Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google keeps redirecting! HELP ASAP


  • This topic is locked This topic is locked
54 replies to this topic

#1 Unknownmyth

Unknownmyth

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 28 January 2012 - 11:26 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Home at 19:07:26 on 2012-01-28
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3032.681 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Users\Home\AppData\Local\tus.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Users\Home\Documents\Windows Live\Messenger\msnmsgr.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Home\AppData\Local\dplaysvr.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Updates\DataSafe_9_3_92_9_4_51_x64_Update.exe
C:\Users\Home\AppData\Local\Temp\_ir_vp2_temp_0\vpatch.exe
C:\Windows\System32\vds.exe
C:\Program Files (x86)\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
C:\Program Files (x86)\ArcSoft\TotalMedia Backup & Record\uTMBackup.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?AF=100486&babsrc=HP_ss&mntrId=16f4b58400000000000070f1a1728e8d
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~2\mcafee\msk\mskapbho.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111214035336.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
BHO: SearchCore for Browsers: {9d717f81-9148-4f12-8568-69135f087db0} - C:\PROGRA~2\SEARCH~1\SEARCH~1\BROWSE~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
uRun: [msnmsgr] "C:\Users\Home\Documents\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [dplaysvr] C:\Users\Home\AppData\Local\dplaysvr.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [DATAMNGR] C:\PROGRA~2\SEARCH~1\SEARCH~1\DATAMN~1.EXE
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [dplaysvr] C:\Users\Home\AppData\Local\dplaysvr.exe
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe
StartupFolder: C:\Users\Home\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOTALM~1.LNK - C:\Program Files (x86)\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6A3BD6FF-6520-443C-861A-AFF1FD7A9A63} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D27811F6-F6BA-46CB-AEE8-AF8F75A0AC24} : DhcpNameServer = 172.1.1.161
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~2\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO-X64: Babylon toolbar helper - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111214035336.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
BHO-X64: Searchqu Toolbar - No File
BHO-X64: SearchCore for Browsers: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\SEARCH~1\BROWSE~1.DLL
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [DATAMNGR] C:\PROGRA~2\SEARCH~1\SEARCH~1\DATAMN~1.EXE
mRun-x64: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun-x64: [dplaysvr] C:\Users\Home\AppData\Local\dplaysvr.exe
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
mRunOnce-x64: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe
AppInit_DLLs-X64: C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll
Hosts: 94.63.240.163 www.google.com
Hosts: 94.63.240.164 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\g9j66wpx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/413
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=0&systemid=413&sr=0&q=
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=100486
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 16f4b58400000000000070f1a1728e8d
FF - user.js: extensions.BabylonToolbar_i.hardId - 16f4b58400000000000070f1a1728e8d
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15366
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:09:50
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-14 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-14 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-14 249936]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-12-14 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-5-13 705856]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-12-14 199272]
.
=============== File Associations ===============
.
.exe=a2b
.
=============== Created Last 30 ================
.
2012-01-29 00:02:19 -------- d-sh--w- C:\ArcBackupDeviceInfo
2012-01-28 23:57:18 22784 ----a-w- C:\Windows\SysWow64\drivers\afc.sys
2012-01-28 23:57:06 212480 ----a-w- C:\Windows\PCDLIB32.DLL
2012-01-28 23:56:37 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-01-28 23:56:37 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-01-28 23:56:37 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-01-28 23:56:36 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-01-28 23:56:35 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-01-28 23:29:33 20480 ----a-w- C:\Windows\svchost.exe
2012-01-27 18:51:42 -------- d-----w- C:\ProgramData\XoftSpySE
2012-01-27 18:13:09 -------- d-----w- C:\ProgramData\xml_param
2012-01-27 18:11:46 156160 ----a-w- C:\Windows\SysWow64\WS_ContextMenu.dll
2012-01-27 17:31:59 47664 --sha-w- C:\Users\Home\AppData\Local\dplayx.dll
2012-01-27 17:31:59 123440 --sha-w- C:\Users\Home\AppData\Local\dplaysvr.exe
2012-01-27 17:27:48 -------- d-----w- C:\Users\Home\AppData\Roaming\Wondershare Video Converter Ultimate
2012-01-27 17:27:40 -------- d-----w- C:\Users\Home\AppData\Local\Wondershare
2012-01-27 17:27:40 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare
2012-01-27 17:27:34 892928 ----a-w- C:\Windows\SysWow64\iconv.dll
2012-01-27 17:27:34 496640 ----a-w- C:\Windows\SysWow64\xvid.ax
2012-01-27 17:27:33 675840 ----a-w- C:\Windows\SysWow64\ac3filter.ax
2012-01-27 17:27:31 -------- d-----w- C:\Program Files (x86)\Wondershare
2012-01-27 17:09:51 -------- d-----w- C:\Program Files (x86)\BabylonToolbar
2012-01-27 17:09:41 -------- d-----w- C:\Users\Home\AppData\Roaming\Babylon
2012-01-27 17:09:41 -------- d-----w- C:\Users\Home\AppData\Local\Babylon
2012-01-27 17:09:41 -------- d-----w- C:\ProgramData\Babylon
2012-01-26 16:46:01 -------- d-----w- C:\Converted
2012-01-26 16:45:15 -------- d-----w- C:\Program Files (x86)\MP4-Converter
2012-01-26 03:57:44 839680 ----a-w- C:\Windows\SysWow64\lameACM.acm
2012-01-26 03:57:44 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2012-01-26 03:57:44 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2012-01-26 03:57:44 175616 ----a-w- C:\Windows\SysWow64\unrar.dll
2012-01-26 03:57:44 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm
2012-01-26 03:57:43 79360 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2012-01-26 03:57:41 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2012-01-11 08:19:42 -------- d-----w- C:\ProgramData\boost_interprocess
2012-01-10 23:56:17 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-10 23:56:17 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-10 23:56:16 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-10 23:56:16 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-10 23:52:04 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-10 23:52:04 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-10 23:51:30 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-10 23:51:30 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-09 00:53:06 -------- d-----w- C:\Users\Home\AppData\Local\visi_coupon
2012-01-08 03:04:05 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-08 03:04:05 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-08 03:04:05 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-08 03:04:05 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-08 03:03:39 -------- d-----w- C:\Program Files (x86)\Yahoo!
2012-01-03 16:01:35 2364928 ----a-w- C:\Users\Home\AppData\Local\tus.exe
2012-01-02 23:37:30 14744 ----a-w- C:\Users\Home\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
2012-01-02 23:37:11 -------- d-----w- C:\Users\Home\Tracing
2012-01-02 23:12:48 -------- d-----w- C:\Users\Home\AppData\Local\{ADC5F797-BF26-4C40-890A-43ABBA76AEAF}
2011-12-31 00:27:09 -------- d-----w- C:\Users\Home\AppData\Local\Sony
2011-12-31 00:16:30 -------- d-----w- C:\Program Files (x86)\Vstplugins
2011-12-31 00:13:34 -------- d-----w- C:\Program Files (x86)\Sony Setup
.
==================== Find3M ====================
.
2012-01-08 03:07:17 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-08 18:28:52 311296 ----a-w- C:\Windows\SysWow64\TubeFinder.exe
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-11-05 05:17:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-11-05 04:30:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec
2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 19:09:12.80 ===============


