Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Comcast says I have a bot infection [Solved]


  • This topic is locked This topic is locked

#1
DamionIllusionist

DamionIllusionist

    Member

  • Member
  • PipPipPip
  • 103 posts
Need to check my system due to Comcast saying I have a bot on my system. Below is my OTL log.


OTL logfile created on: 3/4/2012 2:46:02 PM - Run 2
OTL by OldTimer - Version 3.2.35.1 Folder = E:\
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 50.98% Memory free
4.00 Gb Paging File | 3.15 Gb Available in Paging File | 78.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 353.08 Gb Free Space | 75.81% Space Free | Partition Type: NTFS
Drive D: | 3.91 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 988.70 Mb Total Space | 961.89 Mb Free Space | 97.29% Space Free | Partition Type: FAT

Computer Name: DAMIONSPC | User Name: Damion | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/04 13:39:00 | 000,584,704 | ---- | M] (OldTimer Tools) -- E:\OTL.com
PRC - [2012/02/15 17:18:22 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/13 14:53:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/15 17:18:22 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/14 18:51:54 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/19 08:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/12 13:23:38 | 000,512,000 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe -- (UDisk Monitor)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/18 08:39:27 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/09/15 23:55:03 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/09/15 23:55:03 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/08/19 08:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) QuickCam Orbit/Sphere AF(UVC)
DRV:64bit: - [2011/08/19 08:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/05/09 17:09:00 | 000,122,368 | ---- | M] (Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT_U_USBSER.sys -- (Generalusbserialser20675)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/09 14:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2009/12/04 09:26:56 | 000,462,968 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psabusbu.sys -- (PRESONUS_AUDIOBOX_USB)
DRV:64bit: - [2009/12/04 09:26:56 | 000,050,808 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psabusba.sys -- (PRESONUS_AUDIOBOX_WDM)
DRV:64bit: - [2009/12/04 09:26:56 | 000,037,496 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psabusbm.sys -- (PRESONUS_AUDIOBOX_MIDI)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 15:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 14:35:58 | 000,047,872 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fet6x64.sys -- (FETNDIS)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/10/17 02:11:56 | 001,023,488 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VTGKModeDX64.sys -- (S3GIGP)
DRV:64bit: - [2006/12/05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 81 F8 AA 7F 3E EC CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.myspace.com/"
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.3
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SmileyCentral_1v.com/Plugin: C:\Program Files (x86)\SmileyCentral_1v\bar\1.bin\NP1vStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@vizzed.com/VizzedRGR: C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]_1v.com: C:\Program Files (x86)\SmileyCentral_1v\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/15 17:18:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/21 19:27:41 | 000,000,000 | ---D | M]

