Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Got a nasty one: Ruthless browser redirects and BSODs,but this sucker&

Started by CypherZ , Feb 24 2012 08:12 AM

  • This topic is locked This topic is locked

#1
CypherZ
Posted 24 February 2012 - 08:12 AM

CypherZ

    Member

  • Member
  • PipPip
  • 14 posts
Hi guys,

Ok,this one has me stumped. I ate a trojan redirect virus some weeks ago (pretty sure it was one of the Puma ones, it all started when I clicked on a link while searching something on google and puma-something was on the url) and tried to get rid of it by backing up my files and then system restoring to factory default. The thing was forcing BSoD's on my laptop not even 10 seconds after starting up a user profile, so I figured a drastic fix was in order. I could not even get online to update my copy of MBAM when it kept crashing on me.

It worked? That's what I thought. No more BSODs, so looking to start over I go on IE to start downloading all my necessities; MBAM, Chrome/Firefox, Open Office, GIMP etc... but soon as I turn it on I start getting redirected to an obviously shady search engine, and trying to go to a few websites rerouted me to places with "ninjaa.info.de" in the url or other such.

I tried to get rid of it on my own. Pulled up a flash drive, VIPRERESCUE, rkill... nothing. Eventually I decide I'll load up MBAM on that Flash Drive, and I let it scan overnight.

When I woke up this morning, I tried to unhibernate my computer and that BSOD was back with a vengeance. Good thing the log still saved; I pulled it up and took a look, but once again the computer couldn't find anything wrong... and then I ate another BSOD.

I put the computer in safe mode, got OTL on that flash drive, and full scanned my laptop. This is what I got.

OTL logfile created on: 2/24/2012 8:42:15 AM - Run 2
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\T.K Balanga\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.95 Mb Total Physical Memory | 737.09 Mb Available Physical Memory | 72.70% Memory free
1.99 Gb Paging File | 1.73 Gb Available in Paging File | 87.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.95 Gb Total Space | 117.44 Gb Free Space | 85.76% Space Free | Partition Type: NTFS

Computer Name: PSYBLASTER | User Name: T.K Balanga | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/23 16:10:07 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\T.K Balanga\Desktop\OTL.exe
PRC - [2009/07/23 15:51:26 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/23 15:51:26 | 000,645,328 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/08/18 02:46:33 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2009/08/06 12:18:54 | 000,311,592 | ---- | M] () [Auto | Stopped] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/05 23:31:06 | 000,727,584 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/07/23 15:51:26 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/22 15:16:30 | 000,894,136 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/10 04:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009/06/18 12:14:46 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/06/16 22:29:18 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/06/16 21:00:46 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/06/04 08:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/04/09 19:04:30 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/04/09 13:46:14 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/04/09 10:18:50 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/07/27 02:06:44 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2009/07/16 06:31:38 | 001,176,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/06/23 21:59:10 | 000,167,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/06/18 12:15:22 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/06/18 12:15:22 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/06/18 12:15:22 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/06/18 12:15:22 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/06/18 12:14:52 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/06/02 06:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2009/06/02 06:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009/06/02 06:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2009/04/09 16:23:02 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...44ww15w4822372s
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...44ww15w4822372s

