Jump to content

sunyesf

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

Reputation

0 Neutral
  1. sunyesf
    All clean now... definitely use GMER to see if you have a root kit and use the latest version of TDSS Killer for removing it....
  2. sunyesf
    Downloaded a newer version of TDSSKiller.... and it found yet another... Rootkit.Boot.Pihar.b.... here is the log 15:02:59.0218 4424 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43 15:02:59.0234 4424 ============================================================ 15:02:59.0234 4424 Current date / time: 2012/03/14 15:02:59.0234 15:02:59.0234 4424 SystemInfo: 15:02:59.0234 4424 15:02:59.0234 4424 OS Version: 5.1.2600 ServicePack: 3.0 15:02:59.0234 4424 Product type: Workstation 15:02:59.0234 4424 ComputerName: CHEM-STOCKROAM 15:02:59.0250 4424 UserName: mabraun 15:02:59.0250 4424 Windows directory: C:\WINDOWS 15:02:59.0250 4424 System windows directory: C:\WINDOWS 15:02:59.0250 4424 Processor architecture: Intel x86 15:02:59.0250 4424 Number of processors: 2 15:02:59.0250 4424 Page size: 0x1000 15:02:59.0250 4424 Boot type: Normal boot 15:02:59.0250 4424 ============================================================ 15:03:00.0937 4424 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 15:03:00.0937 4424 Drive \Device\Harddisk1\DR3 - Size: 0x1E0BFFE00 (7.51 Gb), SectorSize: 0x200, Cylinders: 0x3D4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 15:03:00.0937 4424 \Device\Harddisk0\DR0: 15:03:00.0937 4424 MBR used 15:03:00.0937 4424 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0x94EAFF8 15:03:00.0937 4424 \Device\Harddisk1\DR3: 15:03:00.0937 4424 MBR used 15:03:00.0937 4424 \Device\Harddisk1\DR3\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xF05FDF 15:03:01.0000 4424 Initialize success 15:03:01.0000 4424 ============================================================ 15:03:02.0875 4604 ============================================================ 15:03:02.0875 4604 Scan started 15:03:02.0875 4604 Mode: Manual; 15:03:02.0875 4604 ============================================================ 15:03:03.0484 4604 Abiosdsk - ok 15:03:03.0531 4604 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 15:03:03.0531 4604 abp480n5 - ok 15:03:03.0578 4604 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 15:03:03.0578 4604 ACPI - ok 15:03:03.0625 4604 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 15:03:03.0640 4604 ACPIEC - ok 15:03:03.0671 4604 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 15:03:03.0687 4604 adpu160m - ok 15:03:03.0718 4604 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 15:03:03.0734 4604 aec - ok 15:03:03.0781 4604 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 15:03:03.0781 4604 AFD - ok 15:03:03.0828 4604 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 15:03:03.0828 4604 agp440 - ok 15:03:03.0890 4604 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 15:03:03.0890 4604 agpCPQ - ok 15:03:03.0906 4604 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 15:03:03.0921 4604 Aha154x - ok 15:03:03.0937 4604 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 15:03:03.0953 4604 aic78u2 - ok 15:03:04.0000 4604 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 15:03:04.0000 4604 aic78xx - ok 15:03:04.0031 4604 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 15:03:04.0031 4604 AliIde - ok 15:03:04.0078 4604 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 15:03:04.0078 4604 alim1541 - ok 15:03:04.0093 4604 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 15:03:04.0109 4604 amdagp - ok 15:03:04.0140 4604 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 15:03:04.0156 4604 amsint - ok 15:03:04.0187 4604 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 15:03:04.0187 4604 ApfiltrService - ok 15:03:04.0218 4604 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 15:03:04.0218 4604 APPDRV - ok 15:03:04.0265 4604 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 15:03:04.0265 4604 Arp1394 - ok 15:03:04.0281 4604 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 15:03:04.0281 4604 asc - ok 15:03:04.0312 4604 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 15:03:04.0312 4604 asc3350p - ok 15:03:04.0343 4604 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 15:03:04.0359 4604 asc3550 - ok 15:03:04.0406 4604 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 15:03:04.0406 4604 AsyncMac - ok 15:03:04.0437 4604 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 15:03:04.0437 4604 atapi - ok 15:03:04.0453 4604 Atdisk - ok 15:03:04.0468 4604 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 15:03:04.0484 4604 Atmarpc - ok 15:03:04.0500 4604 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 15:03:04.0500 4604 audstub - ok 15:03:04.0531 4604 