Problem with GMER Log

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:59 AM

Posted 30 January 2012 - 03:05 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Unknownmyth

Unknownmyth
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 30 January 2012 - 06:18 PM

Well I found out a way to reformat my labtop, to the original factory system, but is the malware still in the system? Or has it left when I reformatted the computer?

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:59 AM

Posted 30 January 2012 - 08:51 PM

Hello


It should be removed if you formated the computer - do you still have symptoms?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Unknownmyth

Unknownmyth
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 01 February 2012 - 02:06 PM

So far its still a bit glitchy, because of the reformat. With everything still trying to be replaced, like programs, browsers, and pictures; so far non of the symptoms that we had before are appearing, like for example, the redirecting and the unavailability to log into certain websites (ie. youtube, hotmail, etc.), but its just glitchy and a bit slow, because of the hardware's required updates, sometimes it'll post up an auto repair because "Windows failed to start up" when we put the laptop into sleep mode (just closing the laptop without physically shutting it down).

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:59 AM

Posted 01 February 2012 - 02:50 PM

Have you tried to go to the computers webpage and download new drivers from there?

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Unknownmyth

Unknownmyth
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 01 February 2012 - 05:03 PM

I probably should update its drivers and such. But also not even just a minute ago, as my roommate was using the laptop, the blue screen has appeared. Now I'm afraid nothing can be fixed on the laptop.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:59 AM

Posted 01 February 2012 - 05:19 PM

Hello

I am going to do some checking just to make sure it was removed

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:59 AM

Posted 04 February 2012 - 01:06 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Unknownmyth

Unknownmyth
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 04 February 2012 - 05:31 PM

I'm sorry work has gotten the best of me, and gave me a hard time to get on to work on the laptop, but I did download the link you gave me, and I did find a threat. Here is the file you requested. I do appreciate the help you are giving me, and the time to read my posts.


