6804 i8042prt - ok
14:42:54.0871 6804 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
14:42:54.0876 6804 iaStorV - ok
14:42:54.0893 6804 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
14:42:54.0894 6804 iirsp - ok
14:42:54.0978 6804 int15 (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\SysWOW64\drivers\int15_64.sys
14:42:54.0979 6804 int15 - ok
14:42:55.0025 6804 IntcAzAudAddService (aecdaa95b5bbfac856c4a22d06d3d76a) C:\Windows\system32\drivers\RTKVHD64.sys
14:42:55.0050 6804 IntcAzAudAddService - ok
14:42:55.0152 6804 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
14:42:55.0154 6804 intelide - ok
14:42:55.0170 6804 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
14:42:55.0171 6804 intelppm - ok
14:42:55.0224 6804 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:42:55.0227 6804 IpFilterDriver - ok
14:42:55.0237 6804 IpInIp - ok
14:42:55.0271 6804 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
14:42:55.0288 6804 IPMIDRV - ok
14:42:55.0313 6804 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
14:42:55.0315 6804 IPNAT - ok
14:42:55.0334 6804 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
14:42:55.0336 6804 IRENUM - ok
14:42:55.0367 6804 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
14:42:55.0370 6804 isapnp - ok
14:42:55.0405 6804 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
14:42:55.0409 6804 iScsiPrt - ok
14:42:55.0432 6804 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
14:42:55.0434 6804 iteatapi - ok
14:42:55.0458 6804 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
14:42:55.0460 6804 iteraid - ok
14:42:55.0483 6804 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
14:42:55.0484 6804 kbdclass - ok
14:42:55.0509 6804 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
14:42:55.0510 6804 kbdhid - ok
14:42:55.0541 6804 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
14:42:55.0558 6804 KSecDD - ok
14:42:55.0567 6804 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
14:42:55.0569 6804 ksthunk - ok
14:42:55.0592 6804 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
14:42:55.0594 6804 lltdio - ok
14:42:55.0622 6804 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
14:42:55.0625 6804 LSI_FC - ok
14:42:55.0640 6804 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
14:42:55.0642 6804 LSI_SAS - ok
14:42:55.0662 6804 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
14:42:55.0665 6804 LSI_SCSI - ok
14:42:55.0690 6804 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
14:42:55.0692 6804 luafv - ok
14:42:55.0744 6804 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
14:42:55.0745 6804 MBAMProtector - ok
14:42:55.0802 6804 mcdbus (2757f2e17c452e24682eb0ccea74997d) C:\Windows\system32\DRIVERS\mcdbus.sys
14:42:55.0804 6804 mcdbus - ok
14:42:55.0823 6804 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:42:55.0825 6804 mdmxsdk - ok
14:42:55.0850 6804 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
14:42:55.0851 6804 megasas - ok
14:42:55.0871 6804 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
14:42:55.0878 6804 MegaSR - ok
14:42:55.0905 6804 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
14:42:55.0907 6804 Modem - ok
14:42:55.0931 6804 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
14:42:55.0933 6804 monitor - ok
14:42:55.0946 6804 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
14:42:55.0947 6804 mouclass - ok
14:42:55.0971 6804 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
14:42:55.0972 6804 mouhid - ok
14:42:55.0982 6804 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
14:42:55.0984 6804 MountMgr - ok
14:42:56.0025 6804 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
14:42:56.0028 6804 mpio - ok
14:42:56.0052 6804 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
14:42:56.0054 6804 mpsdrv - ok
14:42:56.0081 6804 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
14:42:56.0083 6804 Mraid35x - ok
14:42:56.0112 6804 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
14:42:56.0115 6804 MRxDAV - ok
14:42:56.0142 6804 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:42:56.0145 6804 mrxsmb - ok
14:42:56.0179 6804 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:42:56.0184 6804 mrxsmb10 - ok
14:42:56.0196 6804 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:42:56.0198 6804 mrxsmb20 - ok
14:42:56.0218 6804 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
14:42:56.0220 6804 msahci - ok
14:42:56.0237 6804 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
14:42:56.0240 6804 msdsm - ok
14:42:56.0296 6804 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
14:42:56.0304 6804 Msfs - ok
14:42:56.0347 6804 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
14:42:56.0348 6804 msisadrv - ok
14:42:56.0392 6804 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
14:42:56.0394 6804 MSKSSRV - ok
14:42:56.0433 6804 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
14:42:56.0435 6804 MSPCLOCK - ok
14:42:56.0446 6804 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
14:42:56.0447 6804 MSPQM - ok
14:42:56.0475 6804 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
14:42:56.0480 6804 MsRPC - ok
14:42:56.0496 6804 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
14:42:56.0498 6804 mssmbios - ok
14:42:56.0513 6804 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
14:42:56.0514 6804 MSTEE - ok
14:42:56.0528 6804 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
14:42:56.0530 6804 Mup - ok
14:42:56.0590 6804 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
14:42:56.0594 6804 NativeWifiP - ok
14:42:56.0645 6804 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
14:42:56.0662 6804 NDIS - ok
14:42:56.0699 6804 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
14:42:56.0700 6804 NdisTapi - ok
14:42:56.0715 6804 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
14:42:56.0716 6804 Ndisuio - ok
14:42:56.0740 6804 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
14:42:56.0744 6804 NdisWan - ok
14:42:56.0761 6804 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
14:42:56.0762 6804 NDProxy - ok
14:42:56.0813 6804 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
14:42:56.0815 6804 NetBIOS - ok
14:42:56.0840 6804 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
14:42:56.0844 6804 netbt - ok
14:42:56.0880 6804 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
14:42:56.0882 6804 nfrd960 - ok
14:42:56.0926 6804 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
14:42:56.0928 6804 Npfs - ok
14:42:56.0943 6804 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
14:42:56.0945 6804 nsiproxy - ok
14:42:57.0008 6804 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
14:42:57.0034 6804 Ntfs - ok
14:42:57.0049 6804 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
14:42:57.0051 6804 Null - ok
14:42:57.0078 6804 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
14:42:57.0080 6804 nvraid - ok
14:42:57.0099 6804 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
14:42:57.0100 6804 nvstor - ok
14:42:57.0120 6804 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
14:42:57.0122 6804 nv_agp - ok
14:42:57.0129 6804 NwlnkFlt - ok
14:42:57.0138 6804 NwlnkFwd - ok
14:42:57.0190 6804 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
14:42:57.0192 6804 ohci1394 - ok
14:42:57.0238 6804 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
14:42:57.0241 6804 Parport - ok
14:42:57.0271 6804 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
14:42:57.0273 6804 partmgr - ok
14:42:57.0294 6804 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
14:42:57.0297 6804 pci - ok
14:42:57.0346 6804 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
14:42:57.0347 6804 pciide - ok
14:42:57.0366 6804 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
14:42:57.0370 6804 pcmcia - ok
14:42:57.0392 6804 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
14:42:57.0409 6804 PEAUTH - ok
14:42:57.0477 6804 pgfilter - ok
14:42:57.0517 6804 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
14:42:57.0519 6804 PptpMiniport - ok
14:42:57.0528 6804 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
14:42:57.0529 6804 Processor - ok
14:42:57.0591 6804 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
14:42:57.0593 6804 PSched - ok
14:42:57.0638 6804 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
14:42:57.0663 6804 ql2300 - ok
14:42:57.0694 6804 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
14:42:57.0696 6804 ql40xx - ok
14:42:57.0720 6804 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
14:42:57.0721 6804 QWAVEdrv - ok
14:42:57.0734 6804 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
14:42:57.0735 6804 RasAcd - ok
14:42:57.0756 6804 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:42:57.0759 6804 Rasl2tp - ok
14:42:57.0779 6804 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
14:42:57.0780 6804 RasPppoe - ok
14:42:57.0829 6804 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
14:42:57.0831 6804 RasSstp - ok
14:42:57.0857 6804 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
14:42:57.0861 6804 rdbss - ok
14:42:57.0875 6804 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:42:57.0875 6804 RDPCDD - ok
14:42:57.0898 6804 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
14:42:57.0903 6804 rdpdr - ok
14:42:57.0910 6804 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
14:42:57.0911 6804 RDPENCDD - ok
14:42:57.0953 6804 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
14:42:57.0963 6804 RDPWD - ok
14:42:58.0041 6804 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
14:42:58.0042 6804 rspndr - ok
14:42:58.0089 6804 RTHDMIAzAudService (f8da8fc39ce5859c0d8c0fe6524ce465) C:\Windows\system32\drivers\RtHDMIVX.sys
14:42:58.0092 6804 RTHDMIAzAudService - ok
14:42:58.0111 6804 RTSTOR (b6b74a05f4da0231d5d275568a104f89) C:\Windows\system32\drivers\RTSTOR64.SYS
14:42:58.0113 6804 RTSTOR - ok
14:42:58.0236 6804 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:42:58.0237 6804 SASDIFSV - ok
14:42:58.0245 6804 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:42:58.0246 6804 SASKUTIL - ok
14:42:58.0266 6804 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
14:42:58.0269 6804 sbp2port - ok
14:42:58.0334 6804 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:42:58.0338 6804 secdrv - ok
14:42:58.0362 6804 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
14:42:58.0363 6804 Serenum - ok
14:42:58.0375 6804 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
14:42:58.0377 6804 Serial - ok
14:42:58.0390 6804 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
14:42:58.0391 6804 sermouse - ok