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...44ww15w4822372s
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2012/02/22 17:37:32 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4115C0A-3964-41FD-A7A4-D3DCF0C2C2CD}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/24 01:30:02 | 000,000,000 | ---D | C] -- C:\Users\T.K Balanga\AppData\Roaming\Malwarebytes
[2012/02/24 01:18:16 | 000,000,000 | ---D | C] -- C:\Users\T.K Balanga\Desktop\Google
[2012/02/24 01:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/24 01:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/24 01:17:24 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/24 01:17:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/23 19:21:44 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2012/02/23 19:21:44 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\sbbd.exe
[2012/02/23 19:21:05 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2012/02/23 18:04:40 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\T.K Balanga\Desktop\OTL.exe
[2012/02/23 12:39:06 | 000,197,632 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\ir32_32.dll
[2012/02/23 12:39:06 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2012/02/20 23:58:39 | 000,000,000 | ---D | C] -- C:\Users\T.K Balanga\AppData\Roaming\Google
[2012/02/20 23:58:38 | 000,000,000 | ---D | C] -- C:\Users\T.K Balanga\AppData\Local\Google
[2012/02/20 13:08:30 | 000,000,000 | ---D | C] -- C:\Users\T.K Balanga\AppData\Roaming\Adobe
[2012/02/20 07:08:18 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2012/02/20 07:08:18 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2012/02/20 07:08:18 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2012/02/20 07:08:17 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2012/02/20 07:08:17 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2012/02/20 07:08:17 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2012/02/20 07:08:16 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2012/02/20 07:08:16 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2012/02/20 07:07:18 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2012/02/20 07:00:47 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/02/20 06:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/02/20 06:46:36 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2012/02/20 02:35:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2012/02/20 02:35:50 | 001,002,008 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igxpun.exe
[2012/02/20 02:34:06 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/02/20 00:47:54 | 003,957,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/02/20 00:47:53 | 003,901,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/02/20 00:35:56 | 000,000,000 | ---D | C] -- C:\Users\T.K Balanga\AppData\Roaming\Macromedia
[2012/02/20 00:35:54 | 000,000,000 | ---D | C] -- C:\Windows\Screensavers
[2012/02/20 00:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2012/02/20 00:21:45 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2012/02/20 00:20:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/02/20 00:18:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012/02/20 00:18:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2012/02/20 00:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2012/02/20 00:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/02/20 00:16:56 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/02/20 00:10:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2012/02/20 00:05:37 | 001,654,784 | ---- | C] (SuYin) -- C:\Windows\Acer Crystal Eye webcam.EXE
[2012/02/20 00:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam
[2012/02/20 00:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012/02/20 00:03:16 | 000,000,000 | ---D | C] -- C:\Users\T.K Balanga\AppData\Roaming\InstallShield
[2012/02/20 00:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
[2012/02/20 00:02:12 | 000,000,000 | ---D | C] -- C:\Users\T.K Balanga\AppData\Roaming\Acer
[2012/02/20 00:02:10 | 000,000,000 | ---D | C] -- C:\book
[2012/02/20 00:01:57 | 000,000,000 | ---D | C] -- C:\Users\T.K Balanga\AppData\Roaming\Leadertech
[2012/02/20 00:01:52 | 000,000,000 | ---D | C] -- C:\Users\T.K Balanga\AppData\Local\EgisTec
[2012/02/20 00:00:47 | 000,000,000 | R--D | C] -- C:\Users\T.K Balanga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/02/20 00:00:47 | 000,000,000 | R--D | C] -- C:\Users\T.K Balanga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/02/20 00:00:46 | 000,000,000 | R--D | C] -- C:\Users\T.K Balanga\Searches
[2012/02/20 00:00:46 | 000,000,000 | -H-D | C] -- C:\Users\T.K Balanga\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/02/20 00:00:24 | 000,000,000 | ---D | C] -- C:\Users\T.K Balanga\AppData\Roaming\Identities
[2012/02/20 00:00:12 | 000,000,000 | R--D | C] -- C:\Users\T.K Balanga\Contacts
[2012/02/19 23:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM_E471269A730D
[2012/02/19 23:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\OEM
[2012/02/19 23:57:41 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Acer
[2012/02/19 23:56:03 | 000,000,000 | ---D | C] -- C:\Users\T.K Balanga\AppData\Local\VirtualStore
[2012/02/19 23:55:50 | 000,000,000 | -HSD | C] -- C:\Users\T.K Balanga\AppData\Local\Temporary Internet Files
[2012/02/19 23:55:50 | 000,000,000 | -HSD | C] -- C:\Users\T.K Balanga\Templates
[2012/02/19 23:55:50 | 000,000,000 | -HSD | C] -- C:\Users\T.K Balanga\Start Menu
[2012/02/19 23:55:50 | 000,000,000 | -HSD | C] -- C:\Users\T.K Balanga\SendTo
[2012/02/19 23:55:50 | 000,000,000 | -HSD | C] -- C:\Users\T.K Balanga\Recent
[2012/02/19 23:55:50 | 000,000,000 | -HSD | C] -- C:\Users\T.K Balanga\PrintHood
[2012/02/19 23:55:50 | 000,000,000 | -HSD | C] -- C:\Users\T.K Balanga\NetHood
[2012/02/19 23:55:50 | 000,000,000 | -HSD | C] -- C:\Users\T.K Balanga\Documents\My Videos
[2012/02/19 23:55:50 | 000,000,000 | -HSD | C] -- C:\Users\T.K Balanga\Documents\My Pictures
[2012/02/19 23:55:50 | 000,000,000 | -HSD | C] -- C:\Users\T.K Balanga\Documents\My Music
[2012/02/19 23:55:50 | 000,000,000 | -HSD | C] -- C:\Users\T.K Balanga\My Documents
[2012/02/19 23:55:50 | 000,000,000 | -HSD | C] -- C:\Users\T.K Balanga\Local Settings
[2012/02/19 23:55:50 | 000,000,000 | -HSD | C] -- C:\Users\T.K Balanga\AppData\Local\History
[2012/02/19 23:55:50 | 000,000,000 | -HSD | C] -- C:\Users\T.K Balanga\Cookies
[2012/02/19 23:55:50 | 000,000,000 | -HSD | C] -- C:\Users\T.K Balanga\Application Data
[2012/02/19 23:55:50 | 000,000,000 | -HSD | C] -- C:\Users\T.K Balanga\AppData\Local\Application Data
[2012/02/19 23:55:49 | 000,000,000 | --SD | C] -- C:\Users\T.K Balanga\AppData\Roaming\Microsoft
[2012/02/19 23:55:49 | 000,000,000 | R--D | C] -- C:\Users\T.K Balanga\Videos
[2012/02/19 23:55:49 | 000,000,000 | R--D | C] -- C:\Users\T.K Balanga\Saved Games
[2012/02/19 23:55:49 | 000,000,000 | R--D | C] -- C:\Users\T.K Balanga\Pictures
[2012/02/19 23:55:49 | 000,000,000 | R--D | C] -- C:\Users\T.K Balanga\Music
[2012/02/19 23:55:49 | 000,000,000 | R--D | C] -- C:\Users\T.K Balanga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/02/19 23:55:49 | 000,000,000 | R--D | C] -- C:\Users\T.K Balanga\Links
[2012/02/19 23:55:49 | 000,000,000 | R--D | C] -- C:\Users\T.K Balanga\Favorites
[2012/02/19 23:55:49 | 000,000,000 | R--D | C] -- C:\Users\T.K Balanga\Downloads
[2012/02/19 23:55:49 | 000,000,000 | R--D | C] -- C:\Users\T.K Balanga\Documents
[2012/02/19 23:55:49 | 000,000,000 | R--D | C] -- C:\Users\T.K Balanga\Desktop
[2012/02/19 23:55:49 | 000,000,000 | R--D | C] -- C:\Users\T.K Balanga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/02/19 23:55:49 | 000,000,000 | -H-D | C] -- C:\Users\T.K Balanga\AppData
[2012/02/19 23:55:49 | 000,000,000 | ---D | C] -- C:\Users\T.K Balanga\AppData\Local\Temp
[2012/02/19 23:55:49 | 000,000,000 | ---D | C] -- C:\Users\T.K Balanga\AppData\Local\Microsoft
[2012/02/19 23:55:03 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012/02/19 23:53:35 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

========== Files - Modified Within 30 Days ==========

[2012/02/24 08:21:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/24 08:21:30 | 797,396,992 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/24 08:21:29 | 165,858,467 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/24 01:17:36 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/24 00:07:29 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/24 00:07:29 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/23 23:57:56 | 000,475,185 | ---- | M] () -- C:\Users\T.K Balanga\Desktop\Convention.rtf
[2012/02/23 18:19:18 | 112,033,792 | ---- | M] () -- C:\Users\T.K Balanga\Desktop\VIPRERescue11581.exe
[2012/02/23 17:54:38 | 000,004,931 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2012/02/23 16:10:07 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\T.K Balanga\Desktop\OTL.exe
[2012/02/22 18:03:48 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2012/02/20 23:57:59 | 000,001,411 | ---- | M] () -- C:\Users\T.K Balanga\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/20 12:48:38 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/20 12:48:38 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/20 02:52:20 | 000,035,789 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/02/20 02:36:42 | 000,000,006 | ---- | M] () -- C:\Windows\System32\PLD_Framework.cmd
[2012/02/20 00:52:12 | 000,332,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/20 00:52:09 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2012/02/20 00:52:09 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2012/02/20 00:20:28 | 000,000,020 | ---- | M] () -- C:\Windows\Èù
[2012/02/20 00:04:27 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/02/19 23:57:12 | 000,013,866 | ---- | M] () -- C:\Windows\System32\results.xml

========== Files Created - No Company Name ==========

[2012/02/24 01:17:36 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/23 19:20:26 | 112,033,792 | ---- | C] () -- C:\Users\T.K Balanga\Desktop\VIPRERescue11581.exe
[2012/02/22 18:03:48 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2012/02/20 23:57:59 | 000,001,411 | ---- | C] () -- C:\Users\T.K Balanga\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/20 12:50:10 | 000,475,185 | ---- | C] () -- C:\Users\T.K Balanga\Desktop\Convention.rtf
[2012/02/20 07:00:22 | 165,858,467 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/20 02:34:06 | 797,396,992 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/20 00:30:17 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2012/02/20 00:29:05 | 000,001,109 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2012/02/20 00:20:26 | 000,000,020 | ---- | C] () -- C:\Windows\Èù
[2012/02/20 00:05:39 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2012/02/20 00:05:39 | 000,008,312 | ---- | C] () -- C:\Windows\Suyin.reg
[2012/02/20 00:05:38 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2012/02/20 00:05:38 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2012/02/20 00:05:38 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2012/02/20 00:04:27 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/02/20 00:00:52 | 000,001,417 | ---- | C] () -- C:\Users\T.K Balanga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/02/19 23:58:26 | 000,002,021 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Assist.lnk
[2012/02/19 23:57:12 | 000,013,866 | ---- | C] () -- C:\Windows\System32\results.xml
[2012/02/19 23:56:28 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\McDefragTask.job
[2012/02/19 23:56:25 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\McQcTask.job
[2012/02/19 23:55:49 | 000,000,290 | ---- | C] () -- C:\Users\T.K Balanga\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/02/19 23:55:49 | 000,000,272 | ---- | C] () -- C:\Users\T.K Balanga\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

========== LOP Check ==========

[2012/02/20 00:02:12 | 000,000,000 | ---D | M] -- C:\Users\T.K Balanga\AppData\Roaming\Acer
[2012/02/20 00:01:57 | 000,000,000 | ---D | M] -- C:\Users\T.K Balanga\AppData\Roaming\Leadertech
[2012/02/20 00:52:09 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2012/02/20 00:52:09 | 000,000,320 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2009/07/13 23:53:46 | 000,004,890 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
maliprog
Posted 05 March 2012 - 07:17 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello CypherZ and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system

  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, ZIP MBR.dat it creates and attach it to your next reply

Step 1

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe &amp; follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 4

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#3
CypherZ
Posted 07 March 2012 - 08:15 PM

CypherZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Alright, I've bumped into another problem. First though, some logs...

20:29:13.0330 1584	TDSS rootkit removing tool 2.7.19.0 Mar  5 2012 11:23:39
20:29:13.0377 1584	============================================================
20:29:13.0377 1584	Current date / time: 2012/03/07 20:29:13.0377
20:29:13.0377 1584	SystemInfo:
20:29:13.0377 1584	
20:29:13.0377 1584	OS Version: 6.1.7600 ServicePack: 0.0
20:29:13.0377 1584	Product type: Workstation
20:29:13.0377 1584	ComputerName: PSYBLASTER
20:29:13.0377 1584	UserName: T.K Balanga
20:29:13.0377 1584	Windows directory: C:\Windows
20:29:13.0377 1584	System windows directory: C:\Windows
20:29:13.0377 1584	Processor architecture: Intel x86
20:29:13.0377 1584	Number of processors: 2
20:29:13.0377 1584	Page size: 0x1000
20:29:13.0377 1584	Boot type: Safe boot
20:29:13.0377 1584	============================================================
20:29:13.0969 1584	Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:29:13.0969 1584	Drive \Device\Harddisk1\DR1 - Size: 0x4A85D55E00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:29:14.0266 1584	\Device\Harddisk0\DR0:
20:29:14.0266 1584	MBR used
20:29:14.0266 1584	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD
20:29:14.0266 1584	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x111E4784
20:29:14.0266 1584	\Device\Harddisk1\DR1:
20:29:14.0359 1584	MBR used
20:29:14.0359 1584	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
20:29:14.0422 1584	Initialize success
20:29:14.0422 1584	============================================================
20:29:26.0824 1500	============================================================
20:29:26.0824 1500	Scan started
20:29:26.0824 1500	Mode: Manual; SigCheck; TDLFS; 
20:29:26.0824 1500	============================================================
20:29:27.0058 1500	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
20:29:27.0276 1500	1394ohci - ok
20:29:27.0401 1500	ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
20:29:27.0432 1500	ACPI - ok
20:29:27.0557 1500	AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
20:29:27.0651 1500	AcpiPmi - ok
20:29:27.0791 1500	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
20:29:27.0838 1500	adp94xx - ok
20:29:27.0994 1500	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
20:29:28.0041 1500	adpahci - ok
20:29:28.0181 1500	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
20:29:28.0212 1500	adpu320 - ok
20:29:28.0306 1500	AFD             (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
20:29:28.0462 1500	AFD - ok
20:29:28.0571 1500	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
20:29:28.0602 1500	agp440 - ok
20:29:28.0665 1500	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
20:29:28.0696 1500	aic78xx - ok
20:29:28.0805 1500	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
20:29:28.0821 1500	aliide - ok
20:29:28.0867 1500	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
20:29:28.0899 1500	amdagp - ok
20:29:28.0914 1500	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
20:29:28.0945 1500	amdide - ok
20:29:28.0961 1500	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
20:29:29.0023 1500	AmdK8 - ok
20:29:29.0101 1500	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
20:29:29.0164 1500	AmdPPM - ok
20:29:29.0304 1500	amdsata         (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
20:29:29.0320 1500	amdsata - ok
20:29:29.0367 1500	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
20:29:29.0398 1500	amdsbs - ok
20:29:29.0429 1500	amdxata         (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
20:29:29.0460 1500	amdxata - ok
20:29:29.0569 1500	AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
20:29:29.0632 1500	AppID - ok
20:29:29.0772 1500	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
20:29:29.0803 1500	arc - ok
20:29:29.0835 1500	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
20:29:29.0866 1500	arcsas - ok
20:29:29.0913 1500	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
20:29:29.0991 1500	AsyncMac - ok
20:29:30.0100 1500	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
20:29:30.0115 1500	atapi - ok
20:29:30.0225 1500	athr            (2eb96571fe865f07ed1fd6017575026f) C:\Windows\system32\DRIVERS\athr.sys
20:29:30.0318 1500	athr - ok
20:29:30.0490 1500	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
20:29:30.0568 1500	b06bdrv - ok
20:29:30.0693 1500	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:29:30.0739 1500	b57nd60x - ok
20:29:30.0864 1500	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
20:29:30.0942 1500	Beep - ok
20:29:31.0083 1500	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
20:29:31.0129 1500	blbdrive - ok
20:29:31.0239 1500	bowser          (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
20:29:31.0317 1500	bowser - ok
20:29:31.0363 1500	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:29:31.0410 1500	BrFiltLo - ok
20:29:31.0488 1500	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:29:31.0535 1500	BrFiltUp - ok
20:29:31.0660 1500	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
20:29:31.0722 1500	Brserid - ok
20:29:31.0847 1500	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
20:29:31.0894 1500	BrSerWdm - ok
20:29:32.0003 1500	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:29:32.0050 1500	BrUsbMdm - ok
20:29:32.0112 1500	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
20:29:32.0159 1500	BrUsbSer - ok
20:29:32.0237 1500	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
20:29:32.0268 1500	BTHMODEM - ok
20:29:32.0424 1500	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
20:29:32.0502 1500	cdfs - ok
20:29:32.0611 1500	cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
20:29:32.0658 1500	cdrom - ok
20:29:32.0783 1500	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
20:29:32.0830 1500	circlass - ok
20:29:32.0908 1500	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
20:29:32.0970 1500	CLFS - ok
20:29:33.0064 1500	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
20:29:33.0095 1500	CmBatt - ok
20:29:33.0157 1500	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
20:29:33.0189 1500	cmdide - ok
20:29:33.0220 1500	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
20:29:33.0298 1500	CNG - ok
20:29:33.0391 1500	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
20:29:33.0407 1500	Compbatt - ok
20:29:33.0469 1500	CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:29:33.0516 1500	CompositeBus - ok
20:29:33.0610 1500	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
20:29:33.0641 1500	crcdisk - ok
20:29:33.0797 1500	DfsC            (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
20:29:33.0875 1500	DfsC - ok
20:29:33.0984 1500	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
20:29:34.0062 1500	discache - ok
20:29:34.0203 1500	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
20:29:34.0234 1500	Disk - ok
20:29:34.0327 1500	DKbFltr         (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
20:29:34.0374 1500	DKbFltr - ok
20:29:34.0499 1500	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
20:29:34.0561 1500	drmkaud - ok
20:29:34.0686 1500	DXGKrnl         (39806cfeddcc55e686a49bccd2972f23) C:\Windows\System32\drivers\dxgkrnl.sys
20:29:34.0780 1500	DXGKrnl - ok
20:29:34.0998 1500	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
20:29:35.0201 1500	ebdrv - ok
20:29:35.0357 1500	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
20:29:35.0404 1500	elxstor - ok
20:29:35.0529 1500	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
20:29:35.0575 1500	ErrDev - ok
20:29:35.0716 1500	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
20:29:35.0794 1500	exfat - ok
20:29:35.0825 1500	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
20:29:35.0919 1500	fastfat - ok
20:29:36.0012 1500	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
20:29:36.0059 1500	fdc - ok
20:29:36.0121 1500	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
20:29:36.0153 1500	FileInfo - ok
20:29:36.0246 1500	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
20:29:36.0324 1500	Filetrace - ok
20:29:36.0371 1500	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
20:29:36.0418 1500	flpydisk - ok
20:29:36.0511 1500	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
20:29:36.0543 1500	FltMgr - ok
20:29:36.0605 1500	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
20:29:36.0636 1500	FsDepends - ok
20:29:36.0652 1500	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
20:29:36.0683 1500	Fs_Rec - ok
20:29:36.0792 1500	fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
20:29:36.0839 1500	fvevol - ok
20:29:36.0917 1500	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:29:36.0948 1500	gagp30kx - ok
20:29:37.0057 1500	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
20:29:37.0104 1500	hcw85cir - ok
20:29:37.0260 1500	HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
20:29:37.0323 1500	HdAudAddService - ok
20:29:37.0447 1500	HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:29:37.0494 1500	HDAudBus - ok
20:29:37.0588 1500	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
20:29:37.0635 1500	HidBatt - ok
20:29:37.0681 1500	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
20:29:37.0728 1500	HidBth - ok
20:29:37.0837 1500	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
20:29:37.0884 1500	HidIr - ok
20:29:38.0025 1500	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
20:29:38.0071 1500	HidUsb - ok
20:29:38.0243 1500	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:29:38.0259 1500	HpSAMD - ok
20:29:38.0337 1500	HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
20:29:38.0430 1500	HTTP - ok
20:29:38.0539 1500	hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
20:29:38.0571 1500	hwpolicy - ok
20:29:38.0617 1500	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
20:29:38.0664 1500	i8042prt - ok
20:29:38.0773 1500	iaStor          (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
20:29:38.0820 1500	iaStor - ok
20:29:38.0945 1500	iaStorV         (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
20:29:38.0992 1500	iaStorV - ok
20:29:39.0319 1500	igfx            (1f50623259df354776df04c56504a2d7) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:29:39.0663 1500	igfx - ok
20:29:39.0803 1500	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
20:29:39.0834 1500	iirsp - ok
20:29:40.0006 1500	IntcAzAudAddService (f2baa4ff548f7f0317f7638951c1cd9c) C:\Windows\system32\drivers\RTKVHDA.sys
20:29:40.0209 1500	IntcAzAudAddService - ok
20:29:40.0333 1500	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
20:29:40.0365 1500	intelide - ok
20:29:40.0411 1500	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
20:29:40.0443 1500	intelppm - ok
20:29:40.0474 1500	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:29:40.0552 1500	IpFilterDriver - ok
20:29:40.0645 1500	IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:29:40.0677 1500	IPMIDRV - ok
20:29:40.0723 1500	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
20:29:40.0801 1500	IPNAT - ok
20:29:40.0895 1500	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
20:29:40.0973 1500	IRENUM - ok
20:29:41.0082 1500	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
20:29:41.0113 1500	isapnp - ok
20:29:41.0145 1500	iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
20:29:41.0176 1500	iScsiPrt - ok
20:29:41.0316 1500	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:29:41.0332 1500	kbdclass - ok
20:29:41.0394 1500	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
20:29:41.0441 1500	kbdhid - ok
20:29:41.0535 1500	KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
20:29:41.0566 1500	KSecDD - ok
20:29:41.0613 1500	KSecPkg         (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
20:29:41.0644 1500	KSecPkg - ok
20:29:41.0706 1500	L1C             (a158cea8644b8a5c1ec0e9a81b70f65a) C:\Windows\system32\DRIVERS\L1C62x86.sys
20:29:41.0753 1500	L1C - ok
20:29:41.0878 1500	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
20:29:41.0956 1500	lltdio - ok
20:29:42.0096 1500	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:29:42.0127 1500	LSI_FC - ok
20:29:42.0159 1500	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:29:42.0190 1500	LSI_SAS - ok
20:29:42.0315 1500	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:29:42.0346 1500	LSI_SAS2 - ok
20:29:42.0393 1500	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:29:42.0424 1500	LSI_SCSI - ok
20:29:42.0533 1500	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
20:29:42.0627 1500	luafv - ok
20:29:42.0736 1500	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
20:29:42.0767 1500	MBAMProtector - ok
20:29:42.0954 1500	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
20:29:42.0970 1500	megasas - ok
20:29:43.0001 1500	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
20:29:43.0048 1500	MegaSR - ok
20:29:43.0079 1500	mfeavfk         (64b96de8c492bd435372d9130a535f1d) C:\Windows\system32\drivers\mfeavfk.sys
20:29:43.0110 1500	mfeavfk - ok
20:29:43.0204 1500	mfebopk         (078e87a89d36cc3516f19d5fb518bddc) C:\Windows\system32\drivers\mfebopk.sys
20:29:43.0235 1500	mfebopk - ok
20:29:43.0266 1500	mfehidk         (168c565101fd5b9db694efdec91fafa9) C:\Windows\system32\drivers\mfehidk.sys
20:29:43.0297 1500	mfehidk - ok
20:29:43.0344 1500	mferkdk         (f7488fabf1dc4ced93be36907ebc4749) C:\Windows\system32\drivers\mferkdk.sys
20:29:43.0375 1500	mferkdk - ok
20:29:43.0469 1500	mfesmfk         (63dd7b6d8a31dce0298e86de3873d013) C:\Windows\system32\drivers\mfesmfk.sys
20:29:43.0500 1500	mfesmfk - ok
20:29:43.0563 1500	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
20:29:43.0641 1500	Modem - ok
20:29:43.0734 1500	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
20:29:43.0781 1500	monitor - ok
20:29:43.0890 1500	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
20:29:43.0922 1500	mouclass - ok
20:29:43.0968 1500	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
20:29:44.0015 1500	mouhid - ok
20:29:44.0109 1500	mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
20:29:44.0140 1500	mountmgr - ok
20:29:44.0218 1500	MPFP            (95675c3398dcc084c8d1dc35cc4e9e01) C:\Windows\system32\Drivers\Mpfp.sys
20:29:44.0249 1500	MPFP - ok
20:29:44.0343 1500	mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
20:29:44.0374 1500	mpio - ok
20:29:44.0436 1500	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
20:29:44.0514 1500	mpsdrv - ok
20:29:44.0608 1500	MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
20:29:44.0655 1500	MRxDAV - ok
20:29:44.0780 1500	mrxsmb          (f4a054be78af7f410129c4b64b07dc9b) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:29:44.0858 1500	mrxsmb - ok
20:29:44.0982 1500	mrxsmb10        (deffa295bd1895c6ed8e3078412ac60b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:29:45.0060 1500	mrxsmb10 - ok
20:29:45.0185 1500	mrxsmb20        (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:29:45.0248 1500	mrxsmb20 - ok
20:29:45.0310 1500	msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
20:29:45.0341 1500	msahci - ok
20:29:45.0419 1500	msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
20:29:45.0450 1500	msdsm - ok
20:29:45.0560 1500	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
20:29:45.0638 1500	Msfs - ok
20:29:45.0747 1500	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
20:29:45.0825 1500	mshidkmdf - ok
20:29:45.0918 1500	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
20:29:45.0950 1500	msisadrv - ok
20:29:46.0090 1500	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
20:29:46.0152 1500	MSKSSRV - ok
20:29:46.0262 1500	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
20:29:46.0340 1500	MSPCLOCK - ok
20:29:46.0449 1500	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
20:29:46.0527 1500	MSPQM - ok
20:29:46.0620 1500	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
20:29:46.0652 1500	MsRPC - ok
20:29:46.0761 1500	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
20:29:46.0792 1500	mssmbios - ok
20:29:46.0886 1500	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
20:29:46.0979 1500	MSTEE - ok
20:29:47.0073 1500	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
20:29:47.0104 1500	MTConfig - ok
20:29:47.0198 1500	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
20:29:47.0229 1500	Mup - ok
20:29:47.0338 1500	mwlPSDFilter    (cb47c414e083ca6e50e634b148f28f64) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
20:29:47.0369 1500	mwlPSDFilter - ok
20:29:47.0478 1500	mwlPSDNServ     (647b953019559bff07536f5c6121f333) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
20:29:47.0525 1500	mwlPSDNServ - ok
20:29:47.0619 1500	mwlPSDVDisk     (5a236a36db8687d1e64dc81c03eaabe1) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
20:29:47.0650 1500	mwlPSDVDisk - ok
20:29:47.0790 1500	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
20:29:47.0853 1500	NativeWifiP - ok
20:29:47.0978 1500	NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
20:29:48.0040 1500	NDIS - ok
20:29:48.0165 1500	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
20:29:48.0227 1500	NdisCap - ok
20:29:48.0290 1500	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
20:29:48.0368 1500	NdisTapi - ok
20:29:48.0461 1500	Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
20:29:48.0539 1500	Ndisuio - ok
20:29:48.0570 1500	NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
20:29:48.0648 1500	NdisWan - ok
20:29:48.0664 1500	NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
20:29:48.0742 1500	NDProxy - ok
20:29:48.0836 1500	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
20:29:48.0898 1500	NetBIOS - ok
20:29:48.0960 1500	NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
20:29:49.0038 1500	NetBT - ok
20:29:49.0163 1500	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
20:29:49.0194 1500	nfrd960 - ok
20:29:49.0319 1500	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
20:29:49.0397 1500	Npfs - ok
20:29:49.0538 1500	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
20:29:49.0616 1500	nsiproxy - ok
20:29:49.0756 1500	Ntfs            (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
20:29:49.0834 1500	Ntfs - ok
20:29:49.0959 1500	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
20:29:50.0037 1500	Null - ok
20:29:50.0162 1500	nvraid          (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
20:29:50.0193 1500	nvraid - ok
20:29:50.0240 1500	nvstor          (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
20:29:50.0271 1500	nvstor - ok
20:29:50.0302 1500	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
20:29:50.0333 1500	nv_agp - ok
20:29:50.0364 1500	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
20:29:50.0411 1500	ohci1394 - ok
20:29:50.0536 1500	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
20:29:50.0567 1500	Parport - ok
20:29:50.0614 1500	partmgr         (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
20:29:50.0645 1500	partmgr - ok
20:29:50.0661 1500	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
20:29:50.0739 1500	Parvdm - ok
20:29:50.0832 1500	pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
20:29:50.0864 1500	pci - ok
20:29:50.0910 1500	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
20:29:50.0942 1500	pciide - ok
20:29:51.0020 1500	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
20:29:51.0051 1500	pcmcia - ok
20:29:51.0098 1500	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
20:29:51.0129 1500	pcw - ok
20:29:51.0160 1500	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
20:29:51.0254 1500	PEAUTH - ok
20:29:51.0550 1500	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
20:29:51.0628 1500	PptpMiniport - ok
20:29:51.0737 1500	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
20:29:51.0784 1500	Processor - ok
20:29:51.0940 1500	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
20:29:52.0018 1500	Psched - ok
20:29:52.0174 1500	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
20:29:52.0299 1500	ql2300 - ok
20:29:52.0408 1500	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
20:29:52.0439 1500	ql40xx - ok
20:29:52.0517 1500	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
20:29:52.0564 1500	QWAVEdrv - ok
20:29:52.0642 1500	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
20:29:52.0720 1500	RasAcd - ok
20:29:52.0829 1500	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:29:52.0907 1500	RasAgileVpn - ok
20:29:53.0048 1500	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:29:53.0126 1500	Rasl2tp - ok
20:29:53.0266 1500	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
20:29:53.0344 1500	RasPppoe - ok
20:29:53.0469 1500	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
20:29:53.0562 1500	RasSstp - ok
20:29:53.0687 1500	rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
20:29:53.0765 1500	rdbss - ok
20:29:53.0874 1500	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
20:29:53.0921 1500	rdpbus - ok
20:29:53.0968 1500	RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:29:54.0046 1500	RDPCDD - ok
20:29:54.0124 1500	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
20:29:54.0202 1500	RDPENCDD - ok
20:29:54.0280 1500	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
20:29:54.0342 1500	RDPREFMP - ok
20:29:54.0420 1500	RDPWD           (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
20:29:54.0498 1500	RDPWD - ok
20:29:54.0592 1500	rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
20:29:54.0623 1500	rdyboost - ok
20:29:54.0764 1500	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
20:29:54.0842 1500	rspndr - ok
20:29:54.0966 1500	RSUSBSTOR       (96f8dd546677aa5102150acc140377b3) C:\Windows\System32\Drivers\RtsUStor.sys
20:29:55.0029 1500	RSUSBSTOR - ok
20:29:55.0154 1500	RtsUIR - ok
20:29:55.0247 1500	sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
20:29:55.0278 1500	sbp2port - ok
20:29:55.0372 1500	SBRE            (c1ae5d1f53285d79a0b73a62af20734f) C:\Windows\system32\drivers\SBREdrv.sys
20:29:55.0403 1500	SBRE - ok
20:29:55.0497 1500	scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
20:29:55.0559 1500	scfilter - ok
20:29:55.0653 1500	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:29:55.0746 1500	secdrv - ok
20:29:55.0887 1500	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
20:29:55.0902 1500	Serenum - ok
20:29:55.0934 1500	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
20:29:55.0980 1500	Serial - ok
20:29:56.0090 1500	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
20:29:56.0136 1500	sermouse - ok
20:29:56.0230 1500	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
20:29:56.0277 1500	sffdisk - ok
20:29:56.0355 1500	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:29:56.0417 1500	sffp_mmc - ok
20:29:56.0464 1500	sffp_sd         (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:29:56.0511 1500	sffp_sd - ok
20:29:56.0620 1500	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
20:29:56.0651 1500	sfloppy - ok
20:29:56.0792 1500	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
20:29:56.0807 1500	sisagp - ok
20:29:56.0948 1500	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:29:56.0963 1500	SiSRaid2 - ok
20:29:57.0010 1500	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
20:29:57.0026 1500	SiSRaid4 - ok
20:29:57.0057 1500	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
20:29:57.0135 1500	Smb - ok
20:29:57.0260 1500	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
20:29:57.0275 1500	spldr - ok
20:29:57.0447 1500	srv             (2ba4ebc7dfba845a1edbe1f75913be33) C:\Windows\system32\DRIVERS\srv.sys
20:29:57.0525 1500	srv - ok
20:29:57.0650 1500	srv2            (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
20:29:57.0728 1500	srv2 - ok
20:29:57.0790 1500	srvnet          (b5665baa2120b8a54e22e9cd07c05106) C:\Windows\system32\DRIVERS\srvnet.sys
20:29:57.0868 1500	srvnet - ok
20:29:57.0977 1500	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
20:29:58.0008 1500	stexstor - ok
20:29:58.0071 1500	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
20:29:58.0102 1500	swenum - ok
20:29:58.0211 1500	SynTP           (47183e3520c88fadd5b0c87d57040da5) C:\Windows\system32\DRIVERS\SynTP.sys
20:29:58.0258 1500	SynTP - ok
20:29:58.0383 1500	Tcpip           (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
20:29:58.0476 1500	Tcpip - ok
20:29:58.0664 1500	TCPIP6          (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
20:29:58.0742 1500	TCPIP6 - ok
20:29:58.0866 1500	tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
20:29:58.0944 1500	tcpipreg - ok
20:29:59.0007 1500	TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
20:29:59.0085 1500	TDPIPE - ok
20:29:59.0178 1500	TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
20:29:59.0241 1500	TDTCP - ok
20:29:59.0303 1500	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
20:29:59.0381 1500	tdx - ok
20:29:59.0459 1500	TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
20:29:59.0490 1500	TermDD - ok
20:29:59.0662 1500	tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:29:59.0756 1500	tssecsrv - ok
20:29:59.0818 1500	tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
20:29:59.0896 1500	tunnel - ok
20:29:59.0974 1500	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
20:30:00.0005 1500	uagp35 - ok
20:30:00.0068 1500	udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
20:30:00.0146 1500	udfs - ok
20:30:00.0270 1500	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:30:00.0286 1500	uliagpkx - ok
20:30:00.0348 1500	umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
20:30:00.0380 1500	umbus - ok
20:30:00.0473 1500	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
20:30:00.0520 1500	UmPass - ok
20:30:00.0582 1500	usbccgp         (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
20:30:00.0614 1500	usbccgp - ok
20:30:00.0676 1500	USBCCID - ok
20:30:00.0785 1500	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
20:30:00.0832 1500	usbcir - ok
20:30:00.0926 1500	usbehci         (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
20:30:00.0957 1500	usbehci - ok
20:30:01.0082 1500	usbhub          (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
20:30:01.0128 1500	usbhub - ok
20:30:01.0238 1500	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
20:30:01.0284 1500	usbohci - ok
20:30:01.0409 1500	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
20:30:01.0456 1500	usbprint - ok
20:30:01.0565 1500	USBSTOR         (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:30:01.0612 1500	USBSTOR - ok
20:30:01.0752 1500	usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
20:30:01.0784 1500	usbuhci - ok
20:30:01.0908 1500	usbvideo        (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
20:30:01.0955 1500	usbvideo - ok
20:30:02.0064 1500	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:30:02.0096 1500	vdrvroot - ok
20:30:02.0205 1500	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
20:30:02.0267 1500	vga - ok
20:30:02.0376 1500	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
20:30:02.0454 1500	VgaSave - ok
20:30:02.0501 1500	vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
20:30:02.0532 1500	vhdmp - ok
20:30:02.0626 1500	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
20:30:02.0657 1500	viaagp - ok
20:30:02.0688 1500	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
20:30:02.0735 1500	ViaC7 - ok
20:30:02.0844 1500	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
20:30:02.0876 1500	viaide - ok
20:30:02.0938 1500	volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
20:30:02.0969 1500	volmgr - ok
20:30:03.0047 1500	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
20:30:03.0094 1500	volmgrx - ok
20:30:03.0141 1500	volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
20:30:03.0188 1500	volsnap - ok
20:30:03.0281 1500	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
20:30:03.0312 1500	vsmraid - ok
20:30:03.0390 1500	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
20:30:03.0437 1500	vwifibus - ok
20:30:03.0515 1500	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
20:30:03.0562 1500	vwififlt - ok
20:30:03.0702 1500	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
20:30:03.0749 1500	WacomPen - ok
20:30:03.0905 1500	WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
20:30:04.0030 1500	WANARP - ok
20:30:04.0030 1500	Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
20:30:04.0108 1500	Wanarpv6 - ok
20:30:04.0248 1500	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
20:30:04.0280 1500	Wd - ok
20:30:04.0326 1500	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:30:04.0373 1500	Wdf01000 - ok
20:30:04.0514 1500	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
20:30:04.0592 1500	WfpLwf - ok
20:30:04.0623 1500	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
20:30:04.0654 1500	WIMMount - ok
20:30:04.0872 1500	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:30:04.0919 1500	WmiAcpi - ok
20:30:05.0091 1500	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
20:30:05.0153 1500	ws2ifsl - ok
20:30:05.0309 1500	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
20:30:05.0387 1500	WudfPf - ok
20:30:05.0465 1500	MBR (0x1B8)     (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
20:30:05.0481 1500	\Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
20:30:05.0481 1500	\Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
20:30:05.0528 1500	\Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:30:05.0528 1500	\Device\Harddisk0\DR0 - detected TDSS File System (1)
20:30:05.0902 1500	MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
20:30:06.0167 1500	\Device\Harddisk1\DR1 - ok
20:30:06.0183 1500	Boot (0x1200)   (7660ea6416e04297d413913261325c31) \Device\Harddisk0\DR0\Partition0
20:30:06.0198 1500	\Device\Harddisk0\DR0\Partition0 - ok
20:30:06.0214 1500	Boot (0x1200)   (9aa35a4306d0f58c66f8a40b2982d2e6) \Device\Harddisk0\DR0\Partition1
20:30:06.0214 1500	\Device\Harddisk0\DR0\Partition1 - ok
20:30:06.0214 1500	Boot (0x1200)   (bcded0782081a2a4259b9e571daf9b2d) \Device\Harddisk1\DR1\Partition0
20:30:06.0230 1500	\Device\Harddisk1\DR1\Partition0 - ok
20:30:06.0230 1500	============================================================
20:30:06.0230 1500	Scan finished
20:30:06.0230 1500	============================================================
20:30:06.0261 1340	Detected object count: 2
20:30:06.0261 1340	Actual detected object count: 2
20:31:33.0465 1340	\Device\Harddisk0\DR0\# - copied to quarantine
20:31:33.0465 1340	\Device\Harddisk0\DR0 - copied to quarantine
20:31:33.0512 1340	\Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
20:31:33.0527 1340	\Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
20:31:33.0527 1340	\Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
20:31:33.0543 1340	\Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
20:31:33.0558 1340	\Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
20:31:33.0558 1340	\Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
20:31:33.0574 1340	\Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
20:31:33.0574 1340	\Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
20:31:33.0574 1340	\Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
20:31:33.0574 1340	\Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
20:31:33.0590 1340	\Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
20:31:33.0590 1340	\Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
20:31:33.0590 1340	\Device\Harddisk0\DR0 - ok
20:31:33.0761 1340	\Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 
20:31:33.0761 1340	\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:31:33.0761 1340	\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
20:31:36.0335 1868	Deinitialize success

  • 0

#4
CypherZ
Posted 07 March 2012 - 08:17 PM

CypherZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Okay, here's aswMBR. Do you want me to upload and then link to a .zip of the .dat?

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-07 20:38:17
-----------------------------
20:38:17.423    OS Version: Windows 6.1.7600 
20:38:17.423    Number of processors: 2 586 0x1C02
20:38:17.423    ComputerName: PSYBLASTER  UserName: 
20:38:34.083    Initialize success
20:38:51.509    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:38:51.524    Disk 0 Vendor: Hitachi_ FB2O Size: 152627MB BusType: 3
20:38:51.555    Disk 0 MBR read successfully
20:38:51.571    Disk 0 MBR scan
20:38:51.571    Disk 0 Windows 7 default MBR code
20:38:51.587    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        12291 MB offset 63
20:38:51.602    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          101 MB offset 25173855
20:38:51.633    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       140232 MB offset 25382700
20:38:51.649    Disk 0 scanning sectors +312579760
20:38:51.727    Disk 0 scanning C:\Windows\system32\drivers
20:38:57.639    Service scanning
20:39:16.781    Modules scanning
20:39:26.063    Disk 0 trace - called modules:
20:39:26.094    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys 
20:39:26.109    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84cd8880]
20:39:26.125    3 CLASSPNP.SYS[874b959e] -> nt!IofCallDriver -> [0x84886388]
20:39:26.156    5 ACPI.sys[86e1f3b2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84317028]
20:39:26.187    Scan finished successfully
20:39:47.606    Disk 0 MBR has been saved successfully to "C:\Users\T.K Balanga\Desktop\MBR.dat"
20:39:47.653    The log file has been saved successfully to "C:\Users\T.K Balanga\Desktop\aswMBR.txt"

  • 0

#5
CypherZ
Posted 07 March 2012 - 08:20 PM

CypherZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Now for that BIG problem; I can't run Combofix without a Warning!! prompt popping up that McAfee VirusScan needs to be disabled. McAfeeVirusScan (that piece of crap was automatically installed when I did my factory restore before) keeps getting in the way when I clearly uninstalled the thing. Pull up the Task manager, nothing.

Of course when I search for it using Windows Explorer, a good number of the McAfee files are still there. And then Windows Explorer freezes up.

What do.

Edited by CypherZ, 07 March 2012 - 08:21 PM.

  • 0

#6
maliprog
Posted 08 March 2012 - 12:54 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Download McAfee Removal Tool and run it in order to clear all McAfee files.

After that try to run Combofix as I described before.
  • 0

#7
CypherZ
Posted 08 March 2012 - 01:26 AM

CypherZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Tried it now. I'm getting an error message when I do. "Unsuccessful. Error obtaining full permissions for cleanup. See log for details."

When I click to see the log, I get another message telling me "The process cannot access the file because it is being used by another process."
  • 0

#8
maliprog
Posted 08 March 2012 - 02:21 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
TDSSKiller deleted main infection. Can you restart your system now and test it for problems. Let me know results.
  • 0

#9
CypherZ
Posted 08 March 2012 - 06:30 PM

CypherZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Everything seems to be running fine without safe mode, no BSOD or other problems so far for the last few hours. I was able to update MBAM, and get onto Chrome without being redirected which I know is a great sign.
  • 0

#10
maliprog
Posted 09 March 2012 - 12:00 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
That is great news. Leave Combofix for now. Let's run VRT.

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#11
maliprog
Posted 15 March 2012 - 12:03 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP