Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan.agent/gen-rogueav


  • This topic is locked This topic is locked
24 replies to this topic

#1 DerrickB

DerrickB

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 26 March 2012 - 02:30 PM

Hello everyone, new to the forum. I took a look through a lot of the guides and FAQ sections on the site, but it seems like from what I've read, the virus on my girlfriend's laptop is a pretty serious one that has many different iterations and may require some special attention.

So to start, she noticed the computer was running slow and was getting pop-ups. I figured she had some spy ware on there. We downloaded Malwareantibytes and ran it. Didn't find anything. We then downloaded SuperAntiSpyware which found like 70 tracking cookies. It quarantined and removed those, according to the program. Problems were still occurring and Malwareantibytes kept popping up a message that it was blocking all these websites from trying to open (they were just IP addresses such as 201.23.128, etc.) and her browser (both IE and Firefox) were redirecting her to other sites.

So I figured this was something more serious and I updated her Windows (was a bit out of date) and downloaded Microsoft Security essentials. Ran Security Essentials, and it found a couple of infected files (I don't know if I still have the log and I can't remember the name of it), but it said it removed it.

After a few days of the computer being usable, problems were still there and then today when she started it up, it gave her an error message that the C: drive couldn't be read. When she started the computer up, no icons and the only thing on the programs tab of the start menu is this thing called "System Check" which when I opened it I could tell right away it was fake and part of the virus. She had already ran it and it asked her to buy the program to fix it for $75. Thankfully she's smart enough to know not to do that. At this point I ran SuperAntiSpyware again and now it came up with 24 tracking cookies and a virus named:

"trojan.agent/gen-rogueav"

So it said it quarantined and removed the program again. When it goes to reboot, the computer stays on the "Windows is shutting down" screen and must be shut down manually.

Bottom line is that neither MalwareAntiBytes nor SuperAntiSpyware are getting rid of this virus and spyware and I need help, PLEASE!!

Thanks so much!

-D

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,943 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:18 PM

Posted 27 March 2012 - 11:14 PM

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:18 PM

Posted 28 March 2012 - 06:34 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#4 DerrickB

DerrickB
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 30 March 2012 - 04:52 AM

Hello M0le, thanks for your response. I'm ready to provide you with whatever you need to help me get started.

-D

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:18 PM

Posted 30 March 2012 - 08:48 PM

It sounds like a rootkit or trojan is orchestrating these attacks and nothing you are running is removing the main problem.

Please run TDSSKiller

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Then aswMBR

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#6 DerrickB

DerrickB
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 02 April 2012 - 03:18 PM

Ok I ran the two programs on the laptop.

Here are the logs:

TDSSKiller:

15:35:38.0906 2284 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48
15:35:39.0265 2284 ============================================================
15:35:39.0265 2284 Current date / time: 2012/04/02 15:35:39.0265
15:35:39.0265 2284 SystemInfo:
15:35:39.0265 2284
15:35:39.0265 2284 OS Version: 5.1.2600 ServicePack: 3.0
15:35:39.0265 2284 Product type: Workstation
15:35:39.0265 2284 ComputerName: LENOVO-3AECC5BB
15:35:39.0265 2284 UserName: TValente
15:35:39.0265 2284 Windows directory: C:\WINDOWS
15:35:39.0265 2284 System windows directory: C:\WINDOWS
15:35:39.0265 2284 Processor architecture: Intel x86
15:35:39.0265 2284 Number of processors: 2
15:35:39.0265 2284 Page size: 0x1000
15:35:39.0265 2284 Boot type: Normal boot
15:35:39.0265 2284 ============================================================
15:35:40.0015 2284 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:35:40.0015 2284 Drive \Device\Harddisk1\DR8 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:35:40.0015 2284 \Device\Harddisk0\DR0:
15:35:40.0015 2284 MBR used
15:35:40.0015 2284 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x179DF000
15:35:40.0046 2284 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x179E0800, BlocksNum 0x3A62800
15:35:40.0046 2284 \Device\Harddisk1\DR8:
15:35:40.0046 2284 MBR used
15:35:40.0046 2284 \Device\Harddisk1\DR8\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEE8BE0
15:35:40.0156 2284 Initialize success
15:35:40.0156 2284 ============================================================
15:35:42.0984 0444 ============================================================
15:35:42.0984 0444 Scan started
15:35:42.0984 0444 Mode: Manual;
15:35:42.0984 0444 ============================================================
15:35:43.0515 0444 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
15:35:43.0515 0444 !SASCORE - ok
15:35:43.0546 0444 Abiosdsk - ok
15:35:43.0562 0444 abp480n5 - ok
15:35:43.0640 0444 ACDaemon (61a581e5481e22a76a88490c57015105) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
15:35:43.0640 0444 ACDaemon - ok
15:35:43.0687 0444 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:35:43.0687 0444 ACPI - ok
15:35:43.0718 0444 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:35:43.0734 0444 ACPIEC - ok
15:35:43.0781 0444 ACPIVPC (5508e9f55799c6551d54dfbc4a068b68) C:\WINDOWS\system32\DRIVERS\AcpiVpc.sys
15:35:43.0796 0444 ACPIVPC - ok
15:35:43.0796 0444 adpu160m - ok
15:35:43.0859 0444 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:35:43.0953 0444 aec - ok
15:35:44.0015 0444 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
15:35:44.0031 0444 Afc - ok
15:35:44.0078 0444 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
15:35:44.0171 0444 AFD - ok
15:35:44.0187 0444 Aha154x - ok
15:35:44.0187 0444 aic78u2 - ok
15:35:44.0203 0444 aic78xx - ok
15:35:44.0250 0444 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
15:35:44.0281 0444 Alerter - ok
15:35:44.0312 0444 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
15:35:44.0328 0444 ALG - ok
15:35:44.0328 0444 AliIde - ok
15:35:44.0343 0444 amsint - ok
15:35:44.0406 0444 ApfiltrService (0f83cb9bcb247869bcad28026b8f134b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
15:35:44.0421 0444 ApfiltrService - ok
15:35:44.0578 0444 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:35:44.0578 0444 Apple Mobile Device - ok
15:35:44.0625 0444 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
15:35:44.0656 0444 AppMgmt - ok
15:35:44.0671 0444 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:35:44.0718 0444 Arp1394 - ok
15:35:44.0734 0444 asc - ok
15:35:44.0765 0444 asc3350p - ok
15:35:44.0781 0444 asc3550 - ok
15:35:44.0875 0444 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:35:44.0921 0444 aspnet_state - ok
15:35:44.0937 0444 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:35:44.0953 0444 AsyncMac - ok
15:35:45.0000 0444 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:35:45.0062 0444 atapi - ok
15:35:45.0078 0444 Atdisk - ok
15:35:45.0109 0444 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:35:45.0140 0444 Atmarpc - ok
15:35:45.0187 0444 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
15:35:45.0218 0444 AudioSrv - ok
15:35:45.0250 0444 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:35:45.0265 0444 audstub - ok
15:35:45.0296 0444 b57w2k (104860207ac574dee432f28c1fbb878a) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
15:35:45.0375 0444 b57w2k - ok
15:35:45.0468 0444 BCM43XX (cc03987ee5d0f956706b40d2f91f9e4f) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
15:35:45.0515 0444 BCM43XX - ok
15:35:45.0656 0444 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
15:35:45.0656 0444 BcmSqlStartupSvc - ok
15:35:45.0703 0444 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:35:45.0718 0444 Beep - ok
15:35:45.0796 0444 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
15:35:45.0828 0444 BITS - ok
15:35:45.0890 0444 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
15:35:45.0906 0444 Bonjour Service - ok
15:35:45.0968 0444 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
15:35:45.0968 0444 Browser - ok
15:35:46.0046 0444 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:35:46.0062 0444 cbidf2k - ok
15:35:46.0093 0444 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:35:46.0109 0444 CCDECODE - ok
15:35:46.0125 0444 cd20xrnt - ok
15:35:46.0171 0444 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:35:46.0187 0444 Cdaudio - ok
15:35:46.0234 0444 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:35:46.0296 0444 Cdfs - ok
15:35:46.0328 0444 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:35:46.0390 0444 Cdrom - ok
15:35:46.0390 0444 Changer - ok
15:35:46.0453 0444 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
15:35:46.0468 0444 CiSvc - ok
15:35:46.0500 0444 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
15:35:46.0531 0444 ClipSrv - ok
15:35:46.0625 0444 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:35:46.0671 0444 clr_optimization_v2.0.50727_32 - ok
15:35:46.0703 0444 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:35:46.0718 0444 CmBatt - ok
15:35:46.0750 0444 CmdIde - ok
15:35:46.0812 0444 CnxtHdAudService (6d3c92d01de6e835e20d92a8366bcf26) C:\WINDOWS\system32\drivers\CHDAU32.sys
15:35:46.0828 0444 CnxtHdAudService - ok
15:35:46.0875 0444 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:35:46.0890 0444 Compbatt - ok
15:35:46.0906 0444 COMSysApp - ok
15:35:46.0921 0444 Cpqarray - ok
15:35:46.0968 0444 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
15:35:46.0968 0444 CryptSvc - ok
15:35:46.0984 0444 dac2w2k - ok
15:35:46.0984 0444 dac960nt - ok
15:35:47.0062 0444 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:35:47.0062 0444 DcomLaunch - ok
15:35:47.0125 0444 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
15:35:47.0125 0444 Dhcp - ok
15:35:47.0125 0444 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:35:47.0140 0444 Disk - ok
15:35:47.0140 0444 dmadmin - ok
15:35:47.0187 0444 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:35:47.0234 0444 dmboot - ok
15:35:47.0250 0444 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:35:47.0281 0444 dmio - ok
15:35:47.0296 0444 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:35:47.0312 0444 dmload - ok
15:35:47.0359 0444 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
15:35:47.0359 0444 dmserver - ok
15:35:47.0421 0444 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:35:47.0437 0444 DMusic - ok
15:35:47.0453 0444 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
15:35:47.0468 0444 Dnscache - ok
15:35:47.0515 0444 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
15:35:47.0640 0444 Dot3svc - ok
15:35:47.0656 0444 dpti2o - ok
15:35:47.0718 0444 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:35:47.0734 0444 drmkaud - ok
15:35:47.0765 0444 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
15:35:47.0796 0444 EapHost - ok
15:35:47.0843 0444 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
15:35:47.0843 0444 ERSvc - ok
15:35:47.0890 0444 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:35:47.0953 0444 Eventlog - ok
15:35:48.0062 0444 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
15:35:48.0062 0444 EventSystem - ok
15:35:48.0109 0444 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:35:48.0109 0444 Fastfat - ok
15:35:48.0140 0444 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
15:35:48.0187 0444 FastUserSwitchingCompatibility - ok
15:35:48.0203 0444 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
15:35:48.0234 0444 Fdc - ok
15:35:48.0281 0444 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:35:48.0312 0444 Fips - ok
15:35:48.0328 0444 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:35:48.0343 0444 Flpydisk - ok
15:35:48.0406 0444 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:35:48.0437 0444 FltMgr - ok
15:35:48.0578 0444 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:35:48.0593 0444 FontCache3.0.0.0 - ok
15:35:48.0625 0444 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:35:48.0640 0444 Fs_Rec - ok
15:35:48.0656 0444 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:35:48.0687 0444 Ftdisk - ok
15:35:48.0718 0444 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:35:48.0734 0444 GEARAspiWDM - ok
15:35:48.0765 0444 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:35:48.0796 0444 Gpc - ok
15:35:48.0953 0444 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:35:48.0953 0444 gupdate - ok
15:35:48.0953 0444 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:35:48.0953 0444 gupdatem - ok
15:35:49.0031 0444 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:35:49.0031 0444 HDAudBus - ok
15:35:49.0093 0444 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:35:49.0093 0444 helpsvc - ok
15:35:49.0125 0444 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
15:35:49.0125 0444 HidServ - ok
15:35:49.0156 0444 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:35:49.0171 0444 HidUsb - ok
15:35:49.0234 0444 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
15:35:49.0281 0444 hkmsvc - ok
15:35:49.0296 0444 hpn - ok
15:35:49.0359 0444 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
15:35:49.0359 0444 hpqcxs08 - ok
15:35:49.0406 0444 hpqddsvc (ee4c7a4cf2316701ffde90f404520265) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
15:35:49.0421 0444 hpqddsvc - ok
15:35:49.0453 0444 HPSLPSVC (6f9cb6539a1b2508bd1c53d29334431a) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
15:35:49.0453 0444 HPSLPSVC - ok
15:35:49.0515 0444 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:35:49.0562 0444 HPZid412 - ok
15:35:49.0562 0444 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:35:49.0593 0444 HPZipr12 - ok
15:35:49.0609 0444 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:35:49.0640 0444 HPZius12 - ok
15:35:49.0703 0444 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:35:49.0703 0444 HTTP - ok
15:35:49.0765 0444 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
15:35:49.0765 0444 HTTPFilter - ok
15:35:49.0765 0444 i2omgmt - ok
15:35:49.0781 0444 i2omp - ok
15:35:49.0843 0444 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:35:49.0890 0444 i8042prt - ok
15:35:50.0125 0444 ialm (1312e0141a7bd409afadd52fa565927e) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:35:50.0468 0444 ialm - ok
15:35:50.0531 0444 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\WINDOWS\system32\drivers\iaStor.sys
15:35:50.0531 0444 iaStor - ok
15:35:50.0703 0444 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:35:50.0890 0444 idsvc - ok
15:35:50.0953 0444 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:35:51.0000 0444 Imapi - ok
15:35:51.0046 0444 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
15:35:51.0046 0444 ImapiService - ok
15:35:51.0062 0444 ini910u - ok
15:35:51.0078 0444 IntelIde - ok
15:35:51.0093 0444 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:35:51.0093 0444 intelppm - ok
15:35:51.0125 0444 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:35:51.0156 0444 Ip6Fw - ok
15:35:51.0203 0444 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:35:51.0218 0444 IpFilterDriver - ok
15:35:51.0265 0444 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:35:51.0296 0444 IpInIp - ok
15:35:51.0343 0444 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:35:51.0343 0444 IpNat - ok
15:35:51.0453 0444 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
15:35:51.0484 0444 iPod Service - ok
15:35:51.0531 0444 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:35:51.0593 0444 IPSec - ok
15:35:51.0609 0444 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:35:51.0625 0444 IRENUM - ok
15:35:51.0656 0444 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:35:51.0687 0444 isapnp - ok
15:35:51.0750 0444 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\Iviaspi.sys
15:35:51.0765 0444 Iviaspi - ok
15:35:51.0812 0444 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
15:35:51.0828 0444 IviRegMgr - ok
15:35:51.0921 0444 JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) C:\Program Files\Java\jre6\bin\jqs.exe
15:35:51.0921 0444 JavaQuickStarterService - ok
15:35:51.0968 0444 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:35:52.0000 0444 Kbdclass - ok
15:35:52.0062 0444 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:35:52.0078 0444 kbdhid - ok
15:35:52.0125 0444 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:35:52.0140 0444 kmixer - ok
15:35:52.0187 0444 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:35:52.0234 0444 KSecDD - ok
15:35:52.0312 0444 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
15:35:52.0312 0444 lanmanserver - ok
15:35:52.0390 0444 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
15:35:52.0453 0444 lanmanworkstation - ok
15:35:52.0453 0444 lbrtfdc - ok
15:35:52.0546 0444 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
15:35:52.0562 0444 LmHosts - ok
15:35:52.0593 0444 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
15:35:52.0593 0444 MBAMProtector - ok
15:35:52.0687 0444 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:35:52.0703 0444 MBAMService - ok
15:35:52.0765 0444 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
15:35:52.0859 0444 McComponentHostService - ok
15:35:52.0937 0444 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
15:35:52.0968 0444 Messenger - ok
15:35:53.0078 0444 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:35:53.0093 0444 mnmdd - ok
15:35:53.0140 0444 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
15:35:53.0171 0444 mnmsrvc - ok
15:35:53.0250 0444 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:35:53.0265 0444 Modem - ok
15:35:53.0343 0444 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:35:53.0359 0444 Mouclass - ok
15:35:53.0421 0444 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:35:53.0437 0444 mouhid - ok
15:35:53.0515 0444 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:35:53.0562 0444 MountMgr - ok
15:35:53.0593 0444 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
15:35:53.0625 0444 MpFilter - ok
15:35:53.0718 0444 MpKsl53dde054 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9D0C4CEF-C96A-486A-96C0-7F9C8D086E44}\MpKsl53dde054.sys
15:35:53.0718 0444 MpKsl53dde054 - ok
15:35:53.0734 0444 mraid35x - ok
15:35:53.0796 0444 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:35:53.0796 0444 MRxDAV - ok
15:35:53.0843 0444 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:35:54.0000 0444 MRxSmb - ok
15:35:54.0046 0444 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
15:35:54.0062 0444 MSDTC - ok
15:35:54.0093 0444 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:35:54.0125 0444 Msfs - ok
15:35:54.0125 0444 MSIServer - ok
15:35:54.0171 0444 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:35:54.0187 0444 MSKSSRV - ok
15:35:54.0343 0444 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
15:35:54.0343 0444 MsMpSvc - ok
15:35:54.0359 0444 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:35:54.0375 0444 MSPCLOCK - ok
15:35:54.0375 0444 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:35:54.0390 0444 MSPQM - ok
15:35:54.0468 0444 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:35:54.0468 0444 mssmbios - ok
15:35:54.0578 0444 MSSQL$MSSMLBIZ - ok
15:35:54.0671 0444 MSSQLServerADHelper (adaf062116b4e6d96e44d26486a87af6) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
15:35:54.0703 0444 MSSQLServerADHelper - ok
15:35:54.0703 0444 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:35:54.0718 0444 MSTEE - ok
15:35:54.0734 0444 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
15:35:54.0765 0444 Mup - ok
15:35:54.0796 0444 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:35:54.0828 0444 NABTSFEC - ok
15:35:54.0859 0444 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
15:35:54.0937 0444 napagent - ok
15:35:55.0015 0444 NAVENG - ok
15:35:55.0015 0444 NAVEX15 - ok
15:35:55.0062 0444 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:35:55.0125 0444 NDIS - ok
15:35:55.0171 0444 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:35:55.0187 0444 NdisIP - ok
15:35:55.0234 0444 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:35:55.0234 0444 NdisTapi - ok
15:35:55.0296 0444 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:35:55.0312 0444 Ndisuio - ok
15:35:55.0328 0444 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:35:55.0390 0444 NdisWan - ok
15:35:55.0421 0444 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
15:35:55.0453 0444 NDProxy - ok
15:35:55.0500 0444 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\WINDOWS\system32\HPZinw12.dll
15:35:55.0500 0444 Net Driver HPZ12 - ok
15:35:55.0531 0444 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:35:55.0562 0444 NetBIOS - ok
15:35:55.0609 0444 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:35:55.0656 0444 NetBT - ok
15:35:55.0718 0444 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:35:55.0781 0444 NetDDE - ok
15:35:55.0796 0444 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:35:55.0796 0444 NetDDEdsdm - ok
15:35:55.0828 0444 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:35:55.0843 0444 Netlogon - ok
15:35:55.0906 0444 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
15:35:55.0906 0444 Netman - ok
15:35:56.0046 0444 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:35:56.0093 0444 NetTcpPortSharing - ok
15:35:56.0187 0444 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:35:56.0234 0444 NIC1394 - ok
15:35:56.0312 0444 Nla (832e4dd8964ab7acc880b2837cb1ed20) C:\WINDOWS\System32\mswsock.dll
15:35:56.0312 0444 Nla - ok
15:35:56.0359 0444 Norton Internet Security - ok
15:35:56.0421 0444 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:35:56.0437 0444 Npfs - ok
15:35:56.0484 0444 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:35:56.0515 0444 Ntfs - ok
15:35:56.0562 0444 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:35:56.0562 0444 NtLmSsp - ok
15:35:56.0625 0444 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
15:35:56.0734 0444 NtmsSvc - ok
15:35:56.0796 0444 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:35:56.0796 0444 Null - ok
15:35:56.0828 0444 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:35:56.0843 0444 NwlnkFlt - ok
15:35:56.0859 0444 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:35:56.0890 0444 NwlnkFwd - ok
15:35:56.0921 0444 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:35:56.0953 0444 ohci1394 - ok
15:35:57.0046 0444 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:35:57.0125 0444 ose - ok
15:35:57.0156 0444 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
15:35:57.0218 0444 Parport - ok
15:35:57.0234 0444 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:35:57.0250 0444 PartMgr - ok
15:35:57.0281 0444 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:35:57.0296 0444 ParVdm - ok
15:35:57.0312 0444 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:35:57.0359 0444 PCI - ok
15:35:57.0359 0444 PCIDump - ok
15:35:57.0375 0444 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:35:57.0390 0444 PCIIde - ok
15:35:57.0453 0444 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:35:57.0484 0444 Pcmcia - ok
15:35:57.0500 0444 PDCOMP - ok
15:35:57.0515 0444 PDFRAME - ok
15:35:57.0515 0444 PDRELI - ok
15:35:57.0531 0444 PDRFRAME - ok
15:35:57.0546 0444 perc2 - ok
15:35:57.0546 0444 perc2hib - ok
15:35:57.0640 0444 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:35:57.0656 0444 PlugPlay - ok
15:35:57.0703 0444 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\WINDOWS\system32\HPZipm12.dll
15:35:57.0703 0444 Pml Driver HPZ12 - ok
15:35:57.0734 0444 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:35:57.0734 0444 PolicyAgent - ok
15:35:57.0796 0444 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:35:57.0828 0444 PptpMiniport - ok
15:35:57.0843 0444 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:35:57.0843 0444 ProtectedStorage - ok
15:35:57.0859 0444 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:35:57.0906 0444 PSched - ok
15:35:57.0937 0444 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:35:57.0953 0444 Ptilink - ok
15:35:57.0968 0444 ql1080 - ok
15:35:57.0984 0444 Ql10wnt - ok
15:35:57.0984 0444 ql12160 - ok
15:35:58.0000 0444 ql1240 - ok
15:35:58.0015 0444 ql1280 - ok
15:35:58.0046 0444 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:35:58.0046 0444 RasAcd - ok
15:35:58.0093 0444 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
15:35:58.0125 0444 RasAuto - ok
15:35:58.0187 0444 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:35:58.0218 0444 Rasl2tp - ok
15:35:58.0265 0444 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
15:35:58.0265 0444 RasMan - ok
15:35:58.0281 0444 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:35:58.0296 0444 RasPppoe - ok
15:35:58.0312 0444 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:35:58.0328 0444 Raspti - ok
15:35:58.0406 0444 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:35:58.0453 0444 Rdbss - ok
15:35:58.0484 0444 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:35:58.0484 0444 RDPCDD - ok
15:35:58.0531 0444 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:35:58.0578 0444 rdpdr - ok
15:35:58.0609 0444 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
15:35:58.0671 0444 RDPWD - ok
15:35:58.0703 0444 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
15:35:58.0750 0444 RDSessMgr - ok
15:35:58.0781 0444 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:35:58.0812 0444 redbook - ok
15:35:58.0859 0444 regi (001b4278407f4303efc902a2b16f2453) C:\WINDOWS\system32\drivers\regi.sys
15:35:58.0875 0444 regi - ok
15:35:58.0906 0444 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
15:35:58.0937 0444 RemoteAccess - ok
15:35:58.0968 0444 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
15:35:58.0968 0444 RemoteRegistry - ok
15:35:59.0015 0444 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\WINDOWS\system32\Drivers\RimUsb.sys
15:35:59.0046 0444 RimUsb - ok
15:35:59.0093 0444 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
15:35:59.0125 0444 RimVSerPort - ok
15:35:59.0156 0444 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
15:35:59.0171 0444 ROOTMODEM - ok
15:35:59.0218 0444 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
15:35:59.0265 0444 RpcLocator - ok
15:35:59.0343 0444 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:35:59.0343 0444 RpcSs - ok
15:35:59.0359 0444 RSUSBSTOR - ok
15:35:59.0406 0444 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
15:35:59.0468 0444 RSVP - ok
15:35:59.0484 0444 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
15:35:59.0515 0444 rtl8139 - ok
15:35:59.0515 0444 Rts516xIR - ok
15:35:59.0562 0444 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:35:59.0562 0444 SamSs - ok
15:35:59.0703 0444 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:35:59.0703 0444 SASDIFSV - ok
15:35:59.0718 0444 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:35:59.0718 0444 SASKUTIL - ok
15:35:59.0765 0444 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
15:35:59.0828 0444 SCardSvr - ok
15:35:59.0890 0444 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
15:35:59.0968 0444 Schedule - ok
15:36:00.0031 0444 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:36:00.0046 0444 sdbus - ok
15:36:00.0062 0444 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:36:00.0093 0444 Secdrv - ok
15:36:00.0125 0444 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
15:36:00.0125 0444 seclogon - ok
15:36:00.0156 0444 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
15:36:00.0156 0444 SENS - ok
15:36:00.0187 0444 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
15:36:00.0187 0444 Serial - ok
15:36:00.0234 0444 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
15:36:00.0250 0444 Sfloppy - ok
15:36:00.0296 0444 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
15:36:00.0296 0444 SharedAccess - ok
15:36:00.0312 0444 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
15:36:00.0328 0444 ShellHWDetection - ok
15:36:00.0328 0444 Simbad - ok
15:36:00.0359 0444 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:36:00.0375 0444 SLIP - ok
15:36:00.0390 0444 Sparrow - ok
15:36:00.0421 0444 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:36:00.0437 0444 splitter - ok
15:36:00.0500 0444 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:36:00.0531 0444 Spooler - ok
15:36:00.0718 0444 SQLBrowser (5673e79bbb62a4c35b10d821ff1b4aca) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:36:00.0796 0444 SQLBrowser - ok
15:36:00.0828 0444 SQLWriter (9263c8898732e2b890f7e954e7729ab7) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:36:00.0890 0444 SQLWriter - ok
15:36:00.0937 0444 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:36:01.0000 0444 sr - ok
15:36:01.0046 0444 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
15:36:01.0062 0444 srservice - ok
15:36:01.0062 0444 SRTSP - ok
15:36:01.0078 0444 SRTSPX - ok
15:36:01.0125 0444 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
15:36:01.0125 0444 Srv - ok
15:36:01.0171 0444 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
15:36:01.0171 0444 SSDPSRV - ok
15:36:01.0218 0444 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
15:36:01.0218 0444 StillCam - ok
15:36:01.0281 0444 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
15:36:01.0296 0444 stisvc - ok
15:36:01.0328 0444 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:36:01.0343 0444 streamip - ok
15:36:01.0406 0444 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:36:01.0406 0444 swenum - ok
15:36:01.0484 0444 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:36:01.0515 0444 swmidi - ok
15:36:01.0515 0444 SwPrv - ok
15:36:01.0531 0444 symc810 - ok
15:36:01.0546 0444 symc8xx - ok
15:36:01.0562 0444 sym_hi - ok
15:36:01.0562 0444 sym_u3 - ok
15:36:01.0640 0444 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:36:01.0671 0444 sysaudio - ok
15:36:01.0718 0444 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
15:36:01.0812 0444 SysmonLog - ok
15:36:01.0859 0444 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
15:36:01.0859 0444 TapiSrv - ok
15:36:01.0937 0444 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:36:02.0000 0444 Tcpip - ok
15:36:02.0046 0444 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:36:02.0078 0444 TDPIPE - ok
15:36:02.0125 0444 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:36:02.0140 0444 TDTCP - ok
15:36:02.0187 0444 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:36:02.0218 0444 TermDD - ok
15:36:02.0265 0444 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
15:36:02.0265 0444 TermService - ok
15:36:02.0328 0444 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
15:36:02.0328 0444 Themes - ok
15:36:02.0375 0444 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
15:36:02.0421 0444 TlntSvr - ok
15:36:02.0421 0444 TosIde - ok
15:36:02.0484 0444 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
15:36:02.0484 0444 TrkWks - ok
15:36:02.0500 0444 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:36:02.0531 0444 Udfs - ok
15:36:02.0546 0444 ultra - ok
15:36:02.0562 0444 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:36:02.0593 0444 Update - ok
15:36:02.0625 0444 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
15:36:02.0656 0444 upnphost - ok
15:36:02.0703 0444 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
15:36:02.0765 0444 UPS - ok
15:36:02.0812 0444 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:36:02.0843 0444 USBAAPL - ok
15:36:02.0906 0444 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:36:02.0921 0444 usbccgp - ok
15:36:02.0937 0444 USBCCID - ok
15:36:03.0000 0444 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:36:03.0015 0444 usbehci - ok
15:36:03.0046 0444 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:36:03.0093 0444 usbhub - ok
15:36:03.0140 0444 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:36:03.0171 0444 usbprint - ok
15:36:03.0187 0444 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:36:03.0203 0444 usbscan - ok
15:36:03.0250 0444 usbsmi (57cc4af4651551f1bbc46e9f40acdbc7) C:\WINDOWS\system32\DRIVERS\SMIksdrv.sys
15:36:03.0312 0444 usbsmi - ok
15:36:03.0359 0444 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:36:03.0359 0444 USBSTOR - ok
15:36:03.0375 0444 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:36:03.0406 0444 usbuhci - ok
15:36:03.0468 0444 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
15:36:03.0484 0444 usbvideo - ok
15:36:03.0531 0444 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:36:03.0546 0444 VgaSave - ok
15:36:03.0562 0444 ViaIde - ok
15:36:03.0625 0444 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:36:03.0656 0444 VolSnap - ok
15:36:03.0718 0444 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
15:36:03.0796 0444 VSS - ok
15:36:03.0859 0444 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
15:36:03.0859 0444 W32Time - ok
15:36:03.0921 0444 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:36:03.0953 0444 Wanarp - ok
15:36:04.0031 0444 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:36:04.0062 0444 Wdf01000 - ok
15:36:04.0078 0444 WDICA - ok
15:36:04.0125 0444 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:36:04.0171 0444 wdmaud - ok
15:36:04.0218 0444 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
15:36:04.0218 0444 WebClient - ok
15:36:04.0281 0444 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\WINDOWS\system32\DRIVERS\wimfltr.sys
15:36:04.0328 0444 WimFltr - ok
15:36:04.0453 0444 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe
15:36:04.0453 0444 WinDefend - ok
15:36:04.0531 0444 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:36:04.0531 0444 winmgmt - ok
15:36:04.0578 0444 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
15:36:04.0609 0444 WmdmPmSN - ok
15:36:04.0671 0444 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
15:36:04.0687 0444 Wmi - ok
15:36:04.0750 0444 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:36:04.0765 0444 WmiAcpi - ok
15:36:04.0828 0444 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:36:04.0890 0444 WmiApSrv - ok
15:36:04.0890 0444 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
15:36:04.0906 0444 wscsvc - ok
15:36:04.0921 0444 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:36:04.0937 0444 WSTCODEC - ok
15:36:04.0968 0444 WSVD (5d0a08ebf9660e07865907fb1ab022b5) C:\WINDOWS\system32\drivers\WSVD.sys
15:36:05.0000 0444 WSVD - ok
15:36:05.0062 0444 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
15:36:05.0062 0444 wuauserv - ok
15:36:05.0140 0444 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
15:36:05.0156 0444 WZCSVC - ok
15:36:05.0250 0444 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
15:36:05.0312 0444 xmlprov - ok
15:36:05.0328 0444 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
15:36:05.0375 0444 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
15:36:05.0375 0444 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
15:36:05.0406 0444 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR8
15:36:05.0406 0444 \Device\Harddisk1\DR8 - ok
15:36:05.0437 0444 Boot (0x1200) (0107110e9c00aa881468b3e76b477b83) \Device\Harddisk0\DR0\Partition0
15:36:05.0437 0444 \Device\Harddisk0\DR0\Partition0 - ok
15:36:05.0468 0444 Boot (0x1200) (b9ccaf642df3548cb1f03bccc8b5569b) \Device\Harddisk0\DR0\Partition1
15:36:05.0468 0444 \Device\Harddisk0\DR0\Partition1 - ok
15:36:05.0468 0444 Boot (0x1200) (31b42c87e5520ba4deacc2ce69c07973) \Device\Harddisk1\DR8\Partition0
15:36:05.0468 0444 \Device\Harddisk1\DR8\Partition0 - ok
15:36:05.0468 0444 ============================================================
15:36:05.0468 0444 Scan finished
15:36:05.0468 0444 ============================================================
15:36:05.0484 1980 Detected object count: 1
15:36:05.0484 1980 Actual detected object count: 1
15:36:14.0093 1980 \Device\Harddisk0\DR0\# - copied to quarantine
15:36:14.0109 1980 \Device\Harddisk0\DR0 - copied to quarantine
15:36:14.0718 1980 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
15:36:14.0734 1980 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
15:36:14.0765 1980 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
15:36:14.0796 1980 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
15:36:14.0828 1980 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
15:36:14.0875 1980 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
15:36:16.0125 1980 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
15:36:16.0187 1980 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
15:36:16.0187 1980 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
15:36:16.0187 1980 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
15:36:16.0203 1980 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
15:36:16.0312 1980 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
15:36:16.0359 1980 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
15:36:16.0359 1980 \Device\Harddisk0\DR0 - ok
15:36:16.0359 1980 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
15:36:20.0562 1528 Deinitialize success


and aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-02 15:42:15
-----------------------------
15:42:15.718 OS Version: Windows 5.1.2600 Service Pack 3
15:42:15.718 Number of processors: 2 586 0x170A
15:42:15.718 ComputerName: LENOVO-3AECC5BB UserName: TValente
15:42:20.437 Initialize success
15:44:14.906 AVAST engine defs: 12040201
15:44:33.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:44:33.234 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 3
15:44:33.234 Disk 0 MBR read successfully
15:44:33.234 Disk 0 MBR scan
15:44:33.312 Disk 0 MBR:Alureon-M [Rtk]
15:44:33.312 Disk 0 TDL4@MBR code has been found
15:44:33.312 Disk 0 MBR hidden
15:44:33.328 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 193470 MB offset 2048
15:44:33.375 Disk 0 Partition - 00 0F Extended LBA 29894 MB offset 396230656
15:44:33.390 Disk 0 Partition 2 00 12 Compaq diag NTFS 15108 MB offset 457453568
15:44:33.453 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 29893 MB offset 396232704
15:44:33.500 Disk 0 MBR [TDL4] **ROOTKIT**
15:44:33.500 Disk 0 trace - called modules:
15:44:33.500 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8934549f]<<
15:44:33.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a47f030]
15:44:33.500 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> [0x8997e0d0]
15:44:33.515 \Driver\iaStor[0x893625c8] -> IRP_MJ_CREATE -> 0x8934549f
15:44:35.250 AVAST engine scan C:\WINDOWS
15:44:50.796 AVAST engine scan C:\WINDOWS\system32
15:50:05.328 AVAST engine scan C:\WINDOWS\system32\drivers
15:50:39.671 AVAST engine scan C:\Documents and Settings\TValente
15:51:55.031 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\TValente\Desktop\MBR.dat"
15:51:55.156 The log file has been saved successfully to "C:\Documents and Settings\TValente\Desktop\aswMBR.txt"
16:12:00.953 AVAST engine scan C:\Documents and Settings\All Users
16:16:53.421 Scan finished successfully
16:17:18.984 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\TValente\Desktop\MBR.dat"
16:17:19.046 The log file has been saved successfully to "C:\Documents and Settings\TValente\Desktop\aswMBRreport.txt"

-D

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:18 PM

Posted 02 April 2012 - 06:18 PM

The Pihar rootkit has been removed but the aswMBR scan shows that it (or a variant) is still present.

We need to check the Master Boot Record (MBR) offline.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download dumpit to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • Click on sdb1 (sdb1 represents the USB drive).
  • Double click on the dumpit file.
  • A black window will pop-up and it will dump and zip the MBR to your USB drive.
  • Press Enter to exit the black window.
  • Click on HOME tab and choose Power Off to turn off xPUD.
  • Remove the USB drive and insert it back on your working computer.
  • Locate the mbr.zip file in your USB drive and attach it when you reply.

Posted Image
m0le is a proud member of UNITE

#8 DerrickB

DerrickB
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 03 April 2012 - 05:11 PM

Ok everything went as planned - except when I get to this point in the instructions:

> Press F12 and choose to boot from the USB
> Follow the prompts
> "A Welcome to xPUD screen will appear"

The welcome screen does appear, it asks me to select my language and when I do, it goes to a black screen, some words appear, some lines scroll down and more letters and numbers and then it just goes to a black screen and nothing happens. No prompts, just a black screen.

What do I do?

-D

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:18 PM

Posted 03 April 2012 - 07:39 PM

We have a number of other options and we will try something a little easier first up

Download MBR Master from Emsisoft

  • Run the program
  • Click Backup MBR and save the two files to your desktop
  • Now please copy and paste the .txt file and attach the .mbr file in your next post

Posted Image
m0le is a proud member of UNITE

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:18 PM

Posted 06 April 2012 - 07:14 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:18 PM

Posted 07 April 2012 - 07:56 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:18 PM

Posted 09 April 2012 - 03:15 AM

This topic has been re-opened at the request of the person who originally posted.
Posted Image
m0le is a proud member of UNITE

#13 DerrickB

DerrickB
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 10 April 2012 - 05:56 AM

Ok it didn't give me the option to 'clean' and when I did 'backup' it only gave me the option to save an MBR file. So I have attached that and I copied the text in the body of the window that appears when you run the program:

Detected Windows version: 5.1 Build 2600 Service Pack 3
Installing direct disk access driver ...
Driver connection handle: 0x000000A4
1 valid drive(s) found.

Details for Disk 0 - WDC WD25 00BEVT-22ZCT Rev 11.0:
Device name : \\.\PhysicalDrive0
Geometry (C/H/S) : 30401/255/63
Boot loader reputation : Unknown
Cross view comparison : MBR mismatch! Rootkit?
Partition table integrity: Passed

Boot loader hashes
SHA-1 : 4A424128F8BDD7486A71ACBA75AD6A099B912047
MD5 : 0F84F2562620C40D8A3E1908C8075675

#14 DerrickB

DerrickB
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 10 April 2012 - 06:01 AM

When I try to attach the MBR file from the jump drive I'm using on my clean computer the Microsoft Security Essentials is saying the virus is in the log and wants to quarantine and clear the file, so I'm going to try and upload it from the virus infected laptop.

-D

#15 DerrickB

DerrickB
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 10 April 2012 - 06:25 AM

No go - I can't get to Internet Explorer or Mozilla from that computer. What should I do? Sorry this is so complicated!!

-D




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users