[2010/12/06 23:32:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Damion\AppData\Roaming\Mozilla\Extensions
[2011/11/18 21:54:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Damion\AppData\Roaming\Mozilla\Firefox\Profiles\hiec5ho8.default\extensions
[2011/11/18 21:54:04 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Damion\AppData\Roaming\Mozilla\Firefox\Profiles\hiec5ho8.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/08/13 21:00:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Damion\AppData\Roaming\Mozilla\Firefox\Profiles\hiec5ho8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/10/06 22:02:07 | 000,000,000 | ---D | M] (Dictionnaire français «Classique») -- C:\Users\Damion\AppData\Roaming\Mozilla\Firefox\Profiles\hiec5ho8.default\extensions\[email protected]
[2011/10/06 22:02:08 | 000,000,000 | ---D | M] (Dictionnaire français «Moderne») -- C:\Users\Damion\AppData\Roaming\Mozilla\Firefox\Profiles\hiec5ho8.default\extensions\[email protected]
[2011/11/23 20:50:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/15 17:18:23 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/15 17:18:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/15 17:18:18 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/01/24 07:41:17 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [S3Funkey] C:\Windows\SysNative\S3Funkey.exe (S3 Graphics Co., Ltd.)
O4:64bit: - HKLM..\Run: [S3Trayp] C:\Windows\SysNative\s3trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [cdloader] C:\Users\Damion\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Damion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Damion\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Damion\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Damion\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Damion\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A04F70C-A0EA-4700-8AAB-5F74E9566C3A}: DhcpNameServer = 10.1.10.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4c16c6a8-6c71-11e0-9c99-00e04d89a299}\Shell - "" = AutoRun
O33 - MountPoints2\{4c16c6a8-6c71-11e0-9c99-00e04d89a299}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{86f405fc-f133-11e0-8758-00e04d89a299}\Shell - "" = AutoRun
O33 - MountPoints2\{86f405fc-f133-11e0-8758-00e04d89a299}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Setup.exe
O33 - MountPoints2\{fdd90ecb-01d1-11e0-bfe8-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{fdd90ecb-01d1-11e0-bfe8-806e6f6e6963}\Shell\phone\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/26 11:40:03 | 000,000,000 | ---D | C] -- C:\Users\Damion\AppData\Local\{0991AF20-72C4-4B87-B902-BAA2644D4A2F}
[2012/02/26 11:14:44 | 000,000,000 | ---D | C] -- C:\Users\Damion\AppData\Local\{7A9CCE1E-57EE-4040-A5DF-84AF43D0796E}
[2012/02/25 12:38:46 | 000,000,000 | ---D | C] -- C:\Users\Damion\AppData\Local\{A4F2AECA-53CE-4231-8AE6-4E7DC466F3B1}
[2012/02/24 18:16:49 | 000,000,000 | ---D | C] -- C:\Users\Damion\AppData\Local\{8E93104C-1070-43CE-8D44-00E74F5523E1}
[2012/02/18 03:01:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/17 21:50:31 | 000,000,000 | ---D | C] -- C:\Users\Damion\AppData\Local\{5DE3E377-CFB6-477C-8EDC-7142B11B5E72}
[2012/02/17 18:18:07 | 000,000,000 | ---D | C] -- C:\Users\Damion\AppData\Local\{655B42F9-94CD-4504-AC84-411A6321CF92}
[2012/02/16 20:35:24 | 000,000,000 | ---D | C] -- C:\Users\Damion\AppData\Roaming\Avira
[2012/02/16 20:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/02/16 20:34:39 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/02/16 20:34:38 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/02/16 20:34:38 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/02/16 20:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/02/16 20:34:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/02/16 19:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/02/16 19:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/02/15 19:04:26 | 000,000,000 | ---D | C] -- C:\Users\Damion\AppData\Local\{D96B70F6-C82A-4C5C-8F8F-2FB143FB0DB8}
[2012/02/15 19:04:14 | 000,000,000 | ---D | C] -- C:\Users\Damion\AppData\Local\{A8119B09-BCA8-428B-B7F6-19FBA8B0D6EF}
[2012/02/03 17:49:32 | 000,000,000 | ---D | C] -- C:\Users\Damion\AppData\Local\{E99B5B1B-7C39-472C-A86A-4878D1639980}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/04 14:24:17 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/04 14:24:17 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/04 14:24:17 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/04 14:17:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/04 14:16:57 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/04 13:49:54 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/26 11:47:03 | 000,015,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/26 11:47:03 | 000,015,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/26 11:12:05 | 000,009,598 | ---- | M] () -- C:\Users\Damion\Desktop\Finances.ods
[2012/02/25 13:04:43 | 000,010,588 | ---- | M] () -- C:\Users\Damion\Desktop\appartment spreadsheet.ods
[2012/02/16 20:35:01 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/02/16 20:31:49 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/02/16 19:30:02 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/02/15 17:18:24 | 000,002,048 | ---- | M] () -- C:\Users\Damion\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/15 03:25:25 | 000,321,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/16 20:35:01 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/02/07 19:37:12 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/10/02 15:43:40 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/19 08:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/08/19 08:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/08/19 08:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/07/16 16:55:07 | 000,191,692 | ---- | C] () -- C:\Users\Damion\AppData\Roaming\MAnalyzerpresets.xml
[2011/07/16 16:55:07 | 000,013,964 | ---- | C] () -- C:\Users\Damion\AppData\Roaming\MFlangerpresets.xml
[2011/07/16 16:55:07 | 000,009,119 | ---- | C] () -- C:\Users\Damion\AppData\Roaming\MFreqShifterpresets.xml
[2011/07/16 16:55:07 | 000,007,130 | ---- | C] () -- C:\Users\Damion\AppData\Roaming\MEqualizerpresets.xml
[2011/07/16 16:55:07 | 000,006,687 | ---- | C] () -- C:\Users\Damion\AppData\Roaming\menvelopepresets.xml
[2011/07/16 16:55:07 | 000,006,444 | ---- | C] () -- C:\Users\Damion\AppData\Roaming\MCompressorpresets.xml
[2011/07/16 16:55:07 | 000,005,138 | ---- | C] () -- C:\Users\Damion\AppData\Roaming\MWaveShaperpresets.xml
[2011/07/16 16:55:07 | 000,004,362 | ---- | C] () -- C:\Users\Damion\AppData\Roaming\MPhaserpresets.xml
[2011/07/16 16:55:07 | 000,003,771 | ---- | C] () -- C:\Users\Damion\AppData\Roaming\MRingModulatorpresets.xml
[2011/07/16 16:55:07 | 000,002,820 | ---- | C] () -- C:\Users\Damion\AppData\Roaming\MEqualizerAreasEditorpresets.xml
[2011/07/16 16:55:07 | 000,002,775 | ---- | C] () -- C:\Users\Damion\AppData\Roaming\MStereoExpanderpresets.xml
[2011/07/16 16:55:07 | 000,002,666 | ---- | C] () -- C:\Users\Damion\AppData\Roaming\MVibratopresets.xml
[2011/07/16 16:55:07 | 000,002,492 | ---- | C] () -- C:\Users\Damion\AppData\Roaming\MSpectralAnalyzerPrefilterpresets.xml
[2011/07/16 16:55:07 | 000,002,366 | ---- | C] () -- C:\Users\Damion\AppData\Roaming\MTremolopresets.xml
[2011/07/16 16:55:07 | 000,001,907 | ---- | C] () -- C:\Users\Damion\AppData\Roaming\MAutopanpresets.xml
[2011/07/16 16:55:07 | 000,001,381 | ---- | C] () -- C:\Users\Damion\AppData\Roaming\MLimiterpresets.xml
[2011/07/16 16:55:07 | 000,001,235 | ---- | C] () -- C:\Users\Damion\AppData\Roaming\mbasestyleconfigurationpresets.xml
[2011/07/16 16:55:07 | 000,001,011 | ---- | C] () -- C:\Users\Damion\AppData\Roaming\MValueToColor5presets.xml
[2011/03/02 18:07:14 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011/02/21 17:43:35 | 000,000,088 | RHS- | C] () -- C:\ProgramData\5356AA089E.sys
[2010/12/30 15:02:07 | 000,148,195 | ---- | C] () -- C:\Program Files (x86)\Common Files\BookViewer.xap
[2010/12/30 14:51:09 | 000,003,584 | ---- | C] () -- C:\Users\Damion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/30 14:49:24 | 000,005,018 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/12/25 19:53:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2010/12/12 23:21:24 | 000,000,000 | ---D | M] -- C:\Users\Damion\AppData\Roaming\Acoustica
[2011/01/05 22:58:46 | 000,000,000 | ---D | M] -- C:\Users\Damion\AppData\Roaming\Applied Acoustics Systems
[2011/09/09 08:16:53 | 000,000,000 | ---D | M] -- C:\Users\Damion\AppData\Roaming\BitTorrent
[2011/07/16 17:17:46 | 000,000,000 | ---D | M] -- C:\Users\Damion\AppData\Roaming\Blue Cat Audio
[2011/10/02 17:12:32 | 000,000,000 | ---D | M] -- C:\Users\Damion\AppData\Roaming\DVDVideoSoft
[2011/07/16 18:54:26 | 000,000,000 | ---D | M] -- C:\Users\Damion\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/03/03 13:16:08 | 000,000,000 | ---D | M] -- C:\Users\Damion\AppData\Roaming\MAGIX
[2011/08/25 23:35:48 | 000,000,000 | ---D | M] -- C:\Users\Damion\AppData\Roaming\mjusbsp
[2011/07/16 16:55:06 | 000,000,000 | ---D | M] -- C:\Users\Damion\AppData\Roaming\MTexturedStyles
[2011/09/19 14:30:36 | 000,000,000 | ---D | M] -- C:\Users\Damion\AppData\Roaming\OpenOffice.org
[2011/03/27 15:25:38 | 000,000,000 | ---D | M] -- C:\Users\Damion\AppData\Roaming\PreSonus
[2010/12/21 13:28:01 | 000,000,000 | ---D | M] -- C:\Users\Damion\AppData\Roaming\SPORE
[2010/12/12 23:22:19 | 000,000,000 | ---D | M] -- C:\Users\Damion\AppData\Roaming\SynthMaker
[2011/11/06 17:28:00 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there could you run the following programme for me, if it asks to download definitions let it do so please

