Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with safeboot I think


  • This topic is locked This topic is locked
6 replies to this topic

#1 mrose66

mrose66

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 21 March 2012 - 10:36 PM

Thank you in advance for looking into this. I can't get rid of this and its causing lots of errors.

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by efelk at 21:24:04 on 2012-03-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1993.943 [GMT -6:00]
.
AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Updated* {5B6EE15E-8CC5-4F32-9F6B-C212F7665B55}
FW: Trend Micro Personal Firewall *Disabled*
.
============== Running Processes ===============
.
C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
svchost.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Local Print Agent\Local Print Agent.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\LTsvc\LTSvcMon.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\ULTRA64\DICOMserver\ConquestDICOMServer.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\ULTRA64\DataCapLet.exe
C:\ULTRA64\DICOMSR\DMSR.exe
C:\ULTRA64\DICOMserver\dgate.exe
C:\WINDOWS\LTSvc\LTSVC.exe
C:\WINDOWS\LTSVC\LTTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Ltsvc\labvnc.exe
C:\WINDOWS\Ltsvc\labvnc.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=93&bd=all&pf=cmdt
uWindow Title = Windows Internet Explorer provided by Microsoft
uURLSearchHooks: Productivity Toolbar: {1c9b96a0-cba2-482e-9c40-9200b547123a} - c:\program files\productivity\prxtbPro2.dll
BHO: Productivity Toolbar: {1c9b96a0-cba2-482e-9c40-9200b547123a} - c:\program files\productivity\prxtbPro2.dll
BHO: File Sanitizer for HP ProtectTools: {3134413b-49b4-425c-98a5-893c1f195601} - c:\program files\hewlett-packard\file sanitizer\IEBHO.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Productivity Toolbar: {1c9b96a0-cba2-482e-9c40-9200b547123a} - c:\program files\productivity\prxtbPro2.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [File Sanitizer] c:\program files\hewlett-packard\file sanitizer\CoreShredder.exe
mRun: [acevents] "c:\program files\actividentity\activclient\acevents.exe"
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
mRun: [OE] c:\program files\trend micro\client server security agent\tmas_oe\TMAS_OEMon.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\networ~1.lnk - c:\windows\ltsvc\LTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~3.lnk - c:\ultra64\dicomserver\ConquestDICOMServer.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~1.lnk - c:\ultra64\DataCapLet.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~2.lnk - c:\ultra64\dicomsr\DMSR.exe
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: 192.168.1.10
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: bdbunker.com\remote
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{083E712D-1D0C-41D4-8967-1F72732C3401} : NameServer = 192.168.1.25
Notify: ackpbsc - c:\program files\actividentity\activclient\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: DeviceNP - DeviceNP.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2009-10-5 110520]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2009-10-5 51800]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2009-10-5 13256]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-2-11 214024]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2009-10-5 40088]
R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-3 207400]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2009-10-5 277096]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\hewlett-packard\file sanitizer\HPFSService.exe [2009-8-11 293376]
R2 IBG_gds_db;InterBase 7.5 (gds_db) Guardian;c:\program files\borland\interbase\bin\ibguard.exe -i "c:\program files\borland\interbase" -p gds_db --> c:\program files\borland\interbase\bin\ibguard.exe -i c:\program files\borland\InterBase [?]
R2 labvnc;labvnc;c:\windows\ltsvc\labvnc.exe [2012-3-20 980808]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-3 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-3-17 47640]
R2 Local Print Agent;Local Print Agent;c:\program files\local print agent\Local Print Agent.exe [2011-4-27 112896]
R2 LTService;Tekkis Worry Free IT Monitoring Service;c:\windows\ltsvc\LTSVC.exe [2012-3-20 12381184]
R2 LTSvcMon;Tekkis Worry Free IT Monitoring Service CheckUp Util;c:\windows\ltsvc\LTSvcMon.exe [2012-3-20 92672]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2010-2-11 635416]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-3-16 50192]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\TmXPFlt.sys [2009-9-30 262416]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2009-9-30 36624]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2010-2-11 2066968]
R3 cpuz135;cpuz135;\??\c:\windows\temp\cpuz135\cpuz135_x32.sys --> c:\windows\temp\cpuz135\cpuz135_x32.sys [?]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-2-11 160424]
R3 IBS_gds_db;InterBase 7.5 Server gds_db;c:\program files\borland\interbase\bin\ibserver.exe -i "c:\program files\borland\interbase" -p gds_db --> c:\program files\borland\interbase\bin\ibserver.exe -i c:\program files\borland\InterBase [?]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-12-18 44800]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2009-3-10 335376]
R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\trend micro\client server security agent\TmPfw.exe [2009-3-10 497008]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\trend micro\client server security agent\TmProxy.exe [2009-3-10 685320]
S2 0033581268765659mcinstcleanup;McAfee Application Installer Cleanup (0033581268765659);c:\docume~1\admini~1\locals~1\temp\003358~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\admini~1\locals~1\temp\003358~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-10 136176]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2009-9-8 32312]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2009-9-8 362040]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-10 136176]
S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2010-2-11 79816]
S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2010-2-11 35272]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2010-2-11 34248]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2012-03-21 22:15:07 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-03-21 22:15:07 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2012-03-21 22:15:06 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-03-21 22:15:06 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-03-21 22:14:55 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-03-21 22:14:55 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2012-03-21 22:14:53 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-03-21 22:14:53 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-03-21 22:14:50 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2012-03-21 22:14:50 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2012-03-20 21:49:54 -------- d-----w- c:\documents and settings\all users\LabTech
2012-03-20 21:49:46 -------- d-----w- c:\windows\LTSvc
2012-03-19 21:22:40 -------- d-----w- c:\program files\ESET
2012-03-19 20:16:38 -------- d-----w- c:\documents and settings\efelk\application data\Malwarebytes
2012-03-19 20:16:34 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-19 20:16:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-19 20:16:34 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
.
==================== Find3M ====================
.
2012-02-23 15:12:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-07 00:20:09 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-07 00:20:09 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-02-07 00:20:08 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-02-07 00:20:08 30592 ----a-w- c:\windows\system32\LMIport.dll
.
============= FINISH: 21:24:16.36 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:12 AM