14:42:58.0428 6804 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
14:42:58.0464 6804 sffdisk - ok
14:42:58.0487 6804 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
14:42:58.0488 6804 sffp_mmc - ok
14:42:58.0515 6804 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
14:42:58.0516 6804 sffp_sd - ok
14:42:58.0526 6804 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
14:42:58.0527 6804 sfloppy - ok
14:42:58.0553 6804 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
14:42:58.0555 6804 SiSRaid2 - ok
14:42:58.0571 6804 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
14:42:58.0573 6804 SiSRaid4 - ok
14:42:58.0614 6804 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
14:42:58.0616 6804 Smb - ok
14:42:58.0638 6804 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
14:42:58.0639 6804 spldr - ok
14:42:58.0665 6804 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
14:42:58.0672 6804 srv - ok
14:42:58.0698 6804 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
14:42:58.0702 6804 srv2 - ok
14:42:58.0722 6804 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
14:42:58.0725 6804 srvnet - ok
14:42:58.0788 6804 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
14:42:58.0789 6804 StillCam - ok
14:42:58.0816 6804 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
14:42:58.0817 6804 swenum - ok
14:42:58.0843 6804 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
14:42:58.0844 6804 Symc8xx - ok
14:42:58.0866 6804 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
14:42:58.0867 6804 Sym_hi - ok
14:42:58.0887 6804 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
14:42:58.0889 6804 Sym_u3 - ok
14:42:58.0956 6804 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
14:42:58.0966 6804 Tcpip - ok
14:42:59.0010 6804 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
14:42:59.0020 6804 Tcpip6 - ok
14:42:59.0043 6804 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
14:42:59.0044 6804 tcpipreg - ok
14:42:59.0063 6804 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
14:42:59.0064 6804 TDPIPE - ok
14:42:59.0090 6804 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
14:42:59.0092 6804 TDTCP - ok
14:42:59.0131 6804 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
14:42:59.0133 6804 tdx - ok
14:42:59.0158 6804 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
14:42:59.0160 6804 TermDD - ok
14:42:59.0199 6804 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:42:59.0201 6804 tssecsrv - ok
14:42:59.0220 6804 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
14:42:59.0221 6804 tunmp - ok
14:42:59.0258 6804 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
14:42:59.0259 6804 tunnel - ok
14:42:59.0288 6804 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
14:42:59.0289 6804 uagp35 - ok
14:42:59.0373 6804 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
14:42:59.0378 6804 udfs - ok
14:42:59.0408 6804 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
14:42:59.0410 6804 uliagpkx - ok
14:42:59.0432 6804 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
14:42:59.0436 6804 uliahci - ok
14:42:59.0452 6804 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
14:42:59.0454 6804 UlSata - ok
14:42:59.0477 6804 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
14:42:59.0480 6804 ulsata2 - ok
14:42:59.0500 6804 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
14:42:59.0501 6804 umbus - ok
14:42:59.0569 6804 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
14:42:59.0570 6804 USBAAPL64 - ok
14:42:59.0621 6804 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
14:42:59.0623 6804 usbaudio - ok
14:42:59.0663 6804 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
14:42:59.0665 6804 usbccgp - ok
14:42:59.0691 6804 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
14:42:59.0693 6804 usbcir - ok
14:42:59.0721 6804 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
14:42:59.0722 6804 usbehci - ok
14:42:59.0738 6804 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
14:42:59.0742 6804 usbhub - ok
14:42:59.0751 6804 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
14:42:59.0753 6804 usbohci - ok
14:42:59.0784 6804 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
14:42:59.0785 6804 usbprint - ok
14:42:59.0827 6804 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
14:42:59.0828 6804 usbscan - ok
14:42:59.0852 6804 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:42:59.0854 6804 USBSTOR - ok
14:42:59.0872 6804 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
14:42:59.0873 6804 usbuhci - ok
14:42:59.0936 6804 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
14:42:59.0953 6804 usbvideo - ok
14:43:00.0013 6804 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
14:43:00.0015 6804 vga - ok
14:43:00.0037 6804 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
14:43:00.0038 6804 VgaSave - ok
14:43:00.0059 6804 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
14:43:00.0060 6804 viaide - ok
14:43:00.0081 6804 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
14:43:00.0083 6804 volmgr - ok
14:43:00.0123 6804 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
14:43:00.0129 6804 volmgrx - ok
14:43:00.0172 6804 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
14:43:00.0176 6804 volsnap - ok
14:43:00.0203 6804 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
14:43:00.0205 6804 vsmraid - ok
14:43:00.0245 6804 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
14:43:00.0246 6804 WacomPen - ok
14:43:00.0270 6804 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
14:43:00.0273 6804 Wanarp - ok
14:43:00.0277 6804 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
14:43:00.0278 6804 Wanarpv6 - ok
14:43:00.0312 6804 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
14:43:00.0313 6804 Wd - ok
14:43:00.0335 6804 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
14:43:00.0336 6804 WDC_SAM - ok
14:43:00.0380 6804 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
14:43:00.0391 6804 Wdf01000 - ok
14:43:00.0439 6804 winachsf (d36af55c2c09b55aacf4a65c7fea9c37) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
14:43:00.0456 6804 winachsf - ok
14:43:00.0493 6804 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
14:43:00.0494 6804 WmiAcpi - ok
14:43:00.0553 6804 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
14:43:00.0554 6804 WpdUsb - ok
14:43:00.0596 6804 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
14:43:00.0597 6804 ws2ifsl - ok
14:43:00.0644 6804 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:43:00.0646 6804 WUDFRd - ok
14:43:00.0656 6804 XAudio (e288fa83c178a3458bac1fa80b346c06) C:\Windows\system32\DRIVERS\xaudio64.sys
14:43:00.0657 6804 XAudio - ok
14:43:00.0719 6804 yukonx64 (4d7bd04b794478aba95ea1e03be39c47) C:\Windows\system32\DRIVERS\yk60x64.sys
14:43:00.0726 6804 yukonx64 - ok
14:43:00.0735 6804 MBR (0x1B8) (a157d70a972e278b72d274a647ca1a28) \Device\Harddisk0\DR0
14:43:00.0756 6804 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
14:43:00.0756 6804 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
14:43:00.0789 6804 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:43:00.0789 6804 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:43:00.0794 6804 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
14:43:01.0369 6804 \Device\Harddisk1\DR1 - ok
14:43:01.0384 6804 Boot (0x1200) (03bdbc780aa2ff0edf05b923a47f6edb) \Device\Harddisk0\DR0\Partition0
14:43:01.0385 6804 \Device\Harddisk0\DR0\Partition0 - ok
14:43:01.0389 6804 Boot (0x1200) (e34c53cd51200d058979c40ec3f76bea) \Device\Harddisk1\DR1\Partition0
14:43:01.0390 6804 \Device\Harddisk1\DR1\Partition0 - ok
14:43:01.0391 6804 ============================================================
14:43:01.0391 6804 Scan finished
14:43:01.0391 6804 ============================================================
14:43:01.0404 8888 Detected object count: 2
14:43:01.0404 8888 Actual detected object count: 2
14:43:16.0362 8888 \Device\Harddisk0\DR0\# - copied to quarantine
14:43:16.0362 8888 \Device\Harddisk0\DR0 - copied to quarantine
14:43:16.0394 8888 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
14:43:16.0395 8888 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
14:43:16.0405 8888 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
14:43:16.0411 8888 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
14:43:16.0413 8888 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
14:43:16.0414 8888 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
14:43:16.0415 8888 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
14:43:16.0418 8888 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
14:43:16.0420 8888 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
14:43:16.0421 8888 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
14:43:16.0423 8888 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
14:43:16.0424 8888 \Device\Harddisk0\DR0 - ok
14:43:16.0769 8888 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
14:43:16.0769 8888 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:43:16.0769 8888 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-12 14:52:40
-----------------------------
14:52:40.684 OS Version: Windows x64 6.0.6002 Service Pack 2
14:52:40.684 Number of processors: 4 586 0x203
14:52:40.685 ComputerName: HAWKINS-PC UserName:
14:52:44.419 Initialize success
14:53:39.004 AVAST engine defs: 12021201
14:53:48.938 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:53:48.940 Disk 0 Vendor: WDC_WD6400AAKS-22A7B0 01.03B01 Size: 610480MB BusType: 3
14:53:48.951 Disk 0 MBR read successfully
14:53:48.953 Disk 0 MBR scan
14:53:48.999 Disk 0 unknown MBR code
14:53:49.002 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10001 MB offset 63
14:53:49.013 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 600477 MB offset 20484096
14:53:49.018 Service scanning
14:53:51.186 Modules scanning
14:53:51.189 Disk 0 trace - called modules:
14:53:51.200 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys
14:53:51.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005578790]
14:53:51.206 3 CLASSPNP.SYS[fffffa6000fcec33] -> nt!IofCallDriver -> [0xfffffa8004847520]
14:53:51.211 5 acpi.sys[fffffa6000901fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004844060]
14:53:54.297 AVAST engine scan C:\Windows
14:54:01.896 AVAST engine scan C:\Windows\system32
14:58:06.747 AVAST engine scan C:\Windows\system32\drivers
14:58:38.610 AVAST engine scan C:\Users\Kyle Hawkins
15:02:39.836 Disk 0 MBR has been saved successfully to "C:\Users\Kyle Hawkins\Desktop\MBR.dat"
15:02:39.837 The log file has been saved successfully to "C:\Users\Kyle Hawkins\Desktop\aswMBR.txt"

