Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop Infected TDL4, Google Redirects


  • This topic is locked This topic is locked
23 replies to this topic

#1 AllYourBase

AllYourBase

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 14 December 2011 - 02:27 PM

Posted in the Am I Infected forum here:

My link

Per Broni, was instructed to post new topic here requesting help.

Here is a summary of the problems I have encountered and steps taken:
Over the last few days I have been noticing my laptop acting strangely. At first it was taking longer to boot than normal. Then while browsing the internet I kept getting redirected when clicking on Google search results. Yesterday while using the internet a strange message popped up on the desktop saying a program had a message, thought it was strange and like an idiot I clicked it. Immediately upon doing so the screen flashed and another box popped up saying something about the disk being damaged.

I really had no time to react because the computer rebooted almost immediately. When it restarted I booted in safe mode which worked fine. I downloaded MBAM and proceeded with a complete system scan. MBAM found a whole list of different threats which I then quarantined and/or removed. After that I checked my startup programs and removed a few from the list which are not critical. As of today my startup time is IMO way too slow, five to six minutes if I am lucky. Also keep getting pop up messages from MBAM saying it is blocking access to malicious websites with numerous different IP's on different ports all referencing process svchost.exe. Computer is running very slow also with CPU usage at times being 100% and svchost.exe being the worst offender.

Ran Defogger successfully. Ran DDS successfully, see log below. GMER would not play fair. Keeps rebooting during scan in both Safe Mode and normal Windows. Quick scan at start up revealed rookit code found, will post partial log below.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19154
Run by Colin at 12:30:22 on 2011-12-14
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.915 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mitchell1\DPR Client Manager\DPRClientManager.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Brownie\BrStsWnd.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [<NO NAME>]
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{27418590-0F5C-45BD-BD2F-A4774920694C} : DhcpNameServer = 68.94.156.1 68.94.157.1
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
.
============= SERVICES / DRIVERS ===============
.
R1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [2006-4-3 14949]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-24 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-12 366152]
R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2010-2-17 87176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-12 22216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DBD7;DBD7;c:\windows\system32\svchost.exe -k netsvcs [2008-9-24 21504]
S2 MachineTokenService;SOMTS;c:\mitchell1\ondemand5\Mitchell1.Security.MachineTokenService.exe [2011-9-21 57344]
S3 Franson GpsGate 2.0;Franson GpsGate 2.0;c:\program files\franson\gpsgate 2.0\GpsGateService.exe [2011-3-31 258048]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-9-24 21504]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-11-10 174720]
S3 qrkis;Tether Miniport;c:\windows\system32\drivers\qrkis.sys [2011-4-8 45608]
S3 ubloxusb;ubloxusb;c:\windows\system32\drivers\ubloxusb.sys [2009-5-19 75264]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-12-18 189736]
.
=============== Created Last 30 ================
.
2011-12-13 21:02:39 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{43118356-3f5e-40d3-8d22-ef021f4b9e47}\offreg.dll
2011-12-13 14:52:25 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{43118356-3f5e-40d3-8d22-ef021f4b9e47}\mpengine.dll
2011-12-13 01:31:21 -------- d-----w- c:\users\colin\appdata\roaming\Malwarebytes
2011-12-13 01:31:04 -------- d-----w- c:\programdata\Malwarebytes
2011-12-13 01:30:49 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-13 01:30:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-13 00:43:00 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2011-12-07 18:38:36 -------- d-----w- c:\users\colin\appdata\local\EapCommonMusic
2011-12-05 21:03:02 677136 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2011-11-17 19:46:35 -------- d-----w- c:\windows\XSxS
2011-11-17 19:46:35 -------- d-----w- c:\windows\Driver Cache
2011-11-17 19:46:35 -------- d-----w- c:\users\colin\appdata\local\Xenocode
2011-11-17 19:46:35 -------- d-----w- c:\program files\Xenocode
2011-11-17 19:46:28 -------- d-----w- c:\program files\Mitchell 1
.
==================== Find3M ====================
.
2011-11-04 13:29:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 11:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-30 23:06:24 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:01:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 22:07:25 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-20 21:02:55 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 12:33:15.28 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-14 13:00:26
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD2500BEVS-60UST0 rev.01.01A01
Running: k42ygk1z.exe; Driver: C:\Users\Colin\AppData\Local\Temp\aglyapow.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:08 PM

Posted 14 December 2011 - 07:12 PM

Hi,

Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT



Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 AllYourBase

AllYourBase
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 14 December 2011 - 10:26 PM

As you requested, here are the logs. I am also posting a screen capture of the notifications I still keep getting from MBAM.
Thank you very much for your assistance!!!!!


TDSSKiller Log:

20:20:45.0276 2452 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
20:20:45.0884 2452 ============================================================
20:20:45.0884 2452 Current date / time: 2011/12/14 20:20:45.0884
20:20:45.0884 2452 SystemInfo:
20:20:45.0884 2452
20:20:45.0884 2452 OS Version: 6.0.6002 ServicePack: 2.0
20:20:45.0884 2452 Product type: Workstation
20:20:45.0884 2452 ComputerName: COLIN-LAPTOP
20:20:45.0884 2452 UserName: Colin
20:20:45.0884 2452 Windows directory: C:\Windows
20:20:45.0884 2452 System windows directory: C:\Windows
20:20:45.0884 2452 Processor architecture: Intel x86
20:20:45.0884 2452 Number of processors: 2
20:20:45.0884 2452 Page size: 0x1000
20:20:45.0884 2452 Boot type: Normal boot
20:20:45.0884 2452 ============================================================
20:20:47.0070 2452 Initialize success
20:21:02.0625 4168 ============================================================
20:21:02.0625 4168 Scan started
20:21:02.0625 4168 Mode: Manual;
20:21:02.0625 4168 ============================================================
20:21:04.0824 4168 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:21:04.0824 4168 ACPI - ok
20:21:04.0902 4168 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
20:21:04.0934 4168 adp94xx - ok
20:21:04.0980 4168 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
20:21:04.0980 4168 adpahci - ok
20:21:05.0027 4168 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
20:21:05.0027 4168 adpu160m - ok
20:21:05.0058 4168 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
20:21:05.0074 4168 adpu320 - ok
20:21:05.0121 4168 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:21:05.0136 4168 AFD - ok
20:21:05.0183 4168 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
20:21:05.0183 4168 agp440 - ok
20:21:05.0230 4168 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:21:05.0246 4168 aic78xx - ok
20:21:05.0292 4168 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
20:21:05.0292 4168 aliide - ok
20:21:05.0324 4168 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
20:21:05.0324 4168 amdagp - ok
20:21:05.0355 4168 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
20:21:05.0355 4168 amdide - ok
20:21:05.0386 4168 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
20:21:05.0402 4168 AmdK7 - ok
20:21:05.0448 4168 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
20:21:05.0464 4168 AmdK8 - ok
20:21:05.0542 4168 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
20:21:05.0542 4168 arc - ok
20:21:05.0589 4168 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
20:21:05.0589 4168 arcsas - ok
20:21:05.0636 4168 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:21:05.0636 4168 AsyncMac - ok
20:21:05.0682 4168 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:21:05.0682 4168 atapi - ok
20:21:05.0729 4168 athr (0437199c88f6e88a387cfec8a8886a6e) C:\Windows\system32\DRIVERS\athr.sys
20:21:05.0745 4168 athr - ok
20:21:05.0838 4168 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
20:21:05.0854 4168 BCM43XV - ok
20:21:05.0901 4168 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:21:05.0901 4168 Beep - ok
20:21:06.0010 4168 bizVSerial (6b9d1584a86d7451e1aac3c4f4131514) C:\Windows\system32\drivers\bizVSerialNT.sys
20:21:06.0010 4168 bizVSerial - ok
20:21:06.0026 4168 blbdrive - ok
20:21:06.0072 4168 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:21:06.0072 4168 bowser - ok
20:21:06.0119 4168 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:21:06.0119 4168 BrFiltLo - ok
20:21:06.0150 4168 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:21:06.0150 4168 BrFiltUp - ok
20:21:06.0197 4168 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:21:06.0197 4168 Brserid - ok
20:21:06.0228 4168 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:21:06.0228 4168 BrSerWdm - ok
20:21:06.0260 4168 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:21:06.0260 4168 BrUsbMdm - ok
20:21:06.0275 4168 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:21:06.0275 4168 BrUsbSer - ok
20:21:06.0322 4168 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:21:06.0322 4168 BTHMODEM - ok
20:21:06.0384 4168 BVRPMPR5 (18e0f9c1e7ec4aae40b3f67eab0aee99) C:\Windows\system32\drivers\BVRPMPR5.SYS
20:21:06.0384 4168 BVRPMPR5 - ok
20:21:06.0431 4168 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:21:06.0447 4168 cdfs - ok
20:21:06.0494 4168 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:21:06.0494 4168 cdrom - ok
20:21:06.0525 4168 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
20:21:06.0525 4168 circlass - ok
20:21:06.0572 4168 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:21:06.0587 4168 CLFS - ok
20:21:06.0634 4168 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:21:06.0634 4168 CmBatt - ok
20:21:06.0665 4168 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
20:21:06.0665 4168 cmdide - ok
20:21:06.0728 4168 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
20:21:06.0743 4168 CnxtHdAudService - ok
20:21:06.0775 4168 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:21:06.0775 4168 Compbatt - ok
20:21:06.0806 4168 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
20:21:06.0806 4168 crcdisk - ok
20:21:06.0853 4168 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
20:21:06.0853 4168 Crusoe - ok
20:21:06.0993 4168 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:21:06.0993 4168 DfsC - ok
20:21:07.0055 4168 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:21:07.0071 4168 disk - ok
20:21:07.0118 4168 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
20:21:07.0118 4168 Dot4 - ok
20:21:07.0149 4168 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:21:07.0149 4168 Dot4Print - ok
20:21:07.0196 4168 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
20:21:07.0196 4168 dot4usb - ok
20:21:07.0243 4168 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:21:07.0243 4168 drmkaud - ok
20:21:07.0289 4168 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:21:07.0321 4168 DXGKrnl - ok
20:21:07.0367 4168 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
20:21:07.0367 4168 E100B - ok
20:21:07.0414 4168 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:21:07.0414 4168 E1G60 - ok
20:21:07.0492 4168 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:21:07.0492 4168 Ecache - ok
20:21:07.0555 4168 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
20:21:07.0555 4168 elxstor - ok
20:21:07.0633 4168 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:21:07.0648 4168 exfat - ok
20:21:07.0711 4168 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:21:07.0711 4168 fastfat - ok
20:21:07.0757 4168 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
20:21:07.0757 4168 fdc - ok
20:21:07.0804 4168 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:21:07.0804 4168 FileInfo - ok
20:21:07.0851 4168 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:21:07.0851 4168 Filetrace - ok
20:21:07.0882 4168 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
20:21:07.0882 4168 flpydisk - ok
20:21:07.0929 4168 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:21:07.0929 4168 FltMgr - ok
20:21:08.0069 4168 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:21:08.0069 4168 Fs_Rec - ok
20:21:08.0116 4168 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
20:21:08.0116 4168 gagp30kx - ok
20:21:08.0179 4168 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
20:21:08.0179 4168 GEARAspiWDM - ok
20:21:08.0272 4168 HdAudAddService (7be40bb4cd16d8760e18ea981ff452ec) C:\Windows\system32\drivers\CHDART.sys
20:21:08.0272 4168 HdAudAddService - ok
20:21:08.0319 4168 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:21:08.0350 4168 HDAudBus - ok
20:21:08.0381 4168 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:21:08.0381 4168 HidBth - ok
20:21:08.0413 4168 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:21:08.0413 4168 HidIr - ok
20:21:08.0459 4168 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:21:08.0459 4168 HidUsb - ok
20:21:08.0522 4168 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
20:21:08.0522 4168 HpCISSs - ok
20:21:08.0615 4168 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
20:21:08.0615 4168 HpqKbFiltr - ok
20:21:08.0647 4168 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
20:21:08.0662 4168 HpqRemHid - ok
20:21:08.0725 4168 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
20:21:08.0725 4168 HSFHWAZL - ok
20:21:08.0803 4168 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:21:08.0834 4168 HSF_DPV - ok
20:21:08.0865 4168 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
20:21:08.0865 4168 HSXHWAZL - ok
20:21:08.0928 4168 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:21:08.0928 4168 HTTP - ok
20:21:08.0974 4168 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
20:21:08.0974 4168 i2omp - ok
20:21:09.0037 4168 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:21:09.0037 4168 i8042prt - ok
20:21:09.0130 4168 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:21:09.0177 4168 ialm - ok
20:21:09.0224 4168 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
20:21:09.0224 4168 iaStorV - ok
20:21:09.0255 4168 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:21:09.0255 4168 iirsp - ok
20:21:09.0302 4168 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
20:21:09.0302 4168 intelide - ok
20:21:09.0364 4168 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
20:21:09.0364 4168 intelppm - ok
20:21:09.0427 4168 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:21:09.0427 4168 IpFilterDriver - ok
20:21:09.0458 4168 IpInIp - ok
20:21:09.0505 4168 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
20:21:09.0505 4168 IPMIDRV - ok
20:21:09.0552 4168 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:21:09.0567 4168 IPNAT - ok
20:21:09.0598 4168 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:21:09.0598 4168 IRENUM - ok
20:21:09.0645 4168 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
20:21:09.0645 4168 isapnp - ok
20:21:09.0692 4168 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:21:09.0708 4168 iScsiPrt - ok
20:21:09.0739 4168 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:21:09.0739 4168 iteatapi - ok
20:21:09.0786 4168 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:21:09.0786 4168 iteraid - ok
20:21:09.0817 4168 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:21:09.0817 4168 kbdclass - ok
20:21:09.0848 4168 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:21:09.0848 4168 kbdhid - ok
20:21:09.0895 4168 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
20:21:09.0910 4168 KSecDD - ok
20:21:09.0988 4168 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:21:09.0988 4168 lltdio - ok
20:21:10.0035 4168 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
20:21:10.0035 4168 LSI_FC - ok
20:21:10.0066 4168 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
20:21:10.0066 4168 LSI_SAS - ok
20:21:10.0098 4168 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
20:21:10.0113 4168 LSI_SCSI - ok
20:21:10.0144 4168 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:21:10.0144 4168 luafv - ok
20:21:10.0238 4168 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
20:21:10.0238 4168 MBAMProtector - ok
20:21:10.0300 4168 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:21:10.0300 4168 mdmxsdk - ok
20:21:10.0332 4168 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
20:21:10.0332 4168 megasas - ok
20:21:10.0378 4168 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:21:10.0378 4168 Modem - ok
20:21:10.0441 4168 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:21:10.0441 4168 monitor - ok
20:21:10.0472 4168 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:21:10.0472 4168 mouclass - ok
20:21:10.0488 4168 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:21:10.0488 4168 mouhid - ok
20:21:10.0503 4168 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:21:10.0503 4168 MountMgr - ok
20:21:10.0550 4168 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
20:21:10.0550 4168 mpio - ok
20:21:10.0581 4168 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:21:10.0597 4168 mpsdrv - ok
20:21:10.0612 4168 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:21:10.0612 4168 Mraid35x - ok
20:21:10.0644 4168 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:21:10.0644 4168 MRxDAV - ok
20:21:10.0690 4168 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:21:10.0690 4168 mrxsmb - ok
20:21:10.0753 4168 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:21:10.0753 4168 mrxsmb10 - ok
20:21:10.0784 4168 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:21:10.0800 4168 mrxsmb20 - ok
20:21:10.0846 4168 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
20:21:10.0846 4168 msahci - ok
20:21:10.0878 4168 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
20:21:10.0878 4168 msdsm - ok
20:21:10.0924 4168 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:21:10.0924 4168 Msfs - ok
20:21:10.0971 4168 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:21:10.0971 4168 msisadrv - ok
20:21:11.0034 4168 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:21:11.0034 4168 MSKSSRV - ok
20:21:11.0065 4168 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:21:11.0065 4168 MSPCLOCK - ok
20:21:11.0080 4168 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:21:11.0096 4168 MSPQM - ok
20:21:11.0127 4168 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:21:11.0127 4168 MsRPC - ok
20:21:11.0174 4168 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:21:11.0174 4168 mssmbios - ok
20:21:11.0190 4168 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:21:11.0205 4168 MSTEE - ok
20:21:11.0236 4168 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:21:11.0236 4168 Mup - ok
20:21:11.0299 4168 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:21:11.0299 4168 NativeWifiP - ok
20:21:11.0361 4168 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:21:11.0377 4168 NDIS - ok
20:21:11.0424 4168 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:21:11.0424 4168 NdisTapi - ok
20:21:11.0455 4168 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:21:11.0455 4168 Ndisuio - ok
20:21:11.0502 4168 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:21:11.0502 4168 NdisWan - ok
20:21:11.0533 4168 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:21:11.0533 4168 NDProxy - ok
20:21:11.0564 4168 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:21:11.0564 4168 NetBIOS - ok
20:21:11.0611 4168 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:21:11.0611 4168 netbt - ok
20:21:11.0689 4168 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:21:11.0689 4168 nfrd960 - ok
20:21:11.0751 4168 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:21:11.0751 4168 Npfs - ok
20:21:11.0783 4168 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:21:11.0783 4168 nsiproxy - ok
20:21:11.0845 4168 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:21:11.0876 4168 Ntfs - ok
20:21:11.0907 4168 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:21:11.0907 4168 ntrigdigi - ok
20:21:11.0954 4168 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:21:11.0954 4168 Null - ok
20:21:12.0017 4168 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
20:21:12.0063 4168 NVENETFD - ok
20:21:12.0391 4168 nvlddmkm (b36c3b866b0d47e2e2856ec8fd746e39) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:21:12.0578 4168 nvlddmkm - ok
20:21:12.0609 4168 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
20:21:12.0609 4168 nvraid - ok
20:21:12.0656 4168 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
20:21:12.0656 4168 nvsmu - ok
20:21:12.0687 4168 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
20:21:12.0703 4168 nvstor - ok
20:21:12.0765 4168 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
20:21:12.0765 4168 nv_agp - ok
20:21:12.0797 4168 NWADI (8261ca50939f83b87c0e474c51c8ef67) C:\Windows\system32\DRIVERS\NWADIenum.sys
20:21:12.0812 4168 NWADI - ok
20:21:12.0812 4168 NwlnkFlt - ok
20:21:12.0828 4168 NwlnkFwd - ok
20:21:12.0875 4168 NWUSBModem (b7112f30d7eff4b5052eba879f46228f) C:\Windows\system32\DRIVERS\nwusbmdm.sys
20:21:12.0875 4168 NWUSBModem - ok
20:21:12.0906 4168 NWUSBPort (b7112f30d7eff4b5052eba879f46228f) C:\Windows\system32\DRIVERS\nwusbser.sys
20:21:12.0921 4168 NWUSBPort - ok
20:21:12.0968 4168 NWUSBPort2 (b7112f30d7eff4b5052eba879f46228f) C:\Windows\system32\DRIVERS\nwusbser2.sys
20:21:12.0968 4168 NWUSBPort2 - ok
20:21:13.0015 4168 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
20:21:13.0015 4168 ohci1394 - ok
20:21:13.0077 4168 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:21:13.0077 4168 Parport - ok
20:21:13.0124 4168 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:21:13.0124 4168 partmgr - ok
20:21:13.0155 4168 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:21:13.0155 4168 Parvdm - ok
20:21:13.0202 4168 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\PCASp50.sys
20:21:13.0218 4168 PCASp50 - ok
20:21:13.0280 4168 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:21:13.0280 4168 pci - ok
20:21:13.0296 4168 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
20:21:13.0296 4168 pciide - ok
20:21:13.0343 4168 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:21:13.0343 4168 pcmcia - ok
20:21:13.0421 4168 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:21:13.0452 4168 PEAUTH - ok
20:21:13.0545 4168 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:21:13.0545 4168 PptpMiniport - ok
20:21:13.0577 4168 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
20:21:13.0577 4168 Processor - ok
20:21:13.0655 4168 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:21:13.0655 4168 PSched - ok
20:21:13.0717 4168 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
20:21:13.0717 4168 PxHelp20 - ok
20:21:13.0811 4168 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
20:21:13.0842 4168 ql2300 - ok
20:21:13.0889 4168 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:21:13.0889 4168 ql40xx - ok
20:21:13.0967 4168 qrkis (3b68696914e467bbe827d2552b5b85ef) C:\Windows\system32\DRIVERS\qrkis.sys
20:21:13.0967 4168 qrkis - ok
20:21:14.0014 4168 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:21:14.0014 4168 QWAVEdrv - ok
20:21:14.0045 4168 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:21:14.0045 4168 RasAcd - ok
20:21:14.0076 4168 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:21:14.0076 4168 Rasl2tp - ok
20:21:14.0123 4168 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:21:14.0138 4168 RasPppoe - ok
20:21:14.0154 4168 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:21:14.0154 4168 RasSstp - ok
20:21:14.0201 4168 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:21:14.0216 4168 rdbss - ok
20:21:14.0248 4168 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:21:14.0248 4168 RDPCDD - ok
20:21:14.0294 4168 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
20:21:14.0294 4168 rdpdr - ok
20:21:14.0310 4168 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:21:14.0310 4168 RDPENCDD - ok
20:21:14.0357 4168 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
20:21:14.0357 4168 RDPWD - ok
20:21:14.0419 4168 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
20:21:14.0419 4168 rimmptsk - ok
20:21:14.0450 4168 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
20:21:14.0450 4168 rimsptsk - ok
20:21:14.0482 4168 RimUsb - ok
20:21:14.0513 4168 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
20:21:14.0513 4168 RimVSerPort - ok
20:21:14.0528 4168 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
20:21:14.0528 4168 rismxdp - ok
20:21:14.0575 4168 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
20:21:14.0575 4168 ROOTMODEM - ok
20:21:14.0653 4168 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:21:14.0653 4168 rspndr - ok
20:21:14.0700 4168 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:21:14.0700 4168 sbp2port - ok
20:21:14.0747 4168 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
20:21:14.0762 4168 sdbus - ok
20:21:14.0794 4168 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:21:14.0794 4168 secdrv - ok
20:21:14.0840 4168 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:21:14.0840 4168 Serenum - ok
20:21:14.0872 4168 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:21:14.0872 4168 Serial - ok
20:21:14.0918 4168 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:21:14.0918 4168 sermouse - ok
20:21:15.0043 4168 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
20:21:15.0043 4168 sffdisk - ok
20:21:15.0059 4168 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
20:21:15.0059 4168 sffp_mmc - ok
20:21:15.0121 4168 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:21:15.0121 4168 sffp_sd - ok
20:21:15.0184 4168 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
20:21:15.0184 4168 sfloppy - ok
20:21:15.0230 4168 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
20:21:15.0246 4168 sisagp - ok
20:21:15.0262 4168 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
20:21:15.0277 4168 SiSRaid2 - ok
20:21:15.0293 4168 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
20:21:15.0293 4168 SiSRaid4 - ok
20:21:15.0355 4168 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:21:15.0355 4168 Smb - ok
20:21:15.0402 4168 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:21:15.0402 4168 spldr - ok
20:21:15.0449 4168 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:21:15.0449 4168 srv - ok
20:21:15.0480 4168 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:21:15.0496 4168 srv2 - ok
20:21:15.0496 4168 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:21:15.0511 4168 srvnet - ok
20:21:15.0574 4168 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:21:15.0574 4168 swenum - ok
20:21:15.0620 4168 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:21:15.0620 4168 Symc8xx - ok
20:21:15.0636 4168 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:21:15.0636 4168 Sym_hi - ok
20:21:15.0667 4168 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:21:15.0667 4168 Sym_u3 - ok
20:21:15.0730 4168 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
20:21:15.0730 4168 SynTP - ok
20:21:15.0839 4168 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
20:21:15.0870 4168 Tcpip - ok
20:21:15.0901 4168 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
20:21:15.0917 4168 Tcpip6 - ok
20:21:15.0932 4168 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:21:15.0948 4168 tcpipreg - ok
20:21:15.0979 4168 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:21:15.0979 4168 TDPIPE - ok
20:21:16.0010 4168 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:21:16.0010 4168 TDTCP - ok
20:21:16.0042 4168 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:21:16.0042 4168 tdx - ok
20:21:16.0073 4168 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:21:16.0073 4168 TermDD - ok
20:21:16.0135 4168 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:21:16.0135 4168 tssecsrv - ok
20:21:16.0213 4168 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:21:16.0213 4168 tunmp - ok
20:21:16.0260 4168 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:21:16.0260 4168 tunnel - ok
20:21:16.0307 4168 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
20:21:16.0307 4168 uagp35 - ok
20:21:16.0369 4168 ubloxusb (83b5f085421bd9d4df1026fe76962f35) C:\Windows\system32\DRIVERS\ubloxusb.sys
20:21:16.0369 4168 ubloxusb - ok
20:21:16.0416 4168 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:21:16.0432 4168 udfs - ok
20:21:16.0479 4168 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
20:21:16.0494 4168 uliagpkx - ok
20:21:16.0525 4168 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
20:21:16.0525 4168 uliahci - ok
20:21:16.0572 4168 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:21:16.0572 4168 UlSata - ok
20:21:16.0603 4168 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:21:16.0603 4168 ulsata2 - ok
20:21:16.0650 4168 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:21:16.0650 4168 umbus - ok
20:21:16.0697 4168 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
20:21:16.0697 4168 USBAAPL - ok
20:21:16.0759 4168 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
20:21:16.0775 4168 usbaudio - ok
20:21:16.0822 4168 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:21:16.0837 4168 usbccgp - ok
20:21:16.0884 4168 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:21:16.0884 4168 usbcir - ok
20:21:16.0947 4168 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:21:16.0947 4168 usbehci - ok
20:21:16.0978 4168 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:21:16.0978 4168 usbhub - ok
20:21:17.0009 4168 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
20:21:17.0009 4168 usbohci - ok
20:21:17.0040 4168 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:21:17.0040 4168 usbprint - ok
20:21:17.0087 4168 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:21:17.0087 4168 usbscan - ok
20:21:17.0118 4168 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:21:17.0118 4168 USBSTOR - ok
20:21:17.0149 4168 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
20:21:17.0149 4168 usbuhci - ok
20:21:17.0196 4168 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
20:21:17.0196 4168 usbvideo - ok
20:21:17.0243 4168 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
20:21:17.0243 4168 vga - ok
20:21:17.0290 4168 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:21:17.0290 4168 VgaSave - ok
20:21:17.0305 4168 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
20:21:17.0321 4168 viaagp - ok
20:21:17.0337 4168 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
20:21:17.0337 4168 ViaC7 - ok
20:21:17.0368 4168 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
20:21:17.0368 4168 viaide - ok
20:21:17.0399 4168 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:21:17.0399 4168 volmgr - ok
20:21:17.0446 4168 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:21:17.0446 4168 volmgrx - ok
20:21:17.0493 4168 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:21:17.0493 4168 volsnap - ok
20:21:17.0524 4168 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
20:21:17.0524 4168 vsmraid - ok
20:21:17.0586 4168 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:21:17.0586 4168 WacomPen - ok
20:21:17.0633 4168 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:21:17.0633 4168 Wanarp - ok
20:21:17.0649 4168 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:21:17.0649 4168 Wanarpv6 - ok
20:21:17.0680 4168 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
20:21:17.0680 4168 Wd - ok
20:21:17.0727 4168 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:21:17.0742 4168 Wdf01000 - ok
20:21:17.0851 4168 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:21:17.0867 4168 winachsf - ok
20:21:17.0929 4168 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:21:17.0929 4168 WmiAcpi - ok
20:21:18.0007 4168 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:21:18.0007 4168 ws2ifsl - ok
20:21:18.0085 4168 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:21:18.0085 4168 WUDFRd - ok
20:21:18.0132 4168 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
20:21:18.0132 4168 XAudio - ok
20:21:18.0163 4168 MBR (0x1B8) (c486e75c3e408b7e4cdcf298cedac0c0) \Device\Harddisk0\DR0
20:21:18.0163 4168 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
20:21:18.0163 4168 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
20:21:18.0179 4168 Boot (0x1200) (a7e9de5b67ed607fcfc3b04b7eab1b12) \Device\Harddisk0\DR0\Partition0
20:21:18.0179 4168 \Device\Harddisk0\DR0\Partition0 - ok
20:21:18.0210 4168 Boot (0x1200) (d6dfeb38bc5c3f6419aac16b1ab83a25) \Device\Harddisk0\DR0\Partition1
20:21:18.0210 4168 \Device\Harddisk0\DR0\Partition1 - ok
20:21:18.0210 4168 ============================================================
20:21:18.0210 4168 Scan finished
20:21:18.0210 4168 ============================================================
20:21:18.0226 4176 Detected object count: 1
20:21:18.0226 4176 Actual detected object count: 1
20:21:37.0322 4176 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
20:21:37.0322 4176 \Device\Harddisk0\DR0 - ok
20:21:37.0322 4176 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
20:22:49.0681 4792 Deinitialize success


Combofix Log:

ComboFix 11-12-13.03 - Colin 12/14/2011 20:42:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.854 [GMT -6:00]
Running from: c:\users\Colin\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\Colin\AppData\Local\Temp\DBD7.tmp
c:\windows\system32\KBL.LOG
c:\windows\wnUninstall.exe
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))
.
.
2011-12-15 02:52 . 2011-12-15 02:53 -------- d-----w- c:\users\Colin\AppData\Local\temp
2011-12-15 02:52 . 2011-12-15 02:52 -------- d-----w- c:\users\Michelle\AppData\Local\temp
2011-12-15 02:52 . 2011-12-15 02:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-15 02:25 . 2011-12-15 02:25 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{43118356-3F5E-40D3-8D22-EF021F4B9E47}\offreg.dll
2011-12-14 22:15 . 2011-12-14 22:15 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-13 14:52 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{43118356-3F5E-40D3-8D22-EF021F4B9E47}\mpengine.dll
2011-12-13 01:31 . 2011-12-13 01:31 -------- d-----w- c:\users\Colin\AppData\Roaming\Malwarebytes
2011-12-13 01:31 . 2011-12-13 01:31 -------- d-----w- c:\programdata\Malwarebytes
2011-12-13 01:30 . 2011-12-13 01:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-13 01:30 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-13 00:43 . 2011-12-13 00:43 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2011-12-07 18:38 . 2011-12-13 03:57 -------- d-----w- c:\users\Colin\AppData\Local\EapCommonMusic
2011-11-22 18:13 . 2011-12-13 17:56 -------- d-----w- c:\users\Colin\AppData\Roaming\Skype
2011-11-22 18:12 . 2011-12-13 17:56 -------- d-----w- c:\programdata\Skype
2011-11-22 18:11 . 2011-11-22 18:11 -------- d-----w- c:\program files\CyberLink
2011-11-17 19:46 . 2011-11-17 19:46 -------- d-----w- c:\windows\Driver Cache
2011-11-17 19:46 . 2011-11-17 19:46 -------- d-----w- c:\users\Colin\AppData\Local\Xenocode
2011-11-17 19:46 . 2011-11-17 19:46 -------- d-----w- c:\program files\Xenocode
2011-11-17 19:46 . 2011-11-17 19:46 -------- d-----w- c:\program files\Mitchell 1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-04 13:29 . 2011-09-29 13:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 11:06 . 2010-06-18 03:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-30 23:06 . 2011-10-12 17:03 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02 . 2011-10-12 17:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01 . 2011-10-12 17:03 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01 . 2011-10-12 17:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:01 . 2011-10-12 17:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 22:07 . 2011-10-12 17:03 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29 . 2011-10-12 17:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28 . 2011-10-12 17:03 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-20 21:02 . 2011-11-09 17:24 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-06-15 1532760]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DBD7]
@="service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Colin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-16 14:03 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP KEYBOARDg]
2008-11-07 19:54 492816 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Elite Keyboard\HPKEYBOARDg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 23:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-12-18 16:24 197928 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 19:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-08-17 05:13 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DBD7;DBD7;c:\windows\system32\svchost.exe [2008-01-19 21504]
R2 MachineTokenService;SOMTS;c:\mitchell1\OnDemand5\Mitchell1.Security.MachineTokenService.exe [2011-05-10 57344]
R3 Franson GpsGate 2.0;Franson GpsGate 2.0;c:\program files\Franson\GpsGate 2.0\GpsGateService.exe [2011-03-31 258048]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2009-11-10 174720]
R3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys [2010-05-18 45608]
R3 ubloxusb;ubloxusb;c:\windows\system32\DRIVERS\ubloxusb.sys [2009-05-19 75264]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
S1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [2006-04-04 14949]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2010-02-17 87176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - A4305980
*Deregistered* - a4305980
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
DBD7
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-15 c:\windows\Tasks\DataAcquisition.job
- c:\program files\Mitchell 1\CRM\Data Acquisition\DataAcquisitionRemote.exe [2011-05-05 00:17]
.
2011-12-14 c:\windows\Tasks\User_Feed_Synchronization-{594BBC91-2886-4FC2-89E6-82B83B51D3A2}.job
- c:\windows\system32\msfeedssync.exe [2011-10-12 21:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
------- File Associations -------
.
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-klmdb.sys
MSConfigStartUp-CarboniteSetupLite - c:\program files\Carbonite\CarbonitePreinstaller.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-wlboWAtMFy - c:\programdata\wlboWAtMFy.exe
AddRemove-OnDemand5 Manager SU - f:\mitchell1\Manager\Series1\RebootWiz
AddRemove-Juniper_Setup_Client - c:\users\Colin\AppData\Roaming\Juniper Networks\Setup Client\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-14 20:52
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DBD7]
"servicedll"="\\.\globalroot\Device\HarddiskVolume1\Users\Colin\AppData\Local\Temp\DBD7.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-12-14 20:57:13
ComboFix-quarantined-files.txt 2011-12-15 02:57
.
Pre-Run: 148,225,937,408 bytes free
Post-Run: 151,944,380,416 bytes free
.
- - End Of File - - 021F898E64DC997106C89F083EBB19C3

Posted Image

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:08 PM

Posted 14 December 2011 - 10:38 PM

Hi

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

NetSvc::
DBD7

Driver::
DBD7

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DBD7]

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT



  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish


Let me know how the computer is running now

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 AllYourBase

AllYourBase
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 15 December 2011 - 03:07 PM

Well here are the new logs you requested. The computer still seems sluggish with regards to performance and boot time and I am still getting the same popups from MBAM like the one posted above. Also the system seemed to hang after I finished running the ESET scan, so I hit cntrl alt del to bring up the task mgr which failed. A dialog box popped up which said:

X Failure Security Options
Logon process has failed to create the security options dialog

After getting this I restarted the computer.

