Jump to content

Still infected with soemthing


Recommended Posts

I have run the following programs...

TDSS Killer - Found Rootkit.Win32.BackBoot.gen - Removed it and rebooted

SuperAntiSpyware - Pup.Start Now Toolbar

ComboFix.exe - removed several files and rebooted the computer

dds.com - see attached reports

Malwarebytes - nothing found

Malwarebytes - is currently blocking outgoing to 206.161.121.xxx

a whois on that domain is registered in Henton VA

Does anyone else see any glaring issues that would be causing outgoing traffic? If not I will run for the next couple of hours and if still there, will wipe the computer and reinstall the OS (just would like to save myself the 8 hour process with all the WIndows Updates).

Thanks for your assistance.

Attach.txt

DDS.txt

Link to post
Share on other sites

Since I posted, did a little more searching... GMER found the following Rootkit activity...

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-03-14 14:33:52

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 ST980813ASG rev.3.ADD

Running: h2ys02r2.exe; Driver: C:\DOCUME~1\mabraun\LOCALS~1\Temp\kwlyraod.sys

---- System - GMER 1.0.15 ----

SSDT 89FF3F10 ZwAlertResumeThread

SSDT 89FF3FD0 ZwAlertThread

SSDT 8A073F00 ZwAllocateVirtualMemory

SSDT 8A05D670 ZwConnectPort

SSDT Lbd.sys ZwCreateKey [0xBA0F887E]

SSDT 89FFAE78 ZwCreateMutant

SSDT 89FFA610 ZwCreateThread

SSDT 8A127118 ZwFreeVirtualMemory

SSDT 89FFAF48 ZwImpersonateAnonymousToken

SSDT 89FF3E50 ZwImpersonateThread

SSDT 8A0672B8 ZwMapViewOfSection

SSDT 8A06ED40 ZwOpenEvent

SSDT 8A073FD0 ZwOpenProcessToken

SSDT 8A39F590 ZwOpenThreadToken

SSDT 8A6B67D8 ZwResumeThread

SSDT 8A39F4D0 ZwSetContextThread

SSDT 8A4B4058 ZwSetInformationProcess

SSDT 8A064D28 ZwSetInformationThread

SSDT Lbd.sys ZwSetValueKey [0xBA0F8BFE]

SSDT 8A06EC80 ZwSuspendProcess

SSDT 8A063E10 ZwSuspendThread

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA773B640]

SSDT 8A064C68 ZwTerminateThread

SSDT 8A4B4128 ZwUnmapViewOfSection

SSDT 8A05B328 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? Lbd.sys The system cannot find the file specified. !

? Combo-Fix.sys The system cannot find the file specified. !

? C:\ComboFix\catchme.sys The system cannot find the path specified. !

? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

? C:\DOCUME~1\mabraun\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1436] kernel32.dll!WriteFile 7C810E27 5 Bytes JMP 0092000C

.text C:\WINDOWS\System32\svchost.exe[1436] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 020D000A

.text C:\WINDOWS\System32\svchost.exe[1436] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 0266000A

.text C:\WINDOWS\System32\svchost.exe[1436] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 031E000A

.text C:\WINDOWS\System32\svchost.exe[1436] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 00B6000A

.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[4164] kernel32.dll!WriteFile 7C810E27 5 Bytes JMP 00B3000C

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A58E2C6

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8A58E2C6

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A58E2C6

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8A58E2C6

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- Processes - GMER 1.0.15 ----

Library C:\Program (*** hidden *** ) @ C:\WINDOWS\explorer.exe [2268] 0x03AC0000

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

will post more if I find a solution before someone else gets to helping.

thanks for your assistance

Link to post
Share on other sites

Downloaded a newer version of TDSSKiller.... and it found yet another... Rootkit.Boot.Pihar.b.... here is the log

15:02:59.0218 4424 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43

15:02:59.0234 4424 ============================================================

15:02:59.0234 4424 Current date / time: 2012/03/14 15:02:59.0234

15:02:59.0234 4424 SystemInfo:

15:02:59.0234 4424

15:02:59.0234 4424 OS Version: 5.1.2600 ServicePack: 3.0

15:02:59.0234 4424 Product type: Workstation

15:02:59.0234 4424 ComputerName: CHEM-STOCKROAM

15:02:59.0250 4424 UserName: mabraun

15:02:59.0250 4424 Windows directory: C:\WINDOWS

15:02:59.0250 4424 System windows directory: C:\WINDOWS

15:02:59.0250 4424 Processor architecture: Intel x86

15:02:59.0250 4424 Number of processors: 2

15:02:59.0250 4424 Page size: 0x1000

15:02:59.0250 4424 Boot type: Normal boot

15:02:59.0250 4424 ============================================================

15:03:00.0937 4424 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0',

Flags 0x00000054

15:03:00.0937 4424 Drive \Device\Harddisk1\DR3 - Size: 0x1E0BFFE00 (7.51 Gb), SectorSize: 0x200, Cylinders: 0x3D4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

15:03:00.0937 4424 \Device\Harddisk0\DR0:

15:03:00.0937 4424 MBR used

15:03:00.0937 4424 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0x94EAFF8

15:03:00.0937 4424 \Device\Harddisk1\DR3:

15:03:00.0937 4424 MBR used

15:03:00.0937 4424 \Device\Harddisk1\DR3\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xF05FDF

15:03:01.0000 4424 Initialize success

15:03:01.0000 4424 ============================================================

15:03:02.0875 4604 ============================================================

15:03:02.0875 4604 Scan started

15:03:02.0875 4604 Mode: Manual;

15:03:02.0875 4604 ============================================================

15:03:03.0484 4604 Abiosdsk - ok

15:03:03.0531 4604 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

15:03:03.0531 4604 abp480n5 - ok

15:03:03.0578 4604 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

15:03:03.0578 4604 ACPI - ok

15:03:03.0625 4604 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

15:03:03.0640 4604 ACPIEC - ok

15:03:03.0671 4604 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

15:03:03.0687 4604 adpu160m - ok

15:03:03.0718 4604 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

15:03:03.0734 4604 aec - ok

15:03:03.0781 4604 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

15:03:03.0781 4604 AFD - ok

15:03:03.0828 4604 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

15:03:03.0828 4604 agp440 - ok

15:03:03.0890 4604 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

15:03:03.0890 4604 agpCPQ - ok

15:03:03.0906 4604 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

15:03:03.0921 4604 Aha154x - ok

15:03:03.0937 4604 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

15:03:03.0953 4604 aic78u2 - ok

15:03:04.0000 4604 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

15:03:04.0000 4604 aic78xx - ok

15:03:04.0031 4604 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

15:03:04.0031 4604 AliIde - ok

15:03:04.0078 4604 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

15:03:04.0078 4604 alim1541 - ok

15:03:04.0093 4604 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

15:03:04.0109 4604 amdagp - ok

15:03:04.0140 4604 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

15:03:04.0156 4604 amsint - ok

15:03:04.0187 4604 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

15:03:04.0187 4604 ApfiltrService - ok

15:03:04.0218 4604 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

15:03:04.0218 4604 APPDRV - ok

15:03:04.0265 4604 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

15:03:04.0265 4604 Arp1394 - ok

15:03:04.0281 4604 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

15:03:04.0281 4604 asc - ok

15:03:04.0312 4604 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

15:03:04.0312 4604 asc3350p - ok

15:03:04.0343 4604 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

15:03:04.0359 4604 asc3550 - ok

15:03:04.0406 4604 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

15:03:04.0406 4604 AsyncMac - ok

15:03:04.0437 4604 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

15:03:04.0437 4604 atapi - ok

15:03:04.0453 4604 Atdisk - ok

15:03:04.0468 4604 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

15:03:04.0484 4604 Atmarpc - ok

15:03:04.0500 4604 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

15:03:04.0500 4604 audstub - ok

15:03:04.0531 4604 b57w2k (71509c9db1a4b2c05141563fbe3e18a0) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

15:03:04.0531 4604 b57w2k - ok

15:03:04.0578 4604 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys

15:03:04.0578 4604 BASFND - ok

15:03:04.0656 4604 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

15:03:04.0703 4604 BCM43XX - ok

15:03:04.0718 4604 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

15:03:04.0718 4604 Beep - ok

15:03:04.0765 4604 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys

15:03:04.0765 4604 BrScnUsb - ok

15:03:04.0828 4604 BrSerIf (d48c13f4a409aee8dafaddac81e34557) C:\WINDOWS\system32\Drivers\BrSerIf.sys

15:03:04.0828 4604 BrSerIf - ok

15:03:04.0859 4604 BrUsbSer (8fa0ac830a8312912a3aa0c0431cba0d) C:\WINDOWS\system32\Drivers\BrUsbSer.sys

15:03:04.0859 4604 BrUsbSer - ok

15:03:04.0859 4604 catchme - ok

15:03:04.0906 4604 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

15:03:04.0921 4604 cbidf - ok

15:03:04.0937 4604 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

15:03:04.0937 4604 cbidf2k - ok

15:03:04.0953 4604 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

15:03:04.0968 4604 cd20xrnt - ok

15:03:04.0984 4604 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

15:03:04.0984 4604 Cdaudio - ok

15:03:05.0046 4604 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

15:03:05.0046 4604 Cdfs - ok

15:03:05.0078 4604 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

15:03:05.0078 4604 Cdrom - ok

15:03:05.0093 4604 Changer - ok

15:03:05.0125 4604 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

15:03:05.0125 4604 CmBatt - ok

15:03:05.0140 4604 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

15:03:05.0156 4604 CmdIde - ok

15:03:05.0171 4604 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

15:03:05.0171 4604 Compbatt - ok

15:03:05.0203 4604 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

15:03:05.0218 4604 Cpqarray - ok

15:03:05.0250 4604 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

15:03:05.0250 4604 dac2w2k - ok

15:03:05.0265 4604 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

15:03:05.0281 4604 dac960nt - ok

15:03:05.0312 4604 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

15:03:05.0312 4604 Disk - ok

15:03:05.0343 4604 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS

15:03:05.0343 4604 DLABMFSM - ok

15:03:05.0359 4604 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS

15:03:05.0359 4604 DLABOIOM - ok

15:03:05.0375 4604 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

15:03:05.0375 4604 DLACDBHM - ok

15:03:05.0406 4604 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS

15:03:05.0406 4604 DLADResM - ok

15:03:05.0437 4604 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS

15:03:05.0437 4604 DLAIFS_M - ok

15:03:05.0453 4604 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS

15:03:05.0453 4604 DLAOPIOM - ok

15:03:05.0484 4604 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS

15:03:05.0484 4604 DLAPoolM - ok

15:03:05.0546 4604 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS

15:03:05.0546 4604 DLARTL_M - ok

15:03:05.0562 4604 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS

15:03:05.0578 4604 DLAUDFAM - ok

15:03:05.0609 4604 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS

15:03:05.0609 4604 DLAUDF_M - ok

15:03:05.0656 4604 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

15:03:05.0718 4604 dmboot - ok

15:03:05.0750 4604 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

15:03:05.0750 4604 dmio - ok

15:03:05.0765 4604 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

15:03:05.0781 4604 dmload - ok

15:03:05.0812 4604 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

15:03:05.0812 4604 DMusic - ok

15:03:05.0843 4604 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

15:03:05.0843 4604 dpti2o - ok

15:03:05.0875 4604 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

15:03:05.0875 4604 drmkaud - ok

15:03:05.0906 4604 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

15:03:05.0906 4604 DRVMCDB - ok

15:03:06.0015 4604 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

15:03:06.0015 4604 DRVNDDM - ok

15:03:06.0187 4604 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys

15:03:06.0187 4604 DXEC01 - ok

15:03:06.0296 4604 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

15:03:06.0312 4604 E100B - ok

15:03:06.0390 4604 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

15:03:06.0390 4604 eeCtrl - ok

15:03:06.0421 4604 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

15:03:06.0421 4604 EraserUtilRebootDrv - ok

15:03:06.0515 4604 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

15:03:06.0515 4604 Fastfat - ok

15:03:06.0531 4604 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

15:03:06.0531 4604 Fdc - ok

15:03:06.0562 4604 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

15:03:06.0562 4604 Fips - ok

15:03:06.0578 4604 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

15:03:06.0593 4604 Flpydisk - ok

15:03:06.0640 4604 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

15:03:06.0640 4604 FltMgr - ok

15:03:06.0687 4604 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

15:03:06.0687 4604 Fs_Rec - ok

15:03:06.0734 4604 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

15:03:06.0734 4604 Ftdisk - ok

15:03:06.0765 4604 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

15:03:06.0765 4604 GEARAspiWDM - ok

15:03:06.0796 4604 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

15:03:06.0796 4604 Gpc - ok

15:03:06.0859 4604 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

15:03:06.0859 4604 HDAudBus - ok

15:03:06.0890 4604 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

15:03:06.0890 4604 HidUsb - ok

15:03:06.0937 4604 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

15:03:06.0937 4604 hpn - ok

15:03:06.0984 4604 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

15:03:06.0984 4604 HSFHWAZL - ok

15:03:07.0031 4604 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

15:03:07.0078 4604 HSF_DPV - ok

15:03:07.0125 4604 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

15:03:07.0125 4604 HTTP - ok

15:03:07.0156 4604 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

15:03:07.0156 4604 i2omgmt - ok

15:03:07.0171 4604 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

15:03:07.0171 4604 i2omp - ok

15:03:07.0187 4604 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

15:03:07.0203 4604 i8042prt - ok

15:03:07.0375 4604 ialm (8b998e6c0aebbaecd6da33df947695d3) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

15:03:07.0515 4604 ialm - ok

15:03:07.0578 4604 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

15:03:07.0578 4604 Imapi - ok

15:03:07.0609 4604 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

15:03:07.0609 4604 ini910u - ok

15:03:07.0656 4604 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

15:03:07.0656 4604 IntelIde - ok

15:03:07.0687 4604 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

15:03:07.0703 4604 intelppm - ok

15:03:07.0718 4604 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

15:03:07.0718 4604 Ip6Fw - ok

15:03:07.0734 4604 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

15:03:07.0734 4604 IpFilterDriver - ok

15:03:07.0765 4604 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

15:03:07.0765 4604 IpInIp - ok

15:03:07.0781 4604 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

15:03:07.0781 4604 IpNat - ok

15:03:07.0828 4604 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

15:03:07.0828 4604 IPSec - ok

15:03:07.0843 4604 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

15:03:07.0859 4604 IRENUM - ok

15:03:07.0890 4604 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

15:03:07.0890 4604 isapnp - ok

15:03:07.0937 4604 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

15:03:07.0937 4604 Kbdclass - ok

15:03:07.0968 4604 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

15:03:07.0968 4604 kbdhid - ok

15:03:08.0000 4604 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

15:03:08.0000 4604 kmixer - ok

15:03:08.0031 4604 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

15:03:08.0031 4604 KSecDD - ok

15:03:08.0046 4604 Lbd - ok

15:03:08.0062 4604 lbrtfdc - ok

15:03:08.0140 4604 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

15:03:08.0140 4604 MBAMProtector - ok

15:03:08.0171 4604 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

15:03:08.0187 4604 mdmxsdk - ok

15:03:08.0234 4604 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

15:03:08.0234 4604 mnmdd - ok

15:03:08.0296 4604 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

15:03:08.0296 4604 Modem - ok

15:03:08.0312 4604 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

15:03:08.0328 4604 Mouclass - ok

15:03:08.0359 4604 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

15:03:08.0359 4604 mouhid - ok

15:03:08.0406 4604 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

15:03:08.0406 4604 MountMgr - ok

15:03:08.0437 4604 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

15:03:08.0437 4604 mraid35x - ok

15:03:08.0468 4604 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

15:03:08.0468 4604 MRxDAV - ok

15:03:08.0515 4604 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

15:03:08.0531 4604 MRxSmb - ok

15:03:08.0578 4604 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

15:03:08.0578 4604 Msfs - ok

15:03:08.0609 4604 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

15:03:08.0609 4604 MSKSSRV - ok

15:03:08.0640 4604 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

15:03:08.0640 4604 MSPCLOCK - ok

15:03:08.0656 4604 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

15:03:08.0671 4604 MSPQM - ok

15:03:08.0703 4604 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

15:03:08.0703 4604 mssmbios - ok

15:03:08.0750 4604 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

15:03:08.0765 4604 Mup - ok

15:03:08.0796 4604 mvusbews (b9df137953a5280eddbd4a705ca093a2) C:\WINDOWS\system32\Drivers\mvusbews.sys

15:03:08.0796 4604 mvusbews - ok

15:03:08.0890 4604 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120313.020\NAVENG.SYS