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
DamionIllusionist

DamionIllusionist

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Here is the log:


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-04 15:34:42
-----------------------------
15:34:42.476 OS Version: Windows x64 6.1.7601 Service Pack 1
15:34:42.476 Number of processors: 2 586 0xF0D
15:34:42.476 ComputerName: DAMIONSPC UserName: Damion
15:34:43.646 Initialize success
15:35:25.205 AVAST engine download error: 0
15:35:48.964 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:35:48.964 Disk 0 Vendor: WDC_WD5000AAKS-00V1A0 05.01D05 Size: 476940MB BusType: 3
15:35:49.026 Disk 0 MBR read successfully
15:35:49.026 Disk 0 MBR scan
15:35:49.026 Disk 0 Windows 7 default MBR code
15:35:49.026 Disk 0 MBR hidden
15:35:49.042 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 476937 MB offset 63
15:35:49.073 Disk 0 Partition 2 80 (A) 17 Hidd HPFS/NTFS NTFS 2 MB offset 976768065
15:35:49.104 Disk 0 Partition 2 **SUSPICIOUS**
15:35:49.151 Disk 0 scanning C:\Windows\system32\drivers
15:35:55.843 Service scanning
15:36:06.841 Modules scanning
15:36:06.841 Disk 0 trace - called modules:
15:36:06.919 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80027a5334]<<ataport.SYS viaide.sys PCIIDEX.SYS hal.dll atapi.sys
15:36:06.919 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800278d060]
15:36:06.966 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa800262a520]
15:36:06.982 5 ACPI.sys[fffff88000f6a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002238060]
15:36:06.982 \Driver\atapi[0xfffffa8002614e70] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80027a5334
15:36:06.997 Scan finished successfully
15:36:45.139 Disk 0 MBR has been saved successfully to "C:\Users\Damion\Desktop\MBR.dat"
15:36:45.139 The log file has been saved successfully to "C:\Users\Damion\Desktop\aswMBR.txt"
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK here we go

We need to open an elevated command prompt

Go Start > All Programs > Accessories
Right click command prompt and select run as administrator
In the black box that opens copy and paste the following command and then press enter

aswMBR.exe -ap 1

As sson as aswMBR has finished reboot and re-run the aswMBR scan again please
  • 0

#5
DamionIllusionist

DamionIllusionist

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
not recognized as an internal or external command
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK so they have caught on to that - we will try TDSSKiller which will take a little longer and it may not fix it - but we will cross that bridge when we get to it

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#7
DamionIllusionist

DamionIllusionist

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Success!!!!!



