Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unhide.exe


  • Please log in to reply
4 replies to this topic

#1 Magma

Magma

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 29 October 2011 - 03:32 PM

My computer recently became infected with the "System Restore Virus". I tried the various differnt rkill programs unsuccessfully and also malewarebytes.

I followed other instructions I found on the web, and I removed several files related to the System Restore virus.

My computer now starts normally, but all my programs are missing from the start menu.

I downloaded unhide .exe, but when I run it, I get an error message thet "unhide has stopped working.

Any suggestions will be appreciated.

Edit: Moved topic from Vista to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:26 AM

Posted 05 November 2011 - 12:26 PM

Hi Magma,

:welcome: to BleepingComputer.
We sincerely apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Do you still need help? If so, continue to follow these instructions:

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 

:step1: As this infection is known to be bundled with the TDSS rootkit infection, you should also run a program that can be used to scan for this infection. Please carefully follow the steps in the following guide:

How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller If you have previously downloaded TDSSkiller, please download a new version, as it is updated often.

:step2: Download & Run Unhide
Unhide.exe
Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

If Unhide does not work, try running it again.

:step3: Rerun Malwarebytes
Open Malwarebytes, click on the Update tab, and click the check for Updates button (the latest update as of this post is 8091).
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

If you have trouble updating, troubleshoot Malwarebytes' Anti-Malware

In your next reply, please include:
  • TDSSkiller log (located at C:\)
  • Malwarebytes log
  • How's your computer running now? Please be as descriptive as possible.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 Magma

Magma
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 09 November 2011 - 11:21 PM

Jason,

Thanks for your response,

I downloaded TDSSKILLER and ran it successfully. I believe it found and fixed one problem.

I ran unhide. A Windows dialog box popped up that stated pec.exe has stopped working. Windows is looking for a solution etc. This occurred approx. five times. I closed the window each time. Eventually, Unhide completeted successfully. I then ran Malewarebytes; it discovered and removed or quarantined over 200 infections.

My windows search wasn't working properly unless I checked use non-indexed locations. I tried re-indexing all files and also rebuilt the index. This has not solved the problem. I also had problems with inrertnet explorer; it could not connect to Yahoo, the default page. I downloaded the latest update and also updated Aol to 9.6. Exccept for the search problm, the laptop seemed to be working fine.

When I booted up this morning, the windows blue crash screen appeared. I rebooted several times with the same result. I selected the repair option and only received "other user sign on box. It did not display my sign on box. I eventually started the boot with the original installation disk and selected startup repair. Windows eventually started after 20 minutes.

I attempted to fix the index problems and also discovered that I cannot gain access to the C:\ drive documents and settings folder. I tried changing ownership and was denied access. Also Many of my folders are empty. Aol has disappeared. Internet Explorer is no longer working properly, and many Dell folders are empty. Administrative tools folder is also empty. Malwarebytes has disappeared.

Following, I will try to copy and paste the logs you requested.

00:11:05.0204 3572 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49
00:11:06.0104 3572 ============================================================
00:11:06.0104 3572 Current date / time: 2011/11/06 00:11:06.0104
00:11:06.0104 3572 SystemInfo:
00:11:06.0104 3572
00:11:06.0104 3572 OS Version: 6.0.6002 ServicePack: 2.0
00:11:06.0104 3572 Product type: Workstation
00:11:06.0104 3572 ComputerName: KERRIGIRL1030
00:11:06.0104 3572 UserName: Kerrigirl
00:11:06.0104 3572 Windows directory: C:\Windows
00:11:06.0104 3572 System windows directory: C:\Windows
00:11:06.0104 3572 Running under WOW64
00:11:06.0104 3572 Processor architecture: Intel x64
00:11:06.0104 3572 Number of processors: 2
00:11:06.0104 3572 Page size: 0x1000
00:11:06.0104 3572 Boot type: Normal boot
00:11:06.0104 3572 ============================================================
00:11:07.0436 3572 Initialize success
00:11:58.0940 3476 ============================================================
00:11:58.0940 3476 Scan started
00:11:58.0940 3476 Mode: Manual;
00:11:58.0940 3476 ============================================================
00:12:00.0396 3476 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
00:12:00.0400 3476 ACPI - ok
00:12:00.0514 3476 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
00:12:00.0543 3476 adp94xx - ok
00:12:00.0615 3476 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
00:12:00.0630 3476 adpahci - ok
00:12:00.0662 3476 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
00:12:00.0669 3476 adpu160m - ok
00:12:00.0700 3476 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
00:12:00.0708 3476 adpu320 - ok
00:12:00.0803 3476 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
00:12:00.0884 3476 AFD - ok
00:12:00.0944 3476 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
00:12:00.0948 3476 agp440 - ok
00:12:01.0007 3476 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
00:12:01.0012 3476 aic78xx - ok
00:12:01.0061 3476 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
00:12:01.0106 3476 aliide - ok
00:12:01.0130 3476 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
00:12:01.0133 3476 amdide - ok
00:12:01.0155 3476 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
00:12:01.0167 3476 AmdK8 - ok
00:12:01.0241 3476 ApfiltrService (8c85c812569df851e7a2159147323dfa) C:\Windows\system32\DRIVERS\Apfiltr.sys
00:12:01.0289 3476 ApfiltrService - ok
00:12:01.0369 3476 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
00:12:01.0375 3476 arc - ok
00:12:01.0434 3476 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
00:12:01.0439 3476 arcsas - ok
00:12:01.0498 3476 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
00:12:01.0503 3476 AsyncMac - ok
00:12:01.0555 3476 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
00:12:01.0556 3476 atapi - ok
00:12:01.0627 3476 BCM42RLY (70a746dca80368a4155ba9014dc103d9) C:\Windows\system32\drivers\BCM42RLY.sys
00:12:01.0629 3476 BCM42RLY - ok
00:12:01.0732 3476 BCM43XX (d32f962b71fee6bdaaee630bb2c17280) C:\Windows\system32\DRIVERS\bcmwl664.sys
00:12:01.0806 3476 BCM43XX - ok
00:12:01.0881 3476 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
00:12:01.0887 3476 blbdrive - ok
00:12:02.0014 3476 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
00:12:02.0091 3476 bowser - ok
00:12:02.0205 3476 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
00:12:02.0214 3476 BrFiltLo - ok
00:12:02.0255 3476 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
00:12:02.0263 3476 BrFiltUp - ok
00:12:02.0328 3476 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
00:12:02.0338 3476 Brserid - ok
00:12:02.0357 3476 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
00:12:02.0365 3476 BrSerWdm - ok
00:12:02.0380 3476 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
00:12:02.0388 3476 BrUsbMdm - ok
00:12:02.0402 3476 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
00:12:02.0407 3476 BrUsbSer - ok
00:12:02.0421 3476 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
00:12:02.0428 3476 BTHMODEM - ok
00:12:02.0485 3476 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
00:12:02.0487 3476 cdfs - ok
00:12:02.0546 3476 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
00:12:02.0552 3476 cdrom - ok
00:12:02.0667 3476 cfwids (75f91554e5fa6e962b880405fecc97a1) C:\Windows\system32\drivers\cfwids.sys
00:12:02.0668 3476 cfwids - ok
00:12:02.0719 3476 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
00:12:02.0727 3476 circlass - ok
00:12:02.0780 3476 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
00:12:02.0793 3476 CLFS - ok
00:12:02.0865 3476 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
00:12:02.0871 3476 CmBatt - ok
00:12:02.0903 3476 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
00:12:02.0907 3476 cmdide - ok
00:12:02.0920 3476 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
00:12:02.0926 3476 Compbatt - ok
00:12:02.0944 3476 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
00:12:02.0952 3476 crcdisk - ok
00:12:03.0074 3476 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
00:12:03.0118 3476 DfsC - ok
00:12:03.0240 3476 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
00:12:03.0244 3476 disk - ok
00:12:03.0324 3476 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
00:12:03.0326 3476 drmkaud - ok
00:12:03.0380 3476 DXGKrnl (e828cdca431d1f98d33501dfc390079a) C:\Windows\System32\drivers\dxgkrnl.sys
00:12:03.0386 3476 DXGKrnl - ok
00:12:03.0481 3476 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
00:12:03.0489 3476 e1express - ok
00:12:03.0602 3476 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
00:12:03.0608 3476 E1G60 - ok
00:12:03.0713 3476 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
00:12:03.0719 3476 Ecache - ok
00:12:03.0776 3476 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
00:12:03.0794 3476 elxstor - ok
00:12:03.0831 3476 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
00:12:03.0836 3476 ErrDev - ok
00:12:03.0893 3476 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
00:12:03.0901 3476 exfat - ok
00:12:03.0959 3476 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
00:12:03.0968 3476 fastfat - ok
00:12:04.0018 3476 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
00:12:04.0025 3476 fdc - ok
00:12:04.0079 3476 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
00:12:04.0085 3476 FileInfo - ok
00:12:04.0112 3476 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
00:12:04.0120 3476 Filetrace - ok
00:12:04.0158 3476 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
00:12:04.0162 3476 flpydisk - ok
00:12:04.0206 3476 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
00:12:04.0220 3476 FltMgr - ok
00:12:04.0280 3476 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
00:12:04.0282 3476 Fs_Rec - ok
00:12:04.0317 3476 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
00:12:04.0325 3476 gagp30kx - ok
00:12:04.0359 3476 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:12:04.0418 3476 GEARAspiWDM - ok
00:12:04.0507 3476 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:12:04.0513 3476 HDAudBus - ok
00:12:04.0525 3476 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
00:12:04.0529 3476 HidBth - ok
00:12:04.0568 3476 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
00:12:04.0573 3476 HidIr - ok
00:12:04.0642 3476 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
00:12:04.0646 3476 HidUsb - ok
00:12:04.0725 3476 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
00:12:04.0728 3476 HpCISSs - ok
00:12:04.0827 3476 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
00:12:04.0848 3476 HTTP - ok
00:12:04.0861 3476 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
00:12:04.0868 3476 i2omp - ok
00:12:04.0924 3476 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
00:12:04.0928 3476 i8042prt - ok
00:12:04.0970 3476 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
00:12:04.0981 3476 iaStorV - ok
00:12:05.0408 3476 igfx (cf00559906e45ecc6f035913880be2fc) C:\Windows\system32\DRIVERS\igdkmd64.sys
00:12:05.0719 3476 igfx - ok
00:12:05.0849 3476 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
00:12:05.0856 3476 iirsp - ok
00:12:05.0919 3476 IntcHdmiAddService (dea2ab452b4fa773187369c4b6517320) C:\Windows\system32\drivers\IntcHdmi.sys
00:12:05.0993 3476 IntcHdmiAddService - ok
00:12:06.0053 3476 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
00:12:06.0061 3476 intelide - ok
00:12:06.0085 3476 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
00:12:06.0086 3476 intelppm - ok
00:12:06.0163 3476 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:12:06.0169 3476 IpFilterDriver - ok
00:12:06.0188 3476 IpInIp - ok
00:12:06.0208 3476 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
00:12:06.0218 3476 IPMIDRV - ok
00:12:06.0257 3476 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
00:12:06.0263 3476 IPNAT - ok
00:12:06.0310 3476 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
00:12:06.0314 3476 IRENUM - ok
00:12:06.0363 3476 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
00:12:06.0368 3476 isapnp - ok
