Jump to content

Recommended Posts

Hello and :welcome:

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Link to post
Share on other sites

Hi, could you please also post me the MBAM log showing what is detected?

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

Here is the MBAM log and the TDSSKILLER log:

13:37:09.0266 4908 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44

13:37:09.0415 4908 ============================================================

13:37:09.0415 4908 Current date / time: 2011/11/30 13:37:09.0415

13:37:09.0416 4908 SystemInfo:

13:37:09.0416 4908

13:37:09.0416 4908 OS Version: 6.1.7601 ServicePack: 1.0

13:37:09.0416 4908 Product type: Workstation

13:37:09.0416 4908 ComputerName: TIM-PC

13:37:09.0416 4908 UserName: TIM

13:37:09.0416 4908 Windows directory: C:\Windows

13:37:09.0416 4908 System windows directory: C:\Windows

13:37:09.0416 4908 Running under WOW64

13:37:09.0416 4908 Processor architecture: Intel x64

13:37:09.0416 4908 Number of processors: 4

13:37:09.0416 4908 Page size: 0x1000

13:37:09.0416 4908 Boot type: Normal boot

13:37:09.0416 4908 ============================================================

13:37:09.0910 4908 Initialize success

13:37:52.0466 6648 ============================================================

13:37:52.0466 6648 Scan started

13:37:52.0466 6648 Mode: Manual;

13:37:52.0466 6648 ============================================================

13:37:52.0809 6648 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

13:37:52.0814 6648 1394ohci - ok

13:37:52.0879 6648 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

13:37:52.0881 6648 ACPI - ok

13:37:52.0911 6648 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

13:37:52.0911 6648 AcpiPmi - ok

13:37:53.0011 6648 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

13:37:53.0014 6648 adp94xx - ok

13:37:53.0046 6648 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

13:37:53.0049 6648 adpahci - ok

13:37:53.0059 6648 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

13:37:53.0059 6648 adpu320 - ok

13:37:53.0126 6648 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

13:37:53.0131 6648 AFD - ok

13:37:53.0181 6648 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

13:37:53.0184 6648 agp440 - ok

13:37:53.0206 6648 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

13:37:53.0206 6648 aliide - ok

13:37:53.0239 6648 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

13:37:53.0239 6648 amdide - ok

13:37:53.0259 6648 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

13:37:53.0259 6648 AmdK8 - ok

13:37:53.0279 6648 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

13:37:53.0281 6648 AmdPPM - ok

13:37:53.0316 6648 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

13:37:53.0319 6648 amdsata - ok

13:37:53.0349 6648 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

13:37:53.0351 6648 amdsbs - ok

13:37:53.0371 6648 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

13:37:53.0371 6648 amdxata - ok

13:37:53.0421 6648 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

13:37:53.0424 6648 AppID - ok

13:37:53.0449 6648 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

13:37:53.0451 6648 arc - ok

13:37:53.0461 6648 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

13:37:53.0464 6648 arcsas - ok

13:37:53.0496 6648 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

13:37:53.0499 6648 AsyncMac - ok

13:37:53.0531 6648 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

13:37:53.0531 6648 atapi - ok

13:37:53.0589 6648 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys

13:37:53.0591 6648 AtiHdmiService - ok

13:37:54.0281 6648 atikmdag (b5fb227a09a9ec28163fa4b45487c3c7) C:\Windows\system32\DRIVERS\atikmdag.sys

13:37:54.0429 6648 atikmdag - ok

13:37:54.0531 6648 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

13:37:54.0534 6648 AVGIDSDriver - ok

13:37:54.0566 6648 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

13:37:54.0566 6648 AVGIDSEH - ok

13:37:54.0584 6648 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

13:37:54.0584 6648 AVGIDSFilter - ok

13:37:54.0644 6648 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys

13:37:54.0646 6648 Avgldx64 - ok

13:37:54.0684 6648 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys

13:37:54.0684 6648 Avgmfx64 - ok

13:37:54.0731 6648 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys

13:37:54.0734 6648 Avgrkx64 - ok

13:37:54.0769 6648 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys

13:37:54.0774 6648 Avgtdia - ok

13:37:54.0841 6648 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

13:37:54.0846 6648 b06bdrv - ok

13:37:54.0876 6648 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

13:37:54.0881 6648 b57nd60a - ok

13:37:54.0914 6648 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

13:37:54.0914 6648 Beep - ok

13:37:54.0959 6648 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

13:37:54.0961 6648 blbdrive - ok

13:37:55.0009 6648 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

13:37:55.0011 6648 bowser - ok

13:37:55.0026 6648 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

13:37:55.0026 6648 BrFiltLo - ok

13:37:55.0054 6648 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

13:37:55.0054 6648 BrFiltUp - ok

13:37:55.0069 6648 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

13:37:55.0071 6648 Brserid - ok

13:37:55.0096 6648 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

13:37:55.0096 6648 BrSerWdm - ok

13:37:55.0116 6648 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

13:37:55.0119 6648 BrUsbMdm - ok

13:37:55.0124 6648 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

13:37:55.0126 6648 BrUsbSer - ok

13:37:55.0136 6648 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

13:37:55.0136 6648 BTHMODEM - ok

13:37:55.0169 6648 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

13:37:55.0171 6648 cdfs - ok

13:37:55.0224 6648 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

13:37:55.0224 6648 cdrom - ok

13:37:55.0256 6648 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

13:37:55.0256 6648 circlass - ok

13:37:55.0291 6648 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

13:37:55.0296 6648 CLFS - ok

13:37:55.0349 6648 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

13:37:55.0349 6648 CmBatt - ok

13:37:55.0379 6648 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

13:37:55.0379 6648 cmdide - ok

13:37:55.0419 6648 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

13:37:55.0424 6648 CNG - ok

13:37:55.0444 6648 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

13:37:55.0446 6648 Compbatt - ok

13:37:55.0479 6648 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

13:37:55.0481 6648 CompositeBus - ok

13:37:55.0504 6648 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

13:37:55.0506 6648 crcdisk - ok

13:37:55.0596 6648 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

13:37:55.0599 6648 DfsC - ok

13:37:55.0619 6648 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

13:37:55.0621 6648 discache - ok

13:37:55.0659 6648 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

13:37:55.0661 6648 Disk - ok

13:37:55.0724 6648 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

13:37:55.0726 6648 drmkaud - ok

13:37:55.0781 6648 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

13:37:55.0786 6648 DXGKrnl - ok

13:37:55.0839 6648 e1kexpress (52a482dc61f24b498c8268866b90bb44) C:\Windows\system32\DRIVERS\e1k62x64.sys