16:22:51.0916 1624 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
16:22:52.0983 1624 ============================================================
16:22:52.0983 1624 Current date / time: 2012/02/04 16:22:52.0983
16:22:52.0983 1624 SystemInfo:
16:22:52.0983 1624
16:22:52.0983 1624 OS Version: 6.1.7600 ServicePack: 0.0
16:22:52.0983 1624 Product type: Workstation
16:22:52.0983 1624 ComputerName: HOME-PC
16:22:52.0985 1624 UserName: Home
16:22:52.0985 1624 Windows directory: C:\Windows
16:22:52.0985 1624 System windows directory: C:\Windows
16:22:52.0985 1624 Running under WOW64
16:22:52.0985 1624 Processor architecture: Intel x64
16:22:52.0985 1624 Number of processors: 2
16:22:52.0985 1624 Page size: 0x1000
16:22:52.0985 1624 Boot type: Normal boot
16:22:52.0985 1624 ============================================================
16:22:54.0115 1624 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:22:54.0121 1624 \Device\Harddisk0\DR0:
16:22:54.0121 1624 MBR used
16:22:54.0121 1624 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
16:22:54.0121 1624 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170
16:22:54.0162 1624 Initialize success
16:22:54.0162 1624 ============================================================
16:22:56.0820 5824 ============================================================
16:22:56.0820 5824 Scan started
16:22:56.0820 5824 Mode: Manual;
16:22:56.0820 5824 ============================================================
16:22:59.0145 5824 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
16:22:59.0155 5824 1394ohci - ok
16:22:59.0196 5824 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
16:22:59.0219 5824 ACPI - ok
16:22:59.0267 5824 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
16:22:59.0273 5824 AcpiPmi - ok
16:22:59.0351 5824 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:22:59.0372 5824 adp94xx - ok
16:22:59.0426 5824 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:22:59.0445 5824 adpahci - ok
16:22:59.0491 5824 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:22:59.0504 5824 adpu320 - ok
16:22:59.0535 5824 Afc - ok
16:22:59.0607 5824 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
16:22:59.0618 5824 AFD - ok
16:22:59.0666 5824 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
16:22:59.0675 5824 agp440 - ok
16:22:59.0718 5824 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
16:22:59.0727 5824 aliide - ok
16:22:59.0757 5824 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
16:22:59.0761 5824 amdide - ok
16:22:59.0797 5824 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:22:59.0805 5824 AmdK8 - ok
16:22:59.0832 5824 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:22:59.0841 5824 AmdPPM - ok
16:22:59.0883 5824 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
16:22:59.0937 5824 amdsata - ok
16:23:00.0024 5824 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:23:00.0039 5824 amdsbs - ok
16:23:00.0107 5824 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
16:23:00.0166 5824 amdxata - ok
16:23:00.0452 5824 ApfiltrService (9b0b7fde049cb283fabe5877a49f2611) C:\Windows\system32\DRIVERS\Apfiltr.sys
16:23:00.0614 5824 ApfiltrService - ok
16:23:01.0046 5824 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
16:23:01.0058 5824 AppID - ok
16:23:01.0283 5824 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:23:01.0283 5824 arc - ok
16:23:01.0522 5824 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:23:01.0535 5824 arcsas - ok
16:23:01.0788 5824 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:23:01.0810 5824 AsyncMac - ok
16:23:02.0190 5824 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
16:23:02.0195 5824 atapi - ok
16:23:02.0453 5824 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:23:02.0542 5824 b06bdrv - ok
16:23:02.0825 5824 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:23:02.0844 5824 b57nd60a - ok
16:23:03.0052 5824 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
16:23:03.0112 5824 BCM42RLY - ok
16:23:03.0307 5824 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
16:23:03.0364 5824 BCM43XX - ok
16:23:03.0475 5824 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:23:03.0482 5824 Beep - ok
16:23:03.0535 5824 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:23:03.0542 5824 blbdrive - ok
16:23:03.0613 5824 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
16:23:03.0658 5824 bowser - ok
16:23:03.0707 5824 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:23:03.0715 5824 BrFiltLo - ok
16:23:03.0736 5824 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:23:03.0743 5824 BrFiltUp - ok
16:23:03.0775 5824 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:23:03.0787 5824 Brserid - ok
16:23:03.0800 5824 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:23:03.0807 5824 BrSerWdm - ok
16:23:03.0828 5824 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:23:03.0834 5824 BrUsbMdm - ok
16:23:03.0860 5824 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:23:03.0865 5824 BrUsbSer - ok
16:23:03.0906 5824 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:23:03.0911 5824 BTHMODEM - ok