b57w2k (71509c9db1a4b2c05141563fbe3e18a0) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 15:03:04.0531 4604 b57w2k - ok 15:03:04.0578 4604 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys 15:03:04.0578 4604 BASFND - ok 15:03:04.0656 4604 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 15:03:04.0703 4604 BCM43XX - ok 15:03:04.0718 4604 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 15:03:04.0718 4604 Beep - ok 15:03:04.0765 4604 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys 15:03:04.0765 4604 BrScnUsb - ok 15:03:04.0828 4604 BrSerIf (d48c13f4a409aee8dafaddac81e34557) C:\WINDOWS\system32\Drivers\BrSerIf.sys 15:03:04.0828 4604 BrSerIf - ok 15:03:04.0859 4604 BrUsbSer (8fa0ac830a8312912a3aa0c0431cba0d) C:\WINDOWS\system32\Drivers\BrUsbSer.sys 15:03:04.0859 4604 BrUsbSer - ok 15:03:04.0859 4604 catchme - ok 15:03:04.0906 4604 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 15:03:04.0921 4604 cbidf - ok 15:03:04.0937 4604 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 15:03:04.0937 4604 cbidf2k - ok 15:03:04.0953 4604 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 15:03:04.0968 4604 cd20xrnt - ok 15:03:04.0984 4604 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 15:03:04.0984 4604 Cdaudio - ok 15:03:05.0046 4604 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 15:03:05.0046 4604 Cdfs - ok 15:03:05.0078 4604 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys 15:03:05.0078 4604 Cdrom - ok 15:03:05.0093 4604 Changer - ok 15:03:05.0125 4604 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 15:03:05.0125 4604 CmBatt - ok 15:03:05.0140 4604 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 15:03:05.0156 4604 CmdIde - ok 15:03:05.0171 4604 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 15:03:05.0171 4604 Compbatt - ok 15:03:05.0203 4604 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 15:03:05.0218 4604 Cpqarray - ok 15:03:05.0250 4604 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 15:03:05.0250 4604 dac2w2k - ok 15:03:05.0265 4604 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 15:03:05.0281 4604 dac960nt - ok 15:03:05.0312 4604 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 15:03:05.0312 4604 Disk - ok 15:03:05.0343 4604 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS 15:03:05.0343 4604 DLABMFSM - ok 15:03:05.0359 4604 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS 15:03:05.0359 4604 DLABOIOM - ok 15:03:05.0375 4604 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 15:03:05.0375 4604 DLACDBHM - ok 15:03:05.0406 4604 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS 15:03:05.0406 4604 DLADResM - ok 15:03:05.0437 4604 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS 15:03:05.0437 4604 DLAIFS_M - ok 15:03:05.0453 4604 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS 15:03:05.0453 4604 DLAOPIOM - ok 15:03:05.0484 4604 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS 15:03:05.0484 4604 DLAPoolM - ok 15:03:05.0546 4604 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS 15:03:05.0546 4604 DLARTL_M - ok 15:03:05.0562 4604 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS 15:03:05.0578 4604 DLAUDFAM - ok 15:03:05.0609 4604 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS 15:03:05.0609 4604 DLAUDF_M - ok 15:03:05.0656 4604 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 15:03:05.0718 4604 dmboot - ok 15:03:05.0750 4604 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 15:03:05.0750 4604 dmio - ok 15:03:05.0765 4604 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 15:03:05.0781 4604 dmload - ok 15:03:05.0812 4604 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 15:03:05.0812 4604 DMusic - ok 15:03:05.0843 4604 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 15:03:05.0843 4604 dpti2o - ok 15:03:05.0875 4604 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 15:03:05.0875 4604 drmkaud - ok 15:03:05.0906 4604 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 15:03:05.0906 4604 DRVMCDB - ok 15:03:06.0015 4604 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 15:03:06.0015 4604 DRVNDDM - ok 15:03:06.0187 4604 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys 15:03:06.0187 4604 DXEC01 - ok 15:03:06.0296 4604 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 15:03:06.0312 4604 E100B - ok 15:03:06.0390 4604 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 15:03:06.0390 4604 eeCtrl - ok 15:03:06.0421 4604 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 15:03:06.0421 4604 EraserUtilRebootDrv - ok 15:03:06.0515 4604 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 15:03:06.0515 4604 Fastfat - ok 15:03:06.0531 4604 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 15:03:06.0531 4604 Fdc - ok 15:03:06.0562 4604 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 15:03:06.0562 4604 Fips - ok 15:03:06.0578 4604 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 15:03:06.0593 4604 Flpydisk - ok 15:03:06.0640 4604 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 15:03:06.0640 4604 FltMgr - ok 15:03:06.0687 4604 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 15:03:06.0687 4604 Fs_Rec - ok 15:03:06.0734 4604 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 15:03:06.0734 4604 Ftdisk - ok 15:03:06.0765 4604 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 15:03:06.0765 4604 GEARAspiWDM - ok 15:03:06.0796 4604 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 15:03:06.0796 4604 Gpc - ok 15:03:06.0859 4604 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 15:03:06.0859 4604 HDAudBus - ok 15:03:06.0890 4604 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 15:03:06.0890 4604 HidUsb - ok 15:03:06.0937 4604 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 15:03:06.0937 4604 hpn - ok 15:03:06.0984 4604 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 15:03:06.0984 4604 HSFHWAZL - ok 15:03:07.0031 4604 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 15:03:07.0078 4604 HSF_DPV - ok 15:03:07.0125 4604 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 15:03:07.0125 4604 HTTP - ok 15:03:07.0156 4604 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 15:03:07.0156 4604 i2omgmt - ok 15:03:07.0171 4604 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 15:03:07.0171 4604 i2omp - ok 15:03:07.0187 4604 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 15:03:07.0203 4604 i8042prt - ok 15:03:07.0375 4604 ialm (8b998e6c0aebbaecd6da33df947695d3) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 15:03:07.0515 4604 ialm - ok 15:03:07.0578 4604 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 15:03:07.0578 4604 Imapi - ok 15:03:07.0609 4604 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 15:03:07.0609 4604 ini910u - ok 15:03:07.0656 4604 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 15:03:07.0656 4604 IntelIde - ok 15:03:07.0687 4604 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 15:03:07.0703 4604 intelppm - ok 15:03:07.0718 4604 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 15:03:07.0718 4604 Ip6Fw - ok 15:03:07.0734 4604 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 15:03:07.0734 4604 IpFilterDriver - ok 15:03:07.0765 4604 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 15:03:07.0765 4604 IpInIp - ok 15:03:07.0781 4604 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 15:03:07.0781 4604 IpNat - ok 15:03:07.0828 4604 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 15:03:07.0828 4604 IPSec - ok 15:03:07.0843 4604 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 15:03:07.0859 4604 IRENUM - ok 15:03:07.0890 4604 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 15:03:07.0890 4604 isapnp - ok 15:03:07.0937 4604 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 15:03:07.0937 4604 Kbdclass - ok 15:03:07.0968 4604 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 15:03:07.0968 4604 kbdhid - ok 15:03:08.0000 4604 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 15:03:08.0000 4604 kmixer - ok 15:03:08.0031 4604 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 15:03:08.0031 4604 KSecDD - ok 15:03:08.0046 4604 Lbd - ok 15:03:08.0062 4604 lbrtfdc - ok 15:03:08.0140 4604 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys 15:03:08.0140 4604 MBAMProtector - ok 15:03:08.0171 4604 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 15:03:08.0187 4604 mdmxsdk - ok 15:03:08.0234 4604 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 15:03:08.0234 4604 mnmdd - ok 15:03:08.0296 4604 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 15:03:08.0296 4604 Modem - ok 15:03:08.0312 4604 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 15:03:08.0328 4604 Mouclass - ok 15:03:08.0359 4604 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 15:03:08.0359 4604 mouhid - ok 15:03:08.0406 4604 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 15:03:08.0406 4604 MountMgr - ok 15:03:08.0437 4604 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 15:03:08.0437 4604 mraid35x - ok 15:03:08.0468 4604 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 15:03:08.0468 4604 MRxDAV - ok 15:03:08.0515 4604 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 15:03:08.0531 4604 MRxSmb - ok 15:03:08.0578 4604 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 15:03:08.0578 4604 Msfs - ok 15:03:08.0609 4604 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 15:03:08.0609 4604 MSKSSRV - ok 15:03:08.0640 4604 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 15:03:08.0640 4604 MSPCLOCK - ok 15:03:08.0656 4604 