Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Dropper sirefef.b is killing me


  • Please log in to reply
43 replies to this topic

#1 roadrash03

roadrash03

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 28 January 2012 - 12:13 AM

Hi everyone. So I was directed here because I heard that this site was full of good guys who knew how to help people like me out. So I guess let's get down to it. A few days ago, my anti virus protection software started detecting problems. Malwarebytes Anti-Malware detected "svchost.exe" as well as "exploit:Java/CVE-2011-3544.N" and "Exploit:Java/CVE-2011-3544.U". I have no clue what these mean. I have been looking around but have had heard different things from different sites and people. From my understanding, the svchost.exe may not even be a problem because the exe helps run the computer but then again I believe it could be part of the virus trying to hide itself but I don't know. My second software is Microsoft Security Essentials. It detected "Trojan Dropper iWin32/sirefef.B". I have ran the scans multiple times and have continued to try and remove the corrupt items. Everytime it asks me to restart, the computer comes back on but the corrupt items continue to pop up. Now when I start sometimes, I get a blue screen saying that it has shutdown do to possible danger to the computer. Now I am to the point when I try to run anything on my computer, it asks me what I would like to run that program with. I have never had this happen before so I don't know what is happening. It has gotten worse to the point I don't even know what to do. It doesn't look like I can run anymore scans on my computer. I am contemplating doing a complete system wipe and starting over but would hate to loose everything I have on my computer. If I could get help from someone it would be much appreciated. Thanks so much in advance. Also, if there is any other information you need from me just let me know and I will try my best to provide it.

Edited by hamluis, 28 January 2012 - 08:28 AM.
No logs, moved from Malware Removal Logs to Am i Infected.


BC AdBot (Login to Remove)

 


#2 roadrash03

roadrash03
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 28 January 2012 - 12:21 AM

I am not sure if it even matters but I am using Windows 7 as my operating system. Like I said, I have no idea when it comes to software and what information I/you need so just ask if you need something. I can build a computer but I am not so smart when it comes to the software. I will be the first to say that. Thanks guys.

#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:54 PM

Posted 28 January 2012 - 12:00 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#4 roadrash03

roadrash03
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 28 January 2012 - 03:15 PM

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 21
Out of date Java installed!
Adobe Flash Player ( 10.3.183.7) Flash Player Out of Date!
Mozilla Firefox (3.6.8) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````



-------------------------------------------------------------------------------------------------------

Farbar Service Scanner Version: 18-01-2012 01
Ran by Brett (administrator) on 28-01-2012 at 14:05:44
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


--------------------------------------------------------------------------------------------



MiniToolBox by Farbar Version: 18-01-2012
Ran by Brett (administrator) on 28-01-2012 at 14:08:04
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.http", "127.0.0.1"
"network.proxy.http_port", 8118
"network.proxy.no_proxies_on", "127.0.0.1"
"network.proxy.socks", "127.0.0.1"
"network.proxy.socks_port", 9050
"network.proxy.socks_remote_dns", true
"network.proxy.ssl", "127.0.0.1"
"network.proxy.ssl_port", 8118
"network.proxy.type", 4
========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Brett-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 6C-F0-49-0E-B2-BC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7c3a:187b:d816:f833%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.9(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, January 28, 2012 1:57:52 PM
Lease Expires . . . . . . . . . . : Sunday, January 29, 2012 1:57:51 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 242020425
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-85-50-76-6C-F0-49-0E-B2-BC
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:38c3:2073:52bf:3ae6(Preferred)
Link-local IPv6 Address . . . . . : fe80::38c3:2073:52bf:3ae6%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: myrouter.home
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.227.148
74.125.227.147
74.125.227.144
74.125.227.145
74.125.227.146


Pinging google.com [74.125.227.145] with 32 bytes of data:
Reply from 74.125.227.145: bytes=32 time=9ms TTL=53
Reply from 74.125.227.145: bytes=32 time=6ms TTL=53

Ping statistics for 74.125.227.145:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 6ms, Maximum = 9ms, Average = 7ms
Server: myrouter.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 209.191.122.70
72.30.2.43
98.137.149.56
98.139.180.149


Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=60ms TTL=54
Reply from 72.30.2.43: bytes=32 time=60ms TTL=54

Ping statistics for 72.30.2.43:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 60ms, Maximum = 60ms, Average = 60ms
Server: myrouter.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...6c f0 49 0e b2 bc ......Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.9 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.9 276
192.168.1.9 255.255.255.255 On-link 192.168.1.9 276
192.168.1.255 255.255.255.255 On-link 192.168.1.9 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.9 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.9 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:4137:9e76:38c3:2073:52bf:3ae6/128
On-link
10 276 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::38c3:2073:52bf:3ae6/128
On-link
10 276 fe80::7c3a:187b:d816:f833/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/28/2012 02:00:55 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (01/28/2012 01:58:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Exception code: 0xc0000005
Fault offset: 0x0001af76
Faulting process id: 0x904
Faulting application start time: 0xACDaemon.exe0
Faulting application path: ACDaemon.exe1
Faulting module path: ACDaemon.exe2
Report Id: ACDaemon.exe3

Error: (01/27/2012 00:57:03 AM) (Source: System Restore) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0xc0000034.

Error: (01/26/2012 09:50:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Exception code: 0xc0000005
Fault offset: 0x0001af76
Faulting process id: 0x4ac
Faulting application start time: 0xACDaemon.exe0
Faulting application path: ACDaemon.exe1
Faulting module path: ACDaemon.exe2
Report Id: ACDaemon.exe3

Error: (01/26/2012 09:42:15 PM) (Source: Application Error) (User: )
Description: Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Exception code: 0xc0000005
Fault offset: 0x0001af76
Faulting process id: 0x7e8
Faulting application start time: 0xACDaemon.exe0
Faulting application path: ACDaemon.exe1
Faulting module path: ACDaemon.exe2
Report Id: ACDaemon.exe3

Error: (01/26/2012 09:33:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Exception code: 0xc0000005
Fault offset: 0x0001af76
Faulting process id: 0x980
Faulting application start time: 0xACDaemon.exe0
Faulting application path: ACDaemon.exe1
Faulting module path: ACDaemon.exe2
Report Id: ACDaemon.exe3

Error: (01/22/2012 02:29:09 AM) (Source: Application Error) (User: )
Description: Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Exception code: 0xc0000005
Fault offset: 0x0001af76
Faulting process id: 0x4f0
Faulting application start time: 0xACDaemon.exe0
Faulting application path: ACDaemon.exe1
Faulting module path: ACDaemon.exe2
Report Id: ACDaemon.exe3

Error: (01/22/2012 01:14:38 AM) (Source: Application Error) (User: )
Description: Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Exception code: 0xc0000005
Fault offset: 0x0001af76
Faulting process id: 0x9c8
Faulting application start time: 0xACDaemon.exe0
Faulting application path: ACDaemon.exe1
Faulting module path: ACDaemon.exe2
Report Id: ACDaemon.exe3

Error: (01/22/2012 01:07:21 AM) (Source: Application Error) (User: )
Description: Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Exception code: 0xc0000005
Fault offset: 0x0001af76
Faulting process id: 0x918
Faulting application start time: 0xACDaemon.exe0
Faulting application path: ACDaemon.exe1
Faulting module path: ACDaemon.exe2
Report Id: ACDaemon.exe3

Error: (01/22/2012 00:55:57 AM) (Source: Application Error) (User: )
Description: Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Exception code: 0xc0000005
Fault offset: 0x0001af76
Faulting process id: 0x94c
Faulting application start time: 0xACDaemon.exe0
Faulting application path: ACDaemon.exe1
Faulting module path: ACDaemon.exe2
Report Id: ACDaemon.exe3


System errors:
=============
Error: (01/28/2012 01:55:52 PM) (Source: BugCheck) (User: )
Description: 0x0000001e (0xffffffffc0000096, 0xfffff80002d00b5a, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP012812-28126-01

Error: (01/27/2012 00:56:37 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/27/2012 00:56:37 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/27/2012 00:56:37 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/27/2012 00:56:37 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/27/2012 00:56:37 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/27/2012 00:56:36 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/27/2012 00:56:36 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/27/2012 00:56:35 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/27/2012 00:56:29 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Adobe After Effects CS4 (Version: 9)
Adobe After Effects CS4 Presets (Version: 9)
Adobe After Effects CS4 Third Party Content (Version: 9)
Adobe AIR (Version: 1.5.3.9130)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color Video Profiles AE CS4 (Version: 2.0)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS4 (Version: 2)
Adobe Dynamiclink Support (Version: 1)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Flash Player 10 ActiveX (Version: 10.2.159.1)
Adobe Flash Player 10 Plugin (Version: 10.3.183.7)
Adobe Fonts All (Version: 2.0)
Adobe Media Encoder CS4 (Version: 1.0)
Adobe Media Encoder CS4 Additional Exporter (Version: 1.0)
Adobe Media Encoder CS4 Exporter (Version: 1.0)
Adobe Media Encoder CS4 Importer (Version: 1.0)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe MotionPicture Color Files CS4 (Version: 2.0)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Reader 9.3.2 (Version: 9.3.2)
Adobe Setup (Version: 2.0)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
ArcSoft TotalMedia Extreme (Version: 1.0.9.5)
ArcSoft TotalMedia Extreme (Version: 2.0.33.4)
ATI Catalyst Install Manager (Version: 3.0.769.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0406.2133.36843)
Catalyst Control Center Graphics Full Existing (Version: 2010.0406.2133.36843)
Catalyst Control Center Graphics Full New (Version: 2010.0406.2133.36843)
Catalyst Control Center Graphics Light (Version: 2010.0406.2133.36843)
Catalyst Control Center Graphics Previews Common (Version: 2010.0406.2133.36843)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0406.2133.36843)
Catalyst Control Center HydraVision Full (Version: 2010.0406.2133.36843)
Catalyst Control Center InstallProxy (Version: 2010.0406.2133.36843)
ccc-core-static (Version: 2010.0406.2133.36843)
ccc-utility64 (Version: 2010.0406.2133.36843)
CCC Help English (Version: 2010.0406.2132.36843)
ConvertXtoDVD 4.1.19.365 (Version: 4.1.19.365)
Hauppauge WinTV Infrared Remote (Version: 2.63.26309)
Hauppauge WinTV IR Blaster (Version: 7.1.27070)
Hauppauge WinTV Scheduler
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 21 (Version: 6.0.210)
League of Legends (Version: 1.3)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
MapleStory
Microsoft Antimalware (Version: 2.1.6805.0)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Essentials (Version: 1.0.1963.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Moto Helper Service (Version: 5.5)
MotoHelper 2.0.44 Driver 4.9.0 (Version: 2.0.44)
MotoHelper MergeModules (Version: 1.2.0)
Motorola Mobile Drivers Installation 4.9.0 (Version: 4.9.0)
Mototools Software Update (Version: 3.4.7)
Mozilla Firefox (3.6.8) (Version: 3.6.8 (en-US))
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Pando Media Booster (Version: 2.3.6.0)
Photoshop Camera Raw (Version: 5.0)
Pixel Bender Toolkit (Version: 1.0)
Polipo 1.0.4.1
Skype Click to Call (Version: 5.7.8773)
Skype™ 5.5 (Version: 5.5.124)
Sony Vegas Pro 8.0 (Version: 8.0.260)
Suite Shared Configuration CS4 (Version: 1.0)
The Lord of the Rings FREE Trial (Version: 1.00.0000)
Tor 0.2.1.26
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Vidalia 0.2.9
VLC media player 1.0.5 (Version: 1.0.5)
Windows Mobile Device Updater Component (Version: 04.07.1404.00)
WinRAR archiver
Zune (Version: 04.07.1404.00)
Zune Language Pack (DEU) (Version: 04.07.1404.00)
Zune Language Pack (ESP) (Version: 04.07.1404.00)
Zune Language Pack (FRA) (Version: 04.07.1404.00)
Zune Language Pack (ITA) (Version: 04.07.1404.00)
Zune Language Pack (NLD) (Version: 04.07.1404.00)
Zune Language Pack (PTB) (Version: 04.07.1404.00)
Zune Language Pack (PTG) (Version: 04.07.1404.00)

========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 8190.49 MB
Available physical RAM: 5171.08 MB
Total Pagefile: 16379.18 MB
Available Pagefile: 13162.64 MB
Total Virtual: 4095.88 MB
Available Virtual: 3977.86 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:931.41 GB) (Free:28.4 GB) NTFS

========================= Users: ========================================

User accounts for \\BRETT-PC

Administrator Brett Guest


**** End of log ****


--------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.28.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Brett :: BRETT-PC [administrator]

1/28/2012 2:11:20 PM
mbam-log-2012-01-28 (14-11-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 180482
Time elapsed: 3 minute(s), 5 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 2316 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)


-----------------------------------------------------------------------------------------------------

#5 roadrash03

roadrash03
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 28 January 2012 - 03:51 PM

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-28 14:24:25
-----------------------------
14:24:25.964 OS Version: Windows x64 6.1.7601 Service Pack 1
14:24:25.965 Number of processors: 4 586 0x403
14:24:25.965 ComputerName: BRETT-PC UserName: Brett
14:24:30.757 Initialize success
14:26:20.299 AVAST engine defs: 12012600
14:28:09.013 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4
14:28:09.023 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
14:28:09.028 Device \Driver\atapi -> MajorFunction fffffa80084995c4
14:28:09.034 Disk 0 MBR read successfully
14:28:09.039 Disk 0 MBR scan
14:28:09.076 Disk 0 MBR:Pihar-C [Rtk]
14:28:09.078 Disk 0 TDL4@MBR code has been found
14:28:09.079 Disk 0 Windows 7 default MBR code found via API
14:28:09.081 Disk 0 MBR hidden
14:28:09.111 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:28:09.139 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
14:28:09.158 Disk 0 MBR [TDL4] **ROOTKIT**
14:28:09.161 Disk 0 trace - called modules:
14:28:09.164 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80084995c4]<<
14:28:09.167 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b0a060]
14:28:09.170 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa800785e580]
14:28:09.172 5 ACPI.sys[fffff88000e4f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa8007862060]
14:28:09.180 \Driver\atapi[0xfffffa80069ab660] -> IRP_MJ_CREATE -> 0xfffffa80084995c4
14:28:10.210 AVAST engine scan C:\Windows
14:28:23.437 AVAST engine scan C:\Windows\system32
14:32:39.642 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
14:35:02.261 AVAST engine scan C:\Windows\system32\drivers
14:35:25.863 AVAST engine scan C:\Users\Brett
14:48:47.050 AVAST engine scan C:\ProgramData
14:49:30.086 Scan finished successfully
14:49:55.619 Disk 0 MBR has been saved successfully to "C:\Users\Brett\Desktop\MBR.dat"
14:49:55.648 The log file has been saved successfully to "C:\Users\Brett\Desktop\aswMBR.txt"

#6 roadrash03

roadrash03
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 28 January 2012 - 04:01 PM

Also, I figured that I would mention that MSE found 4 things on my computer while I was downloading and running all of these tests. They are as follows:

Exploit:Java/CVE-2011-3544.N
Backdoor:Win32/Cycbot.G
Rogue:Win32/FakeRean
Adware:MSIL/SanctionedMedia

I did nothing with them since it was not in your instructions. I just figured that I would let you know anything and everything that I came across while on the computer. I write from my laptop for these things and get off my main computer just so that it doesn't stay on to get any worse. I hope that this is enough information for you. Thanks.

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:54 PM

Posted 28 January 2012 - 06:56 PM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 roadrash03

roadrash03
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 28 January 2012 - 10:33 PM

21:29:46.0889 4332 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
21:29:47.0373 4332 ============================================================
21:29:47.0373 4332 Current date / time: 2012/01/28 21:29:47.0373
21:29:47.0373 4332 SystemInfo:
21:29:47.0373 4332
21:29:47.0373 4332 OS Version: 6.1.7601 ServicePack: 1.0
21:29:47.0373 4332 Product type: Workstation
21:29:47.0373 4332 ComputerName: BRETT-PC
21:29:47.0373 4332 UserName: Brett
21:29:47.0373 4332 Windows directory: C:\Windows
21:29:47.0373 4332 System windows directory: C:\Windows
21:29:47.0373 4332 Running under WOW64
21:29:47.0373 4332 Processor architecture: Intel x64
21:29:47.0373 4332 Number of processors: 4
21:29:47.0373 4332 Page size: 0x1000
21:29:47.0373 4332 Boot type: Normal boot
21:29:47.0373 4332 ============================================================
21:29:49.0354 4332 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
21:29:49.0417 4332 Initialize success
21:29:54.0689 1040 ============================================================
21:29:54.0689 1040 Scan started
21:29:54.0689 1040 Mode: Manual;
21:29:54.0689 1040 ============================================================
21:29:56.0437 1040 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:29:56.0437 1040 1394ohci - ok
21:29:56.0483 1040 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
21:29:56.0515 1040 61883 - ok
21:29:56.0593 1040 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:29:56.0608 1040 ACPI - ok
21:29:56.0639 1040 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:29:56.0655 1040 AcpiPmi - ok
21:29:56.0702 1040 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:29:56.0717 1040 adp94xx - ok
21:29:56.0733 1040 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:29:56.0749 1040 adpahci - ok
21:29:56.0749 1040 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:29:56.0764 1040 adpu320 - ok
21:29:56.0764 1040 Afc - ok
21:29:56.0811 1040 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:29:56.0827 1040 AFD - ok
21:29:56.0858 1040 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:29:56.0858 1040 agp440 - ok
21:29:56.0873 1040 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:29:56.0873 1040 aliide - ok
21:29:56.0889 1040 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:29:56.0889 1040 amdide - ok
21:29:56.0936 1040 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:29:56.0951 1040 AmdK8 - ok
21:29:57.0279 1040 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
21:29:57.0388 1040 amdkmdag - ok
21:29:57.0466 1040 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
21:29:57.0482 1040 amdkmdap - ok
21:29:57.0529 1040 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:29:57.0529 1040 AmdPPM - ok
21:29:57.0575 1040 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:29:57.0607 1040 amdsata - ok
21:29:57.0622 1040 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:29:57.0638 1040 amdsbs - ok
21:29:57.0653 1040 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:29:57.0653 1040 amdxata - ok
21:29:57.0700 1040 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:29:57.0731 1040 AppID - ok
21:29:57.0778 1040 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:29:57.0778 1040 arc - ok
21:29:57.0794 1040 archlp - ok
21:29:57.0809 1040 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:29:57.0809 1040 arcsas - ok
21:29:57.0856 1040 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:29:57.0872 1040 AsyncMac - ok
21:29:57.0903 1040 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:29:57.0919 1040 atapi - ok
21:29:57.0950 1040 AtiHdmiService (7e2f5a758f63f80f8b03f889b4e6b19f) C:\Windows\system32\drivers\AtiHdmi.sys
21:29:57.0950 1040 AtiHdmiService - ok
21:29:58.0028 1040 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
21:29:58.0043 1040 Avc - ok
21:29:58.0106 1040 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:29:58.0153 1040 b06bdrv - ok
21:29:58.0168 1040 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:29:58.0184 1040 b57nd60a - ok
21:29:58.0215 1040 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:29:58.0215 1040 Beep - ok
21:29:58.0262 1040 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:29:58.0277 1040 blbdrive - ok
21:29:58.0309 1040 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:29:58.0309 1040 bowser - ok
21:29:58.0324 1040 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:29:58.0340 1040 BrFiltLo - ok
21:29:58.0340 1040 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:29:58.0355 1040 BrFiltUp - ok
21:29:58.0371 1040 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:29:58.0387 1040 Brserid - ok
21:29:58.0387 1040 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:29:58.0402 1040 BrSerWdm - ok
21:29:58.0402 1040 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:29:58.0418 1040 BrUsbMdm - ok
21:29:58.0418 1040 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:29:58.0418 1040 BrUsbSer - ok
21:29:58.0465 1040 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
21:29:58.0480 1040 BTCFilterService - ok
21:29:58.0511 1040 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:29:58.0527 1040 BTHMODEM - ok
21:29:58.0574 1040 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:29:58.0589 1040 cdfs - ok
21:29:58.0652 1040 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:29:58.0683 1040 cdrom - ok
21:29:58.0699 1040 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:29:58.0730 1040 circlass - ok
21:29:58.0761 1040 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:29:58.0777 1040 CLFS - ok
21:29:58.0792 1040 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:29:58.0808 1040 CmBatt - ok
21:29:58.0823 1040 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:29:58.0823 1040 cmdide - ok
21:29:58.0855 1040 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
21:29:58.0855 1040 CNG - ok
21:29:58.0886 1040 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:29:58.0886 1040 Compbatt - ok
21:29:58.0901 1040 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:29:58.0917 1040 CompositeBus - ok
21:29:58.0933 1040 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:29:58.0933 1040 crcdisk - ok
21:29:58.0995 1040 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:29:59.0011 1040 CSC - ok
21:29:59.0042 1040 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:29:59.0057 1040 DfsC - ok
21:29:59.0073 1040 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:29:59.0089 1040 discache - ok
21:29:59.0104 1040 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:29:59.0104 1040 Disk - ok
21:29:59.0135 1040 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:29:59.0151 1040 drmkaud - ok
21:29:59.0182 1040 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:29:59.0182 1040 DXGKrnl - ok
21:29:59.0276 1040 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:29:59.0323 1040 ebdrv - ok
21:29:59.0385 1040 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:29:59.0385 1040 elxstor - ok
21:29:59.0416 1040 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:29:59.0432 1040 ErrDev - ok
21:29:59.0463 1040 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:29:59.0479 1040 exfat - ok
21:29:59.0494 1040 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:29:59.0510 1040 fastfat - ok
21:29:59.0541 1040 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:29:59.0557 1040 fdc - ok
21:29:59.0572 1040 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:29:59.0572 1040 FileInfo - ok
21:29:59.0588 1040 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:29:59.0603 1040 Filetrace - ok
21:29:59.0635 1040 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:29:59.0666 1040 flpydisk - ok
21:29:59.0728 1040 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:29:59.0744 1040 FltMgr - ok
21:29:59.0791 1040 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:29:59.0791 1040 FsDepends - ok
21:29:59.0806 1040 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:29:59.0806 1040 Fs_Rec - ok
21:29:59.0900 1040 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:29:59.0900 1040 fvevol - ok
21:29:59.0931 1040 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:29:59.0931 1040 gagp30kx - ok
21:29:59.0962 1040 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:29:59.0978 1040 hcw85cir - ok
21:30:00.0071 1040 hcwhdpvr (9010fa16badfde702e8dfeb26e19e0e9) C:\Windows\system32\DRIVERS\hcwhdpvr.sys
21:30:00.0134 1040 hcwhdpvr - ok
21:30:00.0274 1040 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:30:00.0337 1040 HdAudAddService - ok
21:30:00.0399 1040 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:30:00.0399 1040 HDAudBus - ok
21:30:00.0461 1040 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:30:00.0524 1040 HidBatt - ok
21:30:00.0555 1040 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:30:00.0586 1040 HidBth - ok
21:30:00.0633 1040 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:30:00.0649 1040 HidIr - ok
21:30:00.0789 1040 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
21:30:00.0820 1040 HidUsb - ok
21:30:00.0867 1040 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:30:00.0867 1040 HpSAMD - ok
21:30:00.0929 1040 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:30:00.0929 1040 HTTP - ok
21:30:00.0961 1040 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:30:00.0961 1040 hwpolicy - ok
21:30:01.0023 1040 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:30:01.0023 1040 i8042prt - ok
21:30:01.0070 1040 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:30:01.0085 1040 iaStorV - ok
21:30:01.0101 1040 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:30:01.0101 1040 iirsp - ok
21:30:01.0117 1040 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:30:01.0117 1040 intelide - ok
21:30:01.0148 1040 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:30:01.0179 1040 intelppm - ok
21:30:01.0195 1040 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:30:01.0210 1040 IpFilterDriver - ok
21:30:01.0226 1040 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:30:01.0241 1040 IPMIDRV - ok
21:30:01.0273 1040 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:30:01.0304 1040 IPNAT - ok
21:30:01.0335 1040 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:30:01.0335 1040 IRENUM - ok
21:30:01.0366 1040 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:30:01.0366 1040 isapnp - ok
21:30:01.0382 1040 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:30:01.0397 1040 iScsiPrt - ok
21:30:01.0413 1040 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:30:01.0413 1040 kbdclass - ok
21:30:01.0429 1040 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:30:01.0444 1040 kbdhid - ok
21:30:01.0491 1040 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
21:30:01.0491 1040 KSecDD - ok
21:30:01.0522 1040 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
21:30:01.0522 1040 KSecPkg - ok
21:30:01.0553 1040 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:30:01.0569 1040 ksthunk - ok
21:30:01.0631 1040 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:30:01.0663 1040 lltdio - ok
21:30:01.0694 1040 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:30:01.0694 1040 LSI_FC - ok
21:30:01.0709 1040 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:30:01.0709 1040 LSI_SAS - ok
21:30:01.0741 1040 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:30:01.0741 1040 LSI_SAS2 - ok
21:30:01.0756 1040 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:30:01.0756 1040 LSI_SCSI - ok
21:30:01.0772 1040 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:30:01.0787 1040 luafv - ok
21:30:01.0803 1040 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:30:01.0803 1040 megasas - ok
21:30:01.0819 1040 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:30:01.0819 1040 MegaSR - ok
21:30:01.0865 1040 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:30:01.0881 1040 Modem - ok
21:30:01.0928 1040 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:30:01.0928 1040 monitor - ok
21:30:01.0975 1040 motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys
21:30:01.0990 1040 motandroidusb - ok
21:30:02.0068 1040 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
21:30:02.0084 1040 MotoSwitchService - ok
21:30:02.0115 1040 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
21:30:02.0131 1040 Motousbnet - ok
21:30:02.0193 1040 motport (6cbc0f4005593c96c9aecad39f0690fc) C:\Windows\system32\DRIVERS\motport.sys
21:30:02.0193 1040 motport - ok
21:30:02.0224 1040 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
21:30:02.0224 1040 mouclass - ok
21:30:02.0255 1040 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:30:02.0271 1040 mouhid - ok
21:30:02.0349 1040 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:30:02.0365 1040 mountmgr - ok
21:30:02.0411 1040 MpFilter (c4d8c3031c7cd5884ca856b15307e997) C:\Windows\system32\DRIVERS\MpFilter.sys
21:30:02.0411 1040 MpFilter - ok
21:30:02.0427 1040 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:30:02.0427 1040 mpio - ok
21:30:02.0458 1040 MpNWMon (a768f58c55d3f303e686a7646348aec3) C:\Windows\system32\DRIVERS\MpNWMon.sys
21:30:02.0474 1040 MpNWMon - ok
21:30:02.0489 1040 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:30:02.0489 1040 mpsdrv - ok
21:30:02.0552 1040 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:30:02.0583 1040 MRxDAV - ok
21:30:02.0614 1040 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:30:02.0614 1040 mrxsmb - ok
21:30:02.0645 1040 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:30:02.0661 1040 mrxsmb10 - ok
21:30:02.0677 1040 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:30:02.0677 1040 mrxsmb20 - ok
21:30:02.0692 1040 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:30:02.0708 1040 msahci - ok
21:30:02.0739 1040 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:30:02.0739 1040 msdsm - ok
21:30:02.0786 1040 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
21:30:02.0817 1040 MSDV - ok
21:30:02.0833 1040 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:30:02.0864 1040 Msfs - ok
21:30:02.0879 1040 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:30:02.0895 1040 mshidkmdf - ok