00:12:06.0445 3476 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
00:12:06.0448 3476 iScsiPrt - ok
00:12:06.0479 3476 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
00:12:06.0485 3476 iteatapi - ok
00:12:06.0506 3476 itecir (5fef11c18ec25cdcb27e6c8680690b69) C:\Windows\system32\DRIVERS\itecir.sys
00:12:06.0580 3476 itecir - ok
00:12:06.0614 3476 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
00:12:06.0621 3476 iteraid - ok
00:12:06.0694 3476 k57nd60a (455b75c19bf3f1f2ee3ac10e1169826c) C:\Windows\system32\DRIVERS\k57nd60a.sys
00:12:06.0778 3476 k57nd60a - ok
00:12:06.0817 3476 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
00:12:06.0821 3476 kbdclass - ok
00:12:06.0873 3476 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
00:12:06.0882 3476 kbdhid - ok
00:12:06.0958 3476 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
00:12:06.0981 3476 KSecDD - ok
00:12:07.0007 3476 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
00:12:07.0011 3476 ksthunk - ok
00:12:07.0058 3476 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
00:12:07.0063 3476 lltdio - ok
00:12:07.0126 3476 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
00:12:07.0131 3476 LSI_FC - ok
00:12:07.0155 3476 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
00:12:07.0160 3476 LSI_SAS - ok
00:12:07.0213 3476 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
00:12:07.0217 3476 LSI_SCSI - ok
00:12:07.0258 3476 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
00:12:07.0265 3476 luafv - ok
00:12:07.0348 3476 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
00:12:07.0354 3476 megasas - ok
00:12:07.0391 3476 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
00:12:07.0403 3476 MegaSR - ok
00:12:07.0452 3476 mfeapfk (eac376dd77ec9e95d38108a27c261dca) C:\Windows\system32\drivers\mfeapfk.sys
00:12:07.0513 3476 mfeapfk - ok
00:12:07.0539 3476 mfeavfk (f55f50b11d635658f346db0457bb2b79) C:\Windows\system32\drivers\mfeavfk.sys
00:12:07.0612 3476 mfeavfk - ok
00:12:07.0629 3476 mfeavfk01 - ok
00:12:07.0686 3476 mfefirek (33b8e35c5839a83d6700aab3e464553b) C:\Windows\system32\drivers\mfefirek.sys
00:12:07.0743 3476 mfefirek - ok
00:12:07.0802 3476 mfehidk (ada8c105c8f9a61284c75157c170585b) C:\Windows\system32\drivers\mfehidk.sys
00:12:07.0824 3476 mfehidk - ok
00:12:07.0865 3476 mfenlfk (c52ee6d1e1e5a69c989acc478051964e) C:\Windows\system32\DRIVERS\mfenlfk.sys
00:12:07.0912 3476 mfenlfk - ok
00:12:07.0941 3476 mferkdet (b000720e19ef733f938a6269d630f5dd) C:\Windows\system32\drivers\mferkdet.sys
00:12:07.0991 3476 mferkdet - ok
00:12:08.0094 3476 mfewfpk (62717ab68b38efee54678b85e19b0538) C:\Windows\system32\drivers\mfewfpk.sys
00:12:08.0146 3476 mfewfpk - ok
00:12:08.0182 3476 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
00:12:08.0185 3476 Modem - ok
00:12:08.0244 3476 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
00:12:08.0245 3476 monitor - ok
00:12:08.0270 3476 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
00:12:08.0273 3476 mouclass - ok
00:12:08.0299 3476 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
00:12:08.0304 3476 mouhid - ok
00:12:08.0324 3476 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
00:12:08.0328 3476 MountMgr - ok
00:12:08.0392 3476 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
00:12:08.0401 3476 mpio - ok
00:12:08.0450 3476 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
00:12:08.0457 3476 mpsdrv - ok
00:12:08.0498 3476 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
00:12:08.0503 3476 Mraid35x - ok
00:12:08.0551 3476 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
00:12:08.0559 3476 MRxDAV - ok
00:12:08.0616 3476 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:12:08.0681 3476 mrxsmb - ok
00:12:08.0741 3476 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:12:08.0789 3476 mrxsmb10 - ok
00:12:08.0836 3476 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:12:08.0880 3476 mrxsmb20 - ok
00:12:08.0957 3476 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
00:12:08.0961 3476 msahci - ok
00:12:09.0009 3476 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
00:12:09.0014 3476 msdsm - ok
00:12:09.0078 3476 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
00:12:09.0083 3476 Msfs - ok
00:12:09.0123 3476 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
00:12:09.0127 3476 msisadrv - ok
00:12:09.0172 3476 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
00:12:09.0198 3476 MSKSSRV - ok
00:12:09.0227 3476 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
00:12:09.0230 3476 MSPCLOCK - ok
00:12:09.0243 3476 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
00:12:09.0248 3476 MSPQM - ok
00:12:09.0302 3476 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
00:12:09.0313 3476 MsRPC - ok
00:12:09.0369 3476 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
00:12:09.0371 3476 mssmbios - ok
00:12:09.0528 3476 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
00:12:09.0563 3476 MSTEE - ok
00:12:09.0618 3476 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
00:12:09.0625 3476 Mup - ok
00:12:09.0707 3476 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
00:12:09.0713 3476 NativeWifiP - ok
00:12:09.0793 3476 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
00:12:09.0800 3476 NDIS - ok
00:12:09.0876 3476 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
00:12:09.0886 3476 NdisTapi - ok
00:12:09.0922 3476 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
00:12:09.0930 3476 Ndisuio - ok
00:12:09.0984 3476 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
00:12:09.0993 3476 NdisWan - ok
00:12:10.0037 3476 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
00:12:10.0045 3476 NDProxy - ok
00:12:10.0062 3476 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
00:12:10.0068 3476 NetBIOS - ok
00:12:10.0124 3476 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
00:12:10.0135 3476 netbt - ok
00:12:10.0197 3476 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
00:12:10.0202 3476 nfrd960 - ok
00:12:10.0482 3476 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
00:12:10.0486 3476 Npfs - ok
00:12:10.0529 3476 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
00:12:10.0533 3476 nsiproxy - ok
00:12:10.0635 3476 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
00:12:10.0704 3476 Ntfs - ok
00:12:10.0736 3476 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
00:12:10.0741 3476 Null - ok
00:12:10.0794 3476 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
00:12:10.0803 3476 nvraid - ok
00:12:10.0832 3476 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
00:12:10.0837 3476 nvstor - ok
00:12:10.0886 3476 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
00:12:10.0894 3476 nv_agp - ok
00:12:10.0906 3476 NwlnkFlt - ok
00:12:10.0922 3476 NwlnkFwd - ok
00:12:10.0961 3476 OA001Ufd (706f5504af9f28c8641dab5eddfde03b) C:\Windows\system32\DRIVERS\OA001Ufd.sys
00:12:11.0020 3476 OA001Ufd - ok
00:12:11.0046 3476 OA001Vid (f39a394bdb20217db5d6d91d54e83bf5) C:\Windows\system32\DRIVERS\OA001Vid.sys
00:12:11.0095 3476 OA001Vid - ok
00:12:11.0161 3476 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
00:12:11.0162 3476 ohci1394 - ok
00:12:11.0232 3476 Packet (43e24699a18126f11e3d9bf6db85518b) C:\Windows\system32\DRIVERS\packet.sys
00:12:11.0277 3476 Packet - ok
00:12:11.0303 3476 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
00:12:11.0308 3476 Parport - ok
00:12:11.0356 3476 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
00:12:11.0363 3476 partmgr - ok
00:12:11.0448 3476 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
00:12:11.0455 3476 pci - ok
00:12:11.0488 3476 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
00:12:11.0493 3476 pciide - ok
00:12:11.0523 3476 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
00:12:11.0532 3476 pcmcia - ok
00:12:11.0605 3476 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
00:12:11.0632 3476 PEAUTH - ok
00:12:11.0819 3476 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
00:12:11.0827 3476 PptpMiniport - ok
00:12:11.0860 3476 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
00:12:11.0869 3476 Processor - ok
00:12:11.0977 3476 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
00:12:11.0980 3476 PSched - ok
00:12:12.0006 3476 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
00:12:12.0085 3476 PxHlpa64 - ok
00:12:12.0140 3476 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
00:12:12.0185 3476 ql2300 - ok
00:12:12.0221 3476 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
00:12:12.0227 3476 ql40xx - ok
00:12:12.0286 3476 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
00:12:12.0291 3476 QWAVEdrv - ok
00:12:12.0403 3476 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
00:12:12.0484 3476 R300 - ok
00:12:12.0506 3476 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
00:12:12.0509 3476 RasAcd - ok
00:12:12.0574 3476 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:12:12.0582 3476 Rasl2tp - ok
00:12:12.0635 3476 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
00:12:12.0639 3476 RasPppoe - ok
00:12:12.0699 3476 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