15:57:20.0553 1064 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
15:57:20.0896 1064 ============================================================
15:57:20.0896 1064 Current date / time: 2012/03/04 15:57:20.0896
15:57:20.0896 1064 SystemInfo:
15:57:20.0896 1064
15:57:20.0896 1064 OS Version: 6.1.7601 ServicePack: 1.0
15:57:20.0896 1064 Product type: Workstation
15:57:20.0896 1064 ComputerName: DAMIONSPC
15:57:20.0896 1064 UserName: Damion
15:57:20.0896 1064 Windows directory: C:\Windows
15:57:20.0896 1064 System windows directory: C:\Windows
15:57:20.0896 1064 Running under WOW64
15:57:20.0896 1064 Processor architecture: Intel x64
15:57:20.0896 1064 Number of processors: 2
15:57:20.0896 1064 Page size: 0x1000
15:57:20.0896 1064 Boot type: Safe boot with network
15:57:20.0896 1064 ============================================================
15:57:21.0895 1064 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:57:21.0895 1064 \Device\Harddisk0\DR0:
15:57:21.0910 1064 MBR used
15:57:21.0910 1064 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
15:57:21.0926 1064 Initialize success
15:57:21.0926 1064 ============================================================
15:57:48.0852 1108 ============================================================
15:57:48.0852 1108 Scan started
15:57:48.0852 1108 Mode: Manual; SigCheck; TDLFS;
15:57:48.0852 1108 ============================================================
15:57:49.0429 1108 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:57:49.0647 1108 1394ohci - ok
15:57:49.0710 1108 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:57:49.0725 1108 ACPI - ok
15:57:49.0772 1108 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:57:49.0866 1108 AcpiPmi - ok
15:57:49.0913 1108 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:57:49.0944 1108 adp94xx - ok
15:57:50.0006 1108 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:57:50.0022 1108 adpahci - ok
15:57:50.0037 1108 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:57:50.0053 1108 adpu320 - ok
15:57:50.0178 1108 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:57:50.0240 1108 AFD - ok
15:57:50.0271 1108 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:57:50.0287 1108 agp440 - ok
15:57:50.0334 1108 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:57:50.0334 1108 aliide - ok
15:57:50.0365 1108 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:57:50.0381 1108 amdide - ok
15:57:50.0396 1108 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:57:50.0459 1108 AmdK8 - ok
15:57:50.0521 1108 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:57:50.0552 1108 AmdPPM - ok
15:57:50.0583 1108 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:57:50.0583 1108 amdsata - ok
15:57:50.0615 1108 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:57:50.0615 1108 amdsbs - ok
15:57:50.0646 1108 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:57:50.0661 1108 amdxata - ok
15:57:50.0693 1108 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:57:50.0817 1108 AppID - ok
15:57:50.0849 1108 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:57:50.0864 1108 arc - ok
15:57:50.0895 1108 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:57:50.0895 1108 arcsas - ok
15:57:50.0911 1108 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:57:51.0051 1108 AsyncMac - ok
15:57:51.0083 1108 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:57:51.0098 1108 atapi - ok
15:57:51.0207 1108 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\drivers\atikmdag.sys
15:57:51.0395 1108 atikmdag - ok
15:57:51.0441 1108 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
15:57:51.0722 1108 avgntflt - ok
15:57:51.0738 1108 avipbb (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys
15:57:51.0753 1108 avipbb - ok
15:57:51.0769 1108 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
15:57:51.0785 1108 avkmgr - ok
15:57:51.0816 1108 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:57:51.0894 1108 b06bdrv - ok
15:57:51.0909 1108 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:57:51.0941 1108 b57nd60a - ok
15:57:51.0972 1108 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:57:52.0034 1108 Beep - ok
15:57:52.0050 1108 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:57:52.0081 1108 blbdrive - ok
15:57:52.0112 1108 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:57:52.0159 1108 bowser - ok
15:57:52.0175 1108 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:57:52.0206 1108 BrFiltLo - ok
15:57:52.0237 1108 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:57:52.0253 1108 BrFiltUp - ok
15:57:52.0284 1108 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:57:52.0331 1108 Brserid - ok
15:57:52.0346 1108 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:57:52.0377 1108 BrSerWdm - ok
15:57:52.0393 1108 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:57:52.0409 1108 BrUsbMdm - ok
15:57:52.0440 1108 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:57:52.0455 1108 BrUsbSer - ok
15:57:52.0487 1108 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:57:52.0502 1108 BTHMODEM - ok
15:57:52.0549 1108 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
15:57:52.0611 1108 BTHPORT - ok
15:57:52.0627 1108 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
15:57:52.0643 1108 BTHUSB - ok
15:57:52.0658 1108 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:57:52.0721 1108 cdfs - ok
15:57:52.0752 1108 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:57:52.0799 1108 cdrom - ok
15:57:52.0830 1108 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:57:52.0861 1108 circlass - ok
15:57:52.0892 1108 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:57:52.0908 1108 CLFS - ok
15:57:52.0955 1108 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:57:52.0955 1108 CmBatt - ok
15:57:52.0986 1108 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:57:53.0001 1108 cmdide - ok
15:57:53.0033 1108 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:57:53.0079 1108 CNG - ok
15:57:53.0095 1108 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:57:53.0111 1108 Compbatt - ok
15:57:53.0157 1108 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:57:53.0189 1108 CompositeBus - ok
15:57:53.0220 1108 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
15:57:53.0235 1108 cpuz135 - ok
15:57:53.0251 1108 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:57:53.0267 1108 crcdisk - ok
15:57:53.0329 1108 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:57:53.0391 1108 CSC - ok
15:57:53.0438 1108 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:57:53.0485 1108 DfsC - ok
15:57:53.0516 1108 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:57:53.0547 1108 discache - ok
15:57:53.0579 1108 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:57:53.0579 1108 Disk - ok
15:57:53.0610 1108 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:57:53.0641 1108 drmkaud - ok
15:57:53.0688 1108 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:57:53.0719 1108 DXGKrnl - ok
15:57:53.0813 1108 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:57:53.0906 1108 ebdrv - ok
15:57:53.0937 1108 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:57:53.0969 1108 elxstor - ok
15:57:54.0000 1108 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:57:54.0031 1108 ErrDev - ok
15:57:54.0078 1108 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:57:54.0109 1108 exfat - ok