16:23:03.0957 5824 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:23:03.0964 5824 cdfs - ok
16:23:03.0997 5824 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
16:23:04.0004 5824 cdrom - ok
16:23:04.0070 5824 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
16:23:04.0119 5824 cfwids - ok
16:23:04.0221 5824 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:23:04.0226 5824 circlass - ok
16:23:04.0288 5824 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:23:04.0294 5824 CLFS - ok
16:23:04.0340 5824 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:23:04.0345 5824 CmBatt - ok
16:23:04.0395 5824 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
16:23:04.0405 5824 cmdide - ok
16:23:04.0450 5824 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
16:23:04.0506 5824 CNG - ok
16:23:04.0555 5824 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:23:04.0565 5824 Compbatt - ok
16:23:04.0587 5824 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:23:04.0593 5824 CompositeBus - ok
16:23:04.0653 5824 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:23:04.0656 5824 crcdisk - ok
16:23:04.0735 5824 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
16:23:04.0781 5824 CtClsFlt - ok
16:23:04.0849 5824 DAdderFltr (5bc67f1efb6b1d039b151cf7353ec742) C:\Windows\system32\drivers\dadder.sys
16:23:04.0902 5824 DAdderFltr - ok
16:23:04.0989 5824 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
16:23:05.0060 5824 DfsC - ok
16:23:05.0154 5824 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:23:05.0156 5824 discache - ok
16:23:05.0185 5824 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:23:05.0192 5824 Disk - ok
16:23:05.0325 5824 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:23:05.0332 5824 drmkaud - ok
16:23:05.0396 5824 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
16:23:05.0483 5824 DXGKrnl - ok
16:23:05.0675 5824 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:23:05.0825 5824 ebdrv - ok
16:23:05.0927 5824 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:23:05.0942 5824 elxstor - ok
16:23:05.0986 5824 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
16:23:05.0991 5824 ErrDev - ok
16:23:06.0064 5824 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:23:06.0074 5824 exfat - ok
16:23:06.0128 5824 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:23:06.0137 5824 fastfat - ok
16:23:06.0208 5824 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:23:06.0217 5824 fdc - ok
16:23:06.0246 5824 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:23:06.0250 5824 FileInfo - ok
16:23:06.0278 5824 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:23:06.0284 5824 Filetrace - ok
16:23:06.0315 5824 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:23:06.0321 5824 flpydisk - ok
16:23:06.0354 5824 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
16:23:06.0365 5824 FltMgr - ok
16:23:06.0389 5824 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:23:06.0395 5824 FsDepends - ok
16:23:06.0424 5824 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:23:06.0428 5824 Fs_Rec - ok
16:23:06.0492 5824 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:23:06.0497 5824 fvevol - ok
16:23:06.0548 5824 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:23:06.0553 5824 gagp30kx - ok
16:23:06.0629 5824 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:23:06.0637 5824 hcw85cir - ok
16:23:06.0688 5824 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:23:06.0692 5824 HDAudBus - ok
16:23:06.0745 5824 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:23:06.0751 5824 HidBatt - ok
16:23:06.0771 5824 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:23:06.0777 5824 HidBth - ok
16:23:06.0788 5824 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:23:06.0795 5824 HidIr - ok
16:23:06.0874 5824 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\drivers\hidusb.sys
16:23:06.0879 5824 HidUsb - ok
16:23:06.0977 5824 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
16:23:06.0985 5824 HpSAMD - ok
16:23:07.0041 5824 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
16:23:07.0067 5824 HTTP - ok
16:23:07.0091 5824 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
16:23:07.0093 5824 hwpolicy - ok
16:23:07.0109 5824 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:23:07.0116 5824 i8042prt - ok
16:23:07.0160 5824 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
16:23:07.0164 5824 iaStor - ok
16:23:07.0244 5824 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
16:23:07.0321 5824 iaStorV - ok
16:23:07.0562 5824 igfx (babd5f9b2bcc82ce556a0baf1ae208a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:23:07.0840 5824 igfx - ok
16:23:07.0952 5824 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:23:07.0967 5824 iirsp - ok
16:23:08.0020 5824 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
16:23:08.0024 5824 intelide - ok
16:23:08.0041 5824 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:23:08.0044 5824 intelppm - ok
16:23:08.0066 5824 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:23:08.0072 5824 IpFilterDriver - ok
16:23:08.0134 5824 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:23:08.0150 5824 IPMIDRV - ok
16:23:08.0164 5824 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:23:08.0176 5824 IPNAT - ok
16:23:08.0254 5824 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:23:08.0260 5824 IRENUM - ok
16:23:08.0299 5824 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
16:23:08.0306 5824 isapnp - ok
16:23:08.0347 5824 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
16:23:08.0355 5824 iScsiPrt - ok
16:23:08.0406 5824 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:23:08.0412 5824 kbdclass - ok
16:23:08.0439 5824 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
16:23:08.0443 5824 kbdhid - ok
16:23:08.0498 5824 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
16:23:08.0554 5824 KSecDD - ok
16:23:08.0616 5824 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
16:23:08.0665 5824 KSecPkg - ok
16:23:08.0715 5824 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:23:08.0730 5824 ksthunk - ok
16:23:08.0859 5824 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:23:08.0868 5824 lltdio - ok
16:23:08.0922 5824 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:23:08.0928 5824 LSI_FC - ok
16:23:08.0980 5824 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:23:08.0988 5824 LSI_SAS - ok
16:23:09.0003 5824 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:23:09.0009 5824 LSI_SAS2 - ok
16:23:09.0073 5824 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:23:09.0079 5824 LSI_SCSI - ok
16:23:09.0126 5824 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:23:09.0131 5824 luafv - ok
16:23:09.0233 5824 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:23:09.0241 5824 megasas - ok
16:23:09.0319 5824 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:23:09.0332 5824 MegaSR - ok
16:23:09.0420 5824 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
16:23:09.0472 5824 mfeapfk - ok
16:23:09.0531 5824 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
16:23:09.0666 5824 mfeavfk - ok
16:23:09.0751 5824 mfeavfk01 - ok
16:23:09.0851 5824 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
16:23:09.0913 5824 mfefirek - ok
16:23:09.0996 5824 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
16:23:10.0094 5824 mfehidk - ok
16:23:10.0192 5824 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
16:23:10.0253 5824 mfenlfk - ok
16:23:10.0293 5824 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
16:23:10.0344 5824 mferkdet - ok
16:23:10.0457 5824 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
16:23:10.0509 5824 mfewfpk - ok
16:23:10.0596 5824 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:23:10.0617 5824 Modem - ok
16:23:10.0688 5824 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:23:10.0691 5824 monitor - ok
16:23:10.0730 5824 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:23:10.0739 5824 mouclass - ok
16:23:10.0790 5824 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:23:10.0800 5824 mouhid - ok
16:23:10.0855 5824 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
16:23:10.0858 5824 mountmgr - ok
16:23:10.0906 5824 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
16:23:10.0916 5824 mpio - ok
16:23:10.0951 5824 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:23:10.0959 5824 mpsdrv - ok
16:23:10.0991 5824 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
16:23:10.0998 5824 MRxDAV - ok
16:23:11.0049 5824 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:23:11.0099 5824 mrxsmb - ok
16:23:11.0141 5824 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:23:11.0207 5824 mrxsmb10 - ok
16:23:11.0234 5824 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:23:11.0286 5824 mrxsmb20 - ok
16:23:11.0350 5824 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
16:23:11.0401 5824 msahci - ok
16:23:11.0443 5824 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
16:23:11.0451 5824 msdsm - ok
16:23:11.0517 5824 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:23:11.0522 5824 Msfs - ok
16:23:11.0533 5824 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:23:11.0541 5824 mshidkmdf - ok
16:23:11.0553 5824 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
16:23:11.0558 5824 msisadrv - ok
16:23:11.0637 5824 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:23:11.0647 5824 MSKSSRV - ok
16:23:11.0706 5824 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:23:11.0717 5824 MSPCLOCK - ok
16:23:11.0731 5824 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:23:11.0735 5824 MSPQM - ok
16:23:11.0786 5824 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
16:23:11.0799 5824 MsRPC - ok
16:23:11.0813 5824 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
16:23:11.0815 5824 mssmbios - ok
16:23:11.0838 5824 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:23:11.0848 5824 MSTEE - ok
16:23:11.0869 5824 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:23:11.0875 5824 MTConfig - ok
16:23:11.0912 5824 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:23:11.0922 5824 Mup - ok
16:23:12.0040 5824 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:23:12.0056 5824 NativeWifiP - ok
16:23:12.0109 5824 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
16:23:12.0132 5824 NDIS - ok
16:23:12.0185 5824 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:23:12.0198 5824 NdisCap - ok
16:23:12.0259 5824 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:23:12.0269 5824 NdisTapi - ok
16:23:12.0307 5824 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
16:23:12.0319 5824 Ndisuio - ok
16:23:12.0352 5824 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:23:12.0361 5824 NdisWan - ok
16:23:12.0418 5824 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
16:23:12.0423 5824 NDProxy - ok
16:23:12.0449 5824 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:23:12.0459 5824 NetBIOS - ok
16:23:12.0510 5824 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
16:23:12.0516 5824 NetBT - ok
16:23:12.0577 5824 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:23:12.0583 5824 nfrd960 - ok
16:23:12.0623 5824 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:23:12.0628 5824 Npfs - ok
16:23:12.0646 5824 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:23:12.0647 5824 nsiproxy - ok
16:23:12.0742 5824 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
16:23:12.0841 5824 Ntfs - ok
16:23:12.0905 5824 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:23:12.0905 5824 Null - ok
16:23:12.0958 5824 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
16:23:13.0017 5824 nvraid - ok
16:23:13.0080 5824 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
16:23:13.0169 5824 nvstor - ok
16:23:13.0310 5824 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
16:23:13.0323 5824 nv_agp - ok
16:23:13.0416 5824 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
16:23:13.0428 5824 ohci1394 - ok
16:23:13.0511 5824 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:23:13.0524 5824 Parport - ok
16:23:13.0581 5824 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
16:23:13.0588 5824 partmgr - ok
16:23:13.0671 5824 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
16:23:13.0690 5824 pci - ok
16:23:13.0726 5824 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
16:23:13.0734 5824 pciide - ok
16:23:13.0780 5824 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:23:13.0791 5824 pcmcia - ok
16:23:13.0805 5824 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:23:13.0815 5824 pcw - ok
16:23:13.0893 5824 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:23:13.0940 5824 PEAUTH - ok
16:23:14.0015 5824 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
16:23:14.0026 5824 PptpMiniport - ok
16:23:14.0061 5824 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:23:14.0071 5824 Processor - ok
16:23:14.0142 5824 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
16:23:14.0145 5824 Psched - ok
16:23:14.0182 5824 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
16:23:14.0262 5824 PxHlpa64 - ok
16:23:14.0365 5824 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:23:14.0419 5824 ql2300 - ok
16:23:14.0484 5824 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:23:14.0489 5824 ql40xx - ok
16:23:14.0516 5824 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:23:14.0524 5824 QWAVEdrv - ok
16:23:14.0549 5824 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:23:14.0555 5824 RasAcd - ok
16:23:14.0603 5824 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:23:14.0612 5824 RasAgileVpn - ok
16:23:14.0666 5824 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:23:14.0674 5824 Rasl2tp - ok
16:23:14.0713 5824 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:23:14.0721 5824 RasPppoe - ok
16:23:14.0759 5824 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:23:14.0763 5824 RasSstp - ok
16:23:14.0807 5824 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
16:23:14.0819 5824 rdbss - ok
16:23:14.0867 5824 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:23:14.0875 5824 rdpbus - ok
16:23:14.0926 5824 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:23:14.0927 5824 RDPCDD - ok
16:23:14.0989 5824 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:23:14.0990 5824 RDPENCDD - ok
16:23:15.0022 5824 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:23:15.0023 5824 RDPREFMP - ok
16:23:15.0062 5824 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
16:23:15.0072 5824 RDPWD - ok
16:23:15.0150 5824 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
16:23:15.0159 5824 rdyboost - ok
16:23:15.0304 5824 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:23:15.0310 5824 rspndr - ok
16:23:15.0388 5824 RSUSBSTOR (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys
16:23:15.0393 5824 RSUSBSTOR - ok
16:23:15.0466 5824 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
16:23:15.0472 5824 sbp2port - ok
16:23:15.0517 5824 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
16:23:15.0524 5824 scfilter - ok
16:23:15.0616 5824 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:23:15.0651 5824 secdrv - ok
16:23:15.0696 5824 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:23:15.0700 5824 Serenum - ok
16:23:15.0750 5824 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:23:15.0755 5824 Serial - ok
16:23:15.0861 5824 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:23:15.0866 5824 sermouse - ok
16:23:15.0898 5824 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
16:23:15.0904 5824 sffdisk - ok
16:23:15.0917 5824 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:23:15.0923 5824 sffp_mmc - ok
16:23:15.0935 5824 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:23:15.0941 5824 sffp_sd - ok
16:23:15.0953 5824 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:23:15.0959 5824 sfloppy - ok
16:23:16.0012 5824 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:23:16.0024 5824 SiSRaid2 - ok
16:23:16.0037 5824 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:23:16.0052 5824 SiSRaid4 - ok
16:23:16.0069 5824 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:23:16.0077 5824 Smb - ok
16:23:16.0218 5824 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:23:16.0228 5824 spldr - ok
16:23:16.0360 5824 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
16:23:16.0420 5824 srv - ok
16:23:16.0476 5824 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
16:23:16.0529 5824 srv2 - ok
16:23:16.0585 5824 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
16:23:16.0692 5824 srvnet - ok
16:23:16.0867 5824 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:23:16.0873 5824 stexstor - ok
16:23:16.0950 5824 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
16:23:17.0005 5824 STHDA - ok
16:23:17.0071 5824 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
16:23:17.0077 5824 swenum - ok
16:23:17.0208 5824 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
16:23:17.0419 5824 Tcpip - ok
16:23:17.0616 5824 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
16:23:17.0634 5824 TCPIP6 - ok
16:23:17.0693 5824 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
16:23:17.0701 5824 tcpipreg - ok
16:23:17.0756 5824 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:23:17.0764 5824 TDPIPE - ok
16:23:17.0784 5824 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:23:17.0788 5824 TDTCP - ok
16:23:17.0832 5824 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
16:23:17.0838 5824 tdx - ok
16:23:17.0860 5824 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
16:23:17.0867 5824 TermDD - ok
16:23:17.0963 5824 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:23:17.0973 5824 tssecsrv - ok
16:23:18.0033 5824 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
16:23:18.0045 5824 tunnel - ok
16:23:18.0079 5824 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:23:18.0085 5824 uagp35 - ok
16:23:18.0152 5824 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
16:23:18.0225 5824 udfs - ok
16:23:18.0305 5824 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
16:23:18.0352 5824 uliagpkx - ok
16:23:18.0407 5824 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
16:23:18.0415 5824 umbus - ok
16:23:18.0470 5824 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:23:18.0479 5824 UmPass - ok
16:23:18.0558 5824 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
16:23:18.0567 5824 usbaudio - ok
16:23:18.0619 5824 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
16:23:18.0666 5824 usbccgp - ok
16:23:18.0720 5824 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
16:23:18.0812 5824 usbcir - ok
16:23:18.0896 5824 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
16:23:18.0943 5824 usbehci - ok
16:23:19.0014 5824 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
16:23:19.0068 5824 usbhub - ok
16:23:19.0098 5824 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
16:23:19.0145 5824 usbohci - ok
16:23:19.0194 5824 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:23:19.0199 5824 usbprint - ok
16:23:19.0250 5824 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
16:23:19.0291 5824 USBSTOR - ok
16:23:19.0350 5824 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\DRIVERS\usbuhci.sys
16:23:19.0414 5824 usbuhci - ok
16:23:19.0476 5824 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
16:23:19.0484 5824 usbvideo - ok
16:23:19.0556 5824 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
16:23:19.0574 5824 vdrvroot - ok
16:23:19.0734 5824 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:23:19.0749 5824 vga - ok
16:23:19.0795 5824 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:23:19.0801 5824 VgaSave - ok
16:23:19.0817 5824 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
16:23:19.0826 5824 vhdmp - ok
16:23:19.0874 5824 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
16:23:19.0881 5824 viaide - ok
16:23:19.0930 5824 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
16:23:19.0938 5824 volmgr - ok
16:23:19.0980 5824 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
16:23:19.0992 5824 volmgrx - ok
16:23:20.0014 5824 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
16:23:20.0027 5824 volsnap - ok
16:23:20.0080 5824 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:23:20.0089 5824 vsmraid - ok
16:23:20.0105 5824 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:23:20.0109 5824 vwifibus - ok
16:23:20.0142 5824 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:23:20.0150 5824 vwififlt - ok
16:23:20.0193 5824 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:23:20.0199 5824 WacomPen - ok
16:23:20.0259 5824 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:23:20.0266 5824 WANARP - ok
16:23:20.0279 5824 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:23:20.0281 5824 Wanarpv6 - ok
16:23:20.0406 5824 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:23:20.0420 5824 Wd - ok
16:23:20.0459 5824 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:23:20.0494 5824 Wdf01000 - ok
16:23:20.0568 5824 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:23:20.0576 5824 WfpLwf - ok
16:23:20.0632 5824 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
16:23:20.0685 5824 WimFltr - ok
16:23:20.0714 5824 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:23:20.0718 5824 WIMMount - ok
16:23:20.0851 5824 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:23:20.0854 5824 WmiAcpi - ok
16:23:20.0913 5824 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:23:20.0920 5824 ws2ifsl - ok
16:23:20.0948 5824 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
16:23:20.0995 5824 WudfPf - ok
16:23:21.0050 5824 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:23:21.0098 5824 WUDFRd - ok
16:23:21.0186 5824 yukonw7 (79d9ce9614c955dd31aa2556b4014662) C:\Windows\system32\DRIVERS\yk62x64.sys
16:23:21.0193 5824 yukonw7 - ok
16:23:21.0231 5824 MBR (0x1B8) (ae8fa489bdbabb7f15572f885c9ff9ae) \Device\Harddisk0\DR0
16:23:21.0259 5824 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
16:23:21.0260 5824 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
16:23:21.0306 5824 Boot (0x1200) (522db6195b80e4e46575f11bc6e3296c) \Device\Harddisk0\DR0\Partition0
16:23:21.0308 5824 \Device\Harddisk0\DR0\Partition0 - ok
16:23:21.0320 5824 Boot (0x1200) (5183eb0a9a72baa3bcaf2ce7c3451129) \Device\Harddisk0\DR0\Partition1
16:23:21.0322 5824 \Device\Harddisk0\DR0\Partition1 - ok
16:23:21.0323 5824 ============================================================
16:23:21.0323 5824 Scan finished
16:23:21.0323 5824 ============================================================
16:23:21.0356 2820 Detected object count: 1
16:23:21.0356 2820 Actual detected object count: 1
16:23:43.0969 2820 \Device\Harddisk0\DR0\# - copied to quarantine
16:23:43.0974 2820 \Device\Harddisk0\DR0 - copied to quarantine
16:23:44.0213 2820 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
16:23:58.0802 2820 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
16:23:58.0886 2820 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
16:23:58.0987 2820 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
16:23:59.0092 2820 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
16:23:59.0142 2820 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
16:23:59.0151 2820 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
16:23:59.0176 2820 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
16:23:59.0207 2820 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
16:24:05.0702 2820 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
16:24:11.0511 2820 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
16:24:11.0598 2820 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
16:24:11.0600 2820 \Device\Harddisk0\DR0 - ok
16:24:11.0603 2820 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
16:24:17.0846 1512 Deinitialize success

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:59 AM

Posted 04 February 2012 - 08:51 PM

How are things doing now.


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Unknownmyth

Unknownmyth
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 05 February 2012 - 11:29 AM

Well as of right now since I did the scan just seconds before I posted the text, so far it looks like things are going well. The laptop still needs the updated drivers I think, but so far no complaints in the previous problems we've been having. Though through your opinion, which drivers do you think I should upgrade first or should I just do all of them?

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:59 AM

Posted 05 February 2012 - 11:42 AM

Hellol


since a rootkit was removed I would check on how the computer is doing first


I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Unknownmyth

Unknownmyth
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 08 February 2012 - 02:20 PM

Please give me a couple of days to apply the method which you advised me to do. I have been pretty busy with work, and I still have yet to work on the laptop. I'll try to get back to you, at most maybe 3 days. I thank you for helping me.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:59 AM

Posted 08 February 2012 - 06:28 PM

No problem I will be here when you are ready just check in in a couple of days :thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users