Back to top

#4 narenxp

Forum Addict

BC Advisor
16,366 posts

Gender:Male
Location:India

Posted 13 February 2012 - 12:31 AM

Download a new copy of TDSSkiller,launch it and click on SCAN

Make sure to select DELETE for TDSSfilesystem

Restart the PC and then run ASWMBR once again and post the log

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Back to top

#5 KyleNeil

New Member

Members
4 posts

Posted 14 February 2012 - 01:55 AM

Well, per your instructions here are the logs:

22:05:41.0286 3752 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
22:05:41.0818 3752 ============================================================
22:05:41.0818 3752 Current date / time: 2012/02/13 22:05:41.0818
22:05:41.0818 3752 SystemInfo:
22:05:41.0818 3752
22:05:41.0818 3752 OS Version: 6.0.6002 ServicePack: 2.0
22:05:41.0818 3752 Product type: Workstation
22:05:41.0818 3752 ComputerName: HAWK-PC
22:05:41.0819 3752 UserName: K Hawk
22:05:41.0819 3752 Windows directory: C:\Windows
22:05:41.0819 3752 System windows directory: C:\Windows
22:05:41.0819 3752 Running under WOW64
22:05:41.0819 3752 Processor architecture: Intel x64
22:05:41.0819 3752 Number of processors: 4
22:05:41.0819 3752 Page size: 0x1000
22:05:41.0819 3752 Boot type: Normal boot
22:05:41.0819 3752 ============================================================
22:05:43.0281 3752 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:05:43.0308 3752 Drive \Device\Harddisk1\DR1 - Size: 0x15D4EF00000 (1397.23 Gb), SectorSize: 0x200, Cylinders: 0x2C87D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:05:43.0826 3752 \Device\Harddisk0\DR0:
22:05:43.0826 3752 MBR used
22:05:43.0826 3752 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1389000, BlocksNum 0x494CE800
22:05:43.0826 3752 \Device\Harddisk1\DR1:
22:05:43.0827 3752 MBR used
22:05:43.0827 3752 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA77000
22:05:43.0872 3752 Initialize success
22:05:43.0872 3752 ============================================================
22:07:00.0620 5012 ============================================================
22:07:00.0620 5012 Scan started
22:07:00.0620 5012 Mode: Manual;
22:07:00.0620 5012 ============================================================
22:07:02.0397 5012 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
22:07:02.0403 5012 ACPI - ok
22:07:02.0505 5012 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
22:07:02.0514 5012 adp94xx - ok
22:07:02.0542 5012 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
22:07:02.0547 5012 adpahci - ok
22:07:02.0568 5012 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
22:07:02.0571 5012 adpu160m - ok
22:07:02.0583 5012 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
22:07:02.0586 5012 adpu320 - ok
22:07:02.0657 5012 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
22:07:02.0676 5012 AFD - ok
22:07:02.0722 5012 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
22:07:02.0723 5012 agp440 - ok
22:07:02.0771 5012 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
22:07:02.0784 5012 aic78xx - ok
22:07:02.0804 5012 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
22:07:02.0806 5012 aliide - ok
22:07:02.0836 5012 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
22:07:02.0838 5012 amdide - ok
22:07:02.0852 5012 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
22:07:02.0853 5012 AmdK8 - ok
22:07:02.0906 5012 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
22:07:02.0909 5012 arc - ok
22:07:02.0929 5012 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
22:07:02.0931 5012 arcsas - ok
22:07:02.0971 5012 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
22:07:02.0973 5012 AsyncMac - ok
22:07:02.0991 5012 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
22:07:02.0992 5012 atapi - ok
22:07:03.0145 5012 atikmdag (9303f8386cadc369248152e4fb508221) C:\Windows\system32\DRIVERS\atikmdag.sys
22:07:03.0261 5012 atikmdag - ok
22:07:03.0310 5012 AtiPcie (db0d3de15edc96e7529fc0d3f7760894) C:\Windows\system32\DRIVERS\AtiPcie.sys
22:07:03.0312 5012 AtiPcie - ok
22:07:03.0383 5012 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
22:07:03.0385 5012 Avgfwfd - ok
22:07:03.0453 5012 AVGIDSDriver (fa46adf6e497cf185160f09e603ce2a3) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
22:07:03.0456 5012 AVGIDSDriver - ok
22:07:03.0502 5012 AVGIDSEH (d6b93e5d8b96a66f55a4d2ee7f24667c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
22:07:03.0503 5012 AVGIDSEH - ok
22:07:03.0517 5012 AVGIDSFilter (ff6551f1ab0da3b30c9dec923f21b504) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
22:07:03.0518 5012 AVGIDSFilter - ok
22:07:03.0592 5012 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
22:07:03.0597 5012 Avgldx64 - ok
22:07:03.0619 5012 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
22:07:03.0621 5012 Avgmfx64 - ok
22:07:03.0663 5012 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
22:07:03.0664 5012 Avgrkx64 - ok
22:07:03.0693 5012 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
22:07:03.0699 5012 Avgtdia - ok
22:07:03.0759 5012 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
22:07:03.0761 5012 blbdrive - ok
22:07:03.0788 5012 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
22:07:03.0790 5012 bowser - ok
22:07:03.0820 5012 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
22:07:03.0822 5012 BrFiltLo - ok
22:07:03.0845 5012 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
22:07:03.0846 5012 BrFiltUp - ok
22:07:03.0877 5012 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
22:07:03.0879 5012 Brserid - ok
22:07:03.0900 5012 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
22:07:03.0902 5012 BrSerWdm - ok
22:07:03.0917 5012 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
22:07:03.0918 5012 BrUsbMdm - ok
22:07:03.0931 5012 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
22:07:03.0932 5012 BrUsbSer - ok
22:07:03.0947 5012 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
22:07:03.0948 5012 BTHMODEM - ok
22:07:04.0007 5012 CAXHWBS2 (551be1536b27dc056ea4d48275efb089) C:\Windows\system32\DRIVERS\CAXHWBS2.sys
22:07:04.0024 5012 CAXHWBS2 - ok
22:07:04.0034 5012 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
22:07:04.0037 5012 cdfs - ok
22:07:04.0089 5012 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
22:07:04.0091 5012 cdrom - ok
22:07:04.0118 5012 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
22:07:04.0119 5012 circlass - ok
22:07:04.0149 5012 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
22:07:04.0155 5012 CLFS - ok
22:07:04.0197 5012 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
22:07:04.0199 5012 cmdide - ok
22:07:04.0217 5012 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
22:07:04.0219 5012 Compbatt - ok
22:07:04.0250 5012 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
22:07:04.0252 5012 crcdisk - ok
22:07:04.0320 5012 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
22:07:04.0323 5012 DfsC - ok
22:07:04.0373 5012 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
22:07:04.0375 5012 disk - ok
22:07:04.0462 5012 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
22:07:04.0465 5012 Dot4 - ok
22:07:04.0526 5012 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:07:04.0532 5012 Dot4Print - ok
22:07:04.0571 5012 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
22:07:04.0573 5012 dot4usb - ok
22:07:04.0613 5012 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
22:07:04.0615 5012 drmkaud - ok
22:07:04.0652 5012 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
22:07:04.0669 5012 DXGKrnl - ok
22:07:04.0750 5012 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
22:07:04.0753 5012 E1G60 - ok
22:07:04.0795 5012 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
22:07:04.0798 5012 Ecache - ok
22:07:04.0836 5012 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
22:07:04.0843 5012 elxstor - ok
22:07:04.0870 5012 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
22:07:04.0872 5012 ErrDev - ok
22:07:04.0955 5012 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
22:07:04.0958 5012 exfat - ok
22:07:04.0986 5012 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
22:07:04.0990 5012 fastfat - ok
22:07:05.0012 5012 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
22:07:05.0014 5012 fdc - ok
22:07:05.0041 5012 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
22:07:05.0044 5012 FileInfo - ok
22:07:05.0065 5012 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
22:07:05.0066 5012 Filetrace - ok
22:07:05.0082 5012 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:07:05.0084 5012 flpydisk - ok
22:07:05.0117 5012 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
22:07:05.0122 5012 FltMgr - ok
22:07:05.0179 5012 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
22:07:05.0180 5012 Fs_Rec - ok
22:07:05.0204 5012 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
22:07:05.0206 5012 gagp30kx - ok
22:07:05.0244 5012 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:07:05.0245 5012 GEARAspiWDM - ok
22:07:05.0313 5012 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
22:07:05.0317 5012 HdAudAddService - ok
22:07:05.0367 5012 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:07:05.0384 5012 HDAudBus - ok
22:07:05.0411 5012 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
22:07:05.0412 5012 HidBth - ok
22:07:05.0432 5012 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
22:07:05.0433 5012 HidIr - ok
22:07:05.0466 5012 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
22:07:05.0467 5012 HidUsb - ok
22:07:05.0508 5012 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
22:07:05.0509 5012 HpCISSs - ok
22:07:05.0591 5012 HSF_DPV (9c369cbc5f19da9968223197b5205f68) C:\Windows\system32\DRIVERS\CAX_DPV.sys
22:07:05.0616 5012 HSF_DPV - ok
22:07:05.0653 5012 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
22:07:05.0670 5012 HTTP - ok
22:07:05.0696 5012 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
22:07:05.0698 5012 i2omp - ok
22:07:05.0730 5012 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
22:07:05.0732 5012 i8042prt - ok
22:07:05.0767 5012 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
22:07:05.0772 5012 iaStorV - ok
22:07:05.0830 5012 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
22:07:05.0832 5012 iirsp - ok
22:07:05.0916 5012 int15 (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\SysWOW64\drivers\int15_64.sys
22:07:05.0917 5012 int15 - ok
22:07:05.0962 5012 IntcAzAudAddService (aecdaa95b5bbfac856c4a22d06d3d76a) C:\Windows\system32\drivers\RTKVHD64.sys
22:07:05.0988 5012 IntcAzAudAddService - ok
22:07:06.0032 5012 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
22:07:06.0033 5012 intelide - ok
22:07:06.0049 5012 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
22:07:06.0068 5012 intelppm - ok
22:07:06.0129 5012 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:07:06.0131 5012 IpFilterDriver - ok
22:07:06.0145 5012 IpInIp - ok
22:07:06.0200 5012 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
22:07:06.0202 5012 IPMIDRV - ok
22:07:06.0225 5012 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
22:07:06.0228 5012 IPNAT - ok
22:07:06.0263 5012 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
22:07:06.0265 5012 IRENUM - ok
22:07:06.0313 5012 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
22:07:06.0315 5012 isapnp - ok
22:07:06.0351 5012 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
22:07:06.0355 5012 iScsiPrt - ok
22:07:06.0387 5012 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
22:07:06.0388 5012 iteatapi - ok
22:07:06.0429 5012 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
22:07:06.0430 5012 iteraid - ok
22:07:06.0454 5012 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
22:07:06.0455 5012 kbdclass - ok
22:07:06.0480 5012 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
22:07:06.0481 5012 kbdhid - ok
22:07:06.0512 5012 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
22:07:06.0535 5012 KSecDD - ok
22:07:06.0563 5012 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
22:07:06.0564 5012 ksthunk - ok
22:07:06.0588 5012 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
22:07:06.0590 5012 lltdio - ok
22:07:06.0618 5012 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
22:07:06.0621 5012 LSI_FC - ok
22:07:06.0636 5012 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
22:07:06.0638 5012 LSI_SAS - ok
22:07:06.0658 5012 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
22:07:06.0661 5012 LSI_SCSI - ok
22:07:06.0686 5012 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
22:07:06.0689 5012 luafv - ok
22:07:06.0769 5012 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
22:07:06.0771 5012 MBAMProtector - ok
22:07:06.0948 5012 mcdbus (2757f2e17c452e24682eb0ccea74997d) C:\Windows\system32\DRIVERS\mcdbus.sys
22:07:06.0952 5012 mcdbus - ok
22:07:06.0969 5012 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:07:06.0971 5012 mdmxsdk - ok
22:07:06.0995 5012 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
22:07:06.0997 5012 megasas - ok
22:07:07.0034 5012 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
22:07:07.0041 5012 MegaSR - ok
22:07:07.0076 5012 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
22:07:07.0078 5012 Modem - ok
22:07:07.0102 5012 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
22:07:07.0104 5012 monitor - ok
22:07:07.0112 5012 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
22:07:07.0114 5012 mouclass - ok
22:07:07.0150 5012 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
22:07:07.0151 5012 mouhid - ok
22:07:07.0178 5012 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
22:07:07.0180 5012 MountMgr - ok
22:07:07.0221 5012 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
22:07:07.0224 5012 mpio - ok
22:07:07.0248 5012 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
22:07:07.0250 5012 mpsdrv - ok
22:07:07.0277 5012 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
22:07:07.0279 5012 Mraid35x - ok
22:07:07.0308 5012 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
22:07:07.0311 5012 MRxDAV - ok
22:07:07.0338 5012 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:07:07.0341 5012 mrxsmb - ok