15:57:54.0140 1108 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:57:54.0187 1108 fastfat - ok
15:57:54.0203 1108 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:57:54.0234 1108 fdc - ok
15:57:54.0265 1108 FETNDIS (ecce54654a19f6cc5e526696680c1827) C:\Windows\system32\DRIVERS\fet6x64.sys
15:57:54.0296 1108 FETNDIS - ok
15:57:54.0327 1108 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:57:54.0327 1108 FileInfo - ok
15:57:54.0359 1108 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:57:54.0405 1108 Filetrace - ok
15:57:54.0421 1108 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:57:54.0437 1108 flpydisk - ok
15:57:54.0483 1108 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:57:54.0499 1108 FltMgr - ok
15:57:54.0530 1108 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:57:54.0530 1108 FsDepends - ok
15:57:54.0561 1108 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:57:54.0561 1108 Fs_Rec - ok
15:57:54.0608 1108 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:57:54.0624 1108 fvevol - ok
15:57:54.0639 1108 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:57:54.0655 1108 gagp30kx - ok
15:57:54.0686 1108 Generalusbserialser20675 (22b6be519c112fd9c6ada3c96b54ec15) C:\Windows\system32\DRIVERS\CT_U_USBSER.sys
15:57:54.0733 1108 Generalusbserialser20675 - ok
15:57:54.0749 1108 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:57:54.0811 1108 hcw85cir - ok
15:57:54.0858 1108 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:57:54.0889 1108 HdAudAddService - ok
15:57:54.0905 1108 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:57:54.0951 1108 HDAudBus - ok
15:57:54.0967 1108 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:57:54.0998 1108 HidBatt - ok
15:57:55.0029 1108 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:57:55.0061 1108 HidBth - ok
15:57:55.0092 1108 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:57:55.0123 1108 HidIr - ok
15:57:55.0170 1108 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:57:55.0185 1108 HidUsb - ok
15:57:55.0217 1108 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:57:55.0232 1108 HpSAMD - ok
15:57:55.0279 1108 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:57:55.0341 1108 HTTP - ok
15:57:55.0388 1108 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:57:55.0404 1108 hwpolicy - ok
15:57:55.0419 1108 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:57:55.0435 1108 i8042prt - ok
15:57:55.0466 1108 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:57:55.0482 1108 iaStorV - ok
15:57:55.0513 1108 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:57:55.0513 1108 iirsp - ok
15:57:55.0544 1108 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:57:55.0544 1108 intelide - ok
15:57:55.0560 1108 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:57:55.0591 1108 intelppm - ok
15:57:55.0638 1108 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:57:55.0685 1108 IpFilterDriver - ok
15:57:55.0716 1108 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:57:55.0731 1108 IPMIDRV - ok
15:57:55.0763 1108 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:57:55.0825 1108 IPNAT - ok
15:57:55.0841 1108 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:57:55.0903 1108 IRENUM - ok
15:57:55.0919 1108 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:57:55.0934 1108 isapnp - ok
15:57:55.0965 1108 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:57:55.0981 1108 iScsiPrt - ok
15:57:56.0012 1108 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:57:56.0012 1108 kbdclass - ok
15:57:56.0043 1108 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:57:56.0059 1108 kbdhid - ok
15:57:56.0106 1108 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:57:56.0106 1108 KSecDD - ok
15:57:56.0153 1108 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:57:56.0168 1108 KSecPkg - ok
15:57:56.0184 1108 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:57:56.0231 1108 ksthunk - ok
15:57:56.0277 1108 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:57:56.0324 1108 lltdio - ok
15:57:56.0355 1108 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:57:56.0371 1108 LSI_FC - ok
15:57:56.0387 1108 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:57:56.0402 1108 LSI_SAS - ok
15:57:56.0418 1108 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:57:56.0433 1108 LSI_SAS2 - ok
15:57:56.0449 1108 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:57:56.0465 1108 LSI_SCSI - ok
15:57:56.0480 1108 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:57:56.0527 1108 luafv - ok
15:57:56.0574 1108 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
15:57:56.0589 1108 LVRS64 - ok
15:57:56.0761 1108 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
15:57:56.0886 1108 LVUVC64 - ok
15:57:56.0901 1108 MBAMProtector - ok
15:57:56.0933 1108 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:57:56.0933 1108 megasas - ok
15:57:56.0964 1108 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:57:56.0979 1108 MegaSR - ok
15:57:56.0995 1108 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:57:57.0057 1108 Modem - ok
15:57:57.0120 1108 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:57:57.0167 1108 monitor - ok
15:57:57.0182 1108 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:57:57.0198 1108 mouclass - ok
15:57:57.0229 1108 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:57:57.0245 1108 mouhid - ok
15:57:57.0291 1108 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:57:57.0291 1108 mountmgr - ok
15:57:57.0338 1108 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:57:57.0354 1108 mpio - ok
15:57:57.0385 1108 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:57:57.0432 1108 mpsdrv - ok
15:57:57.0494 1108 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:57:57.0541 1108 MRxDAV - ok
15:57:57.0572 1108 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:57:57.0635 1108 mrxsmb - ok
15:57:57.0681 1108 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:57:57.0713 1108 mrxsmb10 - ok
15:57:57.0744 1108 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:57:57.0759 1108 mrxsmb20 - ok
15:57:57.0837 1108 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:57:57.0853 1108 msahci - ok
15:57:57.0869 1108 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:57:57.0884 1108 msdsm - ok
15:57:57.0915 1108 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:57:57.0978 1108 Msfs - ok
15:57:57.0993 1108 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:57:58.0056 1108 mshidkmdf - ok
15:57:58.0071 1108 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:57:58.0087 1108 msisadrv - ok
15:57:58.0118 1108 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:57:58.0165 1108 MSKSSRV - ok
15:57:58.0196 1108 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:57:58.0243 1108 MSPCLOCK - ok
15:57:58.0259 1108 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:57:58.0321 1108 MSPQM - ok
15:57:58.0352 1108 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:57:58.0383 1108 MsRPC - ok
15:57:58.0399 1108 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:57:58.0415 1108 mssmbios - ok
15:57:58.0430 1108 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:57:58.0461 1108 MSTEE - ok
15:57:58.0493 1108 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:57:58.0508 1108 MTConfig - ok
15:57:58.0539 1108 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:57:58.0555 1108 Mup - ok