13:37:55.0844 6648 e1kexpress - ok

13:37:56.0046 6648 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

13:37:56.0074 6648 ebdrv - ok

13:37:56.0306 6648 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

13:37:56.0311 6648 elxstor - ok

13:37:56.0406 6648 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

13:37:56.0406 6648 ErrDev - ok

13:37:56.0451 6648 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

13:37:56.0456 6648 exfat - ok

13:37:56.0471 6648 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

13:37:56.0476 6648 fastfat - ok

13:37:56.0521 6648 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

13:37:56.0524 6648 fdc - ok

13:37:56.0549 6648 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

13:37:56.0551 6648 FileInfo - ok

13:37:56.0566 6648 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

13:37:56.0569 6648 Filetrace - ok

13:37:56.0576 6648 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

13:37:56.0579 6648 flpydisk - ok

13:37:56.0616 6648 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

13:37:56.0619 6648 FltMgr - ok

13:37:56.0641 6648 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

13:37:56.0644 6648 FsDepends - ok

13:37:56.0686 6648 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys

13:37:56.0689 6648 fssfltr - ok

13:37:56.0706 6648 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

13:37:56.0709 6648 Fs_Rec - ok

13:37:56.0769 6648 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

13:37:56.0771 6648 fvevol - ok

13:37:56.0839 6648 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

13:37:56.0841 6648 gagp30kx - ok

13:37:56.0906 6648 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

13:37:56.0906 6648 hcw85cir - ok

13:37:56.0949 6648 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

13:37:56.0954 6648 HdAudAddService - ok

13:37:56.0979 6648 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

13:37:56.0981 6648 HDAudBus - ok

13:37:57.0019 6648 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

13:37:57.0021 6648 HECIx64 - ok

13:37:57.0046 6648 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

13:37:57.0049 6648 HidBatt - ok

13:37:57.0056 6648 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

13:37:57.0059 6648 HidBth - ok

13:37:57.0069 6648 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

13:37:57.0071 6648 HidIr - ok

13:37:57.0124 6648 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

13:37:57.0124 6648 HidUsb - ok

13:37:57.0184 6648 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

13:37:57.0186 6648 HpSAMD - ok

13:37:57.0239 6648 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

13:37:57.0249 6648 HTTP - ok

13:37:57.0281 6648 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

13:37:57.0284 6648 hwpolicy - ok

13:37:57.0329 6648 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

13:37:57.0331 6648 i8042prt - ok

13:37:57.0381 6648 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys

13:37:57.0386 6648 iaStor - ok

13:37:57.0424 6648 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

13:37:57.0429 6648 iaStorV - ok

13:37:57.0461 6648 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

13:37:57.0461 6648 iirsp - ok

13:37:57.0539 6648 IntcAzAudAddService (42943bb3ab7a405b30eff7c8283cc129) C:\Windows\system32\drivers\RTKVHD64.sys

13:37:57.0551 6648 IntcAzAudAddService - ok

13:37:57.0574 6648 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

13:37:57.0576 6648 intelide - ok

13:37:57.0609 6648 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

13:37:57.0611 6648 intelppm - ok

13:37:57.0654 6648 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:37:57.0656 6648 IpFilterDriver - ok

13:37:57.0696 6648 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

13:37:57.0696 6648 IPMIDRV - ok

13:37:57.0729 6648 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

13:37:57.0731 6648 IPNAT - ok

13:37:57.0764 6648 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

13:37:57.0764 6648 IRENUM - ok

13:37:57.0779 6648 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

13:37:57.0781 6648 isapnp - ok

13:37:57.0816 6648 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

13:37:57.0819 6648 iScsiPrt - ok

13:37:57.0856 6648 JRAID (75ddb94a2a24f9f7037d10a2dda06d36) C:\Windows\system32\DRIVERS\jraid.sys

13:37:57.0859 6648 JRAID - ok

13:37:57.0896 6648 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

13:37:57.0899 6648 kbdclass - ok

13:37:57.0946 6648 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

13:37:57.0949 6648 kbdhid - ok

13:37:58.0004 6648 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

13:37:58.0006 6648 KSecDD - ok

13:37:58.0061 6648 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

13:37:58.0064 6648 KSecPkg - ok

13:37:58.0086 6648 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

13:37:58.0086 6648 ksthunk - ok

13:37:58.0161 6648 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

13:37:58.0164 6648 lltdio - ok

13:37:58.0224 6648 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

13:37:58.0226 6648 LSI_FC - ok

13:37:58.0239 6648 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

13:37:58.0241 6648 LSI_SAS - ok

13:37:58.0251 6648 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

13:37:58.0251 6648 LSI_SAS2 - ok

13:37:58.0271 6648 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

13:37:58.0271 6648 LSI_SCSI - ok

13:37:58.0296 6648 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

13:37:58.0299 6648 luafv - ok

13:37:58.0321 6648 LVPr2M64 - ok

13:37:58.0376 6648 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys

13:37:58.0381 6648 LVRS64 - ok

13:37:58.0666 6648 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys

13:37:58.0791 6648 LVUVC64 - ok

13:37:58.0926 6648 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys

13:37:58.0926 6648 MBAMProtector - ok

13:37:58.0959 6648 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

13:37:58.0959 6648 megasas - ok

13:37:58.0971 6648 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

13:37:58.0976 6648 MegaSR - ok

13:37:59.0011 6648 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

13:37:59.0014 6648 Modem - ok

13:37:59.0054 6648 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

13:37:59.0054 6648 monitor - ok

13:37:59.0096 6648 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

13:37:59.0096 6648 mouclass - ok

13:37:59.0114 6648 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

13:37:59.0114 6648 mouhid - ok

13:37:59.0151 6648 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

13:37:59.0151 6648 mountmgr - ok

13:37:59.0224 6648 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

13:37:59.0226 6648 mpio - ok

13:37:59.0264 6648 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

13:37:59.0266 6648 mpsdrv - ok

13:37:59.0309 6648 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

13:37:59.0309 6648 MRxDAV - ok

13:37:59.0334 6648 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:37:59.0336 6648 mrxsmb - ok

13:37:59.0369 6648 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:37:59.0371 6648 mrxsmb10 - ok

13:37:59.0401 6648 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:37:59.0404 6648 mrxsmb20 - ok