22:07:07.0367 5012 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:07:07.0372 5012 mrxsmb10 - ok
22:07:07.0400 5012 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:07:07.0402 5012 mrxsmb20 - ok
22:07:07.0422 5012 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
22:07:07.0424 5012 msahci - ok
22:07:07.0442 5012 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
22:07:07.0444 5012 msdsm - ok
22:07:07.0492 5012 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
22:07:07.0493 5012 Msfs - ok
22:07:07.0534 5012 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
22:07:07.0536 5012 msisadrv - ok
22:07:07.0563 5012 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
22:07:07.0565 5012 MSKSSRV - ok
22:07:07.0604 5012 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
22:07:07.0606 5012 MSPCLOCK - ok
22:07:07.0617 5012 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
22:07:07.0618 5012 MSPQM - ok
22:07:07.0663 5012 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
22:07:07.0668 5012 MsRPC - ok
22:07:07.0709 5012 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
22:07:07.0710 5012 mssmbios - ok
22:07:07.0725 5012 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
22:07:07.0726 5012 MSTEE - ok
22:07:07.0741 5012 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
22:07:07.0742 5012 Mup - ok
22:07:07.0803 5012 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
22:07:07.0806 5012 NativeWifiP - ok
22:07:07.0858 5012 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
22:07:07.0875 5012 NDIS - ok
22:07:07.0928 5012 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
22:07:07.0930 5012 NdisTapi - ok
22:07:07.0944 5012 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
22:07:07.0945 5012 Ndisuio - ok
22:07:07.0970 5012 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
22:07:07.0973 5012 NdisWan - ok
22:07:07.0990 5012 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
22:07:07.0992 5012 NDProxy - ok
22:07:08.0051 5012 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
22:07:08.0067 5012 NetBIOS - ok
22:07:08.0102 5012 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
22:07:08.0107 5012 netbt - ok
22:07:08.0151 5012 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
22:07:08.0153 5012 nfrd960 - ok
22:07:08.0204 5012 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
22:07:08.0206 5012 Npfs - ok
22:07:08.0216 5012 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
22:07:08.0217 5012 nsiproxy - ok
22:07:08.0287 5012 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
22:07:08.0313 5012 Ntfs - ok
22:07:08.0345 5012 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
22:07:08.0346 5012 Null - ok
22:07:08.0374 5012 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
22:07:08.0376 5012 nvraid - ok
22:07:08.0395 5012 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
22:07:08.0396 5012 nvstor - ok
22:07:08.0440 5012 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
22:07:08.0443 5012 nv_agp - ok
22:07:08.0450 5012 NwlnkFlt - ok
22:07:08.0459 5012 NwlnkFwd - ok
22:07:08.0519 5012 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
22:07:08.0522 5012 ohci1394 - ok
22:07:08.0601 5012 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
22:07:08.0603 5012 Parport - ok
22:07:08.0615 5012 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
22:07:08.0617 5012 partmgr - ok
22:07:08.0639 5012 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
22:07:08.0642 5012 pci - ok
22:07:08.0683 5012 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
22:07:08.0684 5012 pciide - ok
22:07:08.0728 5012 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
22:07:08.0732 5012 pcmcia - ok
22:07:08.0754 5012 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
22:07:08.0772 5012 PEAUTH - ok
22:07:08.0837 5012 pgfilter - ok
22:07:08.0879 5012 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
22:07:08.0882 5012 PptpMiniport - ok
22:07:08.0899 5012 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
22:07:08.0900 5012 Processor - ok
22:07:08.0945 5012 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
22:07:08.0947 5012 PSched - ok
22:07:08.0993 5012 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
22:07:09.0018 5012 ql2300 - ok
22:07:09.0031 5012 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
22:07:09.0034 5012 ql40xx - ok
22:07:09.0057 5012 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
22:07:09.0058 5012 QWAVEdrv - ok
22:07:09.0071 5012 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
22:07:09.0073 5012 RasAcd - ok
22:07:09.0094 5012 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:07:09.0096 5012 Rasl2tp - ok
22:07:09.0116 5012 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
22:07:09.0118 5012 RasPppoe - ok
22:07:09.0167 5012 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
22:07:09.0169 5012 RasSstp - ok
22:07:09.0195 5012 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
22:07:09.0199 5012 rdbss - ok
22:07:09.0220 5012 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:07:09.0222 5012 RDPCDD - ok
22:07:09.0261 5012 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
22:07:09.0266 5012 rdpdr - ok
22:07:09.0274 5012 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
22:07:09.0275 5012 RDPENCDD - ok
22:07:09.0309 5012 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
22:07:09.0313 5012 RDPWD - ok
22:07:09.0370 5012 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
22:07:09.0372 5012 rspndr - ok
22:07:09.0418 5012 RTHDMIAzAudService (f8da8fc39ce5859c0d8c0fe6524ce465) C:\Windows\system32\drivers\RtHDMIVX.sys
22:07:09.0422 5012 RTHDMIAzAudService - ok
22:07:09.0474 5012 RTSTOR (b6b74a05f4da0231d5d275568a104f89) C:\Windows\system32\drivers\RTSTOR64.SYS
22:07:09.0476 5012 RTSTOR - ok
22:07:09.0567 5012 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
22:07:09.0568 5012 SASDIFSV - ok
22:07:09.0582 5012 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
22:07:09.0583 5012 SASKUTIL - ok
22:07:09.0595 5012 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
22:07:09.0597 5012 sbp2port - ok
22:07:09.0663 5012 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:07:09.0664 5012 secdrv - ok
22:07:09.0683 5012 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
22:07:09.0684 5012 Serenum - ok
22:07:09.0696 5012 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
22:07:09.0698 5012 Serial - ok
22:07:09.0711 5012 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
22:07:09.0712 5012 sermouse - ok
22:07:09.0740 5012 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
22:07:09.0742 5012 sffdisk - ok
22:07:09.0766 5012 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
22:07:09.0767 5012 sffp_mmc - ok
22:07:09.0794 5012 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
22:07:09.0796 5012 sffp_sd - ok
22:07:09.0813 5012 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
22:07:09.0815 5012 sfloppy - ok
22:07:09.0841 5012 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
22:07:09.0842 5012 SiSRaid2 - ok
22:07:09.0858 5012 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
22:07:09.0860 5012 SiSRaid4 - ok
22:07:09.0902 5012 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
22:07:09.0904 5012 Smb - ok
22:07:09.0925 5012 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
22:07:09.0927 5012 spldr - ok
22:07:09.0952 5012 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
22:07:09.0961 5012 srv - ok
22:07:09.0986 5012 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
22:07:09.0990 5012 srv2 - ok
22:07:10.0010 5012 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
22:07:10.0013 5012 srvnet - ok
22:07:10.0076 5012 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
22:07:10.0077 5012 StillCam - ok
22:07:10.0120 5012 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
22:07:10.0121 5012 swenum - ok
22:07:10.0163 5012 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
22:07:10.0165 5012 Symc8xx - ok
22:07:10.0187 5012 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
22:07:10.0188 5012 Sym_hi - ok
22:07:10.0208 5012 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
22:07:10.0210 5012 Sym_u3 - ok
22:07:10.0281 5012 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
22:07:10.0307 5012 Tcpip - ok
22:07:10.0337 5012 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
22:07:10.0347 5012 Tcpip6 - ok
22:07:10.0372 5012 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
22:07:10.0374 5012 tcpipreg - ok
22:07:10.0392 5012 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
22:07:10.0394 5012 TDPIPE - ok
22:07:10.0420 5012 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
22:07:10.0430 5012 TDTCP - ok
22:07:10.0461 5012 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
22:07:10.0463 5012 tdx - ok
22:07:10.0488 5012 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
22:07:10.0490 5012 TermDD - ok
22:07:10.0529 5012 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:07:10.0530 5012 tssecsrv - ok
22:07:10.0563 5012 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
22:07:10.0565 5012 tunmp - ok
22:07:10.0587 5012 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
22:07:10.0589 5012 tunnel - ok
22:07:10.0617 5012 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
22:07:10.0619 5012 uagp35 - ok
22:07:10.0661 5012 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
22:07:10.0665 5012 udfs - ok
22:07:10.0696 5012 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
22:07:10.0698 5012 uliagpkx - ok
22:07:10.0720 5012 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
22:07:10.0724 5012 uliahci - ok
22:07:10.0747 5012 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
22:07:10.0751 5012 UlSata - ok
22:07:10.0773 5012 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
22:07:10.0776 5012 ulsata2 - ok
22:07:10.0804 5012 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
22:07:10.0806 5012 umbus - ok
22:07:10.0873 5012 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
22:07:10.0875 5012 USBAAPL64 - ok
22:07:10.0925 5012 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
22:07:10.0927 5012 usbaudio - ok
22:07:10.0968 5012 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
22:07:10.0970 5012 usbccgp - ok
22:07:10.0995 5012 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
22:07:10.0998 5012 usbcir - ok
22:07:11.0025 5012 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
22:07:11.0027 5012 usbehci - ok
22:07:11.0042 5012 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
22:07:11.0051 5012 usbhub - ok
22:07:11.0089 5012 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
22:07:11.0090 5012 usbohci - ok
22:07:11.0121 5012 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
22:07:11.0123 5012 usbprint - ok
22:07:11.0165 5012 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
22:07:11.0166 5012 usbscan - ok
22:07:11.0190 5012 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:07:11.0192 5012 USBSTOR - ok
22:07:11.0209 5012 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
22:07:11.0211 5012 usbuhci - ok
22:07:11.0274 5012 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
22:07:11.0277 5012 usbvideo - ok
22:07:11.0309 5012 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
22:07:11.0310 5012 vga - ok
22:07:11.0333 5012 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
22:07:11.0334 5012 VgaSave - ok
22:07:11.0355 5012 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
22:07:11.0357 5012 viaide - ok
22:07:11.0377 5012 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
22:07:11.0379 5012 volmgr - ok
22:07:11.0411 5012 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
22:07:11.0427 5012 volmgrx - ok
22:07:11.0481 5012 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
22:07:11.0485 5012 volsnap - ok
22:07:11.0515 5012 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
22:07:11.0518 5012 vsmraid - ok
22:07:11.0566 5012 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
22:07:11.0567 5012 WacomPen - ok
22:07:11.0591 5012 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
22:07:11.0594 5012 Wanarp - ok
22:07:11.0598 5012 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
22:07:11.0599 5012 Wanarpv6 - ok
22:07:11.0641 5012 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
22:07:11.0643 5012 Wd - ok
22:07:11.0673 5012 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
22:07:11.0674 5012 WDC_SAM - ok
22:07:11.0701 5012 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
22:07:11.0716 5012 Wdf01000 - ok
22:07:11.0759 5012 winachsf (d36af55c2c09b55aacf4a65c7fea9c37) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
22:07:11.0777 5012 winachsf - ok
22:07:11.0813 5012 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
22:07:11.0815 5012 WmiAcpi - ok
22:07:11.0873 5012 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
22:07:11.0875 5012 WpdUsb - ok
22:07:11.0917 5012 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
22:07:11.0918 5012 ws2ifsl - ok
22:07:12.0007 5012 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:07:12.0009 5012 WUDFRd - ok
22:07:12.0019 5012 XAudio (e288fa83c178a3458bac1fa80b346c06) C:\Windows\system32\DRIVERS\xaudio64.sys
22:07:12.0021 5012 XAudio - ok
22:07:12.0082 5012 yukonx64 (4d7bd04b794478aba95ea1e03be39c47) C:\Windows\system32\DRIVERS\yk60x64.sys
22:07:12.0087 5012 yukonx64 - ok
22:07:12.0141 5012 MBR (0x1B8) (b751af1acddd7a1a71313731839f4ecb) \Device\Harddisk0\DR0
22:07:14.0667 5012 \Device\Harddisk0\DR0 - ok
22:07:14.0672 5012 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
22:07:14.0677 5012 \Device\Harddisk1\DR1 - ok
22:07:14.0688 5012 Boot (0x1200) (03bdbc780aa2ff0edf05b923a47f6edb) \Device\Harddisk0\DR0\Partition0
22:07:14.0689 5012 \Device\Harddisk0\DR0\Partition0 - ok
22:07:14.0693 5012 Boot (0x1200) (e34c53cd51200d058979c40ec3f76bea) \Device\Harddisk1\DR1\Partition0
22:07:14.0695 5012 \Device\Harddisk1\DR1\Partition0 - ok
22:07:14.0696 5012 ============================================================
22:07:14.0696 5012 Scan finished
22:07:14.0696 5012 ============================================================
22:07:14.0709 4992 Detected object count: 0
22:07:14.0709 4992 Actual detected object count: 0