Also, just to make sure I understood the instructions correctly for the ESET scan, I was to leave the "REMOVE FOUND THREATS" box unchecked correct?

Again thank you for your assistance.


MBAM Log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8376

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

12/15/2011 10:18:19 AM
mbam-log-2011-12-15 (10-18-18).txt

Scan type: Quick scan
Objects scanned: 203212
Time elapsed: 19 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ComboFix Log

ComboFix 11-12-13.03 - Colin 12/15/2011 9:06.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1063 [GMT -6:00]
Running from: c:\users\Colin\Desktop\ComboFix.exe
Command switches used :: c:\users\Colin\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DBD7
.
.
((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))
.
.
2011-12-15 15:15 . 2011-12-15 15:21 -------- d-----w- c:\users\Colin\AppData\Local\temp
2011-12-14 22:15 . 2011-12-14 22:15 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-13 01:31 . 2011-12-13 01:31 -------- d-----w- c:\users\Colin\AppData\Roaming\Malwarebytes
2011-12-13 01:31 . 2011-12-13 01:31 -------- d-----w- c:\programdata\Malwarebytes
2011-12-13 01:30 . 2011-12-13 01:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-13 01:30 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-13 00:43 . 2011-12-13 00:43 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2011-12-07 18:38 . 2011-12-13 03:57 -------- d-----w- c:\users\Colin\AppData\Local\EapCommonMusic
2011-11-22 18:13 . 2011-12-13 17:56 -------- d-----w- c:\users\Colin\AppData\Roaming\Skype
2011-11-22 18:12 . 2011-12-13 17:56 -------- d-----w- c:\programdata\Skype
2011-11-22 18:11 . 2011-11-22 18:11 -------- d-----w- c:\program files\CyberLink
2011-11-17 19:46 . 2011-11-17 19:46 -------- d-----w- c:\windows\Driver Cache
2011-11-17 19:46 . 2011-11-17 19:46 -------- d-----w- c:\users\Colin\AppData\Local\Xenocode
2011-11-17 19:46 . 2011-11-17 19:46 -------- d-----w- c:\program files\Xenocode
2011-11-17 19:46 . 2011-11-17 19:46 -------- d-----w- c:\program files\Mitchell 1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 15:19 . 2011-12-15 15:19 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{43118356-3F5E-40D3-8D22-EF021F4B9E47}\offreg.dll
2011-11-21 10:47 . 2011-12-13 14:52 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{43118356-3F5E-40D3-8D22-EF021F4B9E47}\mpengine.dll
2011-11-04 13:29 . 2011-09-29 13:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 11:06 . 2010-06-18 03:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-30 23:06 . 2011-10-12 17:03 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02 . 2011-10-12 17:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01 . 2011-10-12 17:03 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01 . 2011-10-12 17:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:01 . 2011-10-12 17:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 22:07 . 2011-10-12 17:03 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29 . 2011-10-12 17:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28 . 2011-10-12 17:03 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-20 21:02 . 2011-11-09 17:24 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-06-15 1532760]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Colin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-16 14:03 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP KEYBOARDg]
2008-11-07 19:54 492816 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Elite Keyboard\HPKEYBOARDg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 23:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-12-18 16:24 197928 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 19:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-08-17 05:13 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MachineTokenService;SOMTS;c:\mitchell1\OnDemand5\Mitchell1.Security.MachineTokenService.exe [2011-05-10 57344]
R3 Franson GpsGate 2.0;Franson GpsGate 2.0;c:\program files\Franson\GpsGate 2.0\GpsGateService.exe [2011-03-31 258048]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2009-11-10 174720]
R3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys [2010-05-18 45608]
R3 ubloxusb;ubloxusb;c:\windows\system32\DRIVERS\ubloxusb.sys [2009-05-19 75264]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
S1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [2006-04-04 14949]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2010-02-17 87176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-14 c:\windows\Tasks\User_Feed_Synchronization-{594BBC91-2886-4FC2-89E6-82B83B51D3A2}.job
- c:\windows\system32\msfeedssync.exe [2011-10-12 21:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-15 09:24
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Mitchell1\DPR Client Manager\DPRClientManager.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\System32\rundll32.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\ehome\mcupdate.EXE
.
**************************************************************************
.
Completion time: 2011-12-15 09:32:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-15 15:32
ComboFix2.txt 2011-12-15 02:57
.
Pre-Run: 151,956,017,152 bytes free
Post-Run: 151,579,541,504 bytes free
.
- - End Of File - - 939C11065966646279FED95E0C93F25C

ESET Log:

C:\Qoobox\Quarantine\C\Users\Colin\AppData\Local\Temp\DBD7.tmp.vir Win32/Olmarik.AXW trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LVV5BDCK\xxx[1].htm HTML/Iframe.B.Gen virus

Edited by AllYourBase, 15 December 2011 - 03:08 PM.


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:08 PM

Posted 15 December 2011 - 05:45 PM

Hi,

One of the ESET detections is in ComboFix quarantine, which we will clean up shortly, the other is in temp files,

please do the following:

Download TFC to your desktop
Mirror
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean


NEXT

Reset your Router:

  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know the router's default password, you can look it up. HERE
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

NEXT

Please do the following:
  • Click the Microsoft Start logo in the bottom left corner of the screen
  • Click All Programs
  • Click Accessories
  • RIGHT-click on Command Prompt
  • Select Run As Administrator
  • In the command window type the following and then hit enter:


    ipconfig /flushdns


  • You will see the following confirmation:

Windows IP Configuration
Successfully flushed the DNS Resolver Cache.



NEXT

First open an elevated Command Prompt
  • Go to Start > All Programs > Accessories
  • right click on the Command Prompt and choose “Run as administrator”
  • Type the following see how much your hard drive is fragmented (in this example, your C:\ drive):
  • defrag c: -a
  • Vista will tell you a “Percent file fragmentation” and, at the bottom, if you need to defragment the drive or not.
  • To fully defragment your C:\ drive type the following:
  • defrag c: -w
  • Give it time to run (best to leave the computer alone) and then you’re done!



NEXT


Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT



Please advise if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 AllYourBase

AllYourBase
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 15 December 2011 - 08:52 PM

Completed all of the instructions you listed. Hard drive did not require defragmentation. Computer seems better now. Startup time is now just under 4 minutes and CPU usage is much better. The only issue I am still having are the pop up notifications from MBAM. I keep getting them every 30-60 seconds while connected to the internet. Please advise.

Edited by AllYourBase, 15 December 2011 - 08:53 PM.


#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:08 PM

Posted 15 December 2011 - 08:56 PM

Hi,

Please re-run GMER and TDSSKiller

post both logs

thanks

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 AllYourBase

AllYourBase
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 15 December 2011 - 09:06 PM

This is what happens a few minutes after starting GMER

Posted Image

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:08 PM

Posted 15 December 2011 - 09:15 PM

OK, are you able to run TDSSKiller?

Please try this scan

  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 AllYourBase

AllYourBase
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 15 December 2011 - 09:51 PM

TDSS Killer ran successfully. I will post the log below. After trying to run aswMBR in normal Windows mode, the computer rebooted a few minutes into the process. Tried to run it in safe mode, ran a bit longer then blue screen of death and computer restarted again. Upon restarting I got an error message from Windows problem reporting saying Windows cannot open a file on the hard drive. I have a screen capture of that message if you want to see it.