00:12:12.0706 3476 RasSstp - ok
00:12:12.0766 3476 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
00:12:12.0776 3476 rdbss - ok
00:12:12.0822 3476 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:12:12.0826 3476 RDPCDD - ok
00:12:12.0880 3476 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
00:12:12.0892 3476 rdpdr - ok
00:12:12.0905 3476 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
00:12:12.0909 3476 RDPENCDD - ok
00:12:12.0953 3476 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
00:12:12.0962 3476 RDPWD - ok
00:12:13.0044 3476 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
00:12:13.0116 3476 rimmptsk - ok
00:12:13.0130 3476 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
00:12:13.0199 3476 rimsptsk - ok
00:12:13.0227 3476 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
00:12:13.0273 3476 rismxdp - ok
00:12:13.0324 3476 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
00:12:13.0328 3476 rspndr - ok
00:12:13.0345 3476 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
00:12:13.0349 3476 sbp2port - ok
00:12:13.0428 3476 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
00:12:13.0434 3476 sdbus - ok
00:12:13.0500 3476 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:12:13.0503 3476 secdrv - ok
00:12:13.0539 3476 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
00:12:13.0542 3476 Serenum - ok
00:12:13.0573 3476 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
00:12:13.0580 3476 Serial - ok
00:12:13.0635 3476 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
00:12:13.0642 3476 sermouse - ok
00:12:13.0715 3476 sffdisk (3a19c899bcf0ea24cfec2038e6a489db) C:\Windows\system32\DRIVERS\sffdisk.sys
00:12:13.0718 3476 sffdisk - ok
00:12:13.0758 3476 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
00:12:13.0762 3476 sffp_mmc - ok
00:12:13.0794 3476 sffp_sd (fdca63a2eee528585eb66ceac183ec22) C:\Windows\system32\DRIVERS\sffp_sd.sys
00:12:13.0799 3476 sffp_sd - ok
00:12:13.0828 3476 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
00:12:13.0832 3476 sfloppy - ok
00:12:13.0851 3476 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
00:12:13.0857 3476 SiSRaid2 - ok
00:12:13.0883 3476 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
00:12:13.0889 3476 SiSRaid4 - ok
00:12:13.0981 3476 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
00:12:13.0989 3476 Smb - ok
00:12:14.0042 3476 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
00:12:14.0046 3476 spldr - ok
00:12:14.0122 3476 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
00:12:14.0172 3476 srv - ok
00:12:14.0227 3476 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
00:12:14.0274 3476 srv2 - ok
00:12:14.0324 3476 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
00:12:14.0370 3476 srvnet - ok
00:12:14.0462 3476 STHDA (3000130bf688878db2e76c6bb2d354c0) C:\Windows\system32\DRIVERS\stwrt64.sys
00:12:14.0517 3476 STHDA - ok
00:12:14.0581 3476 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
00:12:14.0584 3476 StillCam - ok
00:12:14.0622 3476 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
00:12:14.0628 3476 swenum - ok
00:12:14.0656 3476 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
00:12:14.0661 3476 Symc8xx - ok
00:12:14.0684 3476 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
00:12:14.0692 3476 Sym_hi - ok
00:12:14.0710 3476 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
00:12:14.0714 3476 Sym_u3 - ok
00:12:14.0809 3476 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
00:12:14.0933 3476 Tcpip - ok
00:12:15.0002 3476 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
00:12:15.0016 3476 Tcpip6 - ok
00:12:15.0059 3476 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
00:12:15.0064 3476 tcpipreg - ok
00:12:15.0107 3476 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
00:12:15.0110 3476 TDPIPE - ok
00:12:15.0130 3476 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
00:12:15.0140 3476 TDTCP - ok
00:12:15.0194 3476 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
00:12:15.0201 3476 tdx - ok
00:12:15.0261 3476 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
00:12:15.0269 3476 TermDD - ok
00:12:15.0331 3476 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:12:15.0334 3476 tssecsrv - ok
00:12:15.0390 3476 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
00:12:15.0394 3476 tunmp - ok
00:12:15.0449 3476 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
00:12:15.0453 3476 tunnel - ok
00:12:15.0536 3476 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
00:12:15.0541 3476 uagp35 - ok
00:12:15.0589 3476 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
00:12:15.0600 3476 udfs - ok
00:12:15.0627 3476 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
00:12:15.0633 3476 uliagpkx - ok
00:12:15.0671 3476 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
00:12:15.0683 3476 uliahci - ok
00:12:15.0714 3476 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
00:12:15.0721 3476 UlSata - ok
00:12:15.0751 3476 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
00:12:15.0760 3476 ulsata2 - ok
00:12:15.0795 3476 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
00:12:15.0801 3476 umbus - ok
00:12:15.0835 3476 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
00:12:15.0879 3476 USBAAPL64 - ok
00:12:15.0953 3476 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
00:12:15.0957 3476 usbccgp - ok
00:12:15.0991 3476 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
00:12:15.0998 3476 usbcir - ok
00:12:16.0051 3476 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
00:12:16.0059 3476 usbehci - ok
00:12:16.0092 3476 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
00:12:16.0102 3476 usbhub - ok
00:12:16.0138 3476 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
00:12:16.0142 3476 usbohci - ok
00:12:16.0204 3476 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
00:12:16.0208 3476 usbprint - ok
00:12:16.0268 3476 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:12:16.0272 3476 USBSTOR - ok
00:12:16.0325 3476 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
00:12:16.0329 3476 usbuhci - ok
00:12:16.0392 3476 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
00:12:16.0402 3476 usbvideo - ok
00:12:16.0477 3476 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
00:12:16.0486 3476 vga - ok
00:12:16.0533 3476 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
00:12:16.0541 3476 VgaSave - ok
00:12:16.0580 3476 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
00:12:16.0585 3476 viaide - ok
00:12:16.0637 3476 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
00:12:16.0646 3476 volmgr - ok
00:12:16.0716 3476 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
00:12:16.0740 3476 volmgrx - ok
00:12:16.0808 3476 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
00:12:16.0820 3476 volsnap - ok
00:12:16.0865 3476 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
00:12:16.0873 3476 vsmraid - ok
00:12:16.0911 3476 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
00:12:16.0919 3476 WacomPen - ok
00:12:16.0972 3476 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
00:12:16.0977 3476 Wanarp - ok
00:12:16.0987 3476 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
00:12:16.0989 3476 Wanarpv6 - ok
00:12:17.0037 3476 wanatw (eceb715bece47e101ddec06b11126066) C:\Windows\system32\DRIVERS\wanatw64.sys
00:12:17.0038 3476 wanatw - ok
00:12:17.0080 3476 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
00:12:17.0084 3476 Wd - ok
00:12:17.0151 3476 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
00:12:17.0218 3476 Wdf01000 - ok
00:12:17.0315 3476 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:12:17.0315 3476 WmiAcpi - ok
00:12:17.0359 3476 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
00:12:17.0362 3476 WpdUsb - ok
00:12:17.0389 3476 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
00:12:17.0394 3476 ws2ifsl - ok
00:12:17.0474 3476 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:12:17.0481 3476 WUDFRd - ok
00:12:17.0529 3476 MBR (0x1B8) (109e7f610bbf3fa6cffd21bf8dee2826) \Device\Harddisk0\DR0
00:12:17.0530 3476 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
00:12:17.0530 3476 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
00:12:17.0545 3476 Boot (0x1200) (ab52876bda9b0217505a04991d33c923) \Device\Harddisk0\DR0\Partition0
00:12:17.0547 3476 \Device\Harddisk0\DR0\Partition0 - ok
00:12:17.0561 3476 Boot (0x1200) (94e474f39292e9893b01958c5529ec82) \Device\Harddisk0\DR0\Partition1
00:12:17.0562 3476 \Device\Harddisk0\DR0\Partition1 - ok
00:12:17.0565 3476 ============================================================
00:12:17.0565 3476 Scan finished
00:12:17.0565 3476 ============================================================
00:12:17.0575 4720 Detected object count: 1
00:12:17.0575 4720 Actual detected object count: 1
00:13:04.0924 4720 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
00:13:04.0925 4720 \Device\Harddisk0\DR0 - ok
00:13:04.0927 4720 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
00:13:50.0389 0704 Deinitialize success