Posted 27 March 2012 - 12:49 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Nothing suspicious was found on your DDS log.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 mrose66

mrose66
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 27 March 2012 - 03:36 PM

Thanks for helping!

Yes, I downloaded and ran the tdsskiller. It found a bad file and I cleaned it. It forced a reboot and then I was unable to boot the computer after that. I hit f8 and did last known good configuration and the computer booted. Bad news is the virus file is back. Here are the logs.

thank you!

TDSKiller log:
?12:55:25.0796 1996 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
12:55:27.0796 1996 ============================================================
12:55:27.0796 1996 Current date / time: 2012/03/27 12:55:27.0796
12:55:27.0796 1996 SystemInfo:
12:55:27.0796 1996
12:55:27.0796 1996 OS Version: 5.1.2600 ServicePack: 3.0
12:55:27.0796 1996 Product type: Workstation
12:55:27.0796 1996 ComputerName: WHG-LAF-ULTRA
12:55:27.0796 1996 UserName: efelk
12:55:27.0796 1996 Windows directory: C:\WINDOWS
12:55:27.0796 1996 System windows directory: C:\WINDOWS
12:55:27.0796 1996 Processor architecture: Intel x86
12:55:27.0796 1996 Number of processors: 2
12:55:27.0796 1996 Page size: 0x1000
12:55:27.0796 1996 Boot type: Normal boot
12:55:27.0796 1996 ============================================================
12:55:28.0687 1996 Drive \Device\Harddisk0\DR0 - Size: 0x3A38A2E000 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:55:28.0687 1996 \Device\Harddisk0\DR0:
12:55:28.0687 1996 MBR used
12:55:28.0687 1996 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4970
12:55:28.0718 1996 Initialize success
12:55:28.0718 1996 ============================================================
12:55:48.0499 3596 ============================================================
12:55:48.0499 3596 Scan started
12:55:48.0499 3596 Mode: Manual;
12:55:48.0499 3596 ============================================================
12:55:49.0124 3596 Abiosdsk - ok
12:55:49.0187 3596 abp480n5 - ok
12:55:49.0249 3596 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
12:55:49.0265 3596 ac97intc - ok
12:55:49.0296 3596 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:55:49.0296 3596 ACPI - ok
12:55:49.0374 3596 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:55:49.0374 3596 ACPIEC - ok
12:55:49.0437 3596 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:55:49.0452 3596 adpu160m - ok
12:55:49.0515 3596 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys
12:55:49.0515 3596 adpu320 - ok
12:55:49.0656 3596 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:55:49.0656 3596 aec - ok
12:55:49.0702 3596 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:55:49.0702 3596 AFD - ok
12:55:49.0702 3596 Aha154x - ok
12:55:49.0734 3596 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:55:49.0734 3596 aic78u2 - ok
12:55:49.0734 3596 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:55:49.0734 3596 aic78xx - ok
12:55:49.0749 3596 AliIde - ok
12:55:49.0749 3596 amsint - ok
12:55:49.0749 3596 asc - ok
12:55:49.0765 3596 asc3350p - ok
12:55:49.0765 3596 asc3550 - ok
12:55:49.0781 3596 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:55:49.0781 3596 AsyncMac - ok
12:55:49.0796 3596 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:55:49.0796 3596 atapi - ok
12:55:49.0859 3596 Atdisk - ok
12:55:49.0906 3596 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:55:49.0906 3596 Atmarpc - ok
12:55:49.0921 3596 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:55:49.0921 3596 audstub - ok
12:55:49.0937 3596 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:55:49.0937 3596 Beep - ok
12:55:49.0952 3596 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:55:49.0952 3596 cbidf2k - ok
12:55:49.0968 3596 cd20xrnt - ok
12:55:49.0968 3596 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:55:49.0968 3596 Cdaudio - ok
12:55:49.0984 3596 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:55:49.0984 3596 Cdfs - ok
12:55:49.0984 3596 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:55:49.0984 3596 Cdrom - ok
12:55:49.0984 3596 Changer - ok
12:55:49.0999 3596 CmdIde - ok
12:55:49.0999 3596 Cpqarray - ok
12:55:50.0015 3596 cpuz135 - ok
12:55:50.0093 3596 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
12:55:50.0093 3596 ctxusbm - ok
12:55:50.0124 3596 dac2w2k - ok
12:55:50.0124 3596 dac960nt - ok
12:55:50.0156 3596 DAMDrv (a05433f6218dcb8f0dec232de65f8b26) C:\WINDOWS\system32\DRIVERS\DAMDrv.sys
12:55:50.0156 3596 DAMDrv - ok
12:55:50.0234 3596 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:55:50.0234 3596 Disk - ok
12:55:50.0312 3596 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:55:50.0327 3596 dmboot - ok
12:55:50.0406 3596 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:55:50.0406 3596 dmio - ok
12:55:50.0484 3596 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:55:50.0484 3596 dmload - ok
12:55:50.0593 3596 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:55:50.0624 3596 DMusic - ok
12:55:50.0640 3596 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:55:50.0640 3596 dpti2o - ok
12:55:50.0656 3596 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:55:50.0656 3596 drmkaud - ok
12:55:50.0671 3596 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:55:50.0671 3596 E100B - ok
12:55:50.0718 3596 e1kexpress (6ae495427b5aa2612194176eede2c36a) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
12:55:50.0718 3596 e1kexpress - ok
12:55:50.0734 3596 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:55:50.0734 3596 Fastfat - ok
12:55:50.0749 3596 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:55:50.0749 3596 Fdc - ok
12:55:50.0765 3596 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:55:50.0765 3596 Fips - ok
12:55:50.0781 3596 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:55:50.0781 3596 Flpydisk - ok
12:55:50.0781 3596 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:55:50.0781 3596 FltMgr - ok
12:55:50.0796 3596 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:55:50.0796 3596 Fs_Rec - ok
12:55:50.0796 3596 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:55:50.0796 3596 Ftdisk - ok
12:55:50.0812 3596 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:55:50.0812 3596 Gpc - ok
12:55:50.0859 3596 Hardlock (d95554949082fd29a04d351b58396718) C:\WINDOWS\system32\drivers\hardlock.sys
12:55:50.0874 3596 Hardlock - ok
12:55:50.0890 3596 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
12:55:50.0890 3596 Haspnt - ok
12:55:50.0906 3596 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:55:50.0906 3596 HDAudBus - ok
12:55:50.0937 3596 HECI (88a67c34e37186665e916fd347b50d19) C:\WINDOWS\system32\DRIVERS\HECI.sys
12:55:50.0937 3596 HECI - ok
12:55:50.0968 3596 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:55:50.0968 3596 HidUsb - ok
12:55:50.0984 3596 hpn - ok
12:55:51.0015 3596 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:55:51.0015 3596 HTTP - ok
12:55:51.0062 3596 i2omgmt - ok
12:55:51.0077 3596 i2omp - ok
12:55:51.0093 3596 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:55:51.0093 3596 i8042prt - ok
12:55:51.0124 3596 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
12:55:51.0124 3596 i81x - ok
12:55:51.0140 3596 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
12:55:51.0156 3596 iAimFP0 - ok
12:55:51.0187 3596 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
12:55:51.0187 3596 iAimFP1 - ok
12:55:51.0265 3596 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
12:55:51.0265 3596 iAimFP2 - ok
12:55:51.0327 3596 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
12:55:51.0327 3596 iAimFP3 - ok
12:55:51.0374 3596 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
12:55:51.0374 3596 iAimFP4 - ok
12:55:51.0452 3596 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
12:55:51.0452 3596 iAimFP5 - ok
12:55:51.0531 3596 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
12:55:51.0562 3596 iAimFP6 - ok
12:55:51.0609 3596 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
12:55:51.0609 3596 iAimFP7 - ok
12:55:51.0624 3596 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
12:55:51.0624 3596 iAimTV0 - ok
12:55:51.0640 3596 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
12:55:51.0640 3596 iAimTV1 - ok
12:55:51.0640 3596 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
12:55:51.0640 3596 iAimTV3 - ok
12:55:51.0656 3596 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
12:55:51.0656 3596 iAimTV4 - ok
12:55:51.0671 3596 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
12:55:51.0671 3596 iAimTV5 - ok
12:55:51.0671 3596 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
12:55:51.0671 3596 iAimTV6 - ok
12:55:51.0812 3596 ialm (d0190bbb1b577589548aba94e66d6838) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:55:51.0906 3596 ialm - ok
12:55:51.0937 3596 iaStor (d483687eace0c065ee772481a96e05f5) C:\WINDOWS\system32\DRIVERS\iaStor.sys
12:55:51.0937 3596 iaStor - ok
12:55:51.0984 3596 IFXTPM (91c5e9f49f32110ced27e2f902fad607) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
12:55:51.0984 3596 IFXTPM - ok
12:55:52.0015 3596 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:55:52.0015 3596 Imapi - ok
12:55:52.0015 3596 ini910u - ok
12:55:52.0140 3596 IntcAzAudAddService (744a7507d7a69a2a54638b8e5b630c0b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:55:52.0171 3596 IntcAzAudAddService - ok
12:55:52.0249 3596 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:55:52.0249 3596 IntelIde - ok
12:55:52.0312 3596 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:55:52.0312 3596 intelppm - ok
12:55:52.0374 3596 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:55:52.0374 3596 Ip6Fw - ok
12:55:52.0452 3596 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:55:52.0452 3596 IpFilterDriver - ok
12:55:52.0515 3596 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:55:52.0515 3596 IpInIp - ok
12:55:52.0624 3596 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:55:52.0624 3596 IpNat - ok
12:55:52.0640 3596 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:55:52.0640 3596 IPSec - ok
12:55:52.0656 3596 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:55:52.0656 3596 IRENUM - ok
12:55:52.0687 3596 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:55:52.0687 3596 isapnp - ok
12:55:52.0718 3596 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys
12:55:52.0718 3596 Iviaspi - ok
12:55:52.0734 3596 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:55:52.0749 3596 Kbdclass - ok
12:55:52.0765 3596 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:55:52.0765 3596 kbdhid - ok
12:55:52.0796 3596 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:55:52.0796 3596 kmixer - ok
12:55:52.0812 3596 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:55:52.0812 3596 KSecDD - ok
12:55:52.0827 3596 lbrtfdc - ok
12:55:52.0937 3596 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
12:55:52.0937 3596 LMIInfo - ok
12:55:52.0952 3596 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
12:55:52.0952 3596 lmimirr - ok
12:55:52.0984 3596 LMIRfsClientNP - ok
12:55:53.0031 3596 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
12:55:53.0031 3596 LMIRfsDriver - ok
12:55:53.0109 3596 MfeAVFK (64b96de8c492bd435372d9130a535f1d) C:\WINDOWS\system32\drivers\MfeAVFK.sys
12:55:53.0109 3596 MfeAVFK - ok
12:55:53.0124 3596 MfeBOPK (078e87a89d36cc3516f19d5fb518bddc) C:\WINDOWS\system32\drivers\MfeBOPK.sys
12:55:53.0124 3596 MfeBOPK - ok
12:55:53.0140 3596 mfehidk (168c565101fd5b9db694efdec91fafa9) C:\WINDOWS\system32\drivers\mfehidk.sys
12:55:53.0140 3596 mfehidk - ok
12:55:53.0156 3596 MfeRKDK (e0842f67dc9bc4d21d1e319610ebe9e5) C:\WINDOWS\system32\drivers\MfeRKDK.sys
12:55:53.0156 3596 MfeRKDK - ok
12:55:53.0171 3596 mfetdik (43a7acbbd70ecd62f0b63486c72089a3) C:\WINDOWS\system32\drivers\mfetdik.sys
12:55:53.0171 3596 mfetdik - ok
12:55:53.0187 3596 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:55:53.0202 3596 mnmdd - ok
12:55:53.0218 3596 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:55:53.0218 3596 Modem - ok
12:55:53.0234 3596 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:55:53.0234 3596 Mouclass - ok
12:55:53.0265 3596 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:55:53.0265 3596 mouhid - ok
12:55:53.0281 3596 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:55:53.0281 3596 MountMgr - ok
12:55:53.0296 3596 mraid35x - ok
12:55:53.0296 3596 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:55:53.0296 3596 MRxDAV - ok
12:55:53.0343 3596 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:55:53.0359 3596 MRxSmb - ok
12:55:53.0359 3596 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:55:53.0359 3596 Msfs - ok
12:55:53.0390 3596 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:55:53.0390 3596 MSKSSRV - ok
12:55:53.0390 3596 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:55:53.0390 3596 MSPCLOCK - ok
12:55:53.0406 3596 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:55:53.0406 3596 MSPQM - ok
12:55:53.0421 3596 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:55:53.0421 3596 mssmbios - ok
12:55:53.0437 3596 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:55:53.0437 3596 Mup - ok
12:55:53.0499 3596 NDIS (8716356e49a665bdc7b114725b60a456) C:\WINDOWS\system32\drivers\NDIS.sys
12:55:53.0499 3596 NDIS - ok
12:55:53.0531 3596 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:55:53.0531 3596 NdisTapi - ok
12:55:53.0687 3596 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:55:53.0702 3596 Ndisuio - ok
12:55:53.0718 3596 NdisWan (5526cfebb619f7f763bd6a2e1b618078) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:55:53.0718 3596 NdisWan - ok
12:55:53.0734 3596 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:55:53.0734 3596 NDProxy - ok
12:55:53.0765 3596 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:55:53.0765 3596 NetBIOS - ok
12:55:53.0781 3596 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:55:53.0781 3596 NetBT - ok
12:55:53.0796 3596 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:55:53.0796 3596 Npfs - ok
12:55:53.0812 3596 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:55:53.0827 3596 Ntfs - ok
12:55:53.0827 3596 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:55:53.0827 3596 Null - ok
12:55:53.0843 3596 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:55:53.0843 3596 NwlnkFlt - ok
12:55:53.0859 3596 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:55:53.0859 3596 NwlnkFwd - ok
12:55:53.0874 3596 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
12:55:53.0874 3596 P3 - ok
12:55:53.0890 3596 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:55:53.0890 3596 Parport - ok
12:55:53.0906 3596 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:55:53.0906 3596 PartMgr - ok
12:55:53.0921 3596 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:55:53.0921 3596 ParVdm - ok
12:55:53.0937 3596 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:55:53.0937 3596 PCI - ok
12:55:53.0937 3596 PCIDump - ok
12:55:53.0952 3596 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:55:53.0952 3596 PCIIde - ok
12:55:53.0968 3596 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:55:53.0968 3596 Pcmcia - ok
12:55:53.0984 3596 PDCOMP - ok
12:55:53.0984 3596 PDFRAME - ok
12:55:53.0984 3596 PDRELI - ok
12:55:53.0999 3596 PDRFRAME - ok
12:55:53.0999 3596 perc2 - ok
12:55:53.0999 3596 perc2hib - ok
12:55:54.0031 3596 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:55:54.0031 3596 PptpMiniport - ok
12:55:54.0046 3596 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:55:54.0046 3596 PSched - ok
12:55:54.0046 3596 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:55:54.0046 3596 Ptilink - ok
12:55:54.0046 3596 ql1080 - ok
12:55:54.0062 3596 Ql10wnt - ok
12:55:54.0062 3596 ql12160 - ok
12:55:54.0077 3596 ql1240 - ok
12:55:54.0077 3596 ql1280 - ok
12:55:54.0077 3596 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:55:54.0077 3596 RasAcd - ok
12:55:54.0093 3596 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:55:54.0093 3596 Rasl2tp - ok
12:55:54.0109 3596 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:55:54.0109 3596 RasPppoe - ok
12:55:54.0109 3596 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:55:54.0109 3596 Raspti - ok
12:55:54.0124 3596 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:55:54.0124 3596 Rdbss - ok
12:55:54.0140 3596 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:55:54.0140 3596 RDPCDD - ok
12:55:54.0140 3596 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:55:54.0140 3596 rdpdr - ok
12:55:54.0187 3596 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:55:54.0187 3596 RDPWD - ok
12:55:54.0218 3596 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:55:54.0218 3596 redbook - ok
12:55:54.0265 3596 regi (001b4278407f4303efc902a2b16f2453) C:\WINDOWS\system32\drivers\regi.sys
12:55:54.0265 3596 regi - ok
12:55:54.0296 3596 RsvLock (91c76a3c6758540740207f176eb190d9) C:\WINDOWS\system32\drivers\RsvLock.sys
12:55:54.0296 3596 RsvLock - ok
12:55:54.0312 3596 SafeBoot (75e599aa8cc370ae6db7d91732d83401) C:\WINDOWS\system32\drivers\SafeBoot.sys
12:55:54.0312 3596 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\SafeBoot.sys. md5: 75e599aa8cc370ae6db7d91732d83401
12:55:54.0312 3596 SafeBoot ( LockedFile.Multi.Generic ) - warning
12:55:54.0312 3596 SafeBoot - detected LockedFile.Multi.Generic (1)
12:55:54.0327 3596 SbAlg (ef39907da4b9d12dc40351081753cf88) C:\WINDOWS\system32\drivers\SbAlg.sys
12:55:54.0327 3596 SbAlg - ok
12:55:54.0327 3596 SbFsLock (d10ff24f3e4e2daf0a30b7f8ee7a6c15) C:\WINDOWS\system32\drivers\SbFsLock.sys
12:55:54.0327 3596 SbFsLock - ok
12:55:54.0359 3596 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:55:54.0359 3596 Secdrv - ok
12:55:54.0390 3596 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:55:54.0390 3596 serenum - ok
12:55:54.0406 3596 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:55:54.0406 3596 Serial - ok
12:55:54.0421 3596 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:55:54.0421 3596 Sfloppy - ok
12:55:54.0421 3596 Simbad - ok
12:55:54.0421 3596 Sparrow - ok
12:55:54.0437 3596 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:55:54.0437 3596 splitter - ok
12:55:54.0452 3596 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:55:54.0452 3596 sr - ok
12:55:54.0468 3596 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:55:54.0468 3596 Srv - ok
12:55:54.0499 3596 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:55:54.0499 3596 swenum - ok
12:55:54.0499 3596 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:55:54.0499 3596 swmidi - ok
12:55:54.0515 3596 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
12:55:54.0515 3596 symc810 - ok
12:55:54.0593 3596 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:55:54.0593 3596 symc8xx - ok
12:55:54.0624 3596 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys
12:55:54.0624 3596 Symmpi - ok
12:55:54.0624 3596 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:55:54.0624 3596 sym_hi - ok
12:55:54.0640 3596 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:55:54.0640 3596 sym_u3 - ok
12:55:54.0640 3596 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:55:54.0656 3596 sysaudio - ok
12:55:54.0687 3596 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:55:54.0687 3596 Tcpip - ok
12:55:54.0702 3596 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:55:54.0702 3596 TDPIPE - ok
12:55:54.0734 3596 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:55:54.0734 3596 TDTCP - ok
12:55:54.0749 3596 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:55:54.0749 3596 TermDD - ok
12:55:54.0749 3596 TosIde - ok
12:55:54.0781 3596 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:55:54.0781 3596 Udfs - ok
12:55:54.0781 3596 ultra - ok
12:55:54.0812 3596 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:55:54.0812 3596 usbccgp - ok
12:55:54.0827 3596 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:55:54.0827 3596 usbehci - ok
12:55:54.0859 3596 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:55:54.0859 3596 usbhub - ok
12:55:54.0890 3596 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:55:54.0890 3596 USBSTOR - ok
12:55:54.0906 3596 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:55:54.0906 3596 usbuhci - ok
12:55:54.0937 3596 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:55:54.0937 3596 VgaSave - ok
12:55:54.0937 3596 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
12:55:54.0937 3596 ViaIde - ok
12:55:54.0968 3596 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:55:54.0968 3596 VolSnap - ok
12:55:54.0999 3596 vsbus (1c8a783e90c34d205596f1ab4a97e261) C:\WINDOWS\system32\DRIVERS\vsb.sys
12:55:54.0999 3596 vsbus - ok
12:55:55.0015 3596 vserial (3377daa1cb8cac46a538c236f5f3d58f) C:\WINDOWS\system32\DRIVERS\vserial.sys
12:55:55.0015 3596 vserial - ok
12:55:55.0031 3596 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:55:55.0046 3596 Wanarp - ok
12:55:55.0046 3596 WDICA - ok
12:55:55.0062 3596 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:55:55.0062 3596 wdmaud - ok
12:55:55.0093 3596 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:55:55.0093 3596 WmiAcpi - ok
12:55:55.0124 3596 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:55:55.0124 3596 \Device\Harddisk0\DR0 - ok
12:55:55.0124 3596 Boot (0x1200) (3d0890ec6ec1507491ddc242d7d5e8f2) \Device\Harddisk0\DR0\Partition0
12:55:55.0140 3596 \Device\Harddisk0\DR0\Partition0 - ok
12:55:55.0140 3596 ============================================================
12:55:55.0140 3596 Scan finished
12:55:55.0140 3596 ============================================================
12:55:55.0140 2996 Detected object count: 1
12:55:55.0140 2996 Actual detected object count: 1
12:56:44.0859 2996 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
12:56:44.0859 2996 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip
12:56:47.0077 2004 Deinitialize success


AaswMBR.exe log:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-27 12:57:15
-----------------------------
12:57:15.515 OS Version: Windows 5.1.2600 Service Pack 3
12:57:15.515 Number of processors: 2 586 0x170A
12:57:15.515 ComputerName: WHG-LAF-ULTRA UserName: efelk
12:57:16.343 Initialize success
12:57:33.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:57:33.812 Disk 0 Vendor: Intel___ 1.0. Size: 238474MB BusType: 8
12:57:33.827 Disk 0 MBR read successfully
12:57:33.827 Disk 0 MBR scan
12:57:33.827 Disk 0 Windows 7 default MBR code
12:57:33.827 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238473 MB offset 2048
12:57:33.827 Disk 0 scanning sectors +488395120
12:57:33.874 Disk 0 scanning C:\WINDOWS\system32\drivers
12:57:38.687 Service scanning
12:57:49.359 Service SafeBoot C:\WINDOWS\System32\Drivers\SafeBoot.sys **LOCKED** 32
12:57:51.718 Modules scanning
12:57:56.468 Disk 0 trace - called modules:
12:57:56.484 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:57:56.484 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89bbc6b0]
12:57:56.484 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a52e028]
12:57:56.484 Scan finished successfully
12:58:05.906 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\efelk\Desktop\MBR.dat"
12:58:05.921 The log file has been saved successfully to "C:\Documents and Settings\efelk\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   545bytes   0 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:12 AM