15:57:58.0633 1108 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:57:58.0664 1108 NativeWifiP - ok
15:57:58.0711 1108 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:57:58.0742 1108 NDIS - ok
15:57:58.0758 1108 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:57:58.0805 1108 NdisCap - ok
15:57:58.0820 1108 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:57:58.0867 1108 NdisTapi - ok
15:57:58.0898 1108 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:57:58.0945 1108 Ndisuio - ok
15:57:59.0007 1108 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:57:59.0054 1108 NdisWan - ok
15:57:59.0132 1108 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:57:59.0179 1108 NDProxy - ok
15:57:59.0241 1108 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:57:59.0288 1108 NetBIOS - ok
15:57:59.0304 1108 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:57:59.0366 1108 NetBT - ok
15:57:59.0413 1108 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:57:59.0413 1108 nfrd960 - ok
15:57:59.0491 1108 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:57:59.0522 1108 Npfs - ok
15:57:59.0553 1108 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:57:59.0585 1108 nsiproxy - ok
15:57:59.0647 1108 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:57:59.0694 1108 Ntfs - ok
15:57:59.0709 1108 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:57:59.0772 1108 Null - ok
15:57:59.0803 1108 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:57:59.0819 1108 nvraid - ok
15:57:59.0865 1108 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:57:59.0881 1108 nvstor - ok
15:57:59.0897 1108 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:57:59.0912 1108 nv_agp - ok
15:57:59.0943 1108 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:57:59.0959 1108 ohci1394 - ok
15:57:59.0990 1108 PAC207 (3a6dceb1848470320e4a3c12d7a35b1c) C:\Windows\system32\DRIVERS\PFC027.SYS
15:58:00.0037 1108 PAC207 - ok
15:58:00.0068 1108 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:58:00.0068 1108 Parport - ok
15:58:00.0115 1108 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:58:00.0131 1108 partmgr - ok
15:58:00.0146 1108 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:58:00.0162 1108 pci - ok
15:58:00.0177 1108 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:58:00.0193 1108 pciide - ok
15:58:00.0209 1108 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:58:00.0224 1108 pcmcia - ok
15:58:00.0240 1108 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:58:00.0255 1108 pcw - ok
15:58:00.0287 1108 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:58:00.0349 1108 PEAUTH - ok
15:58:00.0411 1108 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:58:00.0458 1108 PptpMiniport - ok
15:58:00.0489 1108 PRESONUS_AUDIOBOX_MIDI (87d84513e913011ce408bfa99903965c) C:\Windows\system32\drivers\psabusbm.sys
15:58:00.0505 1108 PRESONUS_AUDIOBOX_MIDI - ok
15:58:00.0552 1108 PRESONUS_AUDIOBOX_USB (96d337f025abafe7cadddec495413895) C:\Windows\system32\Drivers\psabusbu.sys
15:58:00.0567 1108 PRESONUS_AUDIOBOX_USB - ok
15:58:00.0583 1108 PRESONUS_AUDIOBOX_WDM (5f1134087929e1a0d3a8e0bbdec89a8b) C:\Windows\system32\drivers\psabusba.sys
15:58:00.0599 1108 PRESONUS_AUDIOBOX_WDM - ok
15:58:00.0614 1108 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:58:00.0645 1108 Processor - ok
15:58:00.0677 1108 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:58:00.0739 1108 Psched - ok
15:58:00.0786 1108 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:58:00.0833 1108 ql2300 - ok
15:58:00.0864 1108 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:58:00.0879 1108 ql40xx - ok
15:58:00.0895 1108 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:58:00.0926 1108 QWAVEdrv - ok
15:58:00.0942 1108 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:58:00.0989 1108 RasAcd - ok
15:58:01.0004 1108 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:58:01.0035 1108 RasAgileVpn - ok
15:58:01.0082 1108 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:58:01.0129 1108 Rasl2tp - ok
15:58:01.0160 1108 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:58:01.0191 1108 RasPppoe - ok
15:58:01.0223 1108 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:58:01.0254 1108 RasSstp - ok
15:58:01.0269 1108 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:58:01.0332 1108 rdbss - ok
15:58:01.0347 1108 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:58:01.0363 1108 rdpbus - ok
15:58:01.0379 1108 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:58:01.0425 1108 RDPCDD - ok
15:58:01.0457 1108 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:58:01.0519 1108 RDPDR - ok
15:58:01.0535 1108 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:58:01.0581 1108 RDPENCDD - ok
15:58:01.0613 1108 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:58:01.0644 1108 RDPREFMP - ok
15:58:01.0691 1108 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:58:01.0722 1108 RDPWD - ok
15:58:01.0769 1108 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:58:01.0769 1108 rdyboost - ok
15:58:01.0831 1108 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:58:01.0878 1108 rspndr - ok
15:58:01.0909 1108 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:58:01.0940 1108 s3cap - ok
15:58:02.0003 1108 S3GIGP (ec7a66f88756f2d3124b73d68cf5e268) C:\Windows\system32\DRIVERS\VTGKModeDX64.sys
15:58:02.0065 1108 S3GIGP - ok
15:58:02.0096 1108 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:58:02.0112 1108 sbp2port - ok
15:58:02.0143 1108 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:58:02.0190 1108 scfilter - ok
15:58:02.0221 1108 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:58:02.0283 1108 secdrv - ok
15:58:02.0315 1108 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:58:02.0330 1108 Serenum - ok
15:58:02.0361 1108 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:58:02.0377 1108 Serial - ok
15:58:02.0393 1108 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:58:02.0424 1108 sermouse - ok
15:58:02.0471 1108 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:58:02.0486 1108 sffdisk - ok
15:58:02.0502 1108 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:58:02.0517 1108 sffp_mmc - ok
15:58:02.0533 1108 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:58:02.0564 1108 sffp_sd - ok
15:58:02.0595 1108 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:58:02.0595 1108 sfloppy - ok
15:58:02.0627 1108 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:58:02.0642 1108 SiSRaid2 - ok
15:58:02.0673 1108 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:58:02.0689 1108 SiSRaid4 - ok
15:58:02.0705 1108 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:58:02.0736 1108 Smb - ok
15:58:02.0767 1108 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:58:02.0783 1108 spldr - ok
15:58:02.0845 1108 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:58:02.0861 1108 srv - ok
15:58:02.0892 1108 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:58:02.0907 1108 srv2 - ok
15:58:02.0939 1108 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:58:02.0939 1108 srvnet - ok
15:58:02.0970 1108 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:58:02.0985 1108 stexstor - ok
15:58:03.0017 1108 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:58:03.0032 1108 storflt - ok