MBAM

00:11:05.0204 3572 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49
00:11:06.0104 3572 ============================================================
00:11:06.0104 3572 Current date / time: 2011/11/06 00:11:06.0104
00:11:06.0104 3572 SystemInfo:
00:11:06.0104 3572
00:11:06.0104 3572 OS Version: 6.0.6002 ServicePack: 2.0
00:11:06.0104 3572 Product type: Workstation
00:11:06.0104 3572 ComputerName: KERRIGIRL1030
00:11:06.0104 3572 UserName: Kerrigirl
00:11:06.0104 3572 Windows directory: C:\Windows
00:11:06.0104 3572 System windows directory: C:\Windows
00:11:06.0104 3572 Running under WOW64
00:11:06.0104 3572 Processor architecture: Intel x64
00:11:06.0104 3572 Number of processors: 2
00:11:06.0104 3572 Page size: 0x1000
00:11:06.0104 3572 Boot type: Normal boot
00:11:06.0104 3572 ============================================================
00:11:07.0436 3572 Initialize success
00:11:58.0940 3476 ============================================================
00:11:58.0940 3476 Scan started
00:11:58.0940 3476 Mode: Manual;
00:11:58.0940 3476 ============================================================
00:12:00.0396 3476 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
00:12:00.0400 3476 ACPI - ok
00:12:00.0514 3476 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
00:12:00.0543 3476 adp94xx - ok
00:12:00.0615 3476 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
00:12:00.0630 3476 adpahci - ok
00:12:00.0662 3476 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
00:12:00.0669 3476 adpu160m - ok
00:12:00.0700 3476 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
00:12:00.0708 3476 adpu320 - ok
00:12:00.0803 3476 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
00:12:00.0884 3476 AFD - ok
00:12:00.0944 3476 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
00:12:00.0948 3476 agp440 - ok
00:12:01.0007 3476 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
00:12:01.0012 3476 aic78xx - ok
00:12:01.0061 3476 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
00:12:01.0106 3476 aliide - ok
00:12:01.0130 3476 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
00:12:01.0133 3476 amdide - ok
00:12:01.0155 3476 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
00:12:01.0167 3476 AmdK8 - ok
00:12:01.0241 3476 ApfiltrService (8c85c812569df851e7a2159147323dfa) C:\Windows\system32\DRIVERS\Apfiltr.sys
00:12:01.0289 3476 ApfiltrService - ok
00:12:01.0369 3476 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
00:12:01.0375 3476 arc - ok
00:12:01.0434 3476 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
00:12:01.0439 3476 arcsas - ok
00:12:01.0498 3476 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
00:12:01.0503 3476 AsyncMac - ok
00:12:01.0555 3476 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
00:12:01.0556 3476 atapi - ok
00:12:01.0627 3476 BCM42RLY (70a746dca80368a4155ba9014dc103d9) C:\Windows\system32\drivers\BCM42RLY.sys
00:12:01.0629 3476 BCM42RLY - ok
00:12:01.0732 3476 BCM43XX (d32f962b71fee6bdaaee630bb2c17280) C:\Windows\system32\DRIVERS\bcmwl664.sys
00:12:01.0806 3476 BCM43XX - ok
00:12:01.0881 3476 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
00:12:01.0887 3476 blbdrive - ok
00:12:02.0014 3476 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
00:12:02.0091 3476 bowser - ok
00:12:02.0205 3476 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
00:12:02.0214 3476 BrFiltLo - ok
00:12:02.0255 3476 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
00:12:02.0263 3476 BrFiltUp - ok
00:12:02.0328 3476 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
00:12:02.0338 3476 Brserid - ok
00:12:02.0357 3476 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
00:12:02.0365 3476 BrSerWdm - ok
00:12:02.0380 3476 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
00:12:02.0388 3476 BrUsbMdm - ok
00:12:02.0402 3476 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
00:12:02.0407 3476 BrUsbSer - ok
00:12:02.0421 3476 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
00:12:02.0428 3476 BTHMODEM - ok
00:12:02.0485 3476 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
00:12:02.0487 3476 cdfs - ok
00:12:02.0546 3476 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
00:12:02.0552 3476 cdrom - ok
00:12:02.0667 3476 cfwids (75f91554e5fa6e962b880405fecc97a1) C:\Windows\system32\drivers\cfwids.sys
00:12:02.0668 3476 cfwids - ok
00:12:02.0719 3476 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
00:12:02.0727 3476 circlass - ok
00:12:02.0780 3476 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
00:12:02.0793 3476 CLFS - ok
00:12:02.0865 3476 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
00:12:02.0871 3476 CmBatt - ok
00:12:02.0903 3476 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
00:12:02.0907 3476 cmdide - ok
00:12:02.0920 3476 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
00:12:02.0926 3476 Compbatt - ok
00:12:02.0944 3476 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
00:12:02.0952 3476 crcdisk - ok
00:12:03.0074 3476 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
00:12:03.0118 3476 DfsC - ok
00:12:03.0240 3476 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
00:12:03.0244 3476 disk - ok
00:12:03.0324 3476 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
00:12:03.0326 3476 drmkaud - ok
00:12:03.0380 3476 DXGKrnl (e828cdca431d1f98d33501dfc390079a) C:\Windows\System32\drivers\dxgkrnl.sys
00:12:03.0386 3476 DXGKrnl - ok
00:12:03.0481 3476 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
00:12:03.0489 3476 e1express - ok
00:12:03.0602 3476 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
00:12:03.0608 3476 E1G60 - ok
00:12:03.0713 3476 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
00:12:03.0719 3476 Ecache - ok
00:12:03.0776 3476 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
00:12:03.0794 3476 elxstor - ok
00:12:03.0831 3476 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
00:12:03.0836 3476 ErrDev - ok
00:12:03.0893 3476 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
00:12:03.0901 3476 exfat - ok
00:12:03.0959 3476 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
00:12:03.0968 3476 fastfat - ok
00:12:04.0018 3476 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
00:12:04.0025 3476 fdc - ok
00:12:04.0079 3476 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
00:12:04.0085 3476 FileInfo - ok
00:12:04.0112 3476 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
00:12:04.0120 3476 Filetrace - ok
00:12:04.0158 3476 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
00:12:04.0162 3476 flpydisk - ok
00:12:04.0206 3476 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
00:12:04.0220 3476 FltMgr - ok
00:12:04.0280 3476 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
00:12:04.0282 3476 Fs_Rec - ok
00:12:04.0317 3476 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
00:12:04.0325 3476 gagp30kx - ok
00:12:04.0359 3476 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:12:04.0418 3476 GEARAspiWDM - ok
00:12:04.0507 3476 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:12:04.0513 3476 HDAudBus - ok