Posted 28 March 2012 - 09:06 AM

12:57:49.359 Service SafeBoot C:\WINDOWS\System32\Drivers\SafeBoot.sys **LOCKED** 32

I checked on this SafeBoot.sys file and it's from McAfee Endpoint Encryption

Your DDS log show Trend Micro as your antivirus protection.
AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Updated* {5B6EE15E-8CC5-4F32-9F6B-C212F7665B55}
FW: Trend Micro Personal Firewall *Disabled*


Were does McAfee come from. Did you remove it and some remnant items are causing this problem?

To remove it completely download and run their removal too.

McAfee's removal tool.
http://mcafee-removal-tool.com/

Please let me know what you did or want to do.

#5 mrose66

mrose66
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 30 March 2012 - 06:36 AM

Were does McAfee come from. Did you remove it and some remnant items are causing this problem?

Yes, McAfee was the original program tat expired a while back and I remove it and installed trend.

I ran the McAfee remover and rebooted, however the boot.sys is still ther and the tdskiller is still reporting safe boot

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:12 AM

Posted 30 March 2012 - 08:30 AM

Now run the aswMBR.exe tool. Select the FixMBR button.

Important > you need to wait for the tool to report ... Infection fixed successfully
Do not reboot the machine until it has said so.

When you see the message restart the computer normally.

Run aswBMR.exe normally this time and post the log.

Let me know if the problem persists.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:12 AM

Posted 05 April 2012 - 07:36 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users