15:03:08.0890 4604 NAVENG - ok

15:03:08.0953 4604 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120313.020\NAVEX15.SYS

15:03:08.0968 4604 NAVEX15 - ok

15:03:09.0062 4604 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

15:03:09.0062 4604 NDIS - ok

15:03:09.0093 4604 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

15:03:09.0109 4604 NdisTapi - ok

15:03:09.0125 4604 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

15:03:09.0125 4604 Ndisuio - ok

15:03:09.0171 4604 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

15:03:09.0187 4604 NdisWan - ok

15:03:09.0218 4604 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

15:03:09.0218 4604 NDProxy - ok

15:03:09.0234 4604 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

15:03:09.0250 4604 NetBIOS - ok

15:03:09.0265 4604 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

15:03:09.0265 4604 NetBT - ok

15:03:09.0296 4604 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

15:03:09.0296 4604 NIC1394 - ok

15:03:09.0359 4604 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

15:03:09.0359 4604 Npfs - ok

15:03:09.0390 4604 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

15:03:09.0406 4604 Ntfs - ok

15:03:09.0437 4604 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

15:03:09.0453 4604 NuidFltr - ok

15:03:09.0468 4604 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

15:03:09.0468 4604 Null - ok

15:03:09.0546 4604 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

15:03:09.0640 4604 nv - ok

15:03:09.0656 4604 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

15:03:09.0656 4604 NwlnkFlt - ok

15:03:09.0687 4604 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

15:03:09.0687 4604 NwlnkFwd - ok

15:03:09.0734 4604 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

15:03:09.0734 4604 ohci1394 - ok

15:03:09.0765 4604 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

15:03:09.0781 4604 Parport - ok

15:03:09.0796 4604 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

15:03:09.0796 4604 PartMgr - ok

15:03:09.0812 4604 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

15:03:09.0828 4604 ParVdm - ok

15:03:09.0859 4604 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys

15:03:09.0859 4604 PBADRV - ok

15:03:09.0937 4604 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

15:03:09.0937 4604 PCI - ok

15:03:09.0937 4604 PCIDump - ok

15:03:09.0968 4604 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

15:03:09.0968 4604 PCIIde - ok

15:03:10.0000 4604 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

15:03:10.0000 4604 Pcmcia - ok

15:03:10.0000 4604 PDCOMP - ok

15:03:10.0015 4604 PDFRAME - ok

15:03:10.0015 4604 PDRELI - ok

15:03:10.0031 4604 PDRFRAME - ok

15:03:10.0046 4604 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

15:03:10.0046 4604 perc2 - ok

15:03:10.0078 4604 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

15:03:10.0078 4604 perc2hib - ok

15:03:10.0125 4604 Point32 (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys

15:03:10.0140 4604 Point32 - ok

15:03:10.0171 4604 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

15:03:10.0171 4604 PptpMiniport - ok

15:03:10.0187 4604 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

15:03:10.0203 4604 PSched - ok

15:03:10.0218 4604 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

15:03:10.0234 4604 Ptilink - ok

15:03:10.0265 4604 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

15:03:10.0265 4604 PxHelp20 - ok

15:03:10.0296 4604 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

15:03:10.0296 4604 ql1080 - ok

15:03:10.0312 4604 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

15:03:10.0312 4604 Ql10wnt - ok

15:03:10.0343 4604 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

15:03:10.0343 4604 ql12160 - ok

15:03:10.0375 4604 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

15:03:10.0375 4604 ql1240 - ok

15:03:10.0390 4604 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

15:03:10.0406 4604 ql1280 - ok

15:03:10.0437 4604 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

15:03:10.0437 4604 RasAcd - ok

15:03:10.0484 4604 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

15:03:10.0484 4604 Rasl2tp - ok

15:03:10.0515 4604 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

15:03:10.0515 4604 RasPppoe - ok

15:03:10.0546 4604 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

15:03:10.0546 4604 Raspti - ok

15:03:10.0578 4604 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

15:03:10.0578 4604 Rdbss - ok

15:03:10.0625 4604 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

15:03:10.0625 4604 RDPCDD - ok

15:03:10.0656 4604 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

15:03:10.0656 4604 rdpdr - ok

15:03:10.0703 4604 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

15:03:10.0718 4604 RDPWD - ok

15:03:10.0750 4604 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

15:03:10.0765 4604 redbook - ok

15:03:10.0859 4604 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

15:03:10.0859 4604 SASDIFSV - ok

15:03:10.0859 4604 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

15:03:10.0875 4604 SASKUTIL - ok

15:03:10.0968 4604 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

15:03:10.0984 4604 Secdrv - ok

15:03:11.0031 4604 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

15:03:11.0031 4604 serenum - ok

15:03:11.0046 4604 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

15:03:11.0062 4604 Serial - ok

15:03:11.0078 4604 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

15:03:11.0093 4604 Sfloppy - ok

15:03:11.0109 4604 Simbad - ok

15:03:11.0140 4604 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

15:03:11.0140 4604 sisagp - ok

15:03:11.0187 4604 SmartDefragDriver (14bb60a4f1c5291217a05d5728c403e6) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys

15:03:11.0187 4604 SmartDefragDriver - ok

15:03:11.0218 4604 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

15:03:11.0234 4604 Sparrow - ok

15:03:11.0406 4604 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

15:03:11.0406 4604 SPBBCDrv - ok

15:03:11.0468 4604 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

15:03:11.0468 4604 splitter - ok

15:03:11.0484 4604 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

15:03:11.0500 4604 sr - ok

15:03:11.0546 4604 SRTSP (5a293729e1f9fce3a2106d1f5dc5e98a) C:\WINDOWS\system32\Drivers\SRTSP.SYS

15:03:11.0546 4604 SRTSP - ok

15:03:11.0562 4604 SRTSPL (0ddb7fba32be09d8057063c0cee24137) C:\WINDOWS\system32\Drivers\SRTSPL.SYS

15:03:11.0578 4604 SRTSPL - ok

15:03:11.0609 4604 SRTSPX (a99719dfb61b61aa5026341bbb733c0a) C:\WINDOWS\system32\Drivers\SRTSPX.SYS

15:03:11.0609 4604 SRTSPX - ok

15:03:11.0640 4604 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

15:03:11.0656 4604 Srv - ok

15:03:11.0718 4604 STHDA (58f855684e163466a5c565adf0865536) C:\WINDOWS\system32\drivers\sthda.sys

15:03:11.0734 4604 STHDA - ok

15:03:11.0781 4604 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

15:03:11.0781 4604 swenum - ok

15:03:11.0843 4604 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

15:03:11.0843 4604 swmidi - ok

15:03:11.0875 4604 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

15:03:11.0890 4604 symc810 - ok

15:03:11.0906 4604 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

15:03:11.0921 4604 symc8xx - ok

15:03:11.0984 4604 SymEvent (e42a34e6f5ca71a84d4c2de620aad13d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

15:03:11.0984 4604 SymEvent - ok

15:03:12.0015 4604 SYMREDRV (394b2368212114d538316812af60fddd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS

15:03:12.0015 4604 SYMREDRV - ok

15:03:12.0062 4604 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\WINDOWS\System32\Drivers\SYMTDI.SYS

15:03:12.0062 4604 SYMTDI - ok

15:03:12.0093 4604 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

15:03:12.0093 4604 sym_hi - ok

15:03:12.0125 4604 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

15:03:12.0125 4604 sym_u3 - ok

15:03:12.0156 4604 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

15:03:12.0156 4604 sysaudio - ok

15:03:12.0203 4604 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

15:03:12.0218 4604 Tcpip - ok

15:03:12.0250 4604 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

15:03:12.0265 4604 TDPIPE - ok

15:03:12.0281 4604 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

15:03:12.0281 4604 TDTCP - ok

15:03:12.0312 4604 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

15:03:12.0312 4604 TermDD - ok

15:03:12.0343 4604 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

15:03:12.0343 4604 TosIde - ok

15:03:12.0390 4604 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

15:03:12.0390 4604 Udfs - ok

15:03:12.0421 4604 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

15:03:12.0421 4604 ultra - ok

15:03:12.0468 4604 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

15:03:12.0484 4604 Update - ok

15:03:12.0515 4604 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

15:03:12.0515 4604 usbccgp - ok

15:03:12.0546 4604 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

15:03:12.0562 4604 usbehci - ok

15:03:12.0593 4604 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

15:03:12.0593 4604 usbhub - ok

15:03:12.0625 4604 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

15:03:12.0625 4604 usbprint - ok

15:03:12.0656 4604 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

15:03:12.0656 4604 USBSTOR - ok

15:03:12.0671 4604 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

15:03:12.0687 4604 usbuhci - ok

15:03:12.0703 4604 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

15:03:12.0703 4604 VgaSave - ok

15:03:12.0734 4604 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

15:03:12.0734 4604 viaagp - ok

15:03:12.0750 4604 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

15:03:12.0765 4604 ViaIde - ok

15:03:12.0781 4604 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

15:03:12.0781 4604 VolSnap - ok

15:03:12.0812 4604 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

15:03:12.0812 4604 Wanarp - ok

15:03:12.0859 4604 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys

15:03:12.0859 4604 WaveFDE - ok

15:03:12.0890 4604 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys

15:03:12.0890 4604 WavxDMgr - ok

15:03:12.0953 4604 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

15:03:12.0953 4604 wceusbsh - ok

15:03:13.0000 4604 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

15:03:13.0000 4604 Wdf01000 - ok

15:03:13.0015 4604 WDICA - ok

15:03:13.0046 4604 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

15:03:13.0046 4604 wdmaud - ok

15:03:13.0093 4604 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

15:03:13.0093 4604 winachsf - ok

15:03:13.0156 4604 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys

15:03:13.0156 4604 WinUSB - ok

15:03:13.0218 4604 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

15:03:13.0218 4604 WmiAcpi - ok

15:03:13.0234 4604 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

15:03:13.0250 4604 WS2IFSL - ok

15:03:13.0296 4604 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

15:03:13.0296 4604 WudfPf - ok

15:03:13.0328 4604 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

15:03:13.0343 4604 WudfRd - ok

15:03:13.0375 4604 zumbus (ae279cd76b38fc079eec3ca6d65a5926) C:\WINDOWS\system32\DRIVERS\zumbus.sys

15:03:13.0375 4604 zumbus - ok

15:03:13.0390 4604 MBR (0x1B8) (faee7e40dfb0440ad2cfc39befa1f4c2) \Device\Harddisk0\DR0

15:03:13.0421 4604 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

15:03:13.0421 4604 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

15:03:13.0453 4604 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR3

15:03:26.0656 4604 \Device\Harddisk1\DR3 - ok

15:03:26.0687 4604 Boot (0x1200) (abad944c83832225061cf9c0d8326255) \Device\Harddisk0\DR0\Partition0

15:03:26.0687 4604 \Device\Harddisk0\DR0\Partition0 - ok

15:03:26.0687 4604 Boot (0x1200) (eb2ea23801cfaff4b54c39c248c4e4e9) \Device\Harddisk1\DR3\Partition0

15:03:26.0687 4604 \Device\Harddisk1\DR3\Partition0 - ok

15:03:26.0687 4604 ============================================================

15:03:26.0687 4604 Scan finished

15:03:26.0687 4604 ============================================================

15:03:26.0687 4596 Detected object count: 1

15:03:26.0687 4596 Actual detected object count: 1

15:03:51.0640 4596 \Device\Harddisk0\DR0\# - copied to quarantine

15:03:51.0640 4596 \Device\Harddisk0\DR0 - copied to quarantine

15:03:51.0765 4596 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

15:03:51.0796 4596 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

15:03:52.0203 4596 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

15:03:52.0234 4596 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

15:03:52.0265 4596 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

15:03:52.0328 4596 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

15:03:52.0343 4596 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

15:03:52.0343 4596 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

15:03:52.0390 4596 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

15:03:52.0390 4596 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

15:03:52.0390 4596 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

15:03:52.0406 4596 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

15:03:52.0437 4596 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

15:03:52.0437 4596 \Device\Harddisk0\DR0 - ok

15:03:52.0437 4596 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

15:04:23.0609 4172 Deinitialize success

Turning back on the network to see if Clickfraud is still there..... every other scan is coming up clean. I will be leaving for the day but will respond in the morning. IF there are other programs that I should run, please let me know and I will be happy to run them in the morning.

Thanks again for any follow up.

Link to post
Share on other sites

  • 1 month later...

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.