20:06:51.0271 3156 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
20:06:51.0833 3156 ============================================================
20:06:51.0833 3156 Current date / time: 2011/12/15 20:06:51.0833
20:06:51.0833 3156 SystemInfo:
20:06:51.0833 3156
20:06:51.0833 3156 OS Version: 6.0.6002 ServicePack: 2.0
20:06:51.0833 3156 Product type: Workstation
20:06:51.0833 3156 ComputerName: COLIN-LAPTOP
20:06:51.0864 3156 UserName: Colin
20:06:51.0864 3156 Windows directory: C:\Windows
20:06:51.0864 3156 System windows directory: C:\Windows
20:06:51.0864 3156 Processor architecture: Intel x86
20:06:51.0864 3156 Number of processors: 2
20:06:51.0864 3156 Page size: 0x1000
20:06:51.0864 3156 Boot type: Normal boot
20:06:51.0864 3156 ============================================================
20:06:54.0079 3156 Initialize success
20:07:01.0380 0252 ============================================================
20:07:01.0380 0252 Scan started
20:07:01.0380 0252 Mode: Manual;
20:07:01.0380 0252 ============================================================
20:07:06.0403 0252 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:07:06.0435 0252 ACPI - ok
20:07:06.0684 0252 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
20:07:06.0731 0252 adp94xx - ok
20:07:06.0825 0252 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
20:07:06.0856 0252 adpahci - ok
20:07:06.0903 0252 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
20:07:06.0903 0252 adpu160m - ok
20:07:06.0965 0252 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
20:07:06.0981 0252 adpu320 - ok
20:07:07.0277 0252 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:07:07.0293 0252 AFD - ok
20:07:07.0371 0252 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
20:07:07.0371 0252 agp440 - ok
20:07:07.0417 0252 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:07:07.0417 0252 aic78xx - ok
20:07:07.0464 0252 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
20:07:07.0464 0252 aliide - ok
20:07:07.0495 0252 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
20:07:07.0495 0252 amdagp - ok
20:07:07.0527 0252 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
20:07:07.0527 0252 amdide - ok
20:07:07.0573 0252 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
20:07:07.0589 0252 AmdK7 - ok
20:07:07.0636 0252 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
20:07:07.0636 0252 AmdK8 - ok
20:07:07.0729 0252 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
20:07:07.0729 0252 arc - ok
20:07:07.0792 0252 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
20:07:07.0792 0252 arcsas - ok
20:07:07.0823 0252 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:07:07.0823 0252 AsyncMac - ok
20:07:07.0854 0252 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:07:07.0854 0252 atapi - ok
20:07:08.0166 0252 athr (0437199c88f6e88a387cfec8a8886a6e) C:\Windows\system32\DRIVERS\athr.sys
20:07:08.0182 0252 athr - ok
20:07:08.0275 0252 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
20:07:08.0307 0252 BCM43XV - ok
20:07:08.0353 0252 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:07:08.0385 0252 Beep - ok
20:07:08.0463 0252 bizVSerial (6b9d1584a86d7451e1aac3c4f4131514) C:\Windows\system32\drivers\bizVSerialNT.sys
20:07:08.0463 0252 bizVSerial - ok
20:07:08.0463 0252 blbdrive - ok
20:07:08.0509 0252 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:07:08.0525 0252 bowser - ok
20:07:08.0587 0252 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:07:08.0587 0252 BrFiltLo - ok
20:07:08.0603 0252 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:07:08.0603 0252 BrFiltUp - ok
20:07:08.0650 0252 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:07:08.0650 0252 Brserid - ok
20:07:08.0681 0252 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:07:08.0681 0252 BrSerWdm - ok
20:07:08.0712 0252 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:07:08.0712 0252 BrUsbMdm - ok
20:07:08.0728 0252 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:07:08.0728 0252 BrUsbSer - ok
20:07:08.0775 0252 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:07:08.0775 0252 BTHMODEM - ok
20:07:08.0853 0252 BVRPMPR5 (18e0f9c1e7ec4aae40b3f67eab0aee99) C:\Windows\system32\drivers\BVRPMPR5.SYS
20:07:08.0884 0252 BVRPMPR5 - ok
20:07:08.0899 0252 catchme - ok
20:07:08.0993 0252 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:07:09.0024 0252 cdfs - ok
20:07:09.0071 0252 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:07:09.0071 0252 cdrom - ok
20:07:09.0133 0252 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
20:07:09.0149 0252 circlass - ok
20:07:09.0180 0252 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:07:09.0196 0252 CLFS - ok
20:07:09.0258 0252 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:07:09.0258 0252 CmBatt - ok
20:07:09.0289 0252 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
20:07:09.0289 0252 cmdide - ok
20:07:09.0367 0252 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
20:07:09.0383 0252 CnxtHdAudService - ok
20:07:09.0445 0252 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:07:09.0461 0252 Compbatt - ok
20:07:09.0508 0252 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
20:07:09.0508 0252 crcdisk - ok
20:07:09.0555 0252 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
20:07:09.0570 0252 Crusoe - ok
20:07:09.0679 0252 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:07:09.0711 0252 DfsC - ok
20:07:09.0851 0252 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:07:09.0882 0252 disk - ok
20:07:09.0960 0252 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
20:07:09.0960 0252 Dot4 - ok
20:07:10.0023 0252 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:07:10.0054 0252 Dot4Print - ok
20:07:10.0101 0252 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
20:07:10.0101 0252 dot4usb - ok
20:07:10.0163 0252 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:07:10.0163 0252 drmkaud - ok
20:07:10.0366 0252 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:07:10.0381 0252 DXGKrnl - ok
20:07:10.0475 0252 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
20:07:10.0475 0252 E100B - ok
20:07:10.0537 0252 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:07:10.0537 0252 E1G60 - ok
20:07:10.0662 0252 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:07:10.0662 0252 Ecache - ok
20:07:10.0740 0252 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
20:07:10.0740 0252 elxstor - ok
20:07:10.0912 0252 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:07:10.0927 0252 exfat - ok
20:07:10.0974 0252 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:07:10.0974 0252 fastfat - ok
20:07:11.0021 0252 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
20:07:11.0037 0252 fdc - ok
20:07:11.0099 0252 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:07:11.0099 0252 FileInfo - ok
20:07:11.0146 0252 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:07:11.0146 0252 Filetrace - ok
20:07:11.0161 0252 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
20:07:11.0177 0252 flpydisk - ok
20:07:11.0224 0252 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:07:11.0239 0252 FltMgr - ok
20:07:11.0349 0252 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:07:11.0349 0252 Fs_Rec - ok
20:07:11.0380 0252 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
20:07:11.0380 0252 gagp30kx - ok
20:07:11.0442 0252 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
20:07:11.0442 0252 GEARAspiWDM - ok
20:07:11.0583 0252 HdAudAddService (7be40bb4cd16d8760e18ea981ff452ec) C:\Windows\system32\drivers\CHDART.sys
20:07:11.0629 0252 HdAudAddService - ok
20:07:11.0957 0252 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:07:12.0019 0252 HDAudBus - ok
20:07:12.0051 0252 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:07:12.0066 0252 HidBth - ok
20:07:12.0082 0252 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:07:12.0082 0252 HidIr - ok
20:07:12.0144 0252 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:07:12.0144 0252 HidUsb - ok
20:07:12.0191 0252 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
20:07:12.0191 0252 HpCISSs - ok
20:07:12.0285 0252 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
20:07:12.0285 0252 HpqKbFiltr - ok
20:07:12.0331 0252 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
20:07:12.0331 0252 HpqRemHid - ok
20:07:12.0409 0252 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
20:07:12.0425 0252 HSFHWAZL - ok
20:07:12.0487 0252 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:07:12.0550 0252 HSF_DPV - ok
20:07:12.0612 0252 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
20:07:12.0628 0252 HSXHWAZL - ok
20:07:12.0675 0252 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:07:12.0675 0252 HTTP - ok
20:07:12.0721 0252 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
20:07:12.0753 0252 i2omp - ok
20:07:12.0831 0252 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:07:12.0831 0252 i8042prt - ok
20:07:13.0252 0252 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:07:13.0299 0252 ialm - ok
20:07:13.0361 0252 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
20:07:13.0377 0252 iaStorV - ok
20:07:13.0392 0252 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:07:13.0408 0252 iirsp - ok
20:07:13.0455 0252 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
20:07:13.0455 0252 intelide - ok
20:07:13.0501 0252 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
20:07:13.0501 0252 intelppm - ok
20:07:13.0579 0252 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:07:13.0595 0252 IpFilterDriver - ok
20:07:13.0611 0252 IpInIp - ok
20:07:13.0657 0252 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
20:07:13.0689 0252 IPMIDRV - ok
20:07:13.0767 0252 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:07:13.0767 0252 IPNAT - ok
20:07:13.0813 0252 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:07:13.0829 0252 IRENUM - ok
20:07:13.0860 0252 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
20:07:13.0860 0252 isapnp - ok
20:07:13.0923 0252 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:07:13.0938 0252 iScsiPrt - ok
20:07:13.0969 0252 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:07:13.0969 0252 iteatapi - ok
20:07:14.0016 0252 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:07:14.0016 0252 iteraid - ok
20:07:14.0063 0252 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:07:14.0079 0252 kbdclass - ok
20:07:14.0110 0252 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:07:14.0110 0252 kbdhid - ok
20:07:14.0219 0252 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
20:07:14.0250 0252 KSecDD - ok
20:07:14.0344 0252 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:07:14.0375 0252 lltdio - ok
20:07:14.0453 0252 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
20:07:14.0453 0252 LSI_FC - ok
20:07:14.0484 0252 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
20:07:14.0484 0252 LSI_SAS - ok
20:07:14.0531 0252 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
20:07:14.0531 0252 LSI_SCSI - ok
20:07:14.0578 0252 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:07:14.0578 0252 luafv - ok
20:07:14.0687 0252 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
20:07:14.0687 0252 MBAMProtector - ok
20:07:14.0781 0252 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:07:14.0796 0252 mdmxsdk - ok
20:07:14.0859 0252 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
20:07:14.0874 0252 megasas - ok
20:07:14.0937 0252 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:07:14.0952 0252 Modem - ok
20:07:15.0015 0252 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:07:15.0015 0252 monitor - ok
20:07:15.0061 0252 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:07:15.0061 0252 mouclass - ok
20:07:15.0077 0252 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:07:15.0077 0252 mouhid - ok
20:07:15.0108 0252 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:07:15.0108 0252 MountMgr - ok
20:07:15.0139 0252 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
20:07:15.0155 0252 mpio - ok
20:07:15.0202 0252 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:07:15.0202 0252 mpsdrv - ok
20:07:15.0233 0252 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:07:15.0233 0252 Mraid35x - ok
20:07:15.0264 0252 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:07:15.0264 0252 MRxDAV - ok
20:07:15.0327 0252 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:07:15.0342 0252 mrxsmb - ok
20:07:15.0389 0252 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:07:15.0405 0252 mrxsmb10 - ok
20:07:15.0420 0252 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:07:15.0420 0252 mrxsmb20 - ok
20:07:15.0483 0252 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
20:07:15.0483 0252 msahci - ok
20:07:15.0514 0252 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
20:07:15.0514 0252 msdsm - ok
20:07:15.0561 0252 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:07:15.0576 0252 Msfs - ok
20:07:15.0639 0252 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:07:15.0654 0252 msisadrv - ok
20:07:15.0763 0252 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:07:15.0763 0252 MSKSSRV - ok
20:07:15.0810 0252 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:07:15.0826 0252 MSPCLOCK - ok
20:07:15.0857 0252 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:07:15.0873 0252 MSPQM - ok
20:07:15.0904 0252 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:07:15.0951 0252 MsRPC - ok
20:07:15.0982 0252 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:07:15.0982 0252 mssmbios - ok
20:07:16.0013 0252 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:07:16.0013 0252 MSTEE - ok
20:07:16.0060 0252 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:07:16.0060 0252 Mup - ok
20:07:16.0169 0252 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:07:16.0169 0252 NativeWifiP - ok
20:07:16.0450 0252 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:07:16.0465 0252 NDIS - ok
20:07:16.0543 0252 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:07:16.0543 0252 NdisTapi - ok
20:07:16.0621 0252 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:07:16.0621 0252 Ndisuio - ok
20:07:16.0668 0252 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:07:16.0684 0252 NdisWan - ok
20:07:16.0731 0252 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:07:16.0731 0252 NDProxy - ok
20:07:16.0793 0252 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:07:16.0793 0252 NetBIOS - ok
20:07:16.0887 0252 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:07:16.0933 0252 netbt - ok
20:07:17.0167 0252 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:07:17.0199 0252 nfrd960 - ok
20:07:17.0370 0252 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:07:17.0386 0252 Npfs - ok
20:07:17.0464 0252 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:07:17.0464 0252 nsiproxy - ok
20:07:17.0979 0252 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:07:18.0150 0252 Ntfs - ok
20:07:18.0571 0252 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:07:18.0571 0252 ntrigdigi - ok
20:07:18.0649 0252 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:07:18.0665 0252 Null - ok
20:07:19.0367 0252 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
20:07:19.0445 0252 NVENETFD - ok
20:07:20.0646 0252 nvlddmkm (b36c3b866b0d47e2e2856ec8fd746e39) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:07:20.0880 0252 nvlddmkm - ok
20:07:20.0989 0252 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
20:07:20.0989 0252 nvraid - ok
20:07:21.0083 0252 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
20:07:21.0083 0252 nvsmu - ok
20:07:21.0114 0252 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
20:07:21.0114 0252 nvstor - ok
20:07:21.0208 0252 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
20:07:21.0208 0252 nv_agp - ok
20:07:21.0286 0252 NWADI (8261ca50939f83b87c0e474c51c8ef67) C:\Windows\system32\DRIVERS\NWADIenum.sys
20:07:21.0286 0252 NWADI - ok
20:07:21.0301 0252 NwlnkFlt - ok
20:07:21.0317 0252 NwlnkFwd - ok
20:07:21.0364 0252 NWUSBModem (b7112f30d7eff4b5052eba879f46228f) C:\Windows\system32\DRIVERS\nwusbmdm.sys
20:07:21.0364 0252 NWUSBModem - ok
20:07:21.0395 0252 NWUSBPort (b7112f30d7eff4b5052eba879f46228f) C:\Windows\system32\DRIVERS\nwusbser.sys
20:07:21.0395 0252 NWUSBPort - ok
20:07:21.0457 0252 NWUSBPort2 (b7112f30d7eff4b5052eba879f46228f) C:\Windows\system32\DRIVERS\nwusbser2.sys
20:07:21.0457 0252 NWUSBPort2 - ok
20:07:21.0520 0252 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
20:07:21.0535 0252 ohci1394 - ok
20:07:21.0613 0252 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:07:21.0613 0252 Parport - ok
20:07:21.0660 0252 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:07:21.0660 0252 partmgr - ok
20:07:21.0691 0252 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:07:21.0691 0252 Parvdm - ok
20:07:21.0754 0252 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\PCASp50.sys
20:07:21.0754 0252 PCASp50 - ok
20:07:21.0785 0252 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:07:21.0785 0252 pci - ok
20:07:21.0816 0252 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
20:07:21.0816 0252 pciide - ok
20:07:21.0847 0252 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:07:21.0863 0252 pcmcia - ok
20:07:21.0925 0252 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:07:21.0957 0252 PEAUTH - ok
20:07:22.0050 0252 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:07:22.0050 0252 PptpMiniport - ok
20:07:22.0081 0252 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
20:07:22.0081 0252 Processor - ok
20:07:22.0191 0252 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:07:22.0191 0252 PSched - ok
20:07:22.0253 0252 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
20:07:22.0269 0252 PxHelp20 - ok
20:07:22.0378 0252 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
20:07:22.0409 0252 ql2300 - ok
20:07:22.0440 0252 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:07:22.0440 0252 ql40xx - ok
20:07:22.0518 0252 qrkis (3b68696914e467bbe827d2552b5b85ef) C:\Windows\system32\DRIVERS\qrkis.sys
20:07:22.0518 0252 qrkis - ok
20:07:22.0565 0252 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:07:22.0565 0252 QWAVEdrv - ok
20:07:22.0612 0252 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:07:22.0612 0252 RasAcd - ok
20:07:22.0643 0252 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:07:22.0659 0252 Rasl2tp - ok
20:07:22.0690 0252 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:07:22.0705 0252 RasPppoe - ok
20:07:22.0721 0252 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:07:22.0721 0252 RasSstp - ok
20:07:22.0768 0252 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:07:22.0768 0252 rdbss - ok
20:07:22.0815 0252 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:07:22.0815 0252 RDPCDD - ok
20:07:22.0861 0252 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
20:07:22.0861 0252 rdpdr - ok
20:07:22.0877 0252 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:07:22.0877 0252 RDPENCDD - ok
20:07:22.0924 0252 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
20:07:22.0924 0252 RDPWD - ok
20:07:22.0986 0252 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
20:07:22.0986 0252 rimmptsk - ok
20:07:23.0017 0252 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
20:07:23.0017 0252 rimsptsk - ok
20:07:23.0064 0252 RimUsb - ok
20:07:23.0111 0252 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
20:07:23.0127 0252 RimVSerPort - ok
20:07:23.0142 0252 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
20:07:23.0158 0252 rismxdp - ok
20:07:23.0251 0252 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
20:07:23.0251 0252 ROOTMODEM - ok
20:07:23.0314 0252 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:07:23.0314 0252 rspndr - ok
20:07:23.0345 0252 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:07:23.0345 0252 sbp2port - ok
20:07:23.0392 0252 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
20:07:23.0392 0252 sdbus - ok
20:07:23.0423 0252 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:07:23.0423 0252 secdrv - ok
20:07:23.0454 0252 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:07:23.0470 0252 Serenum - ok
20:07:23.0501 0252 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:07:23.0501 0252 Serial - ok
20:07:23.0548 0252 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:07:23.0548 0252 sermouse - ok
20:07:23.0610 0252 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
20:07:23.0610 0252 sffdisk - ok
20:07:23.0626 0252 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
20:07:23.0626 0252 sffp_mmc - ok
20:07:23.0688 0252 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:07:23.0688 0252 sffp_sd - ok
20:07:23.0719 0252 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
20:07:23.0719 0252 sfloppy - ok
20:07:23.0766 0252 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
20:07:23.0766 0252 sisagp - ok
20:07:23.0797 0252 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
20:07:23.0797 0252 SiSRaid2 - ok
20:07:23.0829 0252 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
20:07:23.0829 0252 SiSRaid4 - ok
20:07:23.0938 0252 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:07:23.0938 0252 Smb - ok
20:07:24.0000 0252 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:07:24.0000 0252 spldr - ok
20:07:24.0063 0252 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:07:24.0063 0252 srv - ok
20:07:24.0094 0252 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:07:24.0109 0252 srv2 - ok
20:07:24.0109 0252 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:07:24.0125 0252 srvnet - ok
20:07:24.0219 0252 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:07:24.0234 0252 swenum - ok
20:07:24.0265 0252 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:07:24.0281 0252 Symc8xx - ok
20:07:24.0297 0252 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:07:24.0297 0252 Sym_hi - ok
20:07:24.0328 0252 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:07:24.0328 0252 Sym_u3 - ok
20:07:24.0375 0252 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
20:07:24.0390 0252 SynTP - ok
20:07:24.0499 0252 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
20:07:24.0531 0252 Tcpip - ok
20:07:24.0593 0252 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
20:07:24.0593 0252 Tcpip6 - ok
20:07:24.0640 0252 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:07:24.0671 0252 tcpipreg - ok
20:07:24.0811 0252 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:07:24.0827 0252 TDPIPE - ok
20:07:24.0858 0252 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:07:24.0858 0252 TDTCP - ok
20:07:24.0889 0252 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:07:24.0905 0252 tdx - ok
20:07:24.0952 0252 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:07:24.0967 0252 TermDD - ok
20:07:25.0077 0252 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:07:25.0077 0252 tssecsrv - ok
20:07:25.0139 0252 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:07:25.0155 0252 tunmp - ok
20:07:25.0233 0252 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:07:25.0233 0252 tunnel - ok
20:07:25.0264 0252 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
20:07:25.0264 0252 uagp35 - ok
20:07:25.0342 0252 ubloxusb (83b5f085421bd9d4df1026fe76962f35) C:\Windows\system32\DRIVERS\ubloxusb.sys
20:07:25.0342 0252 ubloxusb - ok
20:07:25.0389 0252 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:07:25.0389 0252 udfs - ok
20:07:25.0435 0252 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
20:07:25.0435 0252 uliagpkx - ok
20:07:25.0467 0252 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
20:07:25.0467 0252 uliahci - ok
20:07:25.0498 0252 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:07:25.0498 0252 UlSata - ok
20:07:25.0529 0252 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:07:25.0529 0252 ulsata2 - ok
20:07:25.0560 0252 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:07:25.0560 0252 umbus - ok
20:07:25.0607 0252 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
20:07:25.0607 0252 USBAAPL - ok
20:07:25.0701 0252 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
20:07:25.0701 0252 usbaudio - ok
20:07:25.0779 0252 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:07:25.0779 0252 usbccgp - ok
20:07:25.0810 0252 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:07:25.0810 0252 usbcir - ok
20:07:25.0872 0252 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:07:25.0872 0252 usbehci - ok
20:07:25.0903 0252 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:07:25.0903 0252 usbhub - ok
20:07:25.0950 0252 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
20:07:25.0950 0252 usbohci - ok
20:07:25.0997 0252 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:07:25.0997 0252 usbprint - ok
20:07:26.0028 0252 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:07:26.0028 0252 usbscan - ok
20:07:26.0075 0252 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:07:26.0075 0252 USBSTOR - ok
20:07:26.0122 0252 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
20:07:26.0122 0252 usbuhci - ok
20:07:26.0184 0252 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
20:07:26.0200 0252 usbvideo - ok
20:07:26.0278 0252 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
20:07:26.0278 0252 vga - ok
20:07:26.0309 0252 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:07:26.0309 0252 VgaSave - ok
20:07:26.0340 0252 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
20:07:26.0340 0252 viaagp - ok
20:07:26.0371 0252 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
20:07:26.0371 0252 ViaC7 - ok
20:07:26.0387 0252 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
20:07:26.0387 0252 viaide - ok
20:07:26.0418 0252 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:07:26.0418 0252 volmgr - ok
20:07:26.0481 0252 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:07:26.0481 0252 volmgrx - ok
20:07:26.0527 0252 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:07:26.0527 0252 volsnap - ok
20:07:26.0559 0252 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
20:07:26.0559 0252 vsmraid - ok
20:07:26.0605 0252 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:07:26.0605 0252 WacomPen - ok
20:07:26.0637 0252 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:07:26.0637 0252 Wanarp - ok
20:07:26.0668 0252 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:07:26.0668 0252 Wanarpv6 - ok
20:07:26.0730 0252 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
20:07:26.0730 0252 Wd - ok
20:07:26.0777 0252 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:07:26.0808 0252 Wdf01000 - ok
20:07:26.0949 0252 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:07:26.0980 0252 winachsf - ok
20:07:27.0042 0252 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:07:27.0042 0252 WmiAcpi - ok
20:07:27.0120 0252 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:07:27.0120 0252 ws2ifsl - ok
20:07:27.0214 0252 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:07:27.0214 0252 WUDFRd - ok
20:07:27.0276 0252 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
20:07:27.0292 0252 XAudio - ok
20:07:27.0307 0252 MBR (0x1B8) (c486e75c3e408b7e4cdcf298cedac0c0) \Device\Harddisk0\DR0
20:07:27.0307 0252 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
20:07:27.0307 0252 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
20:07:27.0323 0252 Boot (0x1200) (a7e9de5b67ed607fcfc3b04b7eab1b12) \Device\Harddisk0\DR0\Partition0
20:07:27.0323 0252 \Device\Harddisk0\DR0\Partition0 - ok
20:07:27.0354 0252 Boot (0x1200) (d6dfeb38bc5c3f6419aac16b1ab83a25) \Device\Harddisk0\DR0\Partition1
20:07:27.0354 0252 \Device\Harddisk0\DR0\Partition1 - ok
20:07:27.0354 0252 ============================================================
20:07:27.0354 0252 Scan finished
20:07:27.0354 0252 ============================================================
20:07:27.0370 4932 Detected object count: 1
20:07:27.0370 4932 Actual detected object count: 1
20:07:38.0493 4932 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
20:07:38.0493 4932 \Device\Harddisk0\DR0 - ok
20:07:38.0493 4932 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
20:07:42.0112 4668 Deinitialize success

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:08 PM

Posted 15 December 2011 - 09:57 PM

Looks as though you may have a new variant that can only be fixed outside of windows,

Please do the following:

You'll need a CD and a USB flashdrive that has some space on it. We will not be changing any of the data on the usb device just using it for a file.

You will also need to use FireFox to download a file as Internet Explorer seems to mangle the download.

If you have any problems with these steps please let me know. It may look complicated but it's fairly straight forward and for the most part automated.


Download GETxPUD.exe to your desktop
  • Run GETxPUD.exe by double clicking it.
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and when finished, it will open BurnCDCC which will be ready to burn the image.
  • Click on Start and follow the prompts to burn the image to your CD

Using FireFox, please download and save dumpit to your usb device.

You may want to print out this part as you will not be able to view these instructions once booted with the CD you just made.
  • Leave the usb device attached to the computer
  • Now boot your computer with the CD you just burned
    • with the CD in the computer, restart the computer
  • The computer must be set to boot from the CD,depending on your computer you can either do this by pressing F12 and selecting the CD as the first boot option or it can be set in the BIOS
  • Once you have the computer set to boot from the CD allow it to boot
  • A Welcome to xPUD screen will appear
  • Click on File
  • Expand mnt
  • sda1,or sda2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
    (you will be able to tell if it the right one as the screen will populate with your files)
  • Locate the file you downloaded and saved earlier, dumpit
  • double click it to run it
  • a black window will open, follow the instructions to close the window when it's finished
  • a file called MBR.zip should now be placed in the right hand panel
  • Click the Home icon at top
  • Remove the CD and click Power off
  • Click restart

Once the computer has rebooted open the usb device and attach the MBR.zip file to your next reply.
[/quote]

Edited by CatByte, 15 December 2011 - 09:57 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 AllYourBase

AllYourBase
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 15 December 2011 - 10:02 PM

Dumb question......What kind of CD do I need?

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:08 PM

Posted 15 December 2011 - 10:08 PM

any kind of CD that you can write data to (CD-R is what I use)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 AllYourBase

AllYourBase
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 16 December 2011 - 12:06 AM

Ok, so I followed your directions and I was able to create the CD, download the program to my flash drive and reboot the computer from the CD rom. However when I went to try and find the USB drive I could not locate it. It was still plugged in to the port when the computer was restarted, and I expanded mnt, sda1 and sda2, but there was no sdb1 that I could find. Was I looking in the wrong place?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users