00:12:04.0525 3476 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
00:12:04.0529 3476 HidBth - ok
00:12:04.0568 3476 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
00:12:04.0573 3476 HidIr - ok
00:12:04.0642 3476 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
00:12:04.0646 3476 HidUsb - ok
00:12:04.0725 3476 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
00:12:04.0728 3476 HpCISSs - ok
00:12:04.0827 3476 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
00:12:04.0848 3476 HTTP - ok
00:12:04.0861 3476 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
00:12:04.0868 3476 i2omp - ok
00:12:04.0924 3476 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
00:12:04.0928 3476 i8042prt - ok
00:12:04.0970 3476 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
00:12:04.0981 3476 iaStorV - ok
00:12:05.0408 3476 igfx (cf00559906e45ecc6f035913880be2fc) C:\Windows\system32\DRIVERS\igdkmd64.sys
00:12:05.0719 3476 igfx - ok
00:12:05.0849 3476 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
00:12:05.0856 3476 iirsp - ok
00:12:05.0919 3476 IntcHdmiAddService (dea2ab452b4fa773187369c4b6517320) C:\Windows\system32\drivers\IntcHdmi.sys
00:12:05.0993 3476 IntcHdmiAddService - ok
00:12:06.0053 3476 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
00:12:06.0061 3476 intelide - ok
00:12:06.0085 3476 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
00:12:06.0086 3476 intelppm - ok
00:12:06.0163 3476 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:12:06.0169 3476 IpFilterDriver - ok
00:12:06.0188 3476 IpInIp - ok
00:12:06.0208 3476 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
00:12:06.0218 3476 IPMIDRV - ok
00:12:06.0257 3476 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
00:12:06.0263 3476 IPNAT - ok
00:12:06.0310 3476 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
00:12:06.0314 3476 IRENUM - ok
00:12:06.0363 3476 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
00:12:06.0368 3476 isapnp - ok
00:12:06.0445 3476 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
00:12:06.0448 3476 iScsiPrt - ok
00:12:06.0479 3476 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
00:12:06.0485 3476 iteatapi - ok
00:12:06.0506 3476 itecir (5fef11c18ec25cdcb27e6c8680690b69) C:\Windows\system32\DRIVERS\itecir.sys
00:12:06.0580 3476 itecir - ok
00:12:06.0614 3476 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
00:12:06.0621 3476 iteraid - ok
00:12:06.0694 3476 k57nd60a (455b75c19bf3f1f2ee3ac10e1169826c) C:\Windows\system32\DRIVERS\k57nd60a.sys
00:12:06.0778 3476 k57nd60a - ok
00:12:06.0817 3476 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
00:12:06.0821 3476 kbdclass - ok
00:12:06.0873 3476 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
00:12:06.0882 3476 kbdhid - ok
00:12:06.0958 3476 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
00:12:06.0981 3476 KSecDD - ok
00:12:07.0007 3476 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
00:12:07.0011 3476 ksthunk - ok
00:12:07.0058 3476 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
00:12:07.0063 3476 lltdio - ok
00:12:07.0126 3476 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
00:12:07.0131 3476 LSI_FC - ok
00:12:07.0155 3476 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
00:12:07.0160 3476 LSI_SAS - ok
00:12:07.0213 3476 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
00:12:07.0217 3476 LSI_SCSI - ok
00:12:07.0258 3476 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
00:12:07.0265 3476 luafv - ok
00:12:07.0348 3476 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
00:12:07.0354 3476 megasas - ok
00:12:07.0391 3476 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
00:12:07.0403 3476 MegaSR - ok
00:12:07.0452 3476 mfeapfk (eac376dd77ec9e95d38108a27c261dca) C:\Windows\system32\drivers\mfeapfk.sys
00:12:07.0513 3476 mfeapfk - ok
00:12:07.0539 3476 mfeavfk (f55f50b11d635658f346db0457bb2b79) C:\Windows\system32\drivers\mfeavfk.sys
00:12:07.0612 3476 mfeavfk - ok
00:12:07.0629 3476 mfeavfk01 - ok
00:12:07.0686 3476 mfefirek (33b8e35c5839a83d6700aab3e464553b) C:\Windows\system32\drivers\mfefirek.sys
00:12:07.0743 3476 mfefirek - ok
00:12:07.0802 3476 mfehidk (ada8c105c8f9a61284c75157c170585b) C:\Windows\system32\drivers\mfehidk.sys
00:12:07.0824 3476 mfehidk - ok
00:12:07.0865 3476 mfenlfk (c52ee6d1e1e5a69c989acc478051964e) C:\Windows\system32\DRIVERS\mfenlfk.sys
00:12:07.0912 3476 mfenlfk - ok
00:12:07.0941 3476 mferkdet (b000720e19ef733f938a6269d630f5dd) C:\Windows\system32\drivers\mferkdet.sys
00:12:07.0991 3476 mferkdet - ok
00:12:08.0094 3476 mfewfpk (62717ab68b38efee54678b85e19b0538) C:\Windows\system32\drivers\mfewfpk.sys
00:12:08.0146 3476 mfewfpk - ok
00:12:08.0182 3476 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
00:12:08.0185 3476 Modem - ok
00:12:08.0244 3476 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
00:12:08.0245 3476 monitor - ok
00:12:08.0270 3476 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
00:12:08.0273 3476 mouclass - ok
00:12:08.0299 3476 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
00:12:08.0304 3476 mouhid - ok
00:12:08.0324 3476 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
00:12:08.0328 3476 MountMgr - ok
00:12:08.0392 3476 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
00:12:08.0401 3476 mpio - ok
00:12:08.0450 3476 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
00:12:08.0457 3476 mpsdrv - ok
00:12:08.0498 3476 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
00:12:08.0503 3476 Mraid35x - ok
00:12:08.0551 3476 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
00:12:08.0559 3476 MRxDAV - ok
00:12:08.0616 3476 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:12:08.0681 3476 mrxsmb - ok
00:12:08.0741 3476 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:12:08.0789 3476 mrxsmb10 - ok
00:12:08.0836 3476 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:12:08.0880 3476 mrxsmb20 - ok
00:12:08.0957 3476 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
00:12:08.0961 3476 msahci - ok
00:12:09.0009 3476 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
00:12:09.0014 3476 msdsm - ok
00:12:09.0078 3476 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
00:12:09.0083 3476 Msfs - ok
00:12:09.0123 3476 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
00:12:09.0127 3476 msisadrv - ok
00:12:09.0172 3476 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
00:12:09.0198 3476 MSKSSRV - ok
00:12:09.0227 3476 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
00:12:09.0230 3476 MSPCLOCK - ok
00:12:09.0243 3476 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
00:12:09.0248 3476 MSPQM - ok
00:12:09.0302 3476 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
00:12:09.0313 3476 MsRPC - ok
00:12:09.0369 3476 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
00:12:09.0371 3476 mssmbios - ok
00:12:09.0528 3476 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
00:12:09.0563 3476 MSTEE - ok
00:12:09.0618 3476 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
00:12:09.0625 3476 Mup - ok
00:12:09.0707 3476 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
00:12:09.0713 3476 NativeWifiP - ok
00:12:09.0793 3476 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
00:12:09.0800 3476 NDIS - ok
00:12:09.0876 3476 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
00:12:09.0886 3476 NdisTapi - ok
00:12:09.0922 3476 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
00:12:09.0930 3476 Ndisuio - ok
00:12:09.0984 3476 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
00:12:09.0993 3476 NdisWan - ok
00:12:10.0037 3476 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
00:12:10.0045 3476 NDProxy - ok
00:12:10.0062 3476 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
00:12:10.0068 3476 NetBIOS - ok
00:12:10.0124 3476 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
00:12:10.0135 3476 netbt - ok
00:12:10.0197 3476 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
00:12:10.0202 3476 nfrd960 - ok
00:12:10.0482 3476 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
00:12:10.0486 3476 Npfs - ok
00:12:10.0529 3476 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
00:12:10.0533 3476 nsiproxy - ok
00:12:10.0635 3476 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
00:12:10.0704 3476 Ntfs - ok
00:12:10.0736 3476 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
00:12:10.0741 3476 Null - ok
00:12:10.0794 3476 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
00:12:10.0803 3476 nvraid - ok
00:12:10.0832 3476 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
00:12:10.0837 3476 nvstor - ok
00:12:10.0886 3476 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
00:12:10.0894 3476 nv_agp - ok
00:12:10.0906 3476 NwlnkFlt - ok
00:12:10.0922 3476 NwlnkFwd - ok
00:12:10.0961 3476 OA001Ufd (706f5504af9f28c8641dab5eddfde03b) C:\Windows\system32\DRIVERS\OA001Ufd.sys
00:12:11.0020 3476 OA001Ufd - ok
00:12:11.0046 3476 OA001Vid (f39a394bdb20217db5d6d91d54e83bf5) C:\Windows\system32\DRIVERS\OA001Vid.sys
00:12:11.0095 3476 OA001Vid - ok
00:12:11.0161 3476 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
00:12:11.0162 3476 ohci1394 - ok
00:12:11.0232 3476 Packet (43e24699a18126f11e3d9bf6db85518b) C:\Windows\system32\DRIVERS\packet.sys
00:12:11.0277 3476 Packet - ok
00:12:11.0303 3476 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
00:12:11.0308 3476 Parport - ok
00:12:11.0356 3476 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
00:12:11.0363 3476 partmgr - ok
00:12:11.0448 3476 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
00:12:11.0455 3476 pci - ok
00:12:11.0488 3476 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
00:12:11.0493 3476 pciide - ok
00:12:11.0523 3476 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
00:12:11.0532 3476 pcmcia - ok
00:12:11.0605 3476 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
00:12:11.0632 3476 PEAUTH - ok
00:12:11.0819 3476 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
00:12:11.0827 3476 PptpMiniport - ok
00:12:11.0860 3476 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
00:12:11.0869 3476 Processor - ok
00:12:11.0977 3476 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
00:12:11.0980 3476 PSched - ok
00:12:12.0006 3476 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
00:12:12.0085 3476 PxHlpa64 - ok
00:12:12.0140 3476 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
00:12:12.0185 3476 ql2300 - ok
00:12:12.0221 3476 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
00:12:12.0227 3476 ql40xx - ok
00:12:12.0286 3476 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
00:12:12.0291 3476 QWAVEdrv - ok
00:12:12.0403 3476 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
00:12:12.0484 3476 R300 - ok
00:12:12.0506 3476 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
00:12:12.0509 3476 RasAcd - ok
00:12:12.0574 3476 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:12:12.0582 3476 Rasl2tp - ok
00:12:12.0635 3476 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
00:12:12.0639 3476 RasPppoe - ok
00:12:12.0699 3476 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
00:12:12.0706 3476 RasSstp - ok
00:12:12.0766 3476 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
00:12:12.0776 3476 rdbss - ok
00:12:12.0822 3476 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:12:12.0826 3476 RDPCDD - ok
00:12:12.0880 3476 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
00:12:12.0892 3476 rdpdr - ok
00:12:12.0905 3476 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
00:12:12.0909 3476 RDPENCDD - ok
00:12:12.0953 3476 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
00:12:12.0962 3476 RDPWD - ok
00:12:13.0044 3476 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
00:12:13.0116 3476 rimmptsk - ok
00:12:13.0130 3476 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
00:12:13.0199 3476 rimsptsk - ok
00:12:13.0227 3476 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
00:12:13.0273 3476 rismxdp - ok
00:12:13.0324 3476 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
00:12:13.0328 3476 rspndr - ok
00:12:13.0345 3476 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
00:12:13.0349 3476 sbp2port - ok
00:12:13.0428 3476 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
00:12:13.0434 3476 sdbus - ok
00:12:13.0500 3476 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:12:13.0503 3476 secdrv - ok
00:12:13.0539 3476 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
00:12:13.0542 3476 Serenum - ok
00:12:13.0573 3476 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
00:12:13.0580 3476 Serial - ok
00:12:13.0635 3476 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
00:12:13.0642 3476 sermouse - ok
00:12:13.0715 3476 sffdisk (3a19c899bcf0ea24cfec2038e6a489db) C:\Windows\system32\DRIVERS\sffdisk.sys
00:12:13.0718 3476 sffdisk - ok
00:12:13.0758 3476 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
00:12:13.0762 3476 sffp_mmc - ok
00:12:13.0794 3476 sffp_sd (fdca63a2eee528585eb66ceac183ec22) C:\Windows\system32\DRIVERS\sffp_sd.sys
00:12:13.0799 3476 sffp_sd - ok
00:12:13.0828 3476 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
00:12:13.0832 3476 sfloppy - ok
00:12:13.0851 3476 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
00:12:13.0857 3476 SiSRaid2 - ok
00:12:13.0883 3476 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
00:12:13.0889 3476 SiSRaid4 - ok
00:12:13.0981 3476 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
00:12:13.0989 3476 Smb - ok
00:12:14.0042 3476 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
00:12:14.0046 3476 spldr - ok
00:12:14.0122 3476 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
00:12:14.0172 3476 srv - ok
00:12:14.0227 3476 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
00:12:14.0274 3476 srv2 - ok
00:12:14.0324 3476 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
00:12:14.0370 3476 srvnet - ok
00:12:14.0462 3476 STHDA (3000130bf688878db2e76c6bb2d354c0) C:\Windows\system32\DRIVERS\stwrt64.sys
00:12:14.0517 3476 STHDA - ok
00:12:14.0581 3476 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
00:12:14.0584 3476 StillCam - ok
00:12:14.0622 3476 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
00:12:14.0628 3476 swenum - ok
00:12:14.0656 3476 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
00:12:14.0661 3476 Symc8xx - ok
00:12:14.0684 3476 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
00:12:14.0692 3476 Sym_hi - ok
00:12:14.0710 3476 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
00:12:14.0714 3476 Sym_u3 - ok
00:12:14.0809 3476 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
00:12:14.0933 3476 Tcpip - ok
00:12:15.0002 3476 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
00:12:15.0016 3476 Tcpip6 - ok
00:12:15.0059 3476 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
00:12:15.0064 3476 tcpipreg - ok
00:12:15.0107 3476 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
00:12:15.0110 3476 TDPIPE - ok
00:12:15.0130 3476 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
00:12:15.0140 3476 TDTCP - ok
00:12:15.0194 3476 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
00:12:15.0201 3476 tdx - ok
00:12:15.0261 3476 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
00:12:15.0269 3476 TermDD - ok
00:12:15.0331 3476 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:12:15.0334 3476 tssecsrv - ok
00:12:15.0390 3476 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
00:12:15.0394 3476 tunmp - ok
00:12:15.0449 3476 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
00:12:15.0453 3476 tunnel - ok
00:12:15.0536 3476 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
00:12:15.0541 3476 uagp35 - ok
00:12:15.0589 3476 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
00:12:15.0600 3476 udfs - ok
00:12:15.0627 3476 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
00:12:15.0633 3476 uliagpkx - ok
00:12:15.0671 3476 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
00:12:15.0683 3476 uliahci - ok
00:12:15.0714 3476 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
00:12:15.0721 3476 UlSata - ok
00:12:15.0751 3476 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
00:12:15.0760 3476 ulsata2 - ok
00:12:15.0795 3476 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
00:12:15.0801 3476 umbus - ok
00:12:15.0835 3476 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
00:12:15.0879 3476 USBAAPL64 - ok
00:12:15.0953 3476 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
00:12:15.0957 3476 usbccgp - ok
00:12:15.0991 3476 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
00:12:15.0998 3476 usbcir - ok
00:12:16.0051 3476 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
00:12:16.0059 3476 usbehci - ok
00:12:16.0092 3476 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
00:12:16.0102 3476 usbhub - ok
00:12:16.0138 3476 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
00:12:16.0142 3476 usbohci - ok
00:12:16.0204 3476 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
00:12:16.0208 3476 usbprint - ok
00:12:16.0268 3476 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:12:16.0272 3476 USBSTOR - ok
00:12:16.0325 3476 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
00:12:16.0329 3476 usbuhci - ok
00:12:16.0392 3476 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
00:12:16.0402 3476 usbvideo - ok
00:12:16.0477 3476 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
00:12:16.0486 3476 vga - ok
00:12:16.0533 3476 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
00:12:16.0541 3476 VgaSave - ok
00:12:16.0580 3476 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
00:12:16.0585 3476 viaide - ok
00:12:16.0637 3476 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
00:12:16.0646 3476 volmgr - ok
00:12:16.0716 3476 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
00:12:16.0740 3476 volmgrx - ok
00:12:16.0808 3476 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
00:12:16.0820 3476 volsnap - ok
00:12:16.0865 3476 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
00:12:16.0873 3476 vsmraid - ok
00:12:16.0911 3476 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
00:12:16.0919 3476 WacomPen - ok
00:12:16.0972 3476 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
00:12:16.0977 3476 Wanarp - ok
00:12:16.0987 3476 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
00:12:16.0989 3476 Wanarpv6 - ok
00:12:17.0037 3476 wanatw (eceb715bece47e101ddec06b11126066) C:\Windows\system32\DRIVERS\wanatw64.sys
00:12:17.0038 3476 wanatw - ok
00:12:17.0080 3476 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
00:12:17.0084 3476 Wd - ok
00:12:17.0151 3476 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
00:12:17.0218 3476 Wdf01000 - ok
00:12:17.0315 3476 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:12:17.0315 3476 WmiAcpi - ok
00:12:17.0359 3476 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
00:12:17.0362 3476 WpdUsb - ok
00:12:17.0389 3476 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
00:12:17.0394 3476 ws2ifsl - ok
00:12:17.0474 3476 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:12:17.0481 3476 WUDFRd - ok
00:12:17.0529 3476 MBR (0x1B8) (109e7f610bbf3fa6cffd21bf8dee2826) \Device\Harddisk0\DR0
00:12:17.0530 3476 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
00:12:17.0530 3476 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
00:12:17.0545 3476 Boot (0x1200) (ab52876bda9b0217505a04991d33c923) \Device\Harddisk0\DR0\Partition0
00:12:17.0547 3476 \Device\Harddisk0\DR0\Partition0 - ok
00:12:17.0561 3476 Boot (0x1200) (94e474f39292e9893b01958c5529ec82) \Device\Harddisk0\DR0\Partition1
00:12:17.0562 3476 \Device\Harddisk0\DR0\Partition1 - ok
00:12:17.0565 3476 ============================================================
00:12:17.0565 3476 Scan finished
00:12:17.0565 3476 ============================================================
00:12:17.0575 4720 Detected object count: 1
00:12:17.0575 4720 Actual detected object count: 1
00:13:04.0924 4720 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
00:13:04.0925 4720 \Device\Harddisk0\DR0 - ok
00:13:04.0927 4720 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
00:13:50.0389 0704 Deinitialize success


I tried to give you as much detail as possible, hopefullly it is enough for you to help me

Magma

Edited by Magma, 09 November 2011 - 11:23 PM.


#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:26 AM

Posted 10 November 2011 - 05:34 PM

Hi Magma,

With the information you have provided I believe you will need help from the malware removal team. I would like you to start a new thread HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and please be patient. There is currently a large backlog of people being helped. It may take several days for someone to respond.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:26 AM

Posted 13 November 2011 - 01:03 AM

Hello,

I have deleted both new topics you created as the required information - other than this topic link - was missing and because they were difficult to read besides.

To restate your previous instructions in a different way:

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users