15:58:03.0048 1108 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:58:03.0063 1108 storvsc - ok
15:58:03.0079 1108 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:58:03.0095 1108 swenum - ok
15:58:03.0173 1108 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:58:03.0235 1108 Tcpip - ok
15:58:03.0282 1108 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:58:03.0329 1108 TCPIP6 - ok
15:58:03.0375 1108 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:58:03.0422 1108 tcpipreg - ok
15:58:03.0453 1108 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:58:03.0500 1108 TDPIPE - ok
15:58:03.0531 1108 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:58:03.0563 1108 TDTCP - ok
15:58:03.0609 1108 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:58:03.0641 1108 tdx - ok
15:58:03.0656 1108 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:58:03.0672 1108 TermDD - ok
15:58:03.0734 1108 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:58:03.0781 1108 tssecsrv - ok
15:58:03.0797 1108 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:58:03.0843 1108 TsUsbFlt - ok
15:58:03.0875 1108 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:58:03.0937 1108 tunnel - ok
15:58:03.0953 1108 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:58:03.0968 1108 uagp35 - ok
15:58:04.0015 1108 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:58:04.0046 1108 udfs - ok
15:58:04.0093 1108 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:58:04.0093 1108 uliagpkx - ok
15:58:04.0124 1108 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:58:04.0155 1108 umbus - ok
15:58:04.0187 1108 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:58:04.0202 1108 UmPass - ok
15:58:04.0265 1108 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:58:04.0296 1108 usbaudio - ok
15:58:04.0327 1108 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:58:04.0343 1108 usbccgp - ok
15:58:04.0374 1108 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:58:04.0405 1108 usbcir - ok
15:58:04.0436 1108 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:58:04.0436 1108 usbehci - ok
15:58:04.0467 1108 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:58:04.0499 1108 usbhub - ok
15:58:04.0530 1108 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:58:04.0545 1108 usbohci - ok
15:58:04.0577 1108 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:58:04.0592 1108 usbprint - ok
15:58:04.0608 1108 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:58:04.0670 1108 USBSTOR - ok
15:58:04.0686 1108 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
15:58:04.0717 1108 usbuhci - ok
15:58:04.0764 1108 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
15:58:04.0779 1108 usbvideo - ok
15:58:04.0811 1108 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:58:04.0811 1108 vdrvroot - ok
15:58:04.0842 1108 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:58:04.0857 1108 vga - ok
15:58:04.0873 1108 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:58:04.0920 1108 VgaSave - ok
15:58:04.0951 1108 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:58:04.0967 1108 vhdmp - ok
15:58:04.0982 1108 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:58:04.0998 1108 viaide - ok
15:58:05.0013 1108 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:58:05.0029 1108 vmbus - ok
15:58:05.0045 1108 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:58:05.0076 1108 VMBusHID - ok
15:58:05.0107 1108 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:58:05.0107 1108 volmgr - ok
15:58:05.0154 1108 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:58:05.0169 1108 volmgrx - ok
15:58:05.0201 1108 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:58:05.0216 1108 volsnap - ok
15:58:05.0247 1108 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:58:05.0247 1108 vsmraid - ok
15:58:05.0294 1108 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:58:05.0310 1108 vwifibus - ok
15:58:05.0357 1108 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:58:05.0357 1108 WacomPen - ok
15:58:05.0403 1108 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:58:05.0450 1108 WANARP - ok
15:58:05.0450 1108 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:58:05.0497 1108 Wanarpv6 - ok
15:58:05.0559 1108 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:58:05.0575 1108 Wd - ok
15:58:05.0606 1108 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:58:05.0637 1108 Wdf01000 - ok
15:58:05.0684 1108 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:58:05.0715 1108 WfpLwf - ok
15:58:05.0747 1108 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:58:05.0747 1108 WIMMount - ok
15:58:05.0840 1108 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:58:05.0871 1108 WinUsb - ok
15:58:05.0903 1108 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:58:05.0918 1108 WmiAcpi - ok
15:58:05.0965 1108 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:58:06.0012 1108 ws2ifsl - ok
15:58:06.0059 1108 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:58:06.0121 1108 WudfPf - ok
15:58:06.0152 1108 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:58:06.0199 1108 WUDFRd - ok
15:58:06.0246 1108 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:58:06.0277 1108 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
15:58:06.0277 1108 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
15:58:06.0308 1108 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:58:06.0308 1108 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:58:06.0308 1108 Boot (0x1200) (fc197cfb4f447cbc9b453254d2f3b22a) \Device\Harddisk0\DR0\Partition0
15:58:06.0308 1108 \Device\Harddisk0\DR0\Partition0 - ok
15:58:06.0308 1108 ============================================================
15:58:06.0308 1108 Scan finished
15:58:06.0308 1108 ============================================================
15:58:06.0324 0828 Detected object count: 2
15:58:06.0324 0828 Actual detected object count: 2
15:58:26.0479 0828 \Device\Harddisk0\DR0\# - copied to quarantine
15:58:26.0479 0828 \Device\Harddisk0\DR0 - copied to quarantine
15:58:26.0510 0828 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
15:58:26.0526 0828 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
15:58:26.0526 0828 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
15:58:26.0557 0828 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
15:58:26.0573 0828 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
15:58:26.0573 0828 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
15:58:26.0573 0828 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
15:58:26.0573 0828 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
15:58:26.0588 0828 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
15:58:26.0588 0828 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
15:58:26.0588 0828 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
15:58:26.0588 0828 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
15:58:26.0635 0828 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
15:58:26.0635 0828 \Device\Harddisk0\DR0 - ok
15:58:26.0931 0828 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
15:58:26.0931 0828 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:58:26.0931 0828 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
15:59:06.0945 1628 Deinitialize success
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK re-run TDSSKiller and when the scan indicates the following item - delete it

\Device\Harddisk0\DR0 ( TDSS File System )

Then in the run box type COMPMGMT.MSC and enter
Open storage
Open Disc Management
There may be a 2MB partition (second one)
If there is then right click and select delete

Once done let me know how the computer is behaving
  • 0

#9
DamionIllusionist

DamionIllusionist

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts

OK re-run TDSSKiller and when the scan indicates the following item - delete it

\Device\Harddisk0\DR0 ( TDSS File System )

Done



COMPMGMT.MSC shows no 2mb partition at all.

System booted into noemal mode on the reboot of TDSS and that is where I am now. Before I was only able to get into Safe Mode and with networking.

Edited by DamionIllusionist, 04 March 2012 - 04:24 PM.

  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is it behaving any weirdness :lol:

As that was the culprit, also I would recommend that you change all your passwords to be on the safe side
  • 0

Advertisements


#11
DamionIllusionist

DamionIllusionist

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Where and what was the infection?
No weird behaving from what I can see.
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

15:35:49.042 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 476937 MB offset 63
15:35:49.073 Disk 0 Partition 2 80 (A) 17 Hidd HPFS/NTFS NTFS 2 MB offset 976768065
15:35:49.104 Disk 0 Partition 2 **SUSPICIOUS**


It was of the TDL family and it created its own partition (2MB ) with the malware files on it
There is a small description of it here

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#13
DamionIllusionist

DamionIllusionist

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Programs removed
Java updated
MBAM already installed
Drivermax installed and updating drivers
New clean restore point created
One question though. Do you recommend Avira or MSE as the better AV? Currently Avira installed but he doesn't like it at all.
Windows updates also done

Edited by DamionIllusionist, 04 March 2012 - 05:27 PM.

  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Personally I am for Avast now that it has the start of cloud updates (new in V7)

But of the two I would go for MSE
  • 0

#15
DamionIllusionist

DamionIllusionist

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
OK MSE installed but now uninstalling Avira is not going well. The system seems to b running great other then Avira not being able to remove. I tried removing it through control panel but it says to wait till another program is through running, uninstalling or changing. Nothing else is being uninstalled :whistling: :confused:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP