Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.boot.pihar.b


  • Please log in to reply
10 replies to this topic

#1 everythinginane

everythinginane

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 26 February 2012 - 03:36 PM

I read a lot of topics on this but none would help.

Every time I start up, Avast! shortly notifies me that it found a Rootkit. It says it can fix it, but then doesn't, and instead asks me to restart and allow it to scan before the computer boots up fully, which I tried but doesn't remove it either.

Using TDSS Killer, it identifies the Rootkit as "rootkit.boot.pihar.b" (but when that tries to cure, it says "Can't cure MBR. Write standard bootcode?" I select yes, it says "All threats neutralized", but the problem is still not resolved)

From there, and overall, I have run (many times):
aswMBR
ComboFix
TDSS Killer

have scanned with (numerous times):
MalwareBytes Anti-malware
SUPERAntiSpyware
Avast!

None of this stops Avast! from notifying me of the Rootkit every time I restart.

I have two harddrives;
-I operate on Windows 7 64 bit
-On another harddrive I have another (corrupted) installation of Windows 7 64bit on one partition, and Windows XP on another partition on the same drive.
Effectively, I have a tri-boot system, and was wondering if this might possibly have something to do with TDSS Killer saying it "Can't cure MBR"?


What to do?

Thanks
Ben

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:40 AM

Posted 26 February 2012 - 03:45 PM

Hello lets run 2 more please.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Please open TDSS Killer again
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 everythinginane

everythinginane
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 27 February 2012 - 08:18 AM

MiniToolBox by Farbar Version: 18-01-2012
Ran by Ben (administrator) on 27-02-2012 at 07:54:40
Microsoft Windows 7 Ultimate (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 125.252.224.90
127.0.0.1 125.252.224.91

========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Inane
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-1F-C6-A4-4B-B1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e59b:d197:db6d:41e5%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.64(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, February 27, 2012 7:40:32 AM
Lease Expires . . . . . . . . . . : Tuesday, February 28, 2012 7:40:32 AM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 234889158
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-DB-CC-EC-00-1F-C6-A4-4B-B1
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:201b:3e12:3f57:febf(Preferred)
Link-local IPv6 Address . . . . . : fe80::201b:3e12:3f57:febf%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: homeportal
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.225.78
74.125.225.64
74.125.225.65
74.125.225.66
74.125.225.67
74.125.225.68
74.125.225.69
74.125.225.70
74.125.225.71
74.125.225.72
74.125.225.73


Pinging google.com [74.125.225.104] with 32 bytes of data:
Reply from 74.125.225.104: bytes=32 time=28ms TTL=52
Reply from 74.125.225.104: bytes=32 time=27ms TTL=52

Ping statistics for 74.125.225.104:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 27ms, Maximum = 28ms, Average = 27ms
Server: homeportal
Address: 192.168.1.254

Name: yahoo.com
Addresses: 209.191.122.70
98.139.127.62
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=89ms TTL=42
Reply from 98.139.183.24: bytes=32 time=110ms TTL=44

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 89ms, Maximum = 110ms, Average = 99ms
Server: homeportal
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 1f c6 a4 4b b1 ......NVIDIA nForce Networking Controller
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.64 276
192.168.1.64 255.255.255.255 On-link 192.168.1.64 276
192.168.1.255 255.255.255.255 On-link 192.168.1.64 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.64 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.64 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:4137:9e76:201b:3e12:3f57:febf/128
On-link
11 276 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::201b:3e12:3f57:febf/128
On-link
11 276 fe80::e59b:d197:db6d:41e5/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/26/2012 04:56:08 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (02/26/2012 11:29:08 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (02/25/2012 04:55:27 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (02/25/2012 00:50:43 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (02/24/2012 09:14:33 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (02/24/2012 07:02:56 PM) (Source: Application Error) (User: )
Description: Faulting application name: DivX Plus Player.exe, version: 10.2.1.20, time stamp: 0x4cdc8b7a
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49d10
Exception code: 0xc0000005
Fault offset: 0x0002dfe4
Faulting process id: 0xa34
Faulting application start time: 0xDivX Plus Player.exe0
Faulting application path: DivX Plus Player.exe1
Faulting module path: DivX Plus Player.exe2
Report Id: DivX Plus Player.exe3

Error: (02/24/2012 06:44:30 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error: (02/24/2012 02:22:44 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (02/24/2012 10:22:05 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (02/23/2012 01:00:57 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (02/26/2012 05:09:16 PM) (Source: Microsoft-Windows-HAL) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Error: (02/25/2012 00:52:04 PM) (Source: Microsoft-Windows-HAL) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Error: (02/25/2012 08:01:04 AM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (02/24/2012 04:38:21 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (02/24/2012 04:32:52 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (02/24/2012 04:32:28 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (02/24/2012 04:30:46 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (02/24/2012 04:23:38 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (02/24/2012 03:10:49 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (02/24/2012 03:08:58 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.


Microsoft Office Sessions:
=========================
Error: (02/26/2012 04:56:08 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (02/26/2012 11:29:08 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (02/25/2012 04:55:27 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (02/25/2012 00:50:43 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (02/24/2012 09:14:33 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (02/24/2012 07:02:56 PM) (Source: Application Error)(User: )
Description: DivX Plus Player.exe10.2.1.204cdc8b7antdll.dll6.1.7600.169154ec49d10c00000050002dfe4a3401ccf34e468ba000C:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus Player.exeC:\Windows\SysWOW64\ntdll.dll1170f5c0-5f44-11e1-975f-001fc6a44bb1

Error: (02/24/2012 06:44:30 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Users\Ben\Downloads\SoftonicDownloader_for_kmplayer.exe

Error: (02/24/2012 02:22:44 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (02/24/2012 10:22:05 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (02/23/2012 01:00:57 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3


=========================== Installed Programs ============================

AC3Filter 1.62b (Version: 1.62b)
Ace DivX Player v2.1 (Version: 2.1)
Add or Remove Adobe Premiere Pro CS5 (Version: 5.0)
Adobe After Effects CS5 (Version: 10)
Adobe After Effects CS5 Third Party Content (Version: 10)
Adobe After Effects CS5 Third Party Royalty Content (Version: 10)
Adobe AIR (Version: 1.5.3.9120)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.0.1.152)
Adobe Media Player (Version: 1.8)
Adobe Reader X (10.1.0) (Version: 10.1.0)
AIM 7
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
AvaCam v3.2.0
avast! Free Antivirus (Version: 6.0.1367.0)
BlazeDVD 6.0
Creative Jukebox Driver
dBpoweramp DSP Effects (Version: Release 4)
dBpoweramp Music Converter (Version: Release 13.2)
DivX Setup (Version: 2.6.0.34)
FileZilla Client 3.5.1 (Version: 3.5.1)
FLAC To MP3 V4.0.4
Flix (Version: 1.0.0)
FrameShots Video Screen Capture
Free Mp3 Wma Converter V 2.0 (Version: 2.0.0.0)
Google Chrome (Version: 17.0.963.56)
Heroes of Might and Magic® III
iTunes (Version: 10.4.0.80)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 27 (Version: 6.0.270)
Last.fm 1.5.4.27091
Logitech Gaming Software 5.10 (Version: 5.10.127)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 10.0.2 (x86 en-US) (Version: 10.0.2)
Pandora Service
PxMergeModule (Version: 1.00.0000)
QuickTime (Version: 7.69.80.9)
Spotify (Version: 0.8.1.64.g5c5914e3)
Steam (Version: 1.0.0.0)
SUPERAntiSpyware (Version: 5.0.1144)
The Elder Scrolls V: Skyrim
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VLC media player 1.1.11 (Version: 1.1.11)
WinRAR 4.01 (64-bit) (Version: 4.01.0)

========================= Memory info: ===================================

Percentage of memory in use: 23%
Total physical RAM: 6142.49 MB
Available physical RAM: 4683.63 MB
Total Pagefile: 12283.13 MB
Available Pagefile: 10391.12 MB
Total Virtual: 4095.88 MB
Available Virtual: 3947.99 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:298.09 GB) (Free:96.59 GB) NTFS
2 Drive d: () (Fixed) (Total:249.26 GB) (Free:67.13 GB) NTFS
3 Drive e: () (Fixed) (Total:48.82 GB) (Free:21.24 GB) NTFS
4 Drive f: (Reason 4) (CDROM) (Total:2.03 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\INANE

Administrator Ben Guest


**** End of log ****

















TDSSKiller updated this time when I ran it.
Also, I did not disable my avast! shields for the MiniToolBox scan, don't know if that matters or not...

TDSSKiller said "Can't cure MBR. Write standard boot code?" to which I clicked "Yes"

"All threats neatralized" despite it saying beneath that "Found: 3 threats.... Neutralized: 0 threats"






08:11:52.0020 3816 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
08:11:52.0316 3816 ============================================================
08:11:52.0316 3816 Current date / time: 2012/02/27 08:11:52.0316
08:11:52.0316 3816 SystemInfo:
08:11:52.0316 3816
08:11:52.0316 3816 OS Version: 6.1.7600 ServicePack: 0.0
08:11:52.0316 3816 Product type: Workstation
08:11:52.0316 3816 ComputerName: INANE
08:11:52.0317 3816 UserName: Ben
08:11:52.0317 3816 Windows directory: C:\Windows
08:11:52.0317 3816 System windows directory: C:\Windows
08:11:52.0317 3816 Running under WOW64
08:11:52.0317 3816 Processor architecture: Intel x64
08:11:52.0317 3816 Number of processors: 2
08:11:52.0317 3816 Page size: 0x1000
08:11:52.0317 3816 Boot type: Normal boot
08:11:52.0317 3816 ============================================================
08:11:53.0875 3816 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:11:53.0884 3816 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:11:53.0890 3816 \Device\Harddisk0\DR0:
08:11:53.0891 3816 MBR used
08:11:53.0891 3816 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1F285000
08:11:53.0919 3816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F285D9A, BlocksNum 0x61A3A66
08:11:53.0919 3816 \Device\Harddisk1\DR1:
08:11:53.0919 3816 MBR used
08:11:53.0919 3816 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
08:11:54.0009 3816 Initialize success
08:11:54.0009 3816 ============================================================
08:12:58.0509 1136 ============================================================
08:12:58.0509 1136 Scan started
08:12:58.0509 1136 Mode: Manual; TDLFS;
08:12:58.0509 1136 ============================================================
08:12:58.0821 1136 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
08:12:58.0824 1136 1394ohci - ok
08:12:58.0862 1136 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
08:12:58.0863 1136 61883 - ok
08:12:58.0942 1136 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
08:12:58.0987 1136 ACPI - ok
08:12:59.0071 1136 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
08:12:59.0072 1136 AcpiPmi - ok
08:12:59.0116 1136 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:12:59.0124 1136 adp94xx - ok
08:12:59.0142 1136 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:12:59.0148 1136 adpahci - ok
08:12:59.0170 1136 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:12:59.0173 1136 adpu320 - ok
08:12:59.0234 1136 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
08:12:59.0241 1136 AFD - ok
08:12:59.0264 1136 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
08:12:59.0265 1136 agp440 - ok
08:12:59.0301 1136 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
08:12:59.0302 1136 aliide - ok
08:12:59.0316 1136 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
08:12:59.0317 1136 amdide - ok
08:12:59.0342 1136 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:12:59.0343 1136 AmdK8 - ok
08:12:59.0354 1136 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:12:59.0355 1136 AmdPPM - ok
08:12:59.0389 1136 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
08:12:59.0391 1136 amdsata - ok
08:12:59.0420 1136 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:12:59.0424 1136 amdsbs - ok
08:12:59.0440 1136 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
08:12:59.0440 1136 amdxata - ok
08:12:59.0462 1136 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
08:12:59.0464 1136 AppID - ok
08:12:59.0523 1136 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:12:59.0525 1136 arc - ok
08:12:59.0545 1136 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:12:59.0547 1136 arcsas - ok
08:12:59.0576 1136 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
08:12:59.0577 1136 aswFsBlk - ok
08:12:59.0610 1136 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
08:12:59.0611 1136 aswMonFlt - ok
08:12:59.0626 1136 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
08:12:59.0627 1136 aswRdr - ok
08:12:59.0653 1136 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
08:12:59.0657 1136 aswSnx - ok
08:12:59.0676 1136 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
08:12:59.0678 1136 aswSP - ok
08:12:59.0699 1136 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
08:12:59.0700 1136 aswTdi - ok
08:12:59.0728 1136 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:12:59.0729 1136 AsyncMac - ok
08:12:59.0739 1136 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
08:12:59.0740 1136 atapi - ok
08:12:59.0794 1136 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
08:12:59.0795 1136 Avc - ok
08:12:59.0846 1136 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:12:59.0853 1136 b06bdrv - ok
08:12:59.0872 1136 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:12:59.0876 1136 b57nd60a - ok
08:12:59.0907 1136 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:12:59.0908 1136 Beep - ok
08:12:59.0944 1136 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:12:59.0945 1136 blbdrive - ok
08:12:59.0976 1136 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
08:12:59.0978 1136 bowser - ok
08:13:00.0002 1136 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:13:00.0003 1136 BrFiltLo - ok
08:13:00.0023 1136 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:13:00.0024 1136 BrFiltUp - ok
08:13:00.0057 1136 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
08:13:00.0059 1136 BridgeMP - ok
08:13:00.0076 1136 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:13:00.0080 1136 Brserid - ok
08:13:00.0091 1136 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:13:00.0092 1136 BrSerWdm - ok
08:13:00.0114 1136 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:13:00.0115 1136 BrUsbMdm - ok
08:13:00.0134 1136 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:13:00.0135 1136 BrUsbSer - ok
08:13:00.0153 1136 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:13:00.0155 1136 BTHMODEM - ok
08:13:00.0192 1136 catchme - ok
08:13:00.0222 1136 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:13:00.0224 1136 cdfs - ok
08:13:00.0256 1136 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
08:13:00.0259 1136 cdrom - ok
08:13:00.0277 1136 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:13:00.0278 1136 circlass - ok
08:13:00.0310 1136 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:13:00.0316 1136 CLFS - ok
08:13:00.0368 1136 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:13:00.0369 1136 CmBatt - ok
08:13:00.0390 1136 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
08:13:00.0391 1136 cmdide - ok
08:13:00.0428 1136 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
08:13:00.0435 1136 CNG - ok
08:13:00.0453 1136 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:13:00.0455 1136 Compbatt - ok
08:13:00.0478 1136 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
08:13:00.0480 1136 CompositeBus - ok
08:13:00.0506 1136 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:13:00.0507 1136 crcdisk - ok
08:13:00.0554 1136 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
08:13:00.0562 1136 CSC - ok
08:13:00.0596 1136 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
08:13:00.0599 1136 DfsC - ok
08:13:00.0618 1136 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:13:00.0619 1136 discache - ok
08:13:00.0650 1136 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:13:00.0651 1136 Disk - ok
08:13:00.0706 1136 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:13:00.0707 1136 drmkaud - ok
08:13:00.0744 1136 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
08:13:00.0750 1136 DXGKrnl - ok
08:13:00.0830 1136 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:13:00.0884 1136 ebdrv - ok
08:13:00.0924 1136 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:13:00.0932 1136 elxstor - ok
08:13:00.0956 1136 Envy24HFS (947b36a9223d7730b73a7b03d5ffd269) C:\Windows\system32\drivers\Envy24HF.sys
08:13:00.0959 1136 Envy24HFS - ok
08:13:00.0977 1136 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
08:13:00.0979 1136 ErrDev - ok
08:13:01.0013 1136 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:13:01.0016 1136 exfat - ok
08:13:01.0044 1136 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:13:01.0047 1136 fastfat - ok
08:13:01.0080 1136 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:13:01.0081 1136 fdc - ok
08:13:01.0113 1136 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:13:01.0114 1136 FileInfo - ok
08:13:01.0129 1136 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:13:01.0131 1136 Filetrace - ok
08:13:01.0157 1136 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:13:01.0158 1136 flpydisk - ok
08:13:01.0188 1136 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
08:13:01.0192 1136 FltMgr - ok
08:13:01.0222 1136 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:13:01.0224 1136 FsDepends - ok
08:13:01.0241 1136 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
08:13:01.0242 1136 Fs_Rec - ok
08:13:01.0276 1136 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:13:01.0279 1136 fvevol - ok
08:13:01.0298 1136 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:13:01.0300 1136 gagp30kx - ok
08:13:01.0335 1136 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:13:01.0336 1136 GEARAspiWDM - ok
08:13:01.0358 1136 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:13:01.0359 1136 hcw85cir - ok
08:13:01.0381 1136 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:13:01.0384 1136 HDAudBus - ok
08:13:01.0394 1136 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:13:01.0395 1136 HidBatt - ok
08:13:01.0410 1136 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:13:01.0412 1136 HidBth - ok
08:13:01.0424 1136 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:13:01.0425 1136 HidIr - ok
08:13:01.0466 1136 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
08:13:01.0468 1136 HidUsb - ok
08:13:01.0493 1136 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
08:13:01.0495 1136 HpSAMD - ok
08:13:01.0526 1136 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
08:13:01.0537 1136 HTTP - ok
08:13:01.0557 1136 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
08:13:01.0558 1136 hwpolicy - ok
08:13:01.0596 1136 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
08:13:01.0598 1136 i8042prt - ok
08:13:01.0633 1136 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
08:13:01.0639 1136 iaStorV - ok
08:13:01.0664 1136 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:13:01.0666 1136 iirsp - ok
08:13:01.0696 1136 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
08:13:01.0697 1136 intelide - ok
08:13:01.0716 1136 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:13:01.0717 1136 intelppm - ok
08:13:01.0741 1136 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:13:01.0743 1136 IpFilterDriver - ok
08:13:01.0800 1136 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
08:13:01.0802 1136 IPMIDRV - ok
08:13:01.0814 1136 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:13:01.0817 1136 IPNAT - ok
08:13:01.0845 1136 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:13:01.0846 1136 IRENUM - ok
08:13:01.0863 1136 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
08:13:01.0864 1136 isapnp - ok
08:13:01.0891 1136 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
08:13:01.0895 1136 iScsiPrt - ok
08:13:01.0934 1136 Jukebox3_x64 (c2edee04b348b06a9e1da1521a33c1bc) C:\Windows\system32\DRIVERS\ctpdusbx.sys
08:13:01.0936 1136 Jukebox3_x64 - ok
08:13:01.0967 1136 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:13:01.0968 1136 kbdclass - ok
08:13:01.0995 1136 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
08:13:01.0996 1136 kbdhid - ok
08:13:02.0026 1136 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
08:13:02.0027 1136 KSecDD - ok
08:13:02.0045 1136 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
08:13:02.0047 1136 KSecPkg - ok
08:13:02.0067 1136 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:13:02.0068 1136 ksthunk - ok
08:13:02.0127 1136 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:13:02.0129 1136 lltdio - ok
08:13:02.0160 1136 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:13:02.0162 1136 LSI_FC - ok
08:13:02.0179 1136 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:13:02.0182 1136 LSI_SAS - ok
08:13:02.0197 1136 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:13:02.0199 1136 LSI_SAS2 - ok
08:13:02.0215 1136 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:13:02.0217 1136 LSI_SCSI - ok
08:13:02.0241 1136 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:13:02.0243 1136 luafv - ok
08:13:02.0278 1136 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
08:13:02.0279 1136 MBAMProtector - ok
08:13:02.0306 1136 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:13:02.0308 1136 megasas - ok
08:13:02.0328 1136 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:13:02.0333 1136 MegaSR - ok
08:13:02.0354 1136 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:13:02.0356 1136 Modem - ok
08:13:02.0381 1136 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:13:02.0382 1136 monitor - ok
08:13:02.0409 1136 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:13:02.0410 1136 mouclass - ok
08:13:02.0433 1136 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:13:02.0434 1136 mouhid - ok
08:13:02.0456 1136 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
08:13:02.0458 1136 mountmgr - ok
08:13:02.0481 1136 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
08:13:02.0484 1136 mpio - ok
08:13:02.0513 1136 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:13:02.0515 1136 mpsdrv - ok
08:13:02.0557 1136 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
08:13:02.0560 1136 MRxDAV - ok
08:13:02.0590 1136 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:13:02.0593 1136 mrxsmb - ok
08:13:02.0610 1136 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:13:02.0615 1136 mrxsmb10 - ok
08:13:02.0631 1136 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:13:02.0634 1136 mrxsmb20 - ok
08:13:02.0655 1136 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
08:13:02.0656 1136 msahci - ok
08:13:02.0678 1136 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
08:13:02.0681 1136 msdsm - ok
08:13:02.0736 1136 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
08:13:02.0737 1136 MSDV - ok
08:13:02.0759 1136 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:13:02.0760 1136 Msfs - ok
08:13:02.0775 1136 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:13:02.0776 1136 mshidkmdf - ok
08:13:02.0793 1136 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
08:13:02.0793 1136 msisadrv - ok
08:13:02.0817 1136 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:13:02.0818 1136 MSKSSRV - ok
08:13:02.0828 1136 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:13:02.0829 1136 MSPCLOCK - ok
08:13:02.0850 1136 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:13:02.0851 1136 MSPQM - ok
08:13:02.0876 1136 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
08:13:02.0881 1136 MsRPC - ok
08:13:02.0899 1136 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
08:13:02.0900 1136 mssmbios - ok
08:13:02.0926 1136 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:13:02.0927 1136 MSTEE - ok
08:13:02.0944 1136 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:13:02.0945 1136 MTConfig - ok
08:13:02.0985 1136 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
08:13:02.0986 1136 MTsensor - ok
08:13:03.0004 1136 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:13:03.0005 1136 Mup - ok
08:13:03.0037 1136 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:13:03.0042 1136 NativeWifiP - ok
08:13:03.0087 1136 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
08:13:03.0100 1136 NDIS - ok
08:13:03.0130 1136 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:13:03.0131 1136 NdisCap - ok
08:13:03.0162 1136 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:13:03.0163 1136 NdisTapi - ok
08:13:03.0210 1136 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
08:13:03.0212 1136 Ndisuio - ok
08:13:03.0241 1136 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
08:13:03.0244 1136 NdisWan - ok
08:13:03.0264 1136 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
08:13:03.0266 1136 NDProxy - ok
08:13:03.0283 1136 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:13:03.0284 1136 NetBIOS - ok
08:13:03.0309 1136 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
08:13:03.0313 1136 NetBT - ok
08:13:03.0353 1136 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:13:03.0355 1136 nfrd960 - ok
08:13:03.0378 1136 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:13:03.0380 1136 Npfs - ok
08:13:03.0395 1136 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:13:03.0396 1136 nsiproxy - ok
08:13:03.0449 1136 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
08:13:03.0476 1136 Ntfs - ok
08:13:03.0495 1136 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:13:03.0496 1136 Null - ok
08:13:03.0559 1136 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
08:13:03.0566 1136 NVENETFD - ok
08:13:03.0755 1136 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:13:03.0819 1136 nvlddmkm - ok
08:13:03.0850 1136 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
08:13:03.0852 1136 nvraid - ok
08:13:03.0884 1136 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
08:13:03.0888 1136 nvstor - ok
08:13:03.0923 1136 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
08:13:03.0926 1136 nv_agp - ok
08:13:03.0938 1136 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
08:13:03.0940 1136 ohci1394 - ok
08:13:04.0000 1136 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:13:04.0002 1136 Parport - ok
08:13:04.0023 1136 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
08:13:04.0024 1136 partmgr - ok
08:13:04.0043 1136 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
08:13:04.0046 1136 pci - ok
08:13:04.0093 1136 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
08:13:04.0094 1136 pciide - ok
08:13:04.0117 1136 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:13:04.0121 1136 pcmcia - ok
08:13:04.0138 1136 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:13:04.0139 1136 pcw - ok
08:13:04.0170 1136 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:13:04.0180 1136 PEAUTH - ok
08:13:04.0242 1136 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
08:13:04.0244 1136 PptpMiniport - ok
08:13:04.0255 1136 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:13:04.0257 1136 Processor - ok
08:13:04.0285 1136 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
08:13:04.0287 1136 Psched - ok
08:13:04.0326 1136 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
08:13:04.0327 1136 PxHlpa64 - ok
08:13:04.0374 1136 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:13:04.0402 1136 ql2300 - ok
08:13:04.0424 1136 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:13:04.0426 1136 ql40xx - ok
08:13:04.0447 1136 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:13:04.0448 1136 QWAVEdrv - ok
08:13:04.0463 1136 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:13:04.0465 1136 RasAcd - ok
08:13:04.0506 1136 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:13:04.0508 1136 RasAgileVpn - ok
08:13:04.0530 1136 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:13:04.0533 1136 Rasl2tp - ok
08:13:04.0554 1136 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:13:04.0557 1136 RasPppoe - ok
08:13:04.0574 1136 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:13:04.0576 1136 RasSstp - ok
08:13:04.0595 1136 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
08:13:04.0601 1136 rdbss - ok
08:13:04.0620 1136 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:13:04.0621 1136 rdpbus - ok
08:13:04.0634 1136 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:13:04.0635 1136 RDPCDD - ok
08:13:04.0670 1136 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
08:13:04.0673 1136 RDPDR - ok
08:13:04.0695 1136 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:13:04.0696 1136 RDPENCDD - ok
08:13:04.0714 1136 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:13:04.0714 1136 RDPREFMP - ok
08:13:04.0738 1136 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
08:13:04.0742 1136 RDPWD - ok
08:13:04.0774 1136 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
08:13:04.0778 1136 rdyboost - ok
08:13:04.0824 1136 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:13:04.0826 1136 rspndr - ok
08:13:04.0848 1136 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
08:13:04.0849 1136 s3cap - ok
08:13:04.0930 1136 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
08:13:04.0931 1136 SASDIFSV - ok
08:13:04.0940 1136 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
08:13:04.0941 1136 SASKUTIL - ok
08:13:04.0959 1136 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
08:13:04.0961 1136 sbp2port - ok
08:13:04.0983 1136 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
08:13:04.0984 1136 scfilter - ok
08:13:05.0019 1136 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:13:05.0020 1136 secdrv - ok
08:13:05.0057 1136 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:13:05.0058 1136 Serenum - ok
08:13:05.0079 1136 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:13:05.0081 1136 Serial - ok
08:13:05.0102 1136 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:13:05.0103 1136 sermouse - ok
08:13:05.0125 1136 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
08:13:05.0126 1136 sffdisk - ok
08:13:05.0138 1136 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
08:13:05.0139 1136 sffp_mmc - ok
08:13:05.0151 1136 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
08:13:05.0152 1136 sffp_sd - ok
08:13:05.0164 1136 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:13:05.0165 1136 sfloppy - ok
08:13:05.0198 1136 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:13:05.0199 1136 SiSRaid2 - ok
08:13:05.0216 1136 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:13:05.0218 1136 SiSRaid4 - ok
08:13:05.0230 1136 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:13:05.0233 1136 Smb - ok
08:13:05.0251 1136 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:13:05.0252 1136 spldr - ok
08:13:05.0301 1136 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
08:13:05.0308 1136 srv - ok
08:13:05.0332 1136 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
08:13:05.0339 1136 srv2 - ok
08:13:05.0357 1136 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
08:13:05.0360 1136 srvnet - ok
08:13:05.0414 1136 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:13:05.0416 1136 stexstor - ok
08:13:05.0451 1136 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
08:13:05.0452 1136 storflt - ok
08:13:05.0473 1136 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
08:13:05.0475 1136 storvsc - ok
08:13:05.0492 1136 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
08:13:05.0493 1136 swenum - ok
08:13:05.0572 1136 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
08:13:05.0607 1136 Tcpip - ok
08:13:05.0663 1136 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
08:13:05.0673 1136 TCPIP6 - ok
08:13:05.0704 1136 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
08:13:05.0706 1136 tcpipreg - ok
08:13:05.0729 1136 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:13:05.0731 1136 TDPIPE - ok
08:13:05.0748 1136 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
08:13:05.0749 1136 TDTCP - ok
08:13:05.0768 1136 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
08:13:05.0770 1136 tdx - ok
08:13:05.0793 1136 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
08:13:05.0794 1136 TermDD - ok
08:13:05.0829 1136 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:13:05.0830 1136 tssecsrv - ok
08:13:05.0875 1136 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
08:13:05.0877 1136 tunnel - ok
08:13:05.0888 1136 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:13:05.0890 1136 uagp35 - ok
08:13:05.0910 1136 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
08:13:05.0916 1136 udfs - ok
08:13:05.0945 1136 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
08:13:05.0947 1136 uliagpkx - ok
08:13:05.0981 1136 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
08:13:05.0983 1136 umbus - ok
08:13:05.0993 1136 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:13:05.0995 1136 UmPass - ok
08:13:06.0042 1136 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
08:13:06.0044 1136 usbaudio - ok
08:13:06.0068 1136 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
08:13:06.0070 1136 usbccgp - ok
08:13:06.0083 1136 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
08:13:06.0085 1136 usbcir - ok
08:13:06.0112 1136 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
08:13:06.0114 1136 usbehci - ok
08:13:06.0140 1136 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
08:13:06.0145 1136 usbhub - ok
08:13:06.0160 1136 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
08:13:06.0161 1136 usbohci - ok
08:13:06.0181 1136 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:13:06.0183 1136 usbprint - ok
08:13:06.0204 1136 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:13:06.0206 1136 USBSTOR - ok
08:13:06.0230 1136 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
08:13:06.0231 1136 usbuhci - ok
08:13:06.0268 1136 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
08:13:06.0269 1136 vdrvroot - ok
08:13:06.0284 1136 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:13:06.0285 1136 vga - ok
08:13:06.0300 1136 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:13:06.0301 1136 VgaSave - ok
08:13:06.0316 1136 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
08:13:06.0320 1136 vhdmp - ok
08:13:06.0337 1136 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
08:13:06.0338 1136 viaide - ok
08:13:06.0373 1136 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
08:13:06.0376 1136 vmbus - ok
08:13:06.0387 1136 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
08:13:06.0388 1136 VMBusHID - ok
08:13:06.0414 1136 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
08:13:06.0415 1136 volmgr - ok
08:13:06.0441 1136 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
08:13:06.0447 1136 volmgrx - ok
08:13:06.0471 1136 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
08:13:06.0476 1136 volsnap - ok
08:13:06.0498 1136 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:13:06.0501 1136 vsmraid - ok
08:13:06.0527 1136 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
08:13:06.0528 1136 vwifibus - ok
08:13:06.0552 1136 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:13:06.0553 1136 WacomPen - ok
08:13:06.0579 1136 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
08:13:06.0582 1136 WANARP - ok
08:13:06.0596 1136 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
08:13:06.0598 1136 Wanarpv6 - ok
08:13:06.0635 1136 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:13:06.0636 1136 Wd - ok
08:13:06.0662 1136 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:13:06.0672 1136 Wdf01000 - ok
08:13:06.0705 1136 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:13:06.0706 1136 WfpLwf - ok
08:13:06.0728 1136 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:13:06.0730 1136 WIMMount - ok
08:13:06.0788 1136 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
08:13:06.0789 1136 WmBEnum - ok
08:13:06.0823 1136 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
08:13:06.0825 1136 WmFilter - ok
08:13:06.0836 1136 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
08:13:06.0837 1136 WmiAcpi - ok
08:13:06.0875 1136 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
08:13:06.0876 1136 WmVirHid - ok
08:13:06.0890 1136 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
08:13:06.0892 1136 WmXlCore - ok
08:13:06.0919 1136 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:13:06.0920 1136 ws2ifsl - ok
08:13:06.0952 1136 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
08:13:06.0955 1136 WudfPf - ok
08:13:07.0009 1136 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:13:07.0012 1136 WUDFRd - ok
08:13:07.0059 1136 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:13:07.0103 1136 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
08:13:07.0103 1136 \Device\Harddisk0\DR0 - detected TDSS File System (1)
08:13:07.0118 1136 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk1\DR1
08:13:07.0118 1136 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.b ) - infected
08:13:07.0118 1136 \Device\Harddisk1\DR1 - detected Rootkit.Boot.Pihar.b (0)
08:13:07.0168 1136 \Device\Harddisk1\DR1 ( TDSS File System ) - warning
08:13:07.0168 1136 \Device\Harddisk1\DR1 - detected TDSS File System (1)
08:13:07.0204 1136 Boot (0x1200) (cd0a8095bc40c8313e4d2686ec361831) \Device\Harddisk0\DR0\Partition0
08:13:07.0205 1136 \Device\Harddisk0\DR0\Partition0 - ok
08:13:07.0237 1136 Boot (0x1200) (18faee15551414c29cb18bdf700ca391) \Device\Harddisk0\DR0\Partition1
08:13:07.0238 1136 \Device\Harddisk0\DR0\Partition1 - ok
08:13:07.0269 1136 Boot (0x1200) (ba2d7618097261237c14805d11bf8e4e) \Device\Harddisk1\DR1\Partition0
08:13:07.0269 1136 \Device\Harddisk1\DR1\Partition0 - ok
08:13:07.0270 1136 ============================================================
08:13:07.0270 1136 Scan finished
08:13:07.0270 1136 ============================================================
08:13:07.0282 3612 Detected object count: 3
08:13:07.0282 3612 Actual detected object count: 3
08:14:09.0951 3612 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
08:14:09.0951 3612 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
08:14:10.0501 3612 \Device\Harddisk1\DR1\# - copied to quarantine
08:14:10.0502 3612 \Device\Harddisk1\DR1 - copied to quarantine
08:14:10.0528 3612 \Device\Harddisk1\DR1\TDLFS\ph.dll - copied to quarantine
08:14:10.0530 3612 \Device\Harddisk1\DR1\TDLFS\phx.dll - copied to quarantine
08:14:10.0537 3612 \Device\Harddisk1\DR1\TDLFS\phd - copied to quarantine
08:14:10.0543 3612 \Device\Harddisk1\DR1\TDLFS\phdx - copied to quarantine
08:14:10.0544 3612 \Device\Harddisk1\DR1\TDLFS\phs - copied to quarantine
08:14:10.0546 3612 \Device\Harddisk1\DR1\TDLFS\phdata - copied to quarantine
08:14:10.0549 3612 \Device\Harddisk1\DR1\TDLFS\phld - copied to quarantine
08:14:10.0551 3612 \Device\Harddisk1\DR1\TDLFS\phln - copied to quarantine
08:14:10.0554 3612 \Device\Harddisk1\DR1\TDLFS\phlx - copied to quarantine
08:14:10.0556 3612 \Device\Harddisk1\DR1\TDLFS\phm - copied to quarantine
08:14:10.0557 3612 \Device\Harddisk1\DR1 - processing error
08:14:58.0529 3612 \Device\Harddisk1\DR1 - processing error
08:14:58.0533 3612 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.b ) - User select action: Cure Restore
08:14:58.0533 3612 \Device\Harddisk1\DR1 ( TDSS File System ) - skipped by user
08:14:58.0534 3612 \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Skip












Hello lets run 2 more please.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Please open TDSS Killer again
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


Edited by everythinginane, 27 February 2012 - 08:19 AM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:40 AM

Posted 27 February 2012 - 02:43 PM

Please run TDSS again,,

Edited by boopme, 27 February 2012 - 02:43 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 everythinginane

everythinginane
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 27 February 2012 - 11:09 PM

Please run TDSS again,,





Once again, it does the same:

updated..
said "Can't cure MBR. Write standard boot code?" I clicked "Yes"
"All threats neatralized" despite it saying beneath that "Found: 3 threats.... Neutralized: 0 threats"
no restart asked of me.







23:05:48.0379 3924 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
23:05:48.0681 3924 ============================================================
23:05:48.0681 3924 Current date / time: 2012/02/27 23:05:48.0681
23:05:48.0681 3924 SystemInfo:
23:05:48.0681 3924
23:05:48.0681 3924 OS Version: 6.1.7600 ServicePack: 0.0
23:05:48.0681 3924 Product type: Workstation
23:05:48.0682 3924 ComputerName: INANE
23:05:48.0682 3924 UserName: Ben
23:05:48.0682 3924 Windows directory: C:\Windows
23:05:48.0682 3924 System windows directory: C:\Windows
23:05:48.0682 3924 Running under WOW64
23:05:48.0682 3924 Processor architecture: Intel x64
23:05:48.0682 3924 Number of processors: 2
23:05:48.0682 3924 Page size: 0x1000
23:05:48.0682 3924 Boot type: Normal boot
23:05:48.0682 3924 ============================================================
23:05:49.0546 3924 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:05:49.0551 3924 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:05:49.0583 3924 \Device\Harddisk0\DR0:
23:05:49.0613 3924 MBR used
23:05:49.0613 3924 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1F285000
23:05:49.0640 3924 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F285D9A, BlocksNum 0x61A3A66
23:05:49.0640 3924 \Device\Harddisk1\DR1:
23:05:49.0641 3924 MBR used
23:05:49.0641 3924 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
23:05:49.0747 3924 Initialize success
23:05:49.0747 3924 ============================================================
23:06:17.0357 2116 ============================================================
23:06:17.0357 2116 Scan started
23:06:17.0357 2116 Mode: Manual; TDLFS;
23:06:17.0357 2116 ============================================================
23:06:18.0272 2116 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
23:06:18.0275 2116 1394ohci - ok
23:06:18.0321 2116 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
23:06:18.0322 2116 61883 - ok
23:06:18.0353 2116 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
23:06:18.0358 2116 ACPI - ok
23:06:18.0381 2116 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
23:06:18.0382 2116 AcpiPmi - ok
23:06:18.0426 2116 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:06:18.0433 2116 adp94xx - ok
23:06:18.0468 2116 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:06:18.0474 2116 adpahci - ok
23:06:18.0496 2116 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:06:18.0500 2116 adpu320 - ok
23:06:18.0560 2116 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
23:06:18.0566 2116 AFD - ok
23:06:18.0590 2116 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
23:06:18.0591 2116 agp440 - ok
23:06:18.0627 2116 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
23:06:18.0628 2116 aliide - ok
23:06:18.0642 2116 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
23:06:18.0643 2116 amdide - ok
23:06:18.0668 2116 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:06:18.0669 2116 AmdK8 - ok
23:06:18.0679 2116 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:06:18.0682 2116 AmdPPM - ok
23:06:18.0724 2116 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
23:06:18.0726 2116 amdsata - ok
23:06:18.0754 2116 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:06:18.0758 2116 amdsbs - ok
23:06:18.0774 2116 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
23:06:18.0775 2116 amdxata - ok
23:06:18.0821 2116 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
23:06:18.0823 2116 AppID - ok
23:06:18.0882 2116 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:06:18.0884 2116 arc - ok
23:06:18.0904 2116 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:06:18.0906 2116 arcsas - ok
23:06:18.0935 2116 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
23:06:18.0936 2116 aswFsBlk - ok
23:06:18.0978 2116 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
23:06:18.0980 2116 aswMonFlt - ok
23:06:18.0994 2116 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
23:06:18.0995 2116 aswRdr - ok
23:06:19.0021 2116 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
23:06:19.0030 2116 aswSnx - ok
23:06:19.0052 2116 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
23:06:19.0057 2116 aswSP - ok
23:06:19.0075 2116 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
23:06:19.0077 2116 aswTdi - ok
23:06:19.0095 2116 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:06:19.0097 2116 AsyncMac - ok
23:06:19.0108 2116 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
23:06:19.0108 2116 atapi - ok
23:06:19.0169 2116 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
23:06:19.0171 2116 Avc - ok
23:06:19.0222 2116 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:06:19.0229 2116 b06bdrv - ok
23:06:19.0247 2116 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:06:19.0252 2116 b57nd60a - ok
23:06:19.0283 2116 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:06:19.0284 2116 Beep - ok
23:06:19.0320 2116 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:06:19.0321 2116 blbdrive - ok
23:06:19.0369 2116 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
23:06:19.0371 2116 bowser - ok
23:06:19.0394 2116 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:06:19.0396 2116 BrFiltLo - ok
23:06:19.0415 2116 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:06:19.0417 2116 BrFiltUp - ok
23:06:19.0441 2116 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:06:19.0443 2116 BridgeMP - ok
23:06:19.0460 2116 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:06:19.0465 2116 Brserid - ok
23:06:19.0475 2116 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:06:19.0476 2116 BrSerWdm - ok
23:06:19.0498 2116 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:06:19.0499 2116 BrUsbMdm - ok
23:06:19.0518 2116 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:06:19.0519 2116 BrUsbSer - ok
23:06:19.0537 2116 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:06:19.0539 2116 BTHMODEM - ok
23:06:19.0573 2116 catchme - ok
23:06:19.0598 2116 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:06:19.0600 2116 cdfs - ok
23:06:19.0632 2116 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
23:06:19.0635 2116 cdrom - ok
23:06:19.0662 2116 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:06:19.0664 2116 circlass - ok
23:06:19.0703 2116 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:06:19.0709 2116 CLFS - ok
23:06:19.0761 2116 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:06:19.0762 2116 CmBatt - ok
23:06:19.0783 2116 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
23:06:19.0784 2116 cmdide - ok
23:06:19.0821 2116 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
23:06:19.0829 2116 CNG - ok
23:06:19.0846 2116 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:06:19.0847 2116 Compbatt - ok
23:06:19.0871 2116 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:06:19.0872 2116 CompositeBus - ok
23:06:19.0899 2116 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:06:19.0900 2116 crcdisk - ok
23:06:19.0955 2116 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
23:06:19.0964 2116 CSC - ok
23:06:20.0006 2116 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
23:06:20.0008 2116 DfsC - ok
23:06:20.0027 2116 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:06:20.0028 2116 discache - ok
23:06:20.0059 2116 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:06:20.0060 2116 Disk - ok
23:06:20.0115 2116 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:06:20.0116 2116 drmkaud - ok
23:06:20.0153 2116 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
23:06:20.0167 2116 DXGKrnl - ok
23:06:20.0248 2116 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:06:20.0301 2116 ebdrv - ok
23:06:20.0341 2116 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:06:20.0350 2116 elxstor - ok
23:06:20.0373 2116 Envy24HFS (947b36a9223d7730b73a7b03d5ffd269) C:\Windows\system32\drivers\Envy24HF.sys
23:06:20.0376 2116 Envy24HFS - ok
23:06:20.0395 2116 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
23:06:20.0396 2116 ErrDev - ok
23:06:20.0422 2116 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:06:20.0425 2116 exfat - ok
23:06:20.0453 2116 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:06:20.0457 2116 fastfat - ok
23:06:20.0489 2116 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:06:20.0490 2116 fdc - ok
23:06:20.0522 2116 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:06:20.0524 2116 FileInfo - ok
23:06:20.0538 2116 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:06:20.0540 2116 Filetrace - ok
23:06:20.0558 2116 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:06:20.0559 2116 flpydisk - ok
23:06:20.0589 2116 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
23:06:20.0594 2116 FltMgr - ok
23:06:20.0615 2116 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:06:20.0616 2116 FsDepends - ok
23:06:20.0634 2116 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:06:20.0635 2116 Fs_Rec - ok
23:06:20.0677 2116 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:06:20.0680 2116 fvevol - ok
23:06:20.0699 2116 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:06:20.0701 2116 gagp30kx - ok
23:06:20.0736 2116 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:06:20.0737 2116 GEARAspiWDM - ok
23:06:20.0759 2116 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:06:20.0760 2116 hcw85cir - ok
23:06:20.0782 2116 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:06:20.0785 2116 HDAudBus - ok
23:06:20.0795 2116 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:06:20.0797 2116 HidBatt - ok
23:06:20.0809 2116 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:06:20.0811 2116 HidBth - ok
23:06:20.0822 2116 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:06:20.0824 2116 HidIr - ok
23:06:20.0867 2116 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
23:06:20.0868 2116 HidUsb - ok
23:06:20.0894 2116 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
23:06:20.0896 2116 HpSAMD - ok
23:06:20.0934 2116 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
23:06:20.0945 2116 HTTP - ok
23:06:20.0966 2116 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
23:06:20.0967 2116 hwpolicy - ok
23:06:20.0980 2116 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:06:20.0983 2116 i8042prt - ok
23:06:21.0017 2116 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
23:06:21.0024 2116 iaStorV - ok
23:06:21.0048 2116 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:06:21.0050 2116 iirsp - ok
23:06:21.0080 2116 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
23:06:21.0081 2116 intelide - ok
23:06:21.0100 2116 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:06:21.0102 2116 intelppm - ok
23:06:21.0125 2116 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:06:21.0127 2116 IpFilterDriver - ok
23:06:21.0184 2116 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:06:21.0187 2116 IPMIDRV - ok
23:06:21.0199 2116 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:06:21.0202 2116 IPNAT - ok
23:06:21.0229 2116 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:06:21.0230 2116 IRENUM - ok
23:06:21.0247 2116 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
23:06:21.0248 2116 isapnp - ok
23:06:21.0283 2116 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
23:06:21.0287 2116 iScsiPrt - ok
23:06:21.0327 2116 Jukebox3_x64 (c2edee04b348b06a9e1da1521a33c1bc) C:\Windows\system32\DRIVERS\ctpdusbx.sys
23:06:21.0328 2116 Jukebox3_x64 - ok
23:06:21.0360 2116 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:06:21.0361 2116 kbdclass - ok
23:06:21.0387 2116 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
23:06:21.0389 2116 kbdhid - ok
23:06:21.0418 2116 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
23:06:21.0420 2116 KSecDD - ok
23:06:21.0437 2116 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
23:06:21.0440 2116 KSecPkg - ok
23:06:21.0460 2116 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:06:21.0461 2116 ksthunk - ok
23:06:21.0519 2116 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:06:21.0521 2116 lltdio - ok
23:06:21.0552 2116 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:06:21.0555 2116 LSI_FC - ok
23:06:21.0572 2116 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:06:21.0574 2116 LSI_SAS - ok
23:06:21.0589 2116 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:06:21.0591 2116 LSI_SAS2 - ok
23:06:21.0607 2116 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:06:21.0610 2116 LSI_SCSI - ok
23:06:21.0633 2116 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:06:21.0636 2116 luafv - ok
23:06:21.0662 2116 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
23:06:21.0663 2116 MBAMProtector - ok
23:06:21.0690 2116 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:06:21.0692 2116 megasas - ok
23:06:21.0712 2116 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:06:21.0717 2116 MegaSR - ok
23:06:21.0738 2116 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:06:21.0740 2116 Modem - ok
23:06:21.0766 2116 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:06:21.0766 2116 monitor - ok
23:06:21.0801 2116 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:06:21.0803 2116 mouclass - ok
23:06:21.0825 2116 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:06:21.0826 2116 mouhid - ok
23:06:21.0849 2116 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
23:06:21.0851 2116 mountmgr - ok
23:06:21.0874 2116 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
23:06:21.0877 2116 mpio - ok
23:06:21.0905 2116 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:06:21.0907 2116 mpsdrv - ok
23:06:21.0949 2116 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
23:06:21.0953 2116 MRxDAV - ok
23:06:21.0983 2116 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:06:21.0987 2116 mrxsmb - ok
23:06:22.0066 2116 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:06:22.0129 2116 mrxsmb10 - ok
23:06:22.0207 2116 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:06:22.0210 2116 mrxsmb20 - ok
23:06:22.0231 2116 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
23:06:22.0232 2116 msahci - ok
23:06:22.0254 2116 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
23:06:22.0257 2116 msdsm - ok
23:06:22.0311 2116 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
23:06:22.0313 2116 MSDV - ok
23:06:22.0334 2116 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:06:22.0336 2116 Msfs - ok
23:06:22.0351 2116 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:06:22.0352 2116 mshidkmdf - ok
23:06:22.0368 2116 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
23:06:22.0370 2116 msisadrv - ok
23:06:22.0392 2116 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:06:22.0394 2116 MSKSSRV - ok
23:06:22.0404 2116 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:06:22.0405 2116 MSPCLOCK - ok
23:06:22.0426 2116 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:06:22.0427 2116 MSPQM - ok
23:06:22.0452 2116 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
23:06:22.0458 2116 MsRPC - ok
23:06:22.0475 2116 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:06:22.0476 2116 mssmbios - ok
23:06:22.0502 2116 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:06:22.0503 2116 MSTEE - ok
23:06:22.0520 2116 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:06:22.0521 2116 MTConfig - ok
23:06:22.0553 2116 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
23:06:22.0554 2116 MTsensor - ok
23:06:22.0588 2116 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:06:22.0590 2116 Mup - ok
23:06:22.0622 2116 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:06:22.0627 2116 NativeWifiP - ok
23:06:22.0671 2116 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
23:06:22.0684 2116 NDIS - ok
23:06:22.0714 2116 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:06:22.0715 2116 NdisCap - ok
23:06:22.0746 2116 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:06:22.0747 2116 NdisTapi - ok
23:06:22.0786 2116 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
23:06:22.0788 2116 Ndisuio - ok
23:06:22.0817 2116 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:06:22.0820 2116 NdisWan - ok
23:06:22.0831 2116 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
23:06:22.0833 2116 NDProxy - ok
23:06:22.0850 2116 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:06:22.0852 2116 NetBIOS - ok
23:06:22.0876 2116 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
23:06:22.0880 2116 NetBT - ok
23:06:22.0929 2116 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:06:22.0931 2116 nfrd960 - ok
23:06:22.0954 2116 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:06:22.0955 2116 Npfs - ok
23:06:22.0979 2116 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:06:22.0980 2116 nsiproxy - ok
23:06:23.0032 2116 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
23:06:23.0061 2116 Ntfs - ok
23:06:23.0079 2116 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:06:23.0080 2116 Null - ok
23:06:23.0143 2116 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
23:06:23.0150 2116 NVENETFD - ok
23:06:23.0349 2116 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:06:23.0528 2116 nvlddmkm - ok
23:06:23.0575 2116 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
23:06:23.0579 2116 nvraid - ok
23:06:23.0610 2116 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
23:06:23.0614 2116 nvstor - ok
23:06:23.0649 2116 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
23:06:23.0652 2116 nv_agp - ok
23:06:23.0663 2116 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
23:06:23.0665 2116 ohci1394 - ok
23:06:23.0717 2116 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:06:23.0719 2116 Parport - ok
23:06:23.0740 2116 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
23:06:23.0743 2116 partmgr - ok
23:06:23.0769 2116 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
23:06:23.0773 2116 pci - ok
23:06:23.0794 2116 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
23:06:23.0795 2116 pciide - ok
23:06:23.0818 2116 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:06:23.0822 2116 pcmcia - ok
23:06:23.0838 2116 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:06:23.0840 2116 pcw - ok
23:06:23.0871 2116 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:06:23.0881 2116 PEAUTH - ok
23:06:23.0943 2116 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
23:06:23.0945 2116 PptpMiniport - ok
23:06:23.0956 2116 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:06:23.0958 2116 Processor - ok
23:06:23.0986 2116 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
23:06:23.0988 2116 Psched - ok
23:06:24.0027 2116 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
23:06:24.0029 2116 PxHlpa64 - ok
23:06:24.0075 2116 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:06:24.0104 2116 ql2300 - ok
23:06:24.0125 2116 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:06:24.0128 2116 ql40xx - ok
23:06:24.0147 2116 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:06:24.0149 2116 QWAVEdrv - ok
23:06:24.0173 2116 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:06:24.0174 2116 RasAcd - ok
23:06:24.0215 2116 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:06:24.0217 2116 RasAgileVpn - ok
23:06:24.0239 2116 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:06:24.0242 2116 Rasl2tp - ok
23:06:24.0264 2116 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:06:24.0266 2116 RasPppoe - ok
23:06:24.0283 2116 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:06:24.0285 2116 RasSstp - ok
23:06:24.0304 2116 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
23:06:24.0310 2116 rdbss - ok
23:06:24.0329 2116 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:06:24.0330 2116 rdpbus - ok
23:06:24.0343 2116 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:06:24.0344 2116 RDPCDD - ok
23:06:24.0379 2116 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
23:06:24.0382 2116 RDPDR - ok
23:06:24.0404 2116 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:06:24.0405 2116 RDPENCDD - ok
23:06:24.0423 2116 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:06:24.0424 2116 RDPREFMP - ok
23:06:24.0447 2116 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
23:06:24.0451 2116 RDPWD - ok
23:06:24.0483 2116 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
23:06:24.0488 2116 rdyboost - ok
23:06:24.0533 2116 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:06:24.0535 2116 rspndr - ok
23:06:24.0557 2116 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
23:06:24.0558 2116 s3cap - ok
23:06:24.0631 2116 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
23:06:24.0632 2116 SASDIFSV - ok
23:06:24.0641 2116 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
23:06:24.0642 2116 SASKUTIL - ok
23:06:24.0660 2116 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
23:06:24.0663 2116 sbp2port - ok
23:06:24.0684 2116 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
23:06:24.0685 2116 scfilter - ok
23:06:24.0711 2116 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:06:24.0713 2116 secdrv - ok
23:06:24.0750 2116 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:06:24.0751 2116 Serenum - ok
23:06:24.0780 2116 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:06:24.0782 2116 Serial - ok
23:06:24.0802 2116 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:06:24.0804 2116 sermouse - ok
23:06:24.0827 2116 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
23:06:24.0829 2116 sffdisk - ok
23:06:24.0840 2116 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:06:24.0842 2116 sffp_mmc - ok
23:06:24.0853 2116 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:06:24.0855 2116 sffp_sd - ok
23:06:24.0866 2116 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:06:24.0868 2116 sfloppy - ok
23:06:24.0898 2116 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:06:24.0900 2116 SiSRaid2 - ok
23:06:24.0916 2116 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:06:24.0919 2116 SiSRaid4 - ok
23:06:24.0931 2116 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:06:24.0933 2116 Smb - ok
23:06:24.0952 2116 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:06:24.0954 2116 spldr - ok
23:06:25.0002 2116 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
23:06:25.0009 2116 srv - ok
23:06:25.0033 2116 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
23:06:25.0040 2116 srv2 - ok
23:06:25.0058 2116 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
23:06:25.0062 2116 srvnet - ok
23:06:25.0115 2116 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:06:25.0117 2116 stexstor - ok
23:06:25.0152 2116 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
23:06:25.0154 2116 storflt - ok
23:06:25.0174 2116 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
23:06:25.0176 2116 storvsc - ok
23:06:25.0193 2116 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:06:25.0194 2116 swenum - ok
23:06:25.0273 2116 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
23:06:25.0309 2116 Tcpip - ok
23:06:25.0357 2116 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
23:06:25.0367 2116 TCPIP6 - ok
23:06:25.0388 2116 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
23:06:25.0390 2116 tcpipreg - ok
23:06:25.0414 2116 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:06:25.0415 2116 TDPIPE - ok
23:06:25.0432 2116 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
23:06:25.0434 2116 TDTCP - ok
23:06:25.0452 2116 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
23:06:25.0454 2116 tdx - ok
23:06:25.0468 2116 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
23:06:25.0470 2116 TermDD - ok
23:06:25.0504 2116 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:06:25.0506 2116 tssecsrv - ok
23:06:25.0550 2116 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
23:06:25.0553 2116 tunnel - ok
23:06:25.0574 2116 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:06:25.0576 2116 uagp35 - ok
23:06:25.0602 2116 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
23:06:25.0608 2116 udfs - ok
23:06:25.0638 2116 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
23:06:25.0640 2116 uliagpkx - ok
23:06:25.0674 2116 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
23:06:25.0675 2116 umbus - ok
23:06:25.0686 2116 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:06:25.0687 2116 UmPass - ok
23:06:25.0726 2116 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
23:06:25.0728 2116 usbaudio - ok
23:06:25.0752 2116 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
23:06:25.0755 2116 usbccgp - ok
23:06:25.0767 2116 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
23:06:25.0769 2116 usbcir - ok
23:06:25.0796 2116 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
23:06:25.0798 2116 usbehci - ok
23:06:25.0824 2116 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
23:06:25.0830 2116 usbhub - ok
23:06:25.0844 2116 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
23:06:25.0845 2116 usbohci - ok
23:06:25.0866 2116 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:06:25.0867 2116 usbprint - ok
23:06:25.0897 2116 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:06:25.0899 2116 USBSTOR - ok
23:06:25.0922 2116 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
23:06:25.0924 2116 usbuhci - ok
23:06:25.0960 2116 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
23:06:25.0962 2116 vdrvroot - ok
23:06:25.0979 2116 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:06:25.0981 2116 vga - ok
23:06:26.0001 2116 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:06:26.0002 2116 VgaSave - ok
23:06:26.0016 2116 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
23:06:26.0023 2116 vhdmp - ok
23:06:26.0038 2116 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
23:06:26.0039 2116 viaide - ok
23:06:26.0073 2116 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
23:06:26.0077 2116 vmbus - ok
23:06:26.0088 2116 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
23:06:26.0090 2116 VMBusHID - ok
23:06:26.0115 2116 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
23:06:26.0117 2116 volmgr - ok
23:06:26.0142 2116 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
23:06:26.0148 2116 volmgrx - ok
23:06:26.0172 2116 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
23:06:26.0177 2116 volsnap - ok
23:06:26.0199 2116 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:06:26.0202 2116 vsmraid - ok
23:06:26.0228 2116 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
23:06:26.0229 2116 vwifibus - ok
23:06:26.0253 2116 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:06:26.0255 2116 WacomPen - ok
23:06:26.0280 2116 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:06:26.0282 2116 WANARP - ok
23:06:26.0297 2116 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:06:26.0299 2116 Wanarpv6 - ok
23:06:26.0336 2116 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:06:26.0337 2116 Wd - ok
23:06:26.0363 2116 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:06:26.0373 2116 Wdf01000 - ok
23:06:26.0414 2116 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:06:26.0415 2116 WfpLwf - ok
23:06:26.0437 2116 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:06:26.0439 2116 WIMMount - ok
23:06:26.0497 2116 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
23:06:26.0498 2116 WmBEnum - ok
23:06:26.0532 2116 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
23:06:26.0535 2116 WmFilter - ok
23:06:26.0545 2116 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:06:26.0547 2116 WmiAcpi - ok
23:06:26.0576 2116 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
23:06:26.0577 2116 WmVirHid - ok
23:06:26.0599 2116 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
23:06:26.0602 2116 WmXlCore - ok
23:06:26.0628 2116 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:06:26.0629 2116 ws2ifsl - ok
23:06:26.0661 2116 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
23:06:26.0664 2116 WudfPf - ok
23:06:26.0693 2116 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:06:26.0696 2116 WUDFRd - ok
23:06:26.0734 2116 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:06:26.0778 2116 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
23:06:26.0778 2116 \Device\Harddisk0\DR0 - detected TDSS File System (1)
23:06:26.0793 2116 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk1\DR1
23:06:26.0794 2116 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.b ) - infected
23:06:26.0794 2116 \Device\Harddisk1\DR1 - detected Rootkit.Boot.Pihar.b (0)
23:06:26.0844 2116 \Device\Harddisk1\DR1 ( TDSS File System ) - warning
23:06:26.0844 2116 \Device\Harddisk1\DR1 - detected TDSS File System (1)
23:06:26.0879 2116 Boot (0x1200) (cd0a8095bc40c8313e4d2686ec361831) \Device\Harddisk0\DR0\Partition0
23:06:26.0880 2116 \Device\Harddisk0\DR0\Partition0 - ok
23:06:26.0912 2116 Boot (0x1200) (18faee15551414c29cb18bdf700ca391) \Device\Harddisk0\DR0\Partition1
23:06:26.0913 2116 \Device\Harddisk0\DR0\Partition1 - ok
23:06:26.0944 2116 Boot (0x1200) (ba2d7618097261237c14805d11bf8e4e) \Device\Harddisk1\DR1\Partition0
23:06:26.0945 2116 \Device\Harddisk1\DR1\Partition0 - ok
23:06:26.0946 2116 ============================================================
23:06:26.0946 2116 Scan finished
23:06:26.0946 2116 ============================================================
23:06:26.0960 3708 Detected object count: 3
23:06:26.0960 3708 Actual detected object count: 3
23:07:06.0194 3708 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
23:07:06.0194 3708 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
23:07:06.0612 3708 \Device\Harddisk1\DR1\# - copied to quarantine
23:07:06.0613 3708 \Device\Harddisk1\DR1 - copied to quarantine
23:07:06.0639 3708 \Device\Harddisk1\DR1\TDLFS\ph.dll - copied to quarantine
23:07:06.0641 3708 \Device\Harddisk1\DR1\TDLFS\phx.dll - copied to quarantine
23:07:06.0648 3708 \Device\Harddisk1\DR1\TDLFS\phd - copied to quarantine
23:07:06.0654 3708 \Device\Harddisk1\DR1\TDLFS\phdx - copied to quarantine
23:07:06.0655 3708 \Device\Harddisk1\DR1\TDLFS\phs - copied to quarantine
23:07:06.0657 3708 \Device\Harddisk1\DR1\TDLFS\phdata - copied to quarantine
23:07:06.0660 3708 \Device\Harddisk1\DR1\TDLFS\phld - copied to quarantine
23:07:06.0663 3708 \Device\Harddisk1\DR1\TDLFS\phln - copied to quarantine
23:07:06.0665 3708 \Device\Harddisk1\DR1\TDLFS\phlx - copied to quarantine
23:07:06.0668 3708 \Device\Harddisk1\DR1\TDLFS\phm - copied to quarantine
23:07:06.0669 3708 \Device\Harddisk1\DR1 - processing error
23:07:09.0443 3708 \Device\Harddisk1\DR1 - processing error
23:07:09.0446 3708 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.b ) - User select action: Cure Restore
23:07:09.0446 3708 \Device\Harddisk1\DR1 ( TDSS File System ) - skipped by user
23:07:09.0446 3708 \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Skip

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:40 AM

Posted 28 February 2012 - 12:06 AM

One more try

To check for and confirm the MBR (Master Boot Record) rootkit.


Please download mbr.exe and save it to the root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe >>"C:\mbr.log"
  • press Enter.
  • The process is automatic...a black DOS window will open and quickly disappear. This is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
If you have a problem using the command prompt, you can just double-click on mbr.exe to run the tool.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 everythinginane

everythinginane
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 28 February 2012 - 11:43 PM

TDSS did the same all as last time (log at end of post)



Ok so I saved mbr.exe to C:\ but tried what you said and it said "access is denied" over and over
so I moved mbr.exe to C:\users\ben\ and tried it, adding \users\ben to what you said, and it created a text file.. "mbr" but it's just blank, when opened in notepad.

so I moved mbr.exe back to C:\ and tried "c:\mbr.exe >> "c:\users\ben\mbr.exe"" and it worked, but again, was just blank.

ahh!!







23:33:18.0016 3980 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
23:33:18.0316 3980 ============================================================
23:33:18.0316 3980 Current date / time: 2012/02/28 23:33:18.0316
23:33:18.0316 3980 SystemInfo:
23:33:18.0316 3980
23:33:18.0316 3980 OS Version: 6.1.7600 ServicePack: 0.0
23:33:18.0316 3980 Product type: Workstation
23:33:18.0316 3980 ComputerName: INANE
23:33:18.0316 3980 UserName: Ben
23:33:18.0316 3980 Windows directory: C:\Windows
23:33:18.0316 3980 System windows directory: C:\Windows
23:33:18.0316 3980 Running under WOW64
23:33:18.0316 3980 Processor architecture: Intel x64
23:33:18.0316 3980 Number of processors: 2
23:33:18.0316 3980 Page size: 0x1000
23:33:18.0316 3980 Boot type: Normal boot
23:33:18.0316 3980 ============================================================
23:33:19.0280 3980 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:33:19.0292 3980 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:33:19.0326 3980 \Device\Harddisk0\DR0:
23:33:19.0355 3980 MBR used
23:33:19.0355 3980 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1F285000
23:33:19.0383 3980 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F285D9A, BlocksNum 0x61A3A66
23:33:19.0383 3980 \Device\Harddisk1\DR1:
23:33:19.0383 3980 MBR used
23:33:19.0383 3980 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
23:33:19.0490 3980 Initialize success
23:33:19.0490 3980 ============================================================
23:33:24.0590 3640 ============================================================
23:33:24.0590 3640 Scan started
23:33:24.0590 3640 Mode: Manual; TDLFS;
23:33:24.0590 3640 ============================================================
23:33:25.0354 3640 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
23:33:25.0358 3640 1394ohci - ok
23:33:25.0403 3640 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
23:33:25.0405 3640 61883 - ok
23:33:25.0436 3640 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
23:33:25.0441 3640 ACPI - ok
23:33:25.0463 3640 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
23:33:25.0464 3640 AcpiPmi - ok
23:33:25.0491 3640 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:33:25.0499 3640 adp94xx - ok
23:33:25.0526 3640 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:33:25.0531 3640 adpahci - ok
23:33:25.0553 3640 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:33:25.0556 3640 adpu320 - ok
23:33:25.0617 3640 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
23:33:25.0624 3640 AFD - ok
23:33:25.0647 3640 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
23:33:25.0649 3640 agp440 - ok
23:33:25.0684 3640 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
23:33:25.0685 3640 aliide - ok
23:33:25.0700 3640 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
23:33:25.0701 3640 amdide - ok
23:33:25.0725 3640 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:33:25.0727 3640 AmdK8 - ok
23:33:25.0737 3640 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:33:25.0739 3640 AmdPPM - ok
23:33:25.0789 3640 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
23:33:25.0792 3640 amdsata - ok
23:33:25.0828 3640 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:33:25.0832 3640 amdsbs - ok
23:33:25.0848 3640 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
23:33:25.0849 3640 amdxata - ok
23:33:25.0895 3640 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
23:33:25.0897 3640 AppID - ok
23:33:25.0948 3640 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:33:25.0950 3640 arc - ok
23:33:25.0970 3640 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:33:25.0973 3640 arcsas - ok
23:33:26.0018 3640 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
23:33:26.0018 3640 aswFsBlk - ok
23:33:26.0077 3640 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
23:33:26.0078 3640 aswMonFlt - ok
23:33:26.0093 3640 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
23:33:26.0094 3640 aswRdr - ok
23:33:26.0120 3640 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
23:33:26.0124 3640 aswSnx - ok
23:33:26.0249 3640 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
23:33:26.0252 3640 aswSP - ok
23:33:26.0333 3640 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
23:33:26.0334 3640 aswTdi - ok
23:33:26.0353 3640 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:33:26.0354 3640 AsyncMac - ok
23:33:26.0364 3640 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
23:33:26.0365 3640 atapi - ok
23:33:26.0427 3640 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
23:33:26.0428 3640 Avc - ok
23:33:26.0479 3640 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:33:26.0487 3640 b06bdrv - ok
23:33:26.0505 3640 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:33:26.0510 3640 b57nd60a - ok
23:33:26.0540 3640 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:33:26.0541 3640 Beep - ok
23:33:26.0577 3640 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:33:26.0578 3640 blbdrive - ok
23:33:26.0626 3640 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
23:33:26.0628 3640 bowser - ok
23:33:26.0652 3640 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:33:26.0653 3640 BrFiltLo - ok
23:33:26.0673 3640 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:33:26.0674 3640 BrFiltUp - ok
23:33:26.0686 3640 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:33:26.0688 3640 BridgeMP - ok
23:33:26.0706 3640 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:33:26.0710 3640 Brserid - ok
23:33:26.0721 3640 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:33:26.0722 3640 BrSerWdm - ok
23:33:26.0739 3640 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:33:26.0740 3640 BrUsbMdm - ok
23:33:26.0759 3640 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:33:26.0760 3640 BrUsbSer - ok
23:33:26.0778 3640 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:33:26.0780 3640 BTHMODEM - ok
23:33:26.0814 3640 catchme - ok
23:33:26.0847 3640 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:33:26.0849 3640 cdfs - ok
23:33:26.0881 3640 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
23:33:26.0884 3640 cdrom - ok
23:33:26.0903 3640 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:33:26.0905 3640 circlass - ok
23:33:26.0943 3640 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:33:26.0949 3640 CLFS - ok
23:33:27.0018 3640 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:33:27.0020 3640 CmBatt - ok
23:33:27.0040 3640 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
23:33:27.0041 3640 cmdide - ok
23:33:27.0070 3640 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
23:33:27.0077 3640 CNG - ok
23:33:27.0103 3640 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:33:27.0104 3640 Compbatt - ok
23:33:27.0138 3640 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:33:27.0139 3640 CompositeBus - ok
23:33:27.0173 3640 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:33:27.0174 3640 crcdisk - ok
23:33:27.0221 3640 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
23:33:27.0229 3640 CSC - ok
23:33:27.0263 3640 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
23:33:27.0265 3640 DfsC - ok
23:33:27.0285 3640 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:33:27.0286 3640 discache - ok
23:33:27.0316 3640 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:33:27.0317 3640 Disk - ok
23:33:27.0372 3640 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:33:27.0373 3640 drmkaud - ok
23:33:27.0411 3640 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
23:33:27.0417 3640 DXGKrnl - ok
23:33:27.0489 3640 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:33:27.0542 3640 ebdrv - ok
23:33:27.0582 3640 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:33:27.0591 3640 elxstor - ok
23:33:27.0614 3640 Envy24HFS (947b36a9223d7730b73a7b03d5ffd269) C:\Windows\system32\drivers\Envy24HF.sys
23:33:27.0617 3640 Envy24HFS - ok
23:33:27.0635 3640 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
23:33:27.0636 3640 ErrDev - ok
23:33:27.0663 3640 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:33:27.0666 3640 exfat - ok
23:33:27.0694 3640 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:33:27.0697 3640 fastfat - ok
23:33:27.0730 3640 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:33:27.0731 3640 fdc - ok
23:33:27.0763 3640 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:33:27.0764 3640 FileInfo - ok
23:33:27.0779 3640 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:33:27.0780 3640 Filetrace - ok
23:33:27.0807 3640 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:33:27.0808 3640 flpydisk - ok
23:33:27.0838 3640 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
23:33:27.0843 3640 FltMgr - ok
23:33:27.0864 3640 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:33:27.0865 3640 FsDepends - ok
23:33:27.0883 3640 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:33:27.0883 3640 Fs_Rec - ok
23:33:27.0926 3640 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:33:27.0929 3640 fvevol - ok
23:33:27.0948 3640 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:33:27.0950 3640 gagp30kx - ok
23:33:28.0010 3640 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:33:28.0011 3640 GEARAspiWDM - ok
23:33:28.0033 3640 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:33:28.0034 3640 hcw85cir - ok
23:33:28.0056 3640 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:33:28.0059 3640 HDAudBus - ok
23:33:28.0072 3640 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:33:28.0075 3640 HidBatt - ok
23:33:28.0087 3640 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:33:28.0090 3640 HidBth - ok
23:33:28.0109 3640 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:33:28.0111 3640 HidIr - ok
23:33:28.0175 3640 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
23:33:28.0176 3640 HidUsb - ok
23:33:28.0210 3640 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
23:33:28.0212 3640 HpSAMD - ok
23:33:28.0242 3640 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
23:33:28.0253 3640 HTTP - ok
23:33:28.0274 3640 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
23:33:28.0275 3640 hwpolicy - ok
23:33:28.0307 3640 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:33:28.0310 3640 i8042prt - ok
23:33:28.0341 3640 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
23:33:28.0348 3640 iaStorV - ok
23:33:28.0381 3640 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:33:28.0382 3640 iirsp - ok
23:33:28.0412 3640 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
23:33:28.0413 3640 intelide - ok
23:33:28.0449 3640 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:33:28.0451 3640 intelppm - ok
23:33:28.0475 3640 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:33:28.0476 3640 IpFilterDriver - ok
23:33:28.0542 3640 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:33:28.0544 3640 IPMIDRV - ok
23:33:28.0564 3640 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:33:28.0566 3640 IPNAT - ok
23:33:28.0611 3640 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:33:28.0612 3640 IRENUM - ok
23:33:28.0629 3640 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
23:33:28.0631 3640 isapnp - ok
23:33:28.0666 3640 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
23:33:28.0670 3640 iScsiPrt - ok
23:33:28.0709 3640 Jukebox3_x64 (c2edee04b348b06a9e1da1521a33c1bc) C:\Windows\system32\DRIVERS\ctpdusbx.sys
23:33:28.0710 3640 Jukebox3_x64 - ok
23:33:28.0734 3640 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:33:28.0735 3640 kbdclass - ok
23:33:28.0762 3640 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
23:33:28.0763 3640 kbdhid - ok
23:33:28.0792 3640 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
23:33:28.0794 3640 KSecDD - ok
23:33:28.0811 3640 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
23:33:28.0814 3640 KSecPkg - ok
23:33:28.0834 3640 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:33:28.0835 3640 ksthunk - ok
23:33:28.0885 3640 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:33:28.0887 3640 lltdio - ok
23:33:28.0926 3640 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:33:28.0929 3640 LSI_FC - ok
23:33:28.0946 3640 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:33:28.0948 3640 LSI_SAS - ok
23:33:28.0963 3640 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:33:28.0965 3640 LSI_SAS2 - ok
23:33:28.0990 3640 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:33:28.0992 3640 LSI_SCSI - ok
23:33:29.0016 3640 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:33:29.0018 3640 luafv - ok
23:33:29.0044 3640 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
23:33:29.0045 3640 MBAMProtector - ok
23:33:29.0073 3640 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:33:29.0074 3640 megasas - ok
23:33:29.0095 3640 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:33:29.0100 3640 MegaSR - ok
23:33:29.0121 3640 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:33:29.0123 3640 Modem - ok
23:33:29.0148 3640 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:33:29.0149 3640 monitor - ok
23:33:29.0184 3640 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:33:29.0185 3640 mouclass - ok
23:33:29.0220 3640 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:33:29.0222 3640 mouhid - ok
23:33:29.0240 3640 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
23:33:29.0241 3640 mountmgr - ok
23:33:29.0265 3640 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
23:33:29.0268 3640 mpio - ok
23:33:29.0296 3640 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:33:29.0298 3640 mpsdrv - ok
23:33:29.0357 3640 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
23:33:29.0360 3640 MRxDAV - ok
23:33:29.0399 3640 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:33:29.0402 3640 mrxsmb - ok
23:33:29.0419 3640 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:33:29.0424 3640 mrxsmb10 - ok
23:33:29.0456 3640 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:33:29.0459 3640 mrxsmb20 - ok
23:33:29.0480 3640 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
23:33:29.0481 3640 msahci - ok
23:33:29.0503 3640 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
23:33:29.0506 3640 msdsm - ok
23:33:29.0569 3640 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
23:33:29.0571 3640 MSDV - ok
23:33:29.0592 3640 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:33:29.0593 3640 Msfs - ok
23:33:29.0608 3640 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:33:29.0609 3640 mshidkmdf - ok
23:33:29.0626 3640 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
23:33:29.0627 3640 msisadrv - ok
23:33:29.0658 3640 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:33:29.0659 3640 MSKSSRV - ok
23:33:29.0670 3640 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:33:29.0671 3640 MSPCLOCK - ok
23:33:29.0692 3640 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:33:29.0693 3640 MSPQM - ok
23:33:29.0717 3640 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
23:33:29.0723 3640 MsRPC - ok
23:33:29.0741 3640 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:33:29.0742 3640 mssmbios - ok
23:33:29.0768 3640 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:33:29.0769 3640 MSTEE - ok
23:33:29.0786 3640 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:33:29.0787 3640 MTConfig - ok
23:33:29.0819 3640 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
23:33:29.0819 3640 MTsensor - ok
23:33:29.0837 3640 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:33:29.0838 3640 Mup - ok
23:33:29.0871 3640 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:33:29.0876 3640 NativeWifiP - ok
23:33:29.0921 3640 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
23:33:29.0934 3640 NDIS - ok
23:33:29.0973 3640 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:33:29.0975 3640 NdisCap - ok
23:33:30.0037 3640 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:33:30.0038 3640 NdisTapi - ok
23:33:30.0060 3640 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
23:33:30.0062 3640 Ndisuio - ok
23:33:30.0091 3640 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:33:30.0095 3640 NdisWan - ok
23:33:30.0113 3640 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
23:33:30.0115 3640 NDProxy - ok
23:33:30.0133 3640 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:33:30.0134 3640 NetBIOS - ok
23:33:30.0159 3640 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
23:33:30.0163 3640 NetBT - ok
23:33:30.0236 3640 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:33:30.0238 3640 nfrd960 - ok
23:33:30.0261 3640 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:33:30.0263 3640 Npfs - ok
23:33:30.0278 3640 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:33:30.0279 3640 nsiproxy - ok
23:33:30.0332 3640 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
23:33:30.0360 3640 Ntfs - ok
23:33:30.0378 3640 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:33:30.0379 3640 Null - ok
23:33:30.0443 3640 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
23:33:30.0449 3640 NVENETFD - ok
23:33:30.0642 3640 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:33:30.0706 3640 nvlddmkm - ok
23:33:30.0741 3640 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
23:33:30.0744 3640 nvraid - ok
23:33:30.0776 3640 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
23:33:30.0779 3640 nvstor - ok
23:33:30.0807 3640 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
23:33:30.0809 3640 nv_agp - ok
23:33:30.0820 3640 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
23:33:30.0822 3640 ohci1394 - ok
23:33:30.0858 3640 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:33:30.0860 3640 Parport - ok
23:33:30.0881 3640 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
23:33:30.0883 3640 partmgr - ok
23:33:30.0902 3640 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
23:33:30.0904 3640 pci - ok
23:33:30.0918 3640 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
23:33:30.0919 3640 pciide - ok
23:33:30.0943 3640 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:33:30.0947 3640 pcmcia - ok
23:33:30.0963 3640 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:33:30.0964 3640 pcw - ok
23:33:30.0995 3640 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:33:31.0005 3640 PEAUTH - ok
23:33:31.0067 3640 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
23:33:31.0069 3640 PptpMiniport - ok
23:33:31.0080 3640 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:33:31.0082 3640 Processor - ok
23:33:31.0110 3640 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
23:33:31.0113 3640 Psched - ok
23:33:31.0151 3640 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
23:33:31.0152 3640 PxHlpa64 - ok
23:33:31.0191 3640 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:33:31.0218 3640 ql2300 - ok
23:33:31.0240 3640 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:33:31.0243 3640 ql40xx - ok
23:33:31.0263 3640 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:33:31.0265 3640 QWAVEdrv - ok
23:33:31.0288 3640 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:33:31.0289 3640 RasAcd - ok
23:33:31.0365 3640 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:33:31.0366 3640 RasAgileVpn - ok
23:33:31.0397 3640 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:33:31.0399 3640 Rasl2tp - ok
23:33:31.0421 3640 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:33:31.0423 3640 RasPppoe - ok
23:33:31.0441 3640 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:33:31.0443 3640 RasSstp - ok
23:33:31.0462 3640 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
23:33:31.0467 3640 rdbss - ok
23:33:31.0487 3640 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:33:31.0488 3640 rdpbus - ok
23:33:31.0501 3640 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:33:31.0502 3640 RDPCDD - ok
23:33:31.0536 3640 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
23:33:31.0539 3640 RDPDR - ok
23:33:31.0562 3640 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:33:31.0563 3640 RDPENCDD - ok
23:33:31.0580 3640 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:33:31.0581 3640 RDPREFMP - ok
23:33:31.0605 3640 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
23:33:31.0609 3640 RDPWD - ok
23:33:31.0641 3640 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
23:33:31.0645 3640 rdyboost - ok
23:33:31.0690 3640 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:33:31.0693 3640 rspndr - ok
23:33:31.0723 3640 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
23:33:31.0724 3640 s3cap - ok
23:33:31.0805 3640 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
23:33:31.0805 3640 SASDIFSV - ok
23:33:31.0815 3640 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
23:33:31.0816 3640 SASKUTIL - ok
23:33:31.0834 3640 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
23:33:31.0837 3640 sbp2port - ok
23:33:31.0858 3640 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
23:33:31.0859 3640 scfilter - ok
23:33:31.0885 3640 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:33:31.0887 3640 secdrv - ok
23:33:31.0924 3640 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:33:31.0925 3640 Serenum - ok
23:33:31.0946 3640 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:33:31.0948 3640 Serial - ok
23:33:31.0968 3640 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:33:31.0970 3640 sermouse - ok
23:33:31.0995 3640 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
23:33:31.0997 3640 sffdisk - ok
23:33:32.0008 3640 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:33:32.0011 3640 sffp_mmc - ok
23:33:32.0022 3640 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:33:32.0023 3640 sffp_sd - ok
23:33:32.0036 3640 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:33:32.0037 3640 sfloppy - ok
23:33:32.0081 3640 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:33:32.0082 3640 SiSRaid2 - ok
23:33:32.0099 3640 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:33:32.0102 3640 SiSRaid4 - ok
23:33:32.0114 3640 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:33:32.0116 3640 Smb - ok
23:33:32.0137 3640 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:33:32.0138 3640 spldr - ok
23:33:32.0184 3640 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
23:33:32.0192 3640 srv - ok
23:33:32.0215 3640 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
23:33:32.0222 3640 srv2 - ok
23:33:32.0240 3640 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
23:33:32.0244 3640 srvnet - ok
23:33:32.0298 3640 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:33:32.0299 3640 stexstor - ok
23:33:32.0334 3640 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
23:33:32.0335 3640 storflt - ok
23:33:32.0356 3640 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
23:33:32.0358 3640 storvsc - ok
23:33:32.0375 3640 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:33:32.0376 3640 swenum - ok
23:33:32.0455 3640 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
23:33:32.0490 3640 Tcpip - ok
23:33:32.0546 3640 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
23:33:32.0557 3640 TCPIP6 - ok
23:33:32.0587 3640 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
23:33:32.0589 3640 tcpipreg - ok
23:33:32.0613 3640 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:33:32.0614 3640 TDPIPE - ok
23:33:32.0631 3640 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
23:33:32.0633 3640 TDTCP - ok
23:33:32.0651 3640 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
23:33:32.0653 3640 tdx - ok
23:33:32.0667 3640 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
23:33:32.0669 3640 TermDD - ok
23:33:32.0703 3640 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:33:32.0705 3640 tssecsrv - ok
23:33:32.0750 3640 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
23:33:32.0752 3640 tunnel - ok
23:33:32.0764 3640 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:33:32.0766 3640 uagp35 - ok
23:33:32.0785 3640 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
23:33:32.0790 3640 udfs - ok
23:33:32.0820 3640 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
23:33:32.0822 3640 uliagpkx - ok
23:33:32.0856 3640 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
23:33:32.0858 3640 umbus - ok
23:33:32.0869 3640 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:33:32.0870 3640 UmPass - ok
23:33:32.0917 3640 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
23:33:32.0919 3640 usbaudio - ok
23:33:32.0943 3640 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
23:33:32.0945 3640 usbccgp - ok
23:33:32.0970 3640 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
23:33:32.0973 3640 usbcir - ok
23:33:33.0004 3640 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
23:33:33.0005 3640 usbehci - ok
23:33:33.0031 3640 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
23:33:33.0037 3640 usbhub - ok
23:33:33.0051 3640 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
23:33:33.0053 3640 usbohci - ok
23:33:33.0073 3640 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:33:33.0074 3640 usbprint - ok
23:33:33.0104 3640 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:33:33.0106 3640 USBSTOR - ok
23:33:33.0129 3640 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
23:33:33.0131 3640 usbuhci - ok
23:33:33.0168 3640 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
23:33:33.0169 3640 vdrvroot - ok
23:33:33.0183 3640 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:33:33.0184 3640 vga - ok
23:33:33.0200 3640 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:33:33.0202 3640 VgaSave - ok
23:33:33.0215 3640 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
23:33:33.0219 3640 vhdmp - ok
23:33:33.0237 3640 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
23:33:33.0238 3640 viaide - ok
23:33:33.0273 3640 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
23:33:33.0276 3640 vmbus - ok
23:33:33.0287 3640 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
23:33:33.0288 3640 VMBusHID - ok
23:33:33.0314 3640 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
23:33:33.0315 3640 volmgr - ok
23:33:33.0342 3640 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
23:33:33.0348 3640 volmgrx - ok
23:33:33.0372 3640 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
23:33:33.0376 3640 volsnap - ok
23:33:33.0398 3640 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:33:33.0401 3640 vsmraid - ok
23:33:33.0427 3640 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
23:33:33.0428 3640 vwifibus - ok
23:33:33.0452 3640 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:33:33.0453 3640 WacomPen - ok
23:33:33.0488 3640 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:33:33.0490 3640 WANARP - ok
23:33:33.0513 3640 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:33:33.0514 3640 Wanarpv6 - ok
23:33:33.0551 3640 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:33:33.0553 3640 Wd - ok
23:33:33.0579 3640 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:33:33.0588 3640 Wdf01000 - ok
23:33:33.0622 3640 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:33:33.0623 3640 WfpLwf - ok
23:33:33.0645 3640 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:33:33.0647 3640 WIMMount - ok
23:33:33.0705 3640 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
23:33:33.0706 3640 WmBEnum - ok
23:33:33.0740 3640 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
23:33:33.0742 3640 WmFilter - ok
23:33:33.0752 3640 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:33:33.0754 3640 WmiAcpi - ok
23:33:33.0783 3640 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
23:33:33.0784 3640 WmVirHid - ok
23:33:33.0799 3640 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
23:33:33.0800 3640 WmXlCore - ok
23:33:33.0828 3640 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:33:33.0829 3640 ws2ifsl - ok
23:33:33.0861 3640 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
23:33:33.0863 3640 WudfPf - ok
23:33:33.0892 3640 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:33:33.0895 3640 WUDFRd - ok
23:33:33.0938 3640 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:33:34.0031 3640 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
23:33:34.0031 3640 \Device\Harddisk0\DR0 - detected TDSS File System (1)
23:33:34.0051 3640 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk1\DR1
23:33:34.0051 3640 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.b ) - infected
23:33:34.0051 3640 \Device\Harddisk1\DR1 - detected Rootkit.Boot.Pihar.b (0)
23:33:34.0102 3640 \Device\Harddisk1\DR1 ( TDSS File System ) - warning
23:33:34.0102 3640 \Device\Harddisk1\DR1 - detected TDSS File System (1)
23:33:34.0106 3640 Boot (0x1200) (cd0a8095bc40c8313e4d2686ec361831) \Device\Harddisk0\DR0\Partition0
23:33:34.0106 3640 \Device\Harddisk0\DR0\Partition0 - ok
23:33:34.0132 3640 Boot (0x1200) (18faee15551414c29cb18bdf700ca391) \Device\Harddisk0\DR0\Partition1
23:33:34.0133 3640 \Device\Harddisk0\DR0\Partition1 - ok
23:33:34.0160 3640 Boot (0x1200) (ba2d7618097261237c14805d11bf8e4e) \Device\Harddisk1\DR1\Partition0
23:33:34.0161 3640 \Device\Harddisk1\DR1\Partition0 - ok
23:33:34.0162 3640 ============================================================
23:33:34.0162 3640 Scan finished
23:33:34.0162 3640 ============================================================
23:33:34.0176 1100 Detected object count: 3
23:33:34.0176 1100 Actual detected object count: 3
23:33:37.0165 1100 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
23:33:37.0165 1100 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
23:33:37.0536 1100 \Device\Harddisk1\DR1\# - copied to quarantine
23:33:37.0536 1100 \Device\Harddisk1\DR1 - copied to quarantine
23:33:37.0562 1100 \Device\Harddisk1\DR1\TDLFS\ph.dll - copied to quarantine
23:33:37.0564 1100 \Device\Harddisk1\DR1\TDLFS\phx.dll - copied to quarantine
23:33:37.0582 1100 \Device\Harddisk1\DR1\TDLFS\phd - copied to quarantine
23:33:37.0587 1100 \Device\Harddisk1\DR1\TDLFS\phdx - copied to quarantine
23:33:37.0589 1100 \Device\Harddisk1\DR1\TDLFS\phs - copied to quarantine
23:33:37.0591 1100 \Device\Harddisk1\DR1\TDLFS\phdata - copied to quarantine
23:33:37.0594 1100 \Device\Harddisk1\DR1\TDLFS\phld - copied to quarantine
23:33:37.0597 1100 \Device\Harddisk1\DR1\TDLFS\phln - copied to quarantine
23:33:37.0599 1100 \Device\Harddisk1\DR1\TDLFS\phlx - copied to quarantine
23:33:37.0601 1100 \Device\Harddisk1\DR1\TDLFS\phm - copied to quarantine
23:33:37.0605 1100 \Device\Harddisk1\DR1 - processing error
23:33:38.0925 1100 \Device\Harddisk1\DR1 - processing error
23:33:38.0928 1100 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.b ) - User select action: Cure Restore
23:33:38.0929 1100 \Device\Harddisk1\DR1 ( TDSS File System ) - skipped by user
23:33:38.0929 1100 \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Skip

#8 everythinginane

everythinginane
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 28 February 2012 - 11:45 PM

Oh, wait, I'm sorry, I didn't see that last note about just running the program. Why couldn't I do that to begin with? here's the log, as run from C:\



Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600

device: opened successfully
user: error reading MBR
error: Read The handle is invalid.
kernel: error reading MBR

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:40 AM

Posted 29 February 2012 - 03:44 PM

Let's try to fix that.

run the command mbr.exe -f (note the space between the e and -f) from a command prompt. Have the user reboot the machine, otherwise the next report may still show (false) infection. Then run mbr.exe again to confirm the removal.

Open Windows Explorer and rename the C:\mbr.log to C:\mbr.old
Go to Start > Run and type: cmd
press Ok.
At the command prompt, type: cd \
press Enter.
At the command prompt, type: mbr.exe -f
(make sure you have a space before the e and the -f)
press Enter.
At the command prompt, type: exit
press Enter.

It will produce a new report at C:\mbr.log. Please copy/paste the results in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 everythinginane

everythinginane
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 01 March 2012 - 12:04 AM

ran mbr.exe -f, Here's the log:



Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600

device: opened successfully
user: error reading MBR
error: Read The handle is invalid.
kernel: error reading MBR

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:40 AM

Posted 01 March 2012 - 11:23 AM

I think we should take a deeper look. Start a new topic on, Possible MBR rootkit.

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.


Also include this....
ran mbr.exe -f, Here's the log:



Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600

device: opened successfully
user: error reading MBR
error: Read The handle is invalid.
kernel: error reading MBR

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users