21:30:02.0926 1040 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:30:02.0926 1040 msisadrv - ok
21:30:02.0973 1040 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:30:02.0989 1040 MSKSSRV - ok
21:30:03.0020 1040 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:30:03.0035 1040 MSPCLOCK - ok
21:30:03.0035 1040 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:30:03.0067 1040 MSPQM - ok
21:30:03.0098 1040 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:30:03.0098 1040 MsRPC - ok
21:30:03.0129 1040 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:30:03.0129 1040 mssmbios - ok
21:30:03.0160 1040 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:30:03.0191 1040 MSTEE - ok
21:30:03.0207 1040 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:30:03.0223 1040 MTConfig - ok
21:30:03.0238 1040 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:30:03.0238 1040 Mup - ok
21:30:03.0269 1040 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:30:03.0285 1040 NativeWifiP - ok
21:30:03.0379 1040 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:30:03.0394 1040 NDIS - ok
21:30:03.0441 1040 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:30:03.0457 1040 NdisCap - ok
21:30:03.0503 1040 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:30:03.0535 1040 NdisTapi - ok
21:30:03.0566 1040 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:30:03.0597 1040 Ndisuio - ok
21:30:03.0628 1040 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:30:03.0659 1040 NdisWan - ok
21:30:03.0675 1040 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:30:03.0706 1040 NDProxy - ok
21:30:03.0706 1040 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:30:03.0722 1040 NetBIOS - ok
21:30:03.0753 1040 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:30:03.0769 1040 NetBT - ok
21:30:03.0815 1040 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:30:03.0815 1040 nfrd960 - ok
21:30:03.0831 1040 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:30:03.0847 1040 Npfs - ok
21:30:03.0847 1040 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:30:03.0862 1040 nsiproxy - ok
21:30:03.0940 1040 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:30:03.0971 1040 Ntfs - ok
21:30:04.0018 1040 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:30:04.0034 1040 Null - ok
21:30:04.0081 1040 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:30:04.0096 1040 nvraid - ok
21:30:04.0127 1040 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:30:04.0127 1040 nvstor - ok
21:30:04.0190 1040 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:30:04.0190 1040 nv_agp - ok
21:30:04.0252 1040 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:30:04.0268 1040 ohci1394 - ok
21:30:04.0299 1040 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:30:04.0315 1040 Parport - ok
21:30:04.0315 1040 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:30:04.0315 1040 partmgr - ok
21:30:04.0377 1040 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:30:04.0377 1040 pci - ok
21:30:04.0393 1040 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:30:04.0408 1040 pciide - ok
21:30:04.0455 1040 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:30:04.0471 1040 pcmcia - ok
21:30:04.0517 1040 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
21:30:04.0533 1040 pcouffin - ok
21:30:04.0549 1040 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:30:04.0549 1040 pcw - ok
21:30:04.0564 1040 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:30:04.0580 1040 PEAUTH - ok
21:30:04.0642 1040 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:30:04.0658 1040 PptpMiniport - ok
21:30:04.0689 1040 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:30:04.0720 1040 Processor - ok
21:30:04.0767 1040 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:30:04.0767 1040 Psched - ok
21:30:04.0829 1040 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:30:04.0861 1040 ql2300 - ok
21:30:04.0876 1040 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:30:04.0876 1040 ql40xx - ok
21:30:04.0907 1040 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:30:04.0939 1040 QWAVEdrv - ok
21:30:04.0954 1040 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:30:04.0985 1040 RasAcd - ok
21:30:05.0032 1040 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:30:05.0063 1040 RasAgileVpn - ok
21:30:05.0095 1040 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:30:05.0126 1040 Rasl2tp - ok
21:30:05.0157 1040 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:30:05.0157 1040 RasPppoe - ok
21:30:05.0173 1040 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:30:05.0173 1040 RasSstp - ok
21:30:05.0204 1040 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:30:05.0251 1040 rdbss - ok
21:30:05.0266 1040 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:30:05.0282 1040 rdpbus - ok
21:30:05.0297 1040 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:30:05.0313 1040 RDPCDD - ok
21:30:05.0391 1040 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
21:30:05.0438 1040 RDPDR - ok
21:30:05.0453 1040 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:30:05.0469 1040 RDPENCDD - ok
21:30:05.0500 1040 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:30:05.0516 1040 RDPREFMP - ok
21:30:05.0563 1040 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
21:30:05.0594 1040 RdpVideoMiniport - ok
21:30:05.0625 1040 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:30:05.0656 1040 RDPWD - ok
21:30:05.0703 1040 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:30:05.0703 1040 rdyboost - ok
21:30:05.0765 1040 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:30:05.0781 1040 rspndr - ok
21:30:05.0828 1040 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:30:05.0859 1040 RTL8167 - ok
21:30:05.0890 1040 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
21:30:05.0906 1040 s3cap - ok
21:30:05.0937 1040 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:30:05.0937 1040 sbp2port - ok
21:30:05.0968 1040 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:30:05.0968 1040 scfilter - ok
21:30:05.0999 1040 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:30:05.0999 1040 secdrv - ok
21:30:06.0015 1040 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:30:06.0031 1040 Serenum - ok
21:30:06.0046 1040 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:30:06.0046 1040 Serial - ok
21:30:06.0093 1040 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:30:06.0109 1040 sermouse - ok
21:30:06.0155 1040 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:30:06.0155 1040 sffdisk - ok
21:30:06.0171 1040 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:30:06.0187 1040 sffp_mmc - ok
21:30:06.0202 1040 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:30:06.0202 1040 sffp_sd - ok
21:30:06.0218 1040 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:30:06.0233 1040 sfloppy - ok
21:30:06.0249 1040 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:30:06.0249 1040 SiSRaid2 - ok
21:30:06.0265 1040 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:30:06.0265 1040 SiSRaid4 - ok
21:30:06.0296 1040 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:30:06.0343 1040 Smb - ok
21:30:06.0389 1040 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:30:06.0389 1040 spldr - ok
21:30:06.0452 1040 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:30:06.0467 1040 srv - ok
21:30:06.0499 1040 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:30:06.0499 1040 srv2 - ok
21:30:06.0530 1040 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:30:06.0530 1040 srvnet - ok
21:30:06.0577 1040 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:30:06.0577 1040 stexstor - ok
21:30:06.0623 1040 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
21:30:06.0623 1040 storflt - ok
21:30:06.0733 1040 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
21:30:06.0733 1040 storvsc - ok
21:30:06.0748 1040 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:30:06.0764 1040 swenum - ok
21:30:06.0779 1040 Synth3dVsc - ok
21:30:06.0873 1040 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:30:06.0889 1040 Tcpip - ok
21:30:06.0920 1040 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:30:06.0920 1040 TCPIP6 - ok
21:30:06.0967 1040 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:30:06.0967 1040 tcpipreg - ok
21:30:07.0013 1040 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:30:07.0029 1040 TDPIPE - ok
21:30:07.0045 1040 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:30:07.0060 1040 TDTCP - ok
21:30:07.0107 1040 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:30:07.0138 1040 tdx - ok
21:30:07.0169 1040 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:30:07.0169 1040 TermDD - ok
21:30:07.0232 1040 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:30:07.0247 1040 tssecsrv - ok
21:30:07.0294 1040 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:30:07.0325 1040 TsUsbFlt - ok
21:30:07.0341 1040 tsusbhub - ok
21:30:07.0388 1040 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:30:07.0419 1040 tunnel - ok
21:30:07.0435 1040 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:30:07.0435 1040 uagp35 - ok
21:30:07.0497 1040 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:30:07.0528 1040 udfs - ok
21:30:07.0559 1040 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:30:07.0559 1040 uliagpkx - ok
21:30:07.0606 1040 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:30:07.0622 1040 umbus - ok
21:30:07.0637 1040 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:30:07.0653 1040 UmPass - ok
21:30:07.0715 1040 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:30:07.0747 1040 usbaudio - ok
21:30:07.0793 1040 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:30:07.0809 1040 usbccgp - ok
21:30:07.0856 1040 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:30:07.0871 1040 usbcir - ok
21:30:07.0903 1040 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:30:07.0903 1040 usbehci - ok
21:30:07.0934 1040 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:30:07.0949 1040 usbhub - ok
21:30:07.0965 1040 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
21:30:07.0965 1040 usbohci - ok
21:30:08.0012 1040 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:30:08.0027 1040 usbprint - ok
21:30:08.0059 1040 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:30:08.0090 1040 usbscan - ok
21:30:08.0121 1040 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
21:30:08.0137 1040 USBSTOR - ok
21:30:08.0152 1040 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:30:08.0168 1040 usbuhci - ok
21:30:08.0199 1040 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:30:08.0215 1040 vdrvroot - ok
21:30:08.0246 1040 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:30:08.0261 1040 vga - ok
21:30:08.0277 1040 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:30:08.0277 1040 VgaSave - ok
21:30:08.0308 1040 VGPU - ok
21:30:08.0324 1040 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:30:08.0339 1040 vhdmp - ok
21:30:08.0386 1040 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:30:08.0386 1040 viaide - ok
21:30:08.0417 1040 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
21:30:08.0433 1040 vmbus - ok
21:30:08.0449 1040 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
21:30:08.0480 1040 VMBusHID - ok
21:30:08.0511 1040 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:30:08.0511 1040 volmgr - ok
21:30:08.0589 1040 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:30:08.0589 1040 volmgrx - ok
21:30:08.0620 1040 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:30:08.0636 1040 volsnap - ok
21:30:08.0683 1040 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:30:08.0683 1040 vsmraid - ok
21:30:08.0714 1040 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:30:08.0729 1040 vwifibus - ok
21:30:08.0776 1040 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:30:08.0807 1040 WacomPen - ok
21:30:08.0839 1040 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:30:08.0870 1040 WANARP - ok
21:30:08.0870 1040 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:30:08.0885 1040 Wanarpv6 - ok
21:30:08.0901 1040 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:30:08.0917 1040 Wd - ok
21:30:08.0932 1040 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:30:08.0932 1040 Wdf01000 - ok
21:30:08.0963 1040 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:30:08.0963 1040 WfpLwf - ok
21:30:08.0979 1040 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:30:08.0979 1040 WIMMount - ok
21:30:09.0026 1040 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:30:09.0041 1040 WinUsb - ok
21:30:09.0073 1040 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:30:09.0073 1040 WmiAcpi - ok
21:30:09.0119 1040 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:30:09.0119 1040 ws2ifsl - ok
21:30:09.0151 1040 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:30:09.0166 1040 WudfPf - ok
21:30:09.0197 1040 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:30:09.0213 1040 WUDFRd - ok
21:30:09.0229 1040 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
21:30:09.0244 1040 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
21:30:09.0244 1040 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
21:30:09.0275 1040 Boot (0x1200) (946efc3083a327fae2fdbf422230885f) \Device\Harddisk0\DR0\Partition0
21:30:09.0291 1040 \Device\Harddisk0\DR0\Partition0 - ok
21:30:09.0307 1040 Boot (0x1200) (4c82af2e650149f005a597dadd4cce6f) \Device\Harddisk0\DR0\Partition1
21:30:09.0307 1040 \Device\Harddisk0\DR0\Partition1 - ok
21:30:09.0307 1040 ============================================================
21:30:09.0307 1040 Scan finished
21:30:09.0307 1040 ============================================================
21:30:09.0338 4408 Detected object count: 1
21:30:09.0338 4408 Actual detected object count: 1
21:30:18.0901 4408 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
21:30:18.0901 4408 \Device\Harddisk0\DR0 - ok
21:30:18.0901 4408 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
21:30:29.0961 3832 Deinitialize success

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:54 PM

Posted 28 January 2012 - 10:37 PM

Good :)
Post new aswMBR log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 roadrash03

roadrash03
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 29 January 2012 - 12:14 AM

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-28 14:24:25
-----------------------------
14:24:25.964 OS Version: Windows x64 6.1.7601 Service Pack 1
14:24:25.965 Number of processors: 4 586 0x403
14:24:25.965 ComputerName: BRETT-PC UserName: Brett
14:24:30.757 Initialize success
14:26:20.299 AVAST engine defs: 12012600
14:28:09.013 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4
14:28:09.023 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
14:28:09.028 Device \Driver\atapi -> MajorFunction fffffa80084995c4
14:28:09.034 Disk 0 MBR read successfully
14:28:09.039 Disk 0 MBR scan
14:28:09.076 Disk 0 MBR:Pihar-C [Rtk]
14:28:09.078 Disk 0 TDL4@MBR code has been found
14:28:09.079 Disk 0 Windows 7 default MBR code found via API
14:28:09.081 Disk 0 MBR hidden
14:28:09.111 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:28:09.139 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
14:28:09.158 Disk 0 MBR [TDL4] **ROOTKIT**
14:28:09.161 Disk 0 trace - called modules:
14:28:09.164 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80084995c4]<<
14:28:09.167 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b0a060]
14:28:09.170 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa800785e580]
14:28:09.172 5 ACPI.sys[fffff88000e4f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa8007862060]
14:28:09.180 \Driver\atapi[0xfffffa80069ab660] -> IRP_MJ_CREATE -> 0xfffffa80084995c4
14:28:10.210 AVAST engine scan C:\Windows
14:28:23.437 AVAST engine scan C:\Windows\system32
14:32:39.642 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
14:35:02.261 AVAST engine scan C:\Windows\system32\drivers
14:35:25.863 AVAST engine scan C:\Users\Brett
14:48:47.050 AVAST engine scan C:\ProgramData
14:49:30.086 Scan finished successfully
14:49:55.619 Disk 0 MBR has been saved successfully to "C:\Users\Brett\Desktop\MBR.dat"
14:49:55.648 The log file has been saved successfully to "C:\Users\Brett\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-28 22:52:19
-----------------------------
22:52:19.821 OS Version: Windows x64 6.1.7601 Service Pack 1
22:52:19.821 Number of processors: 4 586 0x403
22:52:19.821 ComputerName: BRETT-PC UserName: Brett
22:52:20.585 Initialize success
22:53:35.239 AVAST engine defs: 12012801
22:53:40.714 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4
22:53:40.714 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
22:53:40.730 Disk 0 MBR read successfully
22:53:40.746 Disk 0 MBR scan
22:53:40.746 Disk 0 Windows 7 default MBR code
22:53:40.761 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:53:40.792 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
22:53:40.870 Service scanning
22:53:44.630 Modules scanning
22:53:44.630 Disk 0 trace - called modules:
22:53:44.661 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
22:53:44.661 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007af0060]
22:53:44.677 3 CLASSPNP.SYS[fffff8800199443f] -> nt!IofCallDriver -> [0xfffffa8007844520]
22:53:44.692 5 ACPI.sys[fffff88000f747a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa8007842680]
22:53:45.753 AVAST engine scan C:\Windows
22:53:48.655 AVAST engine scan C:\Windows\system32
22:56:22.705 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
22:58:01.360 AVAST engine scan C:\Windows\system32\drivers
22:58:17.131 AVAST engine scan C:\Users\Brett
23:08:53.224 AVAST engine scan C:\ProgramData
23:09:23.067 Scan finished successfully
23:13:44.695 Disk 0 MBR has been saved successfully to "C:\Users\Brett\Desktop\MBR.dat"
23:13:44.742 The log file has been saved successfully to "C:\Users\Brett\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-28 22:52:19
-----------------------------
22:52:19.821 OS Version: Windows x64 6.1.7601 Service Pack 1
22:52:19.821 Number of processors: 4 586 0x403
22:52:19.821 ComputerName: BRETT-PC UserName: Brett
22:52:20.585 Initialize success
22:53:35.239 AVAST engine defs: 12012801
22:53:40.714 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4
22:53:40.714 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
22:53:40.730 Disk 0 MBR read successfully
22:53:40.746 Disk 0 MBR scan
22:53:40.746 Disk 0 Windows 7 default MBR code
22:53:40.761 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:53:40.792 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
22:53:40.870 Service scanning
22:53:44.630 Modules scanning
22:53:44.630 Disk 0 trace - called modules:
22:53:44.661 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
22:53:44.661 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007af0060]
22:53:44.677 3 CLASSPNP.SYS[fffff8800199443f] -> nt!IofCallDriver -> [0xfffffa8007844520]
22:53:44.692 5 ACPI.sys[fffff88000f747a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa8007842680]
22:53:45.753 AVAST engine scan C:\Windows
22:53:48.655 AVAST engine scan C:\Windows\system32
22:56:22.705 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
22:58:01.360 AVAST engine scan C:\Windows\system32\drivers
22:58:17.131 AVAST engine scan C:\Users\Brett
23:08:53.224 AVAST engine scan C:\ProgramData
23:09:23.067 Scan finished successfully
23:13:44.695 Disk 0 MBR has been saved successfully to "C:\Users\Brett\Desktop\MBR.dat"
23:13:44.742 The log file has been saved successfully to "C:\Users\Brett\Desktop\aswMBR.txt"
23:14:22.137 Disk 0 MBR has been saved successfully to "C:\Users\Brett\Desktop\MBR.dat"
23:14:22.137 The log file has been saved successfully to "C:\Users\Brett\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-28 22:52:19
-----------------------------
22:52:19.821 OS Version: Windows x64 6.1.7601 Service Pack 1
22:52:19.821 Number of processors: 4 586 0x403
22:52:19.821 ComputerName: BRETT-PC UserName: Brett
22:52:20.585 Initialize success
22:53:35.239 AVAST engine defs: 12012801
22:53:40.714 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4
22:53:40.714 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
22:53:40.730 Disk 0 MBR read successfully
22:53:40.746 Disk 0 MBR scan
22:53:40.746 Disk 0 Windows 7 default MBR code
22:53:40.761 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:53:40.792 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
22:53:40.870 Service scanning
22:53:44.630 Modules scanning
22:53:44.630 Disk 0 trace - called modules:
22:53:44.661 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
22:53:44.661 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007af0060]
22:53:44.677 3 CLASSPNP.SYS[fffff8800199443f] -> nt!IofCallDriver -> [0xfffffa8007844520]
22:53:44.692 5 ACPI.sys[fffff88000f747a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa8007842680]
22:53:45.753 AVAST engine scan C:\Windows
22:53:48.655 AVAST engine scan C:\Windows\system32
22:56:22.705 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
22:58:01.360 AVAST engine scan C:\Windows\system32\drivers
22:58:17.131 AVAST engine scan C:\Users\Brett
23:08:53.224 AVAST engine scan C:\ProgramData
23:09:23.067 Scan finished successfully
23:13:44.695 Disk 0 MBR has been saved successfully to "C:\Users\Brett\Desktop\MBR.dat"
23:13:44.742 The log file has been saved successfully to "C:\Users\Brett\Desktop\aswMBR.txt"
23:14:22.137 Disk 0 MBR has been saved successfully to "C:\Users\Brett\Desktop\MBR.dat"
23:14:22.137 The log file has been saved successfully to "C:\Users\Brett\Desktop\aswMBR.txt"
23:14:36.609 Disk 0 MBR has been saved successfully to "C:\Users\Brett\Desktop\MBR.dat"
23:14:36.625 The log file has been saved successfully to "C:\Users\Brett\Desktop\aswMBR.txt"

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:54 PM

Posted 29 January 2012 - 12:18 AM

Good.

How is computer doing?

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 roadrash03

roadrash03
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 29 January 2012 - 12:31 AM

It seems to be doing ok for itself right now. I am going to actually leave it on and see if anything develops instead of turning it off right away after I am done. I will do the other things that you suggested. So that "infected" that shows up on the aswMBR isn't really a threat or what?

#13 roadrash03

roadrash03
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 29 January 2012 - 12:42 AM

And I am sorry but how do you disable something?

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:54 PM

Posted 29 January 2012 - 12:50 AM

So that "infected" that shows up on the aswMBR isn't really a threat or what?

We'll get back to it.

And I am sorry but how do you disable something?

??

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 roadrash03

roadrash03
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 29 January 2012 - 12:59 AM

I am asking how I disable my antivius program. I am not familiar as to how I do that.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users