13:37:59.0431 6648 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

13:37:59.0431 6648 msahci - ok

13:37:59.0464 6648 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

13:37:59.0466 6648 msdsm - ok

13:37:59.0514 6648 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

13:37:59.0514 6648 Msfs - ok

13:37:59.0529 6648 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

13:37:59.0529 6648 mshidkmdf - ok

13:37:59.0564 6648 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

13:37:59.0564 6648 msisadrv - ok

13:37:59.0596 6648 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

13:37:59.0599 6648 MSKSSRV - ok

13:37:59.0611 6648 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

13:37:59.0611 6648 MSPCLOCK - ok

13:37:59.0624 6648 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

13:37:59.0624 6648 MSPQM - ok

13:37:59.0659 6648 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

13:37:59.0666 6648 MsRPC - ok

13:37:59.0679 6648 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

13:37:59.0681 6648 mssmbios - ok

13:37:59.0694 6648 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

13:37:59.0696 6648 MSTEE - ok

13:37:59.0709 6648 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

13:37:59.0709 6648 MTConfig - ok

13:37:59.0739 6648 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

13:37:59.0739 6648 Mup - ok

13:37:59.0776 6648 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

13:37:59.0781 6648 NativeWifiP - ok

13:37:59.0851 6648 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

13:37:59.0861 6648 NDIS - ok

13:37:59.0894 6648 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

13:37:59.0894 6648 NdisCap - ok

13:37:59.0929 6648 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

13:37:59.0931 6648 NdisTapi - ok

13:37:59.0961 6648 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

13:37:59.0964 6648 Ndisuio - ok

13:37:59.0991 6648 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

13:37:59.0994 6648 NdisWan - ok

13:38:00.0024 6648 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

13:38:00.0026 6648 NDProxy - ok

13:38:00.0054 6648 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

13:38:00.0056 6648 NetBIOS - ok

13:38:00.0089 6648 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

13:38:00.0091 6648 NetBT - ok

13:38:00.0134 6648 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

13:38:00.0134 6648 nfrd960 - ok

13:38:00.0159 6648 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

13:38:00.0161 6648 Npfs - ok

13:38:00.0181 6648 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

13:38:00.0184 6648 nsiproxy - ok

13:38:00.0266 6648 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

13:38:00.0286 6648 Ntfs - ok

13:38:00.0319 6648 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys

13:38:00.0319 6648 NTIDrvr - ok

13:38:00.0351 6648 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

13:38:00.0351 6648 Null - ok

13:38:00.0406 6648 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

13:38:00.0409 6648 nvraid - ok

13:38:00.0454 6648 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

13:38:00.0456 6648 nvstor - ok

13:38:00.0486 6648 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

13:38:00.0489 6648 nv_agp - ok

13:38:00.0534 6648 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

13:38:00.0534 6648 ohci1394 - ok

13:38:00.0564 6648 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

13:38:00.0564 6648 Parport - ok

13:38:00.0621 6648 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

13:38:00.0624 6648 partmgr - ok

13:38:00.0681 6648 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

13:38:00.0684 6648 pci - ok

13:38:00.0711 6648 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

13:38:00.0711 6648 pciide - ok

13:38:00.0729 6648 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

13:38:00.0731 6648 pcmcia - ok

13:38:00.0761 6648 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

13:38:00.0761 6648 pcw - ok

13:38:00.0816 6648 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

13:38:00.0826 6648 PEAUTH - ok

13:38:00.0894 6648 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

13:38:00.0894 6648 PptpMiniport - ok

13:38:00.0904 6648 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

13:38:00.0904 6648 Processor - ok

13:38:00.0951 6648 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

13:38:00.0954 6648 Psched - ok

13:38:01.0001 6648 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

13:38:01.0014 6648 ql2300 - ok

13:38:01.0034 6648 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

13:38:01.0036 6648 ql40xx - ok

13:38:01.0049 6648 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

13:38:01.0049 6648 QWAVEdrv - ok

13:38:01.0244 6648 RapportCerberus_32301 (f3de80c63bb10edc5aa92fc16edc6e23) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_32301.sys

13:38:01.0246 6648 RapportCerberus_32301 - ok

13:38:01.0476 6648 RapportEI64 (c3c5f9517aac5848ffb7f66040780c3c) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys

13:38:01.0476 6648 RapportEI64 - ok

13:38:01.0604 6648 RapportKE64 (f6cd072af2e424cd4ff82194e36a6f3c) C:\Windows\system32\Drivers\RapportKE64.sys

13:38:01.0604 6648 RapportKE64 - ok

13:38:01.0649 6648 RapportPG64 (819e5a7e3729273c252ae35f9e5e0bc8) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys

13:38:01.0649 6648 RapportPG64 - ok

13:38:01.0681 6648 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

13:38:01.0681 6648 RasAcd - ok

13:38:01.0716 6648 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

13:38:01.0719 6648 RasAgileVpn - ok

13:38:01.0751 6648 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:38:01.0754 6648 Rasl2tp - ok

13:38:01.0776 6648 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

13:38:01.0779 6648 RasPppoe - ok

13:38:01.0796 6648 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

13:38:01.0799 6648 RasSstp - ok

13:38:01.0831 6648 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

13:38:01.0849 6648 rdbss - ok

13:38:01.0861 6648 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

13:38:01.0864 6648 rdpbus - ok

13:38:01.0886 6648 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:38:01.0889 6648 RDPCDD - ok

13:38:01.0909 6648 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

13:38:01.0909 6648 RDPENCDD - ok

13:38:01.0919 6648 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

13:38:01.0921 6648 RDPREFMP - ok

13:38:01.0966 6648 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

13:38:01.0971 6648 RDPWD - ok

13:38:02.0019 6648 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

13:38:02.0021 6648 rdyboost - ok

13:38:02.0081 6648 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

13:38:02.0084 6648 rspndr - ok

13:38:02.0124 6648 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

13:38:02.0126 6648 sbp2port - ok

13:38:02.0184 6648 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

13:38:02.0184 6648 scfilter - ok

13:38:02.0214 6648 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

13:38:02.0214 6648 secdrv - ok

13:38:02.0246 6648 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

13:38:02.0246 6648 Serenum - ok

13:38:02.0256 6648 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

13:38:02.0259 6648 Serial - ok

13:38:02.0294 6648 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

13:38:02.0296 6648 sermouse - ok

13:38:02.0326 6648 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

13:38:02.0326 6648 sffdisk - ok

13:38:02.0344 6648 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

13:38:02.0344 6648 sffp_mmc - ok

13:38:02.0361 6648 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

13:38:02.0361 6648 sffp_sd - ok

13:38:02.0381 6648 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

13:38:02.0381 6648 sfloppy - ok

13:38:02.0411 6648 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

13:38:02.0414 6648 SiSRaid2 - ok

13:38:02.0431 6648 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

13:38:02.0431 6648 SiSRaid4 - ok

13:38:02.0464 6648 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

13:38:02.0466 6648 Smb - ok

13:38:02.0501 6648 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

13:38:02.0501 6648 spldr - ok

13:38:02.0564 6648 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

13:38:02.0569 6648 srv - ok

13:38:02.0601 6648 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

13:38:02.0606 6648 srv2 - ok

13:38:02.0644 6648 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

13:38:02.0646 6648 srvnet - ok

13:38:02.0671 6648 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

13:38:02.0674 6648 stexstor - ok

13:38:02.0716 6648 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

13:38:02.0716 6648 swenum - ok

13:38:02.0864 6648 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

13:38:02.0879 6648 Tcpip - ok

13:38:02.0954 6648 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

13:38:02.0969 6648 TCPIP6 - ok

13:38:03.0016 6648 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

13:38:03.0019 6648 tcpipreg - ok

13:38:03.0034 6648 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

13:38:03.0036 6648 TDPIPE - ok

13:38:03.0051 6648 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

13:38:03.0054 6648 TDTCP - ok

13:38:03.0099 6648 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

13:38:03.0101 6648 tdx - ok

13:38:03.0169 6648 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

13:38:03.0171 6648 TermDD - ok

13:38:03.0224 6648 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:38:03.0226 6648 tssecsrv - ok

13:38:03.0256 6648 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

13:38:03.0259 6648 TsUsbFlt - ok

13:38:03.0314 6648 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

13:38:03.0316 6648 tunnel - ok

13:38:03.0341 6648 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

13:38:03.0344 6648 uagp35 - ok

13:38:03.0376 6648 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys

13:38:03.0376 6648 UBHelper - ok

13:38:03.0416 6648 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

13:38:03.0421 6648 udfs - ok

13:38:03.0464 6648 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

13:38:03.0466 6648 uliagpkx - ok

13:38:03.0511 6648 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

13:38:03.0514 6648 umbus - ok

13:38:03.0526 6648 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

13:38:03.0529 6648 UmPass - ok

13:38:03.0581 6648 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

13:38:03.0584 6648 usbaudio - ok

13:38:03.0619 6648 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

13:38:03.0621 6648 usbccgp - ok

13:38:03.0669 6648 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

13:38:03.0671 6648 usbcir - ok

13:38:03.0694 6648 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

13:38:03.0696 6648 usbehci - ok

13:38:03.0726 6648 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

13:38:03.0731 6648 usbhub - ok

13:38:03.0764 6648 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

13:38:03.0766 6648 usbohci - ok

13:38:03.0814 6648 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

13:38:03.0816 6648 usbprint - ok

13:38:03.0844 6648 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

13:38:03.0844 6648 usbscan - ok

13:38:03.0874 6648 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS

13:38:03.0876 6648 USBSTOR - ok

13:38:03.0911 6648 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

13:38:03.0911 6648 usbuhci - ok

13:38:03.0954 6648 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

13:38:03.0956 6648 vdrvroot - ok

13:38:03.0989 6648 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

13:38:03.0991 6648 vga - ok

13:38:04.0014 6648 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

13:38:04.0016 6648 VgaSave - ok

13:38:04.0059 6648 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

13:38:04.0061 6648 vhdmp - ok

13:38:04.0094 6648 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

13:38:04.0096 6648 viaide - ok

13:38:04.0124 6648 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

13:38:04.0126 6648 volmgr - ok

13:38:04.0176 6648 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

13:38:04.0181 6648 volmgrx - ok

13:38:04.0226 6648 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

13:38:04.0229 6648 volsnap - ok

13:38:04.0264 6648 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

13:38:04.0266 6648 vsmraid - ok

13:38:04.0291 6648 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

13:38:04.0291 6648 vwifibus - ok

13:38:04.0304 6648 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

13:38:04.0304 6648 WacomPen - ok

13:38:04.0356 6648 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

13:38:04.0359 6648 WANARP - ok

13:38:04.0376 6648 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

13:38:04.0379 6648 Wanarpv6 - ok

13:38:04.0401 6648 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

13:38:04.0404 6648 Wd - ok

13:38:04.0439 6648 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

13:38:04.0444 6648 Wdf01000 - ok

13:38:04.0481 6648 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

13:38:04.0481 6648 WfpLwf - ok

13:38:04.0496 6648 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

13:38:04.0496 6648 WIMMount - ok

13:38:04.0541 6648 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

13:38:04.0544 6648 WinUsb - ok

13:38:04.0584 6648 WmBEnum (e7f4937b613b1e4294100c9d4efc36a9) C:\Windows\system32\drivers\WmBEnum.sys

13:38:04.0586 6648 WmBEnum - ok

13:38:04.0611 6648 WmFilter (6f6f2b263002b243d3501c7e6c8fc11d) C:\Windows\system32\drivers\WmFilter.sys

13:38:04.0611 6648 WmFilter - ok

13:38:04.0626 6648 WmHidLo (1584f8d5fdfe44c03dba85a2106b937f) C:\Windows\system32\drivers\WmHidLo.sys

13:38:04.0629 6648 WmHidLo - ok

13:38:04.0639 6648 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

13:38:04.0639 6648 WmiAcpi - ok

13:38:04.0664 6648 WmVirHid (52b4fcc6afaec0ffd80bda63f9b140cd) C:\Windows\system32\drivers\WmVirHid.sys

13:38:04.0664 6648 WmVirHid - ok

13:38:04.0679 6648 WmXlCore (395b3e7fba81bdc4501641b3b2cf2e20) C:\Windows\system32\drivers\WmXlCore.sys

13:38:04.0679 6648 WmXlCore - ok

13:38:04.0706 6648 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

13:38:04.0706 6648 ws2ifsl - ok

13:38:04.0746 6648 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

13:38:04.0749 6648 WudfPf - ok

13:38:04.0786 6648 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:38:04.0789 6648 WUDFRd - ok

13:38:04.0831 6648 MBR (0x1B8) (950dcd2e3db597e6b62b2b7124557fec) \Device\Harddisk0\DR0

13:38:04.0831 6648 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

13:38:04.0831 6648 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

13:38:04.0844 6648 Boot (0x1200) (1e85dfaf3a8c21d9eb1d920c2dda6c6e) \Device\Harddisk0\DR0\Partition0

13:38:04.0844 6648 \Device\Harddisk0\DR0\Partition0 - ok

13:38:04.0851 6648 Boot (0x1200) (99fd877a33fcf1b84ba7cfa8101d7381) \Device\Harddisk0\DR0\Partition1

13:38:04.0851 6648 \Device\Harddisk0\DR0\Partition1 - ok

13:38:04.0851 6648 ============================================================

13:38:04.0851 6648 Scan finished

13:38:04.0851 6648 ============================================================

13:38:04.0861 4808 Detected object count: 1

13:38:04.0861 4808 Actual detected object count: 1

13:39:26.0441 4808 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

13:39:26.0441 4808 \Device\Harddisk0\DR0 - ok

13:39:26.0444 4808 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

13:39:37.0276 5360 Deinitialize success

mbam-log-2011-11-30 (12-52-57).txt

Link to post
Share on other sites

Hi, I am glad to hear that! :) Lets do some last steps.

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

  • Download the latest version of Java Runtime Environment (JRE) Version 7u1.
  • Look for "JDK 7u1 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe

    [*]Save it to your desktop

    [*]Close any programs you may have running - especially your web browser.

    [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

    [*]Reboot your computer once all Java components are removed.

    [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Link to post
Share on other sites

The only thing active that was detected was a malicious firefox extension. :)

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Hiding Hidden Files

Please set your system to hide all hidden files.

  • Click Start, open My Computer, select the Tools menu and click Folder Options.
  • Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
  • Check: Hide file extensions for known file types
  • Check the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.

Purging System Restore Points

Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.