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 15:03:08.0671 4604 MSPQM - ok 15:03:08.0703 4604 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 15:03:08.0703 4604 mssmbios - ok 15:03:08.0750 4604 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 15:03:08.0765 4604 Mup - ok 15:03:08.0796 4604 mvusbews (b9df137953a5280eddbd4a705ca093a2) C:\WINDOWS\system32\Drivers\mvusbews.sys 15:03:08.0796 4604 mvusbews - ok 15:03:08.0890 4604 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120313.020\NAVENG.SYS 15:03:08.0890 4604 NAVENG - ok 15:03:08.0953 4604 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120313.020\NAVEX15.SYS 15:03:08.0968 4604 NAVEX15 - ok 15:03:09.0062 4604 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 15:03:09.0062 4604 NDIS - ok 15:03:09.0093 4604 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 15:03:09.0109 4604 NdisTapi - ok 15:03:09.0125 4604 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 15:03:09.0125 4604 Ndisuio - ok 15:03:09.0171 4604 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 15:03:09.0187 4604 NdisWan - ok 15:03:09.0218 4604 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 15:03:09.0218 4604 NDProxy - ok 15:03:09.0234 4604 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 15:03:09.0250 4604 NetBIOS - ok 15:03:09.0265 4604 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 15:03:09.0265 4604 NetBT - ok 15:03:09.0296 4604 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 15:03:09.0296 4604 NIC1394 - ok 15:03:09.0359 4604 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 15:03:09.0359 4604 Npfs - ok 15:03:09.0390 4604 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 15:03:09.0406 4604 Ntfs - ok 15:03:09.0437 4604 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys 15:03:09.0453 4604 NuidFltr - ok 15:03:09.0468 4604 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 15:03:09.0468 4604 Null - ok 15:03:09.0546 4604 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 15:03:09.0640 4604 nv - ok 15:03:09.0656 4604 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 15:03:09.0656 4604 NwlnkFlt - ok 15:03:09.0687 4604 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 15:03:09.0687 4604 NwlnkFwd - ok 15:03:09.0734 4604 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 15:03:09.0734 4604 ohci1394 - ok 15:03:09.0765 4604 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 15:03:09.0781 4604 Parport - ok 15:03:09.0796 4604 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 15:03:09.0796 4604 PartMgr - ok 15:03:09.0812 4604 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 15:03:09.0828 4604 ParVdm - ok 15:03:09.0859 4604 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys 15:03:09.0859 4604 PBADRV - ok 15:03:09.0937 4604 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 15:03:09.0937 4604 PCI - ok 15:03:09.0937 4604 PCIDump - ok 15:03:09.0968 4604 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 15:03:09.0968 4604 PCIIde - ok 15:03:10.0000 4604 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 15:03:10.0000 4604 Pcmcia - ok 15:03:10.0000 4604 PDCOMP - ok 15:03:10.0015 4604 PDFRAME - ok 15:03:10.0015 4604 PDRELI - ok 15:03:10.0031 4604 PDRFRAME - ok 15:03:10.0046 4604 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 15:03:10.0046 4604 perc2 - ok 15:03:10.0078 4604 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 15:03:10.0078 4604 perc2hib - ok 15:03:10.0125 4604 Point32 (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys 15:03:10.0140 4604 Point32 - ok 15:03:10.0171 4604 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 15:03:10.0171 4604 PptpMiniport - ok 15:03:10.0187 4604 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 15:03:10.0203 4604 PSched - ok 15:03:10.0218 4604 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 15:03:10.0234 4604 Ptilink - ok 15:03:10.0265 4604 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 15:03:10.0265 4604 PxHelp20 - ok 15:03:10.0296 4604 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 15:03:10.0296 4604 ql1080 - ok 15:03:10.0312 4604 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 15:03:10.0312 4604 Ql10wnt - ok 15:03:10.0343 4604 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 15:03:10.0343 4604 ql12160 - ok 15:03:10.0375 4604 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 15:03:10.0375 4604 ql1240 - ok 15:03:10.0390 4604 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 15:03:10.0406 4604 ql1280 - ok 15:03:10.0437 4604 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 15:03:10.0437 4604 RasAcd - ok 15:03:10.0484 4604 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 15:03:10.0484 4604 Rasl2tp - ok 15:03:10.0515 4604 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 15:03:10.0515 4604 RasPppoe - ok 15:03:10.0546 4604 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 15:03:10.0546 4604 Raspti - ok 15:03:10.0578 4604 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 15:03:10.0578 4604 Rdbss - ok 15:03:10.0625 4604 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 15:03:10.0625 4604 RDPCDD - ok 15:03:10.0656 4604 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 15:03:10.0656 4604 rdpdr - ok 15:03:10.0703 4604 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 15:03:10.0718 4604 RDPWD - ok 15:03:10.0750 4604 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 15:03:10.0765 4604 redbook - ok 15:03:10.0859 4604 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 15:03:10.0859 4604 SASDIFSV - ok 15:03:10.0859 4604 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 15:03:10.0875 4604 SASKUTIL - ok 15:03:10.0968 4604 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 15:03:10.0984 4604 Secdrv - ok 15:03:11.0031 4604 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 15:03:11.0031 4604 serenum - ok 15:03:11.0046 4604 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 15:03:11.0062 4604 Serial - ok 15:03:11.0078 4604 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 15:03:11.0093 4604 Sfloppy - ok 15:03:11.0109 4604 Simbad - ok 15:03:11.0140 4604 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 15:03:11.0140 4604 sisagp - ok 15:03:11.0187 4604 SmartDefragDriver (14bb60a4f1c5291217a05d5728c403e6) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys 15:03:11.0187 4604 SmartDefragDriver - ok 15:03:11.0218 4604 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 15:03:11.0234 4604 Sparrow - ok 15:03:11.0406 4604 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 15:03:11.0406 4604 SPBBCDrv - ok 15:03:11.0468 4604 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 15:03:11.0468 4604 splitter - ok 15:03:11.0484 4604 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 15:03:11.0500 4604 sr - ok 15:03:11.0546 4604 SRTSP (5a293729e1f9fce3a2106d1f5dc5e98a) C:\WINDOWS\system32\Drivers\SRTSP.SYS 15:03:11.0546 4604 SRTSP - ok 15:03:11.0562 4604 SRTSPL (0ddb7fba32be09d8057063c0cee24137) C:\WINDOWS\system32\Drivers\SRTSPL.SYS 15:03:11.0578 4604 SRTSPL - ok 15:03:11.0609 4604 SRTSPX (a99719dfb61b61aa5026341bbb733c0a) C:\WINDOWS\system32\Drivers\SRTSPX.SYS 15:03:11.0609 4604 SRTSPX - ok 15:03:11.0640 4604 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 15:03:11.0656 4604 Srv - ok 15:03:11.0718 4604 STHDA (58f855684e163466a5c565adf0865536) C:\WINDOWS\system32\drivers\sthda.sys 15:03:11.0734 4604 STHDA - ok 15:03:11.0781 4604 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 15:03:11.0781 4604 swenum - ok 15:03:11.0843 4604 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 15:03:11.0843 4604 swmidi - ok 15:03:11.0875 4604 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 15:03:11.0890 4604 symc810 - ok 15:03:11.0906 4604 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 15:03:11.0921 4604 symc8xx - ok 15:03:11.0984 4604 SymEvent (e42a34e6f5ca71a84d4c2de620aad13d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 15:03:11.0984 4604 SymEvent - ok 15:03:12.0015 4604 SYMREDRV (394b2368212114d538316812af60fddd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 15:03:12.0015 4604 SYMREDRV - ok 15:03:12.0062 4604 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\WINDOWS\System32\Drivers\SYMTDI.SYS 15:03:12.0062 4604 SYMTDI - ok 15:03:12.0093 4604 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 15:03:12.0093 4604 sym_hi - ok 15:03:12.0125 4604 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 15:03:12.0125 4604 sym_u3 - ok 15:03:12.0156 4604 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 15:03:12.0156 4604 sysaudio - ok 15:03:12.0203 4604 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 15:03:12.0218 4604 Tcpip - ok 15:03:12.0250 4604 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 15:03:12.0265 4604 TDPIPE - ok 15:03:12.0281 4604 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 15:03:12.0281 4604 TDTCP - ok 15:03:12.0312 4604 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 15:03:12.0312 4604 TermDD - ok 15:03:12.0343 4604 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 15:03:12.0343 4604 TosIde - ok 15:03:12.0390 4604 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 15:03:12.0390 4604 Udfs - ok 15:03:12.0421 4604 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 15:03:12.0421 4604 ultra - ok 15:03:12.0468 4604 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 15:03:12.0484 4604 Update - ok 15:03:12.0515 4604 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 15:03:12.0515 4604 usbccgp - ok 15:03:12.0546 4604 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 15:03:12.0562 4604 usbehci - ok 15:03:12.0593 4604 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 15:03:12.0593 4604 usbhub - ok 15:03:12.0625 4604 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 15:03:12.0625 4604 usbprint - ok 15:03:12.0656 4604 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:03:12.0656 4604 USBSTOR - ok 15:03:12.0671 4604 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 15:03:12.0687 4604 usbuhci - ok 15:03:12.0703 4604 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 15:03:12.0703 4604 VgaSave - ok 15:03:12.0734 4604 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 15:03:12.0734 4604 viaagp - ok 15:03:12.0750 4604 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 15:03:12.0765 4604 ViaIde - ok 15:03:12.0781 4604 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 15:03:12.0781 4604 VolSnap - ok 15:03:12.0812 4604 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 15:03:12.0812 4604 Wanarp - ok 15:03:12.0859 4604 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys 15:03:12.0859 4604 WaveFDE - ok 15:03:12.0890 4604 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys 15:03:12.0890 4604 WavxDMgr - ok 15:03:12.0953 4604 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys 15:03:12.0953 4604 wceusbsh - ok 15:03:13.0000 4604 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 15:03:13.0000 4604 Wdf01000 - ok 15:03:13.0015 4604 WDICA - ok 15:03:13.0046 4604 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 15:03:13.0046 4604 wdmaud - ok 15:03:13.0093 4604 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 15:03:13.0093 4604 winachsf - ok 15:03:13.0156 4604 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys 15:03:13.0156 4604 WinUSB - ok 15:03:13.0218 4604 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 15:03:13.0218 4604 WmiAcpi - ok 15:03:13.0234 4604 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 15:03:13.0250 4604 WS2IFSL - ok 15:03:13.0296 4604 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 15:03:13.0296 4604 WudfPf - ok 15:03:13.0328 4604 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 15:03:13.0343 4604 WudfRd - ok 15:03:13.0375 4604 zumbus (ae279cd76b38fc079eec3ca6d65a5926) C:\WINDOWS\system32\DRIVERS\zumbus.sys 15:03:13.0375 4604 zumbus - ok 15:03:13.0390 4604 MBR (0x1B8) (faee7e40dfb0440ad2cfc39befa1f4c2) \Device\Harddisk0\DR0 15:03:13.0421 4604 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected 15:03:13.0421 4604 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0) 15:03:13.0453 4604 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR3 15:03:26.0656 4604 \Device\Harddisk1\DR3 - ok 15:03:26.0687 4604 Boot (0x1200) (abad944c83832225061cf9c0d8326255) \Device\Harddisk0\DR0\Partition0 15:03:26.0687 4604 \Device\Harddisk0\DR0\Partition0 - ok 15:03:26.0687 4604 Boot (0x1200) (eb2ea23801cfaff4b54c39c248c4e4e9) \Device\Harddisk1\DR3\Partition0 15:03:26.0687 4604 \Device\Harddisk1\DR3\Partition0 - ok 15:03:26.0687 4604 ============================================================ 15:03:26.0687 4604 Scan finished 15:03:26.0687 4604 ============================================================ 15:03:26.0687 4596 Detected object count: 1 15:03:26.0687 4596 Actual detected object count: 1 15:03:51.0640 4596 \Device\Harddisk0\DR0\# - copied to quarantine 15:03:51.0640 4596 \Device\Harddisk0\DR0 - copied to quarantine 15:03:51.0765 4596 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 15:03:51.0796 4596 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 15:03:52.0203 4596 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 15:03:52.0234 4596 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 15:03:52.0265 4596 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 15:03:52.0328 4596 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 15:03:52.0343 4596 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 15:03:52.0343 4596 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 15:03:52.0390 4596 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 15:03:52.0390 4596 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 15:03:52.0390 4596 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 15:03:52.0406 4596 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 15:03:52.0437 4596 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot 15:03:52.0437 4596 \Device\Harddisk0\DR0 - ok 15:03:52.0437 4596 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 15:04:23.0609 4172 Deinitialize success Turning back on the network to see if Clickfraud is still there..... every other scan is coming up clean. I will be leaving for the day but will respond in the morning. IF there are other programs that I should run, please let me know and I will be happy to run them in the morning. Thanks again for any follow up.
  3. sunyesf
    Since I posted, did a little more searching... GMER found the following Rootkit activity... GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-03-14 14:33:52 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 ST980813ASG rev.3.ADD Running: h2ys02r2.exe; Driver: C:\DOCUME~1\mabraun\LOCALS~1\Temp\kwlyraod.sys ---- System - GMER 1.0.15 ---- SSDT 89FF3F10 ZwAlertResumeThread SSDT 89FF3FD0 ZwAlertThread SSDT 8A073F00 ZwAllocateVirtualMemory SSDT 8A05D670 ZwConnectPort SSDT Lbd.sys ZwCreateKey [0xBA0F887E] SSDT 89FFAE78 ZwCreateMutant SSDT 89FFA610 ZwCreateThread SSDT 8A127118 ZwFreeVirtualMemory SSDT 89FFAF48 ZwImpersonateAnonymousToken SSDT 89FF3E50 ZwImpersonateThread SSDT 8A0672B8 ZwMapViewOfSection SSDT 8A06ED40 ZwOpenEvent SSDT 8A073FD0 ZwOpenProcessToken SSDT 8A39F590 ZwOpenThreadToken SSDT 8A6B67D8 ZwResumeThread SSDT 8A39F4D0 ZwSetContextThread SSDT 8A4B4058 ZwSetInformationProcess SSDT 8A064D28 ZwSetInformationThread SSDT Lbd.sys ZwSetValueKey [0xBA0F8BFE] SSDT 8A06EC80 ZwSuspendProcess SSDT 8A063E10 ZwSuspendThread SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA773B640] SSDT 8A064C68 ZwTerminateThread SSDT 8A4B4128 ZwUnmapViewOfSection SSDT 8A05B328 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- ? Lbd.sys The system cannot find the file specified. ! ? Combo-Fix.sys The system cannot find the file specified. ! ? C:\ComboFix\catchme.sys The system cannot find the path specified. ! ? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. ! ? C:\DOCUME~1\mabraun\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\System32\svchost.exe[1436] kernel32.dll!WriteFile 7C810E27 5 Bytes JMP 0092000C .text C:\WINDOWS\System32\svchost.exe[1436] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 020D000A .text C:\WINDOWS\System32\svchost.exe[1436] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 0266000A .text C:\WINDOWS\System32\svchost.exe[1436] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 031E000A .text C:\WINDOWS\System32\svchost.exe[1436] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 00B6000A .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[4164] kernel32.dll!WriteFile 7C810E27 5 Bytes JMP 00B3000C ---- Devices - GMER 1.0.15 ---- Device Ntfs.sys (NT File System Driver/Microsoft Corporation) Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A58E2C6 Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8A58E2C6 Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A58E2C6 Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8A58E2C6 AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio) ---- Processes - GMER 1.0.15 ---- Library C:\Program (*** hidden *** ) @ C:\WINDOWS\explorer.exe [2268] 0x03AC0000 ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!! Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior ---- EOF - GMER 1.0.15 ---- will post more if I find a solution before someone else gets to helping. thanks for your assistance
  4. sunyesf
    I have run the following programs... TDSS Killer - Found Rootkit.Win32.BackBoot.gen - Removed it and rebooted SuperAntiSpyware - Pup.Start Now Toolbar ComboFix.exe - removed several files and rebooted the computer dds.com - see attached reports Malwarebytes - nothing found Malwarebytes - is currently blocking outgoing to 206.161.121.xxx a whois on that domain is registered in Henton VA Does anyone else see any glaring issues that would be causing outgoing traffic? If not I will run for the next couple of hours and if still there, will wipe the computer and reinstall the OS (just would like to save myself the 8 hour process with all the WIndows Updates). Thanks for your assistance. Attach.txt DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.