Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

root kit Hidden Boot sector Help.


  • Please log in to reply
6 replies to this topic

#1 iam_kramer

iam_kramer

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 18 February 2012 - 04:46 PM

Vista home premium
Service Pack 2
HP

my free Avast anti virus popped up saying "a suspicious hidden object (rootkit) has been detected on your system"
file name: MBR: \\.\PHYSICALDRIVE0\Partition2
file type: root kit hidden boot sector

the computer seems to be in full working order.

I tried to do the "delete" option... Avast started a boot scan on restart but when it finishes and i scan again. it's still there. (i have ran this option many times)
I tried to do the "Move to Chest" option.. i don't think i can have the chest feature (quarantine?) on the free version because it tells me there is an error
I tried to recover to a previous date, but that didn't get rid of it either.
I ran Malwarebytes, that showed no results.

I have seen people encounter this problem but i didn't want to run any programs without guidance.

any help is hugely appreciated.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:01 PM

Posted 18 February 2012 - 06:48 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Restart your PC

Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 iam_kramer

iam_kramer
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 19 February 2012 - 07:39 AM

not sure how to post the log so i'll just copy and paste it.


12:24:55.0542 3108 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
12:24:55.0834 3108 ============================================================
12:24:55.0834 3108 Current date / time: 2012/02/19 12:24:55.0834
12:24:55.0834 3108 SystemInfo:
12:24:55.0834 3108
12:24:55.0834 3108 OS Version: 6.0.6002 ServicePack: 2.0
12:24:55.0834 3108 Product type: Workstation
12:24:55.0834 3108 ComputerName: NEAL-PC
12:24:55.0835 3108 UserName: Neal
12:24:55.0835 3108 Windows directory: C:\Windows
12:24:55.0835 3108 System windows directory: C:\Windows
12:24:55.0835 3108 Running under WOW64
12:24:55.0835 3108 Processor architecture: Intel x64
12:24:55.0835 3108 Number of processors: 4
12:24:55.0835 3108 Page size: 0x1000
12:24:55.0835 3108 Boot type: Normal boot
12:24:55.0836 3108 ============================================================
12:24:56.0224 3108 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:24:56.0225 3108 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:24:56.0255 3108 \Device\Harddisk0\DR0:
12:24:56.0255 3108 MBR used
12:24:56.0255 3108 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x38CACDEF
12:24:56.0255 3108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x38CACE2E, BlocksNum 0x16D7E13
12:24:56.0255 3108 \Device\Harddisk1\DR1:
12:24:56.0255 3108 MBR used
12:24:56.0255 3108 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
12:24:56.0322 3108 Initialize success
12:24:56.0322 3108 ============================================================
12:24:59.0738 5316 ============================================================
12:24:59.0738 5316 Scan started
12:24:59.0738 5316 Mode: Manual; TDLFS;
12:24:59.0738 5316 ============================================================
12:25:00.0209 5316 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
12:25:00.0214 5316 ACPI - ok
12:25:00.0266 5316 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
12:25:00.0272 5316 adp94xx - ok
12:25:00.0302 5316 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
12:25:00.0307 5316 adpahci - ok
12:25:00.0316 5316 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
12:25:00.0318 5316 adpu160m - ok
12:25:00.0344 5316 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
12:25:00.0347 5316 adpu320 - ok
12:25:00.0682 5316 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
12:25:00.0688 5316 AFD - ok
12:25:00.0729 5316 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
12:25:00.0730 5316 agp440 - ok
12:25:00.0750 5316 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
12:25:00.0751 5316 aic78xx - ok
12:25:00.0755 5316 Scan interrupted by user!
12:25:00.0755 5316 Scan interrupted by user!
12:25:00.0755 5316 Scan interrupted by user!
12:25:00.0755 5316 ============================================================
12:25:00.0755 5316 Scan finished
12:25:00.0755 5316 ============================================================
12:25:00.0767 0564 Detected object count: 0
12:25:00.0767 0564 Actual detected object count: 0
12:25:01.0636 5180 ============================================================
12:25:01.0636 5180 Scan started
12:25:01.0636 5180 Mode: Manual; TDLFS;
12:25:01.0636 5180 ============================================================
12:25:01.0816 5180 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
12:25:01.0819 5180 ACPI - ok
12:25:01.0881 5180 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
12:25:01.0884 5180 adp94xx - ok
12:25:01.0909 5180 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
12:25:01.0911 5180 adpahci - ok
12:25:01.0972 5180 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
12:25:01.0973 5180 adpu160m - ok
12:25:02.0010 5180 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
12:25:02.0011 5180 adpu320 - ok
12:25:02.0048 5180 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
12:25:02.0053 5180 AFD - ok
12:25:02.0120 5180 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
12:25:02.0122 5180 agp440 - ok
12:25:02.0158 5180 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
12:25:02.0160 5180 aic78xx - ok
12:25:02.0197 5180 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
12:25:02.0198 5180 aliide - ok
12:25:02.0208 5180 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
12:25:02.0209 5180 amdide - ok
12:25:02.0234 5180 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
12:25:02.0236 5180 AmdK8 - ok
12:25:02.0267 5180 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
12:25:02.0269 5180 arc - ok
12:25:02.0284 5180 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
12:25:02.0286 5180 arcsas - ok
12:25:02.0304 5180 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
12:25:02.0306 5180 aswFsBlk - ok
12:25:02.0345 5180 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
12:25:02.0346 5180 aswMonFlt - ok
12:25:02.0406 5180 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
12:25:02.0407 5180 aswRdr - ok
12:25:02.0433 5180 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
12:25:02.0440 5180 aswSnx - ok
12:25:02.0501 5180 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
12:25:02.0505 5180 aswSP - ok
12:25:02.0533 5180 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
12:25:02.0535 5180 aswTdi - ok
12:25:02.0579 5180 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
12:25:02.0580 5180 AsyncMac - ok
12:25:02.0608 5180 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
12:25:02.0609 5180 atapi - ok
12:25:02.0769 5180 atikmdag (a2a7a93838eca2d42de56d6b7b0abbad) C:\Windows\system32\DRIVERS\atikmdag.sys
12:25:02.0819 5180 atikmdag - ok
12:25:02.0924 5180 BELKIN (34215133558339eecc8de443800fffdc) C:\Windows\system32\DRIVERS\BLKWGU.sys
12:25:02.0927 5180 BELKIN - ok
12:25:02.0969 5180 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
12:25:02.0971 5180 blbdrive - ok
12:25:02.0985 5180 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
12:25:02.0987 5180 bowser - ok
12:25:03.0007 5180 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
12:25:03.0008 5180 BrFiltLo - ok
12:25:03.0017 5180 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
12:25:03.0018 5180 BrFiltUp - ok
12:25:03.0043 5180 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
12:25:03.0044 5180 Brserid - ok
12:25:03.0105 5180 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
12:25:03.0106 5180 BrSerWdm - ok
12:25:03.0116 5180 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
12:25:03.0117 5180 BrUsbMdm - ok
12:25:03.0126 5180 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
12:25:03.0127 5180 BrUsbSer - ok
12:25:03.0137 5180 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
12:25:03.0138 5180 BTHMODEM - ok
12:25:03.0186 5180 BTHPORT (422d812e231ec3a25f43a881061be5a0) C:\Windows\system32\Drivers\BTHport.sys
12:25:03.0191 5180 BTHPORT - ok
12:25:03.0215 5180 BTHUSB (1c24adb844a910daa2e2732e83a8f3d4) C:\Windows\system32\Drivers\BTHUSB.sys
12:25:03.0217 5180 BTHUSB - ok
12:25:03.0245 5180 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
12:25:03.0247 5180 cdfs - ok
12:25:03.0294 5180 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
12:25:03.0296 5180 cdrom - ok
12:25:03.0361 5180 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
12:25:03.0363 5180 circlass - ok
12:25:03.0441 5180 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
12:25:03.0448 5180 CLFS - ok
12:25:03.0483 5180 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
12:25:03.0485 5180 cmdide - ok
12:25:03.0494 5180 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
12:25:03.0495 5180 Compbatt - ok
12:25:03.0509 5180 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
12:25:03.0510 5180 crcdisk - ok
12:25:03.0571 5180 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
12:25:03.0574 5180 DfsC - ok
12:25:03.0691 5180 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
12:25:03.0692 5180 disk - ok
12:25:03.0739 5180 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
12:25:03.0740 5180 drmkaud - ok
12:25:03.0794 5180 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
12:25:03.0810 5180 DXGKrnl - ok
12:25:03.0888 5180 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
12:25:03.0891 5180 E1G60 - ok
12:25:03.0928 5180 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
12:25:03.0931 5180 Ecache - ok
12:25:03.0987 5180 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
12:25:03.0994 5180 elxstor - ok
12:25:04.0010 5180 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
12:25:04.0011 5180 ErrDev - ok
12:25:04.0053 5180 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
12:25:04.0057 5180 exfat - ok
12:25:04.0094 5180 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
12:25:04.0098 5180 fastfat - ok
12:25:04.0158 5180 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
12:25:04.0160 5180 fdc - ok
12:25:04.0176 5180 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
12:25:04.0179 5180 FileInfo - ok
12:25:04.0187 5180 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
12:25:04.0189 5180 Filetrace - ok
12:25:04.0234 5180 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
12:25:04.0235 5180 flpydisk - ok
12:25:04.0278 5180 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
12:25:04.0284 5180 FltMgr - ok
12:25:04.0379 5180 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
12:25:04.0381 5180 fssfltr - ok
12:25:04.0466 5180 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
12:25:04.0467 5180 Fs_Rec - ok
12:25:04.0489 5180 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
12:25:04.0491 5180 gagp30kx - ok
12:25:04.0548 5180 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:25:04.0551 5180 GEARAspiWDM - ok
12:25:04.0638 5180 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
12:25:04.0644 5180 HdAudAddService - ok
12:25:04.0702 5180 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:25:04.0718 5180 HDAudBus - ok
12:25:04.0744 5180 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
12:25:04.0746 5180 HidBth - ok
12:25:04.0754 5180 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
12:25:04.0756 5180 HidIr - ok
12:25:04.0821 5180 HidUsb (d02c82cb3a20f391c8aeff94e8e0baa1) C:\Windows\system32\DRIVERS\hidusb.sys
12:25:04.0822 5180 HidUsb - ok
12:25:04.0864 5180 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
12:25:04.0866 5180 HpCISSs - ok
12:25:04.0915 5180 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
12:25:04.0926 5180 HTTP - ok
12:25:04.0949 5180 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
12:25:04.0951 5180 i2omp - ok
12:25:04.0967 5180 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
12:25:04.0970 5180 i8042prt - ok
12:25:04.0997 5180 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
12:25:05.0003 5180 iaStorV - ok
12:25:05.0074 5180 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
12:25:05.0076 5180 iirsp - ok
12:25:05.0161 5180 IntcAzAudAddService (2c62599e693372a9221c262b8040e3ac) C:\Windows\system32\drivers\RTKVHD64.sys
12:25:05.0184 5180 IntcAzAudAddService - ok
12:25:05.0213 5180 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
12:25:05.0214 5180 intelide - ok
12:25:05.0296 5180 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
12:25:05.0299 5180 intelppm - ok
12:25:05.0354 5180 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:25:05.0356 5180 IpFilterDriver - ok
12:25:05.0408 5180 IpInIp - ok
12:25:05.0444 5180 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
12:25:05.0446 5180 IPMIDRV - ok
12:25:05.0456 5180 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
12:25:05.0459 5180 IPNAT - ok
12:25:05.0471 5180 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
12:25:05.0472 5180 IRENUM - ok
12:25:05.0496 5180 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
12:25:05.0497 5180 isapnp - ok
12:25:05.0525 5180 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
12:25:05.0530 5180 iScsiPrt - ok
12:25:05.0593 5180 ISWKL (bf65e6d039ae37c988d5b2b680e7d718) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
12:25:05.0595 5180 ISWKL - ok
12:25:05.0655 5180 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
12:25:05.0657 5180 iteatapi - ok
12:25:05.0680 5180 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
12:25:05.0682 5180 iteraid - ok
12:25:05.0701 5180 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
12:25:05.0703 5180 kbdclass - ok
12:25:05.0723 5180 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
12:25:05.0725 5180 kbdhid - ok
12:25:05.0785 5180 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
12:25:05.0795 5180 KSecDD - ok
12:25:05.0830 5180 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
12:25:05.0831 5180 ksthunk - ok
12:25:05.0899 5180 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
12:25:05.0901 5180 lltdio - ok
12:25:05.0953 5180 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
12:25:05.0956 5180 LSI_FC - ok
12:25:05.0966 5180 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
12:25:05.0969 5180 LSI_SAS - ok
12:25:05.0994 5180 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
12:25:05.0997 5180 LSI_SCSI - ok
12:25:06.0022 5180 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
12:25:06.0025 5180 luafv - ok
12:25:06.0044 5180 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
12:25:06.0046 5180 megasas - ok
12:25:06.0073 5180 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
12:25:06.0081 5180 MegaSR - ok
12:25:06.0094 5180 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
12:25:06.0095 5180 Modem - ok
12:25:06.0126 5180 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
12:25:06.0128 5180 monitor - ok
12:25:06.0174 5180 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
12:25:06.0175 5180 mouclass - ok
12:25:06.0196 5180 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
12:25:06.0197 5180 mouhid - ok
12:25:06.0206 5180 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
12:25:06.0208 5180 MountMgr - ok
12:25:06.0238 5180 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
12:25:06.0241 5180 mpio - ok
12:25:06.0254 5180 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
12:25:06.0256 5180 mpsdrv - ok
12:25:06.0274 5180 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
12:25:06.0275 5180 Mraid35x - ok
12:25:06.0301 5180 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
12:25:06.0304 5180 MRxDAV - ok
12:25:06.0332 5180 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:25:06.0335 5180 mrxsmb - ok
12:25:06.0356 5180 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:25:06.0360 5180 mrxsmb10 - ok
12:25:06.0411 5180 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:25:06.0413 5180 mrxsmb20 - ok
12:25:06.0458 5180 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
12:25:06.0459 5180 msahci - ok
12:25:06.0482 5180 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
12:25:06.0485 5180 msdsm - ok
12:25:06.0510 5180 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
12:25:06.0512 5180 Msfs - ok
12:25:06.0538 5180 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
12:25:06.0540 5180 msisadrv - ok
12:25:06.0581 5180 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
12:25:06.0583 5180 MSKSSRV - ok
12:25:06.0609 5180 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
12:25:06.0611 5180 MSPCLOCK - ok
12:25:06.0626 5180 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
12:25:06.0627 5180 MSPQM - ok
12:25:06.0691 5180 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
12:25:06.0698 5180 MsRPC - ok
12:25:06.0732 5180 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
12:25:06.0734 5180 mssmbios - ok
12:25:06.0749 5180 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
12:25:06.0751 5180 MSTEE - ok
12:25:06.0806 5180 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
12:25:06.0809 5180 Mup - ok
12:25:06.0839 5180 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
12:25:06.0843 5180 NativeWifiP - ok
12:25:06.0946 5180 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
12:25:06.0959 5180 NDIS - ok
12:25:06.0997 5180 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
12:25:06.0999 5180 NdisTapi - ok
12:25:07.0025 5180 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
12:25:07.0026 5180 Ndisuio - ok
12:25:07.0049 5180 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
12:25:07.0053 5180 NdisWan - ok
12:25:07.0078 5180 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
12:25:07.0080 5180 NDProxy - ok
12:25:07.0121 5180 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
12:25:07.0123 5180 NetBIOS - ok
12:25:07.0146 5180 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
12:25:07.0152 5180 netbt - ok
12:25:07.0187 5180 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
12:25:07.0190 5180 nfrd960 - ok
12:25:07.0213 5180 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
12:25:07.0215 5180 Npfs - ok
12:25:07.0240 5180 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
12:25:07.0242 5180 nsiproxy - ok
12:25:07.0301 5180 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
12:25:07.0327 5180 Ntfs - ok
12:25:07.0338 5180 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
12:25:07.0341 5180 Null - ok
12:25:07.0430 5180 NVENETFD (211d111d01d4b74015d4e58e84588f86) C:\Windows\system32\DRIVERS\nvmfdx64.sys
12:25:07.0454 5180 NVENETFD - ok
12:25:07.0525 5180 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
12:25:07.0529 5180 nvraid - ok
12:25:07.0551 5180 nvrd64 (7ce4d9f3324e880720201b7cb779b644) C:\Windows\system32\drivers\nvrd64.sys
12:25:07.0555 5180 nvrd64 - ok
12:25:07.0573 5180 nvsmu (f6c6d8298dd85507f680437ec2e6899c) C:\Windows\system32\drivers\nvsmu.sys
12:25:07.0575 5180 nvsmu - ok
12:25:07.0613 5180 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
12:25:07.0616 5180 nvstor - ok
12:25:07.0631 5180 nvstor64 (14e8409cce4bfc7591f8697a8748dc5b) C:\Windows\system32\drivers\nvstor64.sys
12:25:07.0634 5180 nvstor64 - ok
12:25:07.0657 5180 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
12:25:07.0661 5180 nv_agp - ok
12:25:07.0669 5180 NwlnkFlt - ok
12:25:07.0680 5180 NwlnkFwd - ok
12:25:07.0757 5180 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
12:25:07.0759 5180 ohci1394 - ok
12:25:07.0832 5180 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
12:25:07.0836 5180 Parport - ok
12:25:07.0853 5180 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
12:25:07.0856 5180 partmgr - ok
12:25:07.0889 5180 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
12:25:07.0894 5180 pci - ok
12:25:07.0957 5180 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
12:25:07.0959 5180 pciide - ok
12:25:07.0979 5180 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
12:25:07.0985 5180 pcmcia - ok
12:25:08.0047 5180 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
12:25:08.0060 5180 PEAUTH - ok
12:25:08.0151 5180 Ph3xIB64 (e9158fa6923e80bd57cf068ce9cddaa2) C:\Windows\system32\DRIVERS\Ph3xIB64.sys
12:25:08.0174 5180 Ph3xIB64 - ok
12:25:08.0262 5180 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
12:25:08.0266 5180 PptpMiniport - ok
12:25:08.0307 5180 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
12:25:08.0309 5180 Processor - ok
12:25:08.0353 5180 Ps2 (1d0a3f565397d08707f3d75b88586645) C:\Windows\system32\DRIVERS\PS2.sys
12:25:08.0355 5180 Ps2 - ok
12:25:08.0440 5180 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
12:25:08.0444 5180 PSched - ok
12:25:08.0540 5180 PxHlpa64 (901dba98359966a62a6548596988e931) C:\Windows\system32\Drivers\PxHlpa64.sys
12:25:08.0543 5180 PxHlpa64 - ok
12:25:08.0619 5180 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
12:25:08.0640 5180 ql2300 - ok
12:25:08.0653 5180 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
12:25:08.0658 5180 ql40xx - ok
12:25:08.0685 5180 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
12:25:08.0687 5180 QWAVEdrv - ok
12:25:08.0699 5180 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
12:25:08.0701 5180 RasAcd - ok
12:25:08.0759 5180 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:25:08.0763 5180 Rasl2tp - ok
12:25:08.0776 5180 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
12:25:08.0779 5180 RasPppoe - ok
12:25:08.0817 5180 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
12:25:08.0820 5180 RasSstp - ok
12:25:08.0834 5180 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
12:25:08.0840 5180 rdbss - ok
12:25:08.0864 5180 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:25:08.0866 5180 RDPCDD - ok
12:25:08.0895 5180 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
12:25:08.0902 5180 rdpdr - ok
12:25:08.0911 5180 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
12:25:08.0913 5180 RDPENCDD - ok
12:25:08.0951 5180 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
12:25:08.0956 5180 RDPWD - ok
12:25:09.0019 5180 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
12:25:09.0023 5180 rspndr - ok
12:25:09.0052 5180 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
12:25:09.0055 5180 sbp2port - ok
12:25:09.0087 5180 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:25:09.0089 5180 secdrv - ok
12:25:09.0106 5180 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
12:25:09.0109 5180 Serenum - ok
12:25:09.0127 5180 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
12:25:09.0130 5180 Serial - ok
12:25:09.0139 5180 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
12:25:09.0142 5180 sermouse - ok
12:25:09.0162 5180 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
12:25:09.0164 5180 sffdisk - ok
12:25:09.0174 5180 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
12:25:09.0177 5180 sffp_mmc - ok
12:25:09.0212 5180 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
12:25:09.0214 5180 sffp_sd - ok
12:25:09.0224 5180 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
12:25:09.0226 5180 sfloppy - ok
12:25:09.0239 5180 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
12:25:09.0242 5180 SiSRaid2 - ok
12:25:09.0251 5180 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
12:25:09.0255 5180 SiSRaid4 - ok
12:25:09.0294 5180 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
12:25:09.0297 5180 Smb - ok
12:25:09.0341 5180 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
12:25:09.0344 5180 spldr - ok
12:25:09.0431 5180 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
12:25:09.0440 5180 srv - ok
12:25:09.0482 5180 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
12:25:09.0487 5180 srv2 - ok
12:25:09.0498 5180 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
12:25:09.0502 5180 srvnet - ok
12:25:09.0573 5180 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
12:25:09.0575 5180 swenum - ok
12:25:09.0597 5180 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
12:25:09.0600 5180 Symc8xx - ok
12:25:09.0615 5180 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
12:25:09.0617 5180 Sym_hi - ok
12:25:09.0650 5180 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
12:25:09.0652 5180 Sym_u3 - ok
12:25:09.0757 5180 Tcpip (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\drivers\tcpip.sys
12:25:09.0782 5180 Tcpip - ok
12:25:09.0813 5180 Tcpip6 (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\DRIVERS\tcpip.sys
12:25:09.0829 5180 Tcpip6 - ok
12:25:09.0845 5180 tcpipreg (848f87c604b5e674602498cb51067db6) C:\Windows\system32\drivers\tcpipreg.sys
12:25:09.0848 5180 tcpipreg - ok
12:25:09.0905 5180 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
12:25:09.0907 5180 TDPIPE - ok
12:25:09.0917 5180 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
12:25:09.0920 5180 TDTCP - ok
12:25:09.0954 5180 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
12:25:09.0958 5180 tdx - ok
12:25:10.0038 5180 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
12:25:10.0041 5180 TermDD - ok
12:25:10.0074 5180 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:25:10.0076 5180 tssecsrv - ok
12:25:10.0105 5180 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
12:25:10.0108 5180 tunmp - ok
12:25:10.0168 5180 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
12:25:10.0191 5180 tunnel - ok
12:25:10.0222 5180 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
12:25:10.0226 5180 uagp35 - ok
12:25:10.0305 5180 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
12:25:10.0313 5180 udfs - ok
12:25:10.0373 5180 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
12:25:10.0376 5180 uliagpkx - ok
12:25:10.0433 5180 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
12:25:10.0440 5180 uliahci - ok
12:25:10.0489 5180 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
12:25:10.0493 5180 UlSata - ok
12:25:10.0518 5180 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
12:25:10.0523 5180 ulsata2 - ok
12:25:10.0540 5180 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
12:25:10.0543 5180 umbus - ok
12:25:10.0594 5180 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
12:25:10.0597 5180 USBAAPL64 - ok
12:25:10.0633 5180 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
12:25:10.0637 5180 usbaudio - ok
12:25:10.0724 5180 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
12:25:10.0728 5180 usbccgp - ok
12:25:10.0772 5180 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
12:25:10.0776 5180 usbcir - ok
12:25:10.0814 5180 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
12:25:10.0817 5180 usbehci - ok
12:25:10.0845 5180 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
12:25:10.0852 5180 usbhub - ok
12:25:10.0871 5180 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
12:25:10.0873 5180 usbohci - ok
12:25:10.0897 5180 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
12:25:10.0899 5180 usbprint - ok
12:25:10.0948 5180 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:25:10.0952 5180 USBSTOR - ok
12:25:10.0967 5180 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
12:25:10.0970 5180 usbuhci - ok
12:25:11.0012 5180 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
12:25:11.0015 5180 vga - ok
12:25:11.0032 5180 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
12:25:11.0035 5180 VgaSave - ok
12:25:11.0045 5180 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
12:25:11.0047 5180 viaide - ok
12:25:11.0069 5180 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
12:25:11.0072 5180 volmgr - ok
12:25:11.0102 5180 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
12:25:11.0111 5180 volmgrx - ok
12:25:11.0144 5180 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
12:25:11.0151 5180 volsnap - ok
12:25:11.0187 5180 Vsdatant (1b6892429cb452f4434f1b51cf921369) C:\Windows\system32\DRIVERS\vsdatant.sys
12:25:11.0196 5180 Vsdatant - ok
12:25:11.0240 5180 vsdatant7 - ok
12:25:11.0281 5180 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
12:25:11.0286 5180 vsmraid - ok
12:25:11.0320 5180 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
12:25:11.0323 5180 WacomPen - ok
12:25:11.0355 5180 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
12:25:11.0359 5180 Wanarp - ok
12:25:11.0365 5180 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
12:25:11.0367 5180 Wanarpv6 - ok
12:25:11.0412 5180 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
12:25:11.0415 5180 Wd - ok
12:25:11.0449 5180 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
12:25:11.0465 5180 Wdf01000 - ok
12:25:11.0553 5180 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
12:25:11.0556 5180 WmiAcpi - ok
12:25:11.0612 5180 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
12:25:11.0615 5180 WpdUsb - ok
12:25:11.0637 5180 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
12:25:11.0640 5180 ws2ifsl - ok
12:25:11.0689 5180 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:25:11.0693 5180 WUDFRd - ok
12:25:11.0715 5180 MBR (0x1B8) (81cd5ec01db0ce57edd853f82462ef27) \Device\Harddisk0\DR0
12:25:11.0968 5180 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:25:11.0968 5180 \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:25:11.0973 5180 MBR (0x1B8) (f05261c246ce4b3c544521ffff7aef5d) \Device\Harddisk1\DR1
12:25:14.0963 5180 \Device\Harddisk1\DR1 - ok
12:25:14.0968 5180 Boot (0x1200) (bd24d16b4003600898937745f26aeff8) \Device\Harddisk0\DR0\Partition0
12:25:14.0969 5180 \Device\Harddisk0\DR0\Partition0 - ok
12:25:14.0974 5180 Boot (0x1200) (974a92a1e67502826894338fcaf5f7df) \Device\Harddisk0\DR0\Partition1
12:25:14.0976 5180 \Device\Harddisk0\DR0\Partition1 - ok
12:25:14.0982 5180 Boot (0x1200) (2e253d24e2a1954a7064276cbe2297da) \Device\Harddisk1\DR1\Partition0
12:25:14.0984 5180 \Device\Harddisk1\DR1\Partition0 - ok
12:25:14.0986 5180 ============================================================
12:25:14.0986 5180 Scan finished
12:25:14.0986 5180 ============================================================
12:25:15.0000 4904 Detected object count: 1
12:25:15.0000 4904 Actual detected object count: 1
12:32:46.0336 4904 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:32:46.0336 4904 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
12:32:49.0205 4404 Deinitialize success

#4 iam_kramer

iam_kramer
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 19 February 2012 - 08:00 AM

I should have stated i am using 64bit OS so i can't download the GMER? right?


anyway i have moved on and this is the log for the avast MBR....

aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software
Run date: 2012-02-19 12:41:55
-----------------------------
12:41:55.790 OS Version: Windows x64 6.0.6002 Service Pack 2
12:41:55.790 Number of processors: 4 586 0x203
12:41:55.792 ComputerName: NEAL-PC UserName: Neal
12:41:57.530 Initialize success
12:41:57.699 AVAST engine defs: 12021900
12:42:35.037 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000052
12:42:35.043 Disk 0 Vendor: Hitachi_ GM4O Size: 476940MB BusType: 6
12:42:35.048 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000053
12:42:35.051 Disk 1 Vendor: Hitachi_ GM4O Size: 476940MB BusType: 6
12:42:35.061 Disk 0 MBR read successfully
12:42:35.065 Disk 0 MBR scan
12:42:35.070 Disk 0 unknown MBR code
12:42:35.075 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 465241 MB offset 63
12:42:35.114 Disk 0 Partition 2 00 17 Hidd HPFS/NTFS NTFS 2 MB offset 976768065
12:42:35.120 Disk 0 Partition 2 **INFECTED** MBR:Alureon-K [Rtk]
12:42:35.138 Disk 0 Partition 3 00 0C FAT32 LBA NTFS 11695 MB offset 952815150
12:42:35.144 Service scanning
12:42:52.039 Modules scanning
12:42:52.403 Disk 0 trace - called modules:
12:42:52.416 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor64.sys
12:42:52.424 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800498e790]
12:42:52.432 3 CLASSPNP.SYS[fffffa600079cc33] -> nt!IofCallDriver -> [0xfffffa80045f4e40]
12:42:52.440 5 acpi.sys[fffffa60008f6fde] -> nt!IofCallDriver -> \Device\00000052[0xfffffa80045ea060]
12:42:53.499 AVAST engine scan C:\Windows
12:42:55.874 AVAST engine scan C:\Windows\system32
12:46:24.598 AVAST engine scan C:\Windows\system32\drivers
12:46:35.064 AVAST engine scan C:\Users\Neal
12:52:48.292 AVAST engine scan C:\ProgramData
12:53:37.423 Scan finished successfully
13:00:14.462 Disk 0 MBR has been saved successfully to "C:\Users\Neal\Documents\MBR.dat"
13:00:14.466 The log file has been saved successfully to "C:\Users\Neal\Documents\aswMBR.txt"

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:01 PM

Posted 19 February 2012 - 09:05 AM

yes,its a TDL4 rootkit.We need advanced tools to troubleshoot it

Read the guide here

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#6 iam_kramer

iam_kramer
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 19 February 2012 - 09:17 AM

thank you

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:01 PM

Posted 19 February 2012 - 09:19 AM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users