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-13 22:11:49
-----------------------------
22:11:49.548 OS Version: Windows x64 6.0.6002 Service Pack 2
22:11:49.548 Number of processors: 4 586 0x203
22:11:49.548 ComputerName: HAWK-PC UserName:
22:11:50.750 Initialize success
22:11:57.204 AVAST engine defs: 12021201
22:12:10.246 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:12:10.246 Disk 0 Vendor: WDC_WD6400AAKS-22A7B0 01.03B01 Size: 610480MB BusType: 3
22:12:10.262 Disk 0 MBR read successfully
22:12:10.262 Disk 0 MBR scan
22:12:10.293 Disk 0 unknown MBR code
22:12:10.293 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10001 MB offset 63
22:12:10.324 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 600477 MB offset 20484096
22:12:10.340 Service scanning
22:12:16.190 Modules scanning
22:12:16.190 Disk 0 trace - called modules:
22:12:16.236 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys
22:12:16.236 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005565790]
22:12:16.236 3 CLASSPNP.SYS[fffffa6000fd2c33] -> nt!IofCallDriver -> [0xfffffa8004867580]
22:12:16.236 5 acpi.sys[fffffa60008f6fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004864060]
22:12:18.576 AVAST engine scan C:\Windows
22:12:55.147 AVAST engine scan C:\Windows\system32
22:18:45.623 AVAST engine scan C:\Windows\system32\drivers
22:19:23.881 AVAST engine scan C:\Users\K Hawk
22:37:33.502 AVAST engine scan C:\ProgramData
22:41:12.144 Scan finished successfully
22:41:58.602 Disk 0 MBR has been saved successfully to "C:\Users\Kyle\Desktop\MBR.dat"
22:41:58.607 The log file has been saved successfully to "C:\Users\Kyle\Desktop\aswMBR.txt"

C:\$Recycle.Bin\S-1-5-21-1516023480-2644104442-2674147085-1000\$R822O2M.exe Win32/RegistryBooster application deleted - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\12.02.2012_14.41.12\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\12.02.2012_14.41.12\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\12.02.2012_14.41.12\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\12.02.2012_14.41.12\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AC trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\12.02.2012_14.41.12\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\12.02.2012_14.41.12\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Default\lddcnomalfpffjalpcdpiifckkahehhf\contentscript.js Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Default\lddcnomalfpffjalpcdpiifckkahehhf\contentscript.js Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Users\Kyle\AppData\Local\Temp\mia6C2C.tmp\data\OFFLINE\B0E5A44C\93B9E9B3\Launcher.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\Kyle\AppData\Local\Temp\mia6C2C.tmp\data\OFFLINE\B0E5A44C\93B9E9B3\rbmonitor.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\Kyle\AppData\Local\Temp\mia6C2C.tmp\data\OFFLINE\B0E5A44C\93B9E9B3\rbnotifier.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\Kyle\AppData\Local\Temp\mia6C2C.tmp\data\OFFLINE\B0E5A44C\93B9E9B3\rb_move_serial.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\Kyle\AppData\Local\Temp\mia6C2C.tmp\data\OFFLINE\B0E5A44C\93B9E9B3\rb_ubm.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\Kyle\AppData\Local\Temp\mia6C2C.tmp\data\OFFLINE\B0E5A44C\93B9E9B3\registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\Kyle\AppData\Local\Temp\miaD155.tmp\data\OFFLINE\B0E5A44C\93B9E9B3\Launcher.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\Kyle\AppData\Local\Temp\miaD155.tmp\data\OFFLINE\B0E5A44C\93B9E9B3\rbmonitor.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\Kyle\AppData\Local\Temp\miaD155.tmp\data\OFFLINE\B0E5A44C\93B9E9B3\rbnotifier.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\Kyle\AppData\Local\Temp\miaD155.tmp\data\OFFLINE\B0E5A44C\93B9E9B3\rb_move_serial.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\Kyle\AppData\Local\Temp\miaD155.tmp\data\OFFLINE\B0E5A44C\93B9E9B3\rb_ubm.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\Kyle\AppData\Local\Temp\miaD155.tmp\data\OFFLINE\B0E5A44C\93B9E9B3\registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.lnk Win32/Adware.ADON application cleaned by deleting - quarantined

MiniToolBox by Farbar Version: 18-01-2012
Ran by K Hawk (administrator) on 13-02-2012 at 21:59:27
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "*.local"
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com

There are 15196 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller = Local Area Connection (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Hawk-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 00-1F-E2-5B-1F-88
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1425:a518:9d:e6fe%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, February 12, 2012 2:47:27 PM
Lease Expires . . . . . . . . . . : Tuesday, February 14, 2012 11:04:45 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234889186
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-71-E3-C4-00-1F-E2-5B-1F-88
DNS Servers . . . . . . . . . . . : 68.87.76.182
68.87.78.134
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{2472CDEC-ED80-461C-A887-153115D4831E}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cns.sanjose.ca.sanfran.comcast.net
Address: 68.87.76.182

Name: google.com
Addresses: 74.125.224.79
74.125.224.65
74.125.224.74
74.125.224.70
74.125.224.72
74.125.224.67
74.125.224.66
74.125.224.71
74.125.224.69
74.125.224.68
74.125.224.64
74.125.224.77
74.125.224.78
74.125.224.73
74.125.224.75
74.125.224.76

Pinging google.com [74.125.224.66] with 32 bytes of data:

Reply from 74.125.224.66: bytes=32 time=21ms TTL=54

Reply from 74.125.224.66: bytes=32 time=19ms TTL=54

Ping statistics for 74.125.224.66:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 19ms, Maximum = 21ms, Average = 20ms

Server: cns.sanjose.ca.sanfran.comcast.net
Address: 68.87.76.182

Name: yahoo.com
Addresses: 98.137.149.56
98.139.183.24
209.191.122.70
72.30.2.43

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=56ms TTL=50

Reply from 209.191.122.70: bytes=32 time=60ms TTL=50

Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 56ms, Maximum = 60ms, Average = 58ms

Server: cns.sanjose.ca.sanfran.comcast.net
Address: 68.87.76.182

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=5ms TTL=128

Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 2ms, Maximum = 5ms, Average = 3ms

===========================================================================
Interface List
10 ...00 1f e2 5b 1f 88 ...... Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller
1 ........................... Software Loopback Interface 1
12 ...00 00 00 00 00 00 00 e0 isatap.{2472CDEC-ED80-461C-A887-153115D4831E}
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.100 276
192.168.1.100 255.255.255.255 On-link 192.168.1.100 276
192.168.1.255 255.255.255.255 On-link 192.168.1.100 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.100 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.100 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 276 fe80::/64 On-link
10 276 fe80::1425:a518:9d:e6fe/128
On-link
1 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\wpclsp.dll [102912] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\wpclsp.dll [102912] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\wpclsp.dll [102912] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\wpclsp.dll [102912] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\wpclsp.dll [102912] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\wpclsp.dll [102912] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\wpclsp.dll [102912] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\wpclsp.dll [102912] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 15 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 16 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 17 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 18 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 19 C:\Windows\System32\wpclsp.dll [102912] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/13/2012 08:34:32 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (02/13/2012 08:34:19 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (02/13/2012 08:15:55 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (02/12/2012 11:06:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11139

Error: (02/12/2012 11:06:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11139

Error: (02/12/2012 11:06:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/12/2012 11:06:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10125

Error: (02/12/2012 11:06:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10125

Error: (02/12/2012 11:06:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/12/2012 11:06:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9126

System errors:
=============
Error: (02/12/2012 02:49:22 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (02/12/2012 02:48:41 PM) (Source: Service Control Manager) (User: )
Description: int15%%31

Error: (02/12/2012 00:06:19 PM) (Source: Schannel) (User: )
Description: An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (02/12/2012 11:15:00 AM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (02/12/2012 11:14:14 AM) (Source: Service Control Manager) (User: )
Description: int15%%31

Error: (02/12/2012 11:13:05 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:09:57 AM on 2/11/2012 was unexpected.

Error: (02/11/2012 10:04:48 AM) (Source: DCOM) (User: )
Description: {00020906-0000-0000-C000-000000000046}

Error: (02/11/2012 10:03:37 AM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (02/11/2012 10:02:26 AM) (Source: Service Control Manager) (User: )
Description: int15%%31

Error: (02/09/2012 08:31:39 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Microsoft Office Sessions:
=========================
Error: (02/13/2012 08:34:32 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\Kyle\Desktop\esetsmartinstaller_enu.exe

Error: (02/13/2012 08:34:19 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\Kyle\Desktop\esetsmartinstaller_enu.exe

Error: (02/13/2012 08:15:55 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\Kyle\Desktop\esetsmartinstaller_enu.exe

Error: (02/12/2012 11:06:45 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11139

Error: (02/12/2012 11:06:45 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11139

Error: (02/12/2012 11:06:45 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/12/2012 11:06:44 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10125

Error: (02/12/2012 11:06:44 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10125

Error: (02/12/2012 11:06:44 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/12/2012 11:06:43 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9126

=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 2.2.5)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.55)
AIO_CDB_ToolboxIni64 (Version: 82.0.242.000)
Apple Mobile Device Support (Version: 4.0.0.97)
ATI Catalyst Install Manager (Version: 3.0.708.0)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2112)
AVG 2012 (Version: 2012.0.1913)
Bonjour (Version: 3.0.0.10)
ccc-utility64 (Version: 2009.0113.2222.40119)
CCleaner (Version: 3.15)
COMODO SafeSurf (Version: 1.0.1.10)
HP Customer Participation Program 8.0 (Version: 8.0)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP OCR Software 8.0 (Version: 8.0)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (Version: 8.0)
HP Solution Center 8.0 (Version: 8.0)
iCloud (Version: 1.0.2.17)
iTunes (Version: 10.5.2.11)
Java™ 6 Update 12 (64-bit) (Version: 6.0.120)
Marvell® Wireless Card Software Package (Version: 2.0.32.3)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
MobileMe Control Panel (Version: 3.1.8.0)
Native Instruments Controller Editor (Version: 1.4.2.848)
Native Instruments Guitar Rig 4 (Version: 4.2.1.2432)
Native Instruments Guitar Rig 5 (Version: 5.0.2.2476)
Native Instruments Guitar Rig Factory Selection for Maschine (Version: 1.0.0.003)
Native Instruments Guitar Rig Mobile I/O (Version: 3.0.0.625)
Native Instruments Guitar Rig Session I/O (Version: 3.0.0.625)
Native Instruments Rig Kontrol 3 (Version: 3.0.0.625)
Native Instruments Service Center (Version: 2.3.0.853)
Network64 (Version: 110.0.180.000)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
Sansa Updater
Soft Data Fax Modem with SmartCP
SUPERAntiSpyware (Version: 5.0.1144)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)

========================= Memory info: ===================================

Percentage of memory in use: 70%
Total physical RAM: 3838.27 MB
Available physical RAM: 1131.97 MB
Total Pagefile: 7892.98 MB
Available Pagefile: 4580.11 MB
Total Virtual: 4095.88 MB
Available Virtual: 3988.41 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:586.4 GB) (Free:352.55 GB) NTFS
2 Drive d: (My Book) (Fixed) (Total:1397.23 GB) (Free:1328.23 GB) NTFS

========================= Users: ========================================

User accounts for \\HAWK-PC

Administrator Guest Jen
Kyle The Girls

**** End of log ****

Back to top

#6 infected41

New Member

Members
1 posts

Posted 14 February 2012 - 06:21 AM

I am infected with the same trojan(Rootkit.Boot.Pihar.b ) and tried everything to remove it, and its always reappearing after reboot. I hope there is a way to remove it without reinstalling the operating system.

Edited by infected41, 14 February 2012 - 06:34 AM.

Back to top

#7 narenxp

Forum Addict

BC Advisor
16,366 posts

Gender:Male
Location:India

Posted 14 February 2012 - 08:33 AM

KyleNeil

That looks good,it seems spybot edited your HOSTS file

Download HOSTS FIX

http://go.microsoft.com/?linkid=9668866

Run the fixit,restart the PC

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Uninstall your java update from add or remove programs and download latest from here

http://www.java.com/en/

Update your antivirus frequently,do not click on suspicious links

Safe surfing

Edited by narenxp, 14 February 2012 - 08:33 AM.

Back to top

#8 narenxp

Forum Addict

BC Advisor
16,366 posts

Gender:Male
Location:India

Posted 14 February 2012 - 08:34 AM

infected41

Read the guide here

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

Back to top

#9 KyleNeil

New Member

Members
4 posts

Posted 14 February 2012 - 10:25 AM

Serious thanks for your help.

Cheers!

KyleNeil

Back to top

#10 narenxp

Forum Addict

BC Advisor
16,366 posts

Gender:Male
Location:India

Posted 14 February 2012 - 10:42 AM

You're most welcome

Back to top

#11 prpapi22

New Member

Members
1 posts

Posted 15 July 2012 - 09:45 PM

This trojan is a headache found it after I started hearing audio from my computer without anything running, scared the heck out of me. I used malewarebytes, superantispyware and AVG pro... most did not detect it. I used SPybot and it blocked it for about an hour or so. I went to task manager right clicked it and denied all properties.