Jump to content

Malwarebytes

HiJack Log: svchost.exe Trogan.agent Please help...

- - - - -
Started by joseph3443, Feb 13 2012 02:19 AM


7 replies to this topic

#1
joseph3443
Posted 13 February 2012 - 02:19 AM

    New Member

  • Members
  • Pip
  • 3 posts
Got this virus and have been trying to get rid of it all day. Malwarebytes helped a little, but its still thriving. Any help at all would be great, thank you

DDS


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Joseph at 0:56:11 on 2012-02-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1918.967 [GMT -6:00]
.
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWow64\NOTEPAD.EXE
C:\Windows\SysWow64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
dPolicies-explorer: NoViewOnDrive = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-system: NoDispSettingsPage = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{61B11B6F-7F6B-497F-ABEE-28E0486A9DE5} : DhcpNameServer = 192.168.2.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\6tux2k27.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: keyword.enabled - 1
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 WRkrn;WRkrn;C:\Windows\system32\drivers\WRkrn.sys --> C:\Windows\system32\drivers\WRkrn.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-12 652360]
R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-11-8 288256]
R2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-11-8 1060352]
R2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-11-8 485376]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-12 136176]
S2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-2-12 648656]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-12 136176]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\DRIVERS\LVUSBS64.sys --> C:\Windows\system32\DRIVERS\LVUSBS64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
SUnknown JIpLMQIh;JIpLMQIh; [x]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-02-13 06:43:45 111592 -c--a-w- C:\Windows\System32\drivers\JIpLMQIh.sys
2012-02-13 06:43:35 20480 -c--a-w- C:\Windows\svchost.exe.vir
2012-02-13 05:44:05 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9A6C7948-45BB-4E48-AB15-D3ECBCE6E6CD}\offreg.dll
2012-02-13 02:21:16 -------- dc----w- C:\Users\Joseph\AppData\Roaming\Malwarebytes
2012-02-13 02:20:52 23152 -c--a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-13 02:20:52 -------- dc----w- C:\ProgramData\Malwarebytes
2012-02-13 02:20:52 -------- dc----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-13 01:49:50 97136 -c--a-w- C:\Windows\System32\WRusr.dll
2012-02-13 01:49:50 145528 -c--a-w- C:\Windows\SysWow64\WRusr.dll
2012-02-13 01:49:50 111592 -c--a-w- C:\Windows\System32\drivers\WRkrn.sys
2012-02-13 01:49:48 -------- dc----w- C:\Program Files\Webroot
2012-02-13 01:49:43 -------- dc----w- C:\ProgramData\WRData
2012-02-13 01:39:43 -------- dc----w- C:\ProgramData\Kaspersky Lab Setup Files
2012-02-13 00:36:42 -------- dc----w- C:\Program Files (x86)\Safer Networking
2012-02-12 20:32:05 -------- dc----w- C:\Users\Joseph\AppData\Local\Google
2012-02-12 19:05:49 -------- dc-h--w- C:\ProgramData\GFI Software
2012-02-12 19:01:51 -------- dc-h--w- C:\Program Files (x86)\GFI Software
2012-02-12 19:01:39 -------- dc-h--w- C:\Users\Joseph\AppData\Roaming\GFI Software
2012-02-12 18:54:12 -------- dc-h--w- C:\Program Files (x86)\FB0A9
2012-02-12 18:53:38 -------- dc-h--w- C:\Program Files (x86)\LP
2012-02-12 18:46:26 6656 -c-ha-w- C:\ProgramData\Microsoft\Windows\DRM\98A8.tmp
2012-02-12 18:46:26 6656 -c-ha-w- C:\ProgramData\Microsoft\Windows\DRM\9898.tmp
2012-02-06 09:16:12 -------- dc----w- C:\Program Files\iPod
2012-02-06 09:16:11 -------- dc----w- C:\Program Files\iTunes
2012-01-16 22:16:05 -------- dc----w- C:\Program Files (x86)\PricePeep
.
==================== Find3M ====================
.
2012-01-12 09:03:12 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-12 09:03:12 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-12 09:03:12 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-12 09:03:12 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-12 09:01:15 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-12 09:01:15 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-12 09:00:54 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-12 09:00:54 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2011-12-01 15:48:06 414368 -c--a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 0:56:39.85 ===============

Attached Files


#2
Elise
Posted 13 February 2012 - 02:50 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,720 posts
  • Gender:Female
  • Location:Romania
Hi and :welcome:

Lets first do a rootkit scan as well.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image

#3
joseph3443
Posted 13 February 2012 - 05:21 AM

    New Member

  • Members
  • Pip
  • 3 posts
Alright, here it is. It looks like it did the job, but you are the expert.


04:12:34.0952 1348 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
04:12:34.0968 1348 ============================================================
04:12:34.0968 1348 Current date / time: 2012/02/13 04:12:34.0968
04:12:34.0968 1348 SystemInfo:
04:12:34.0968 1348
04:12:34.0968 1348 OS Version: 6.1.7601 ServicePack: 1.0
04:12:34.0968 1348 Product type: Workstation
04:12:34.0968 1348 ComputerName: SETH
04:12:34.0968 1348 UserName: Joseph
04:12:34.0968 1348 Windows directory: C:\Windows
04:12:34.0968 1348 System windows directory: C:\Windows
04:12:34.0968 1348 Running under WOW64
04:12:34.0968 1348 Processor architecture: Intel x64
04:12:34.0968 1348 Number of processors: 1
04:12:34.0968 1348 Page size: 0x1000
04:12:34.0968 1348 Boot type: Safe boot
04:12:34.0968 1348 ============================================================
04:12:36.0091 1348 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
04:12:36.0107 1348 Drive \Device\Harddisk2\DR2 - Size: 0xEFBFFE00 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
04:12:36.0107 1348 \Device\Harddisk0\DR0:
04:12:36.0107 1348 MBR used
04:12:36.0107 1348 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
04:12:36.0107 1348 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x23BA8000
04:12:36.0107 1348 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23BDA800, BlocksNum 0x1853800
04:12:36.0107 1348 \Device\Harddisk2\DR2:
04:12:36.0107 1348 MBR used
04:12:36.0107 1348 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xB, StartLBA 0x26, BlocksNum 0x779FC2
04:12:36.0169 1348 Initialize success
04:12:36.0169 1348 ============================================================
04:13:37.0976 1552 ============================================================
04:13:37.0976 1552 Scan started
04:13:37.0976 1552 Mode: Manual;
04:13:37.0976 1552 ============================================================
04:13:38.0803 1552 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
04:13:38.0803 1552 1394ohci - ok
04:13:38.0881 1552 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
04:13:38.0881 1552 ACPI - ok
04:13:38.0897 1552 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
04:13:38.0897 1552 AcpiPmi - ok
04:13:39.0022 1552 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
04:13:39.0037 1552 adp94xx - ok
04:13:39.0084 1552 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
04:13:39.0084 1552 adpahci - ok
04:13:39.0146 1552 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
04:13:39.0146 1552 adpu320 - ok
04:13:39.0224 1552 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
04:13:39.0224 1552 AFD - ok
04:13:39.0302 1552 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
04:13:39.0302 1552 agp440 - ok
04:13:39.0365 1552 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
04:13:39.0365 1552 aliide - ok
04:13:39.0380 1552 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
04:13:39.0396 1552 amdide - ok
04:13:39.0427 1552 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
04:13:39.0443 1552 AmdK8 - ok
04:13:39.0458 1552 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
04:13:39.0458 1552 AmdPPM - ok
04:13:39.0490 1552 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
04:13:39.0490 1552 amdsata - ok
04:13:39.0521 1552 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
04:13:39.0521 1552 amdsbs - ok
04:13:39.0552 1552 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
04:13:39.0552 1552 amdxata - ok
04:13:39.0630 1552 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
04:13:39.0630 1552 AppID - ok
04:13:39.0755 1552 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
04:13:39.0770 1552 arc - ok
04:13:39.0802 1552 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
04:13:39.0802 1552 arcsas - ok
04:13:39.0848 1552 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
04:13:39.0848 1552 AsyncMac - ok
04:13:39.0880 1552 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
04:13:39.0880 1552 atapi - ok
04:13:39.0942 1552 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
04:13:39.0958 1552 b06bdrv - ok
04:13:40.0004 1552 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
04:13:40.0004 1552 b57nd60a - ok
04:13:40.0067 1552 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
04:13:40.0067 1552 Beep - ok
04:13:40.0176 1552 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
04:13:40.0176 1552 blbdrive - ok
04:13:40.0285 1552 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
04:13:40.0285 1552 bowser - ok
04:13:40.0316 1552 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
04:13:40.0316 1552 BrFiltLo - ok
04:13:40.0348 1552 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
04:13:40.0363 1552 BrFiltUp - ok
04:13:40.0426 1552 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
04:13:40.0426 1552 BridgeMP - ok
04:13:40.0535 1552 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
04:13:40.0535 1552 Brserid - ok
04:13:40.0550 1552 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
04:13:40.0550 1552 BrSerWdm - ok
04:13:40.0582 1552 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
04:13:40.0582 1552 BrUsbMdm - ok
04:13:40.0597 1552 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
04:13:40.0597 1552 BrUsbSer - ok
04:13:40.0644 1552 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
04:13:40.0644 1552 BTHMODEM - ok
04:13:40.0675 1552 catchme - ok
04:13:40.0722 1552 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
04:13:40.0722 1552 cdfs - ok
04:13:40.0800 1552 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
04:13:40.0800 1552 cdrom - ok
04:13:40.0894 1552 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
04:13:40.0894 1552 circlass - ok
04:13:40.0940 1552 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
04:13:40.0972 1552 CLFS - ok
04:13:41.0050 1552 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
04:13:41.0050 1552 CmBatt - ok
04:13:41.0065 1552 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
04:13:41.0065 1552 cmdide - ok
04:13:41.0096 1552 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
04:13:41.0096 1552 CNG - ok
04:13:41.0128 1552 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
04:13:41.0128 1552 Compbatt - ok
04:13:41.0174 1552 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
04:13:41.0174 1552 CompositeBus - ok
04:13:41.0206 1552 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
04:13:41.0206 1552 crcdisk - ok
04:13:41.0299 1552 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
04:13:41.0299 1552 DfsC - ok
04:13:41.0330 1552 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
04:13:41.0330 1552 discache - ok
04:13:41.0424 1552 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
04:13:41.0424 1552 Disk - ok
04:13:41.0471 1552 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
04:13:41.0471 1552 drmkaud - ok
04:13:41.0533 1552 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
04:13:41.0533 1552 DXGKrnl - ok
04:13:41.0908 1552 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
04:13:42.0313 1552 ebdrv - ok
04:13:42.0547 1552 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
04:13:42.0547 1552 elxstor - ok
04:13:42.0625 1552 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
04:13:42.0625 1552 ErrDev - ok
04:13:42.0688 1552 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
04:13:42.0703 1552 exfat - ok
04:13:42.0734 1552 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
04:13:42.0734 1552 fastfat - ok
04:13:42.0781 1552 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
04:13:42.0781 1552 fdc - ok
04:13:42.0828 1552 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
04:13:42.0828 1552 FileInfo - ok
04:13:42.0859 1552 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
04:13:42.0859 1552 Filetrace - ok
04:13:42.0890 1552 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
04:13:42.0890 1552 flpydisk - ok
04:13:42.0953 1552 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
04:13:42.0953 1552 FltMgr - ok
04:13:43.0000 1552 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
04:13:43.0000 1552 FsDepends - ok
04:13:43.0015 1552 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
04:13:43.0015 1552 Fs_Rec - ok
04:13:43.0093 1552 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
04:13:43.0093 1552 fvevol - ok
04:13:43.0156 1552 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
04:13:43.0156 1552 gagp30kx - ok
04:13:43.0171 1552 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
04:13:43.0171 1552 GEARAspiWDM - ok
04:13:43.0234 1552 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
04:13:43.0234 1552 hcw85cir - ok
04:13:43.0280 1552 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
04:13:43.0280 1552 HDAudBus - ok
04:13:43.0312 1552 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
04:13:43.0312 1552 HidBatt - ok
04:13:43.0327 1552 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
04:13:43.0327 1552 HidBth - ok
04:13:43.0358 1552 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
04:13:43.0358 1552 HidIr - ok
04:13:43.0405 1552 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
04:13:43.0405 1552 HidUsb - ok
04:13:43.0483 1552 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
04:13:43.0483 1552 HpSAMD - ok
04:13:43.0546 1552 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
04:13:43.0546 1552 HTTP - ok
04:13:43.0592 1552 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
04:13:43.0592 1552 hwpolicy - ok
04:13:43.0670 1552 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
04:13:43.0670 1552 i8042prt - ok
04:13:43.0748 1552 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
04:13:43.0764 1552 iaStorV - ok
04:13:43.0795 1552 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
04:13:43.0795 1552 iirsp - ok
04:13:43.0904 1552 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
04:13:43.0920 1552 IntcAzAudAddService - ok
04:13:43.0998 1552 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
04:13:43.0998 1552 intelide - ok
04:13:44.0045 1552 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
04:13:44.0045 1552 intelppm - ok
04:13:44.0092 1552 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:13:44.0092 1552 IpFilterDriver - ok
04:13:44.0123 1552 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
04:13:44.0123 1552 IPMIDRV - ok
04:13:44.0138 1552 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
04:13:44.0138 1552 IPNAT - ok
04:13:44.0232 1552 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
04:13:44.0232 1552 IRENUM - ok
04:13:44.0279 1552 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
04:13:44.0279 1552 isapnp - ok
04:13:44.0310 1552 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
04:13:44.0310 1552 iScsiPrt - ok
04:13:44.0404 1552 ivusb (2f9f76349bb8c578873a58c840ba0589) C:\Windows\system32\DRIVERS\ivusb.sys
04:13:44.0404 1552 ivusb - ok
04:13:44.0482 1552 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
04:13:44.0482 1552 kbdclass - ok
04:13:44.0528 1552 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
04:13:44.0528 1552 kbdhid - ok
04:13:44.0575 1552 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
04:13:44.0575 1552 KSecDD - ok
04:13:44.0606 1552 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
04:13:44.0606 1552 KSecPkg - ok
04:13:44.0653 1552 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
04:13:44.0653 1552 ksthunk - ok
04:13:44.0716 1552 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
04:13:44.0716 1552 lltdio - ok
04:13:44.0794 1552 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
04:13:44.0794 1552 LSI_FC - ok
04:13:44.0809 1552 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
04:13:44.0809 1552 LSI_SAS - ok
04:13:44.0825 1552 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
04:13:44.0840 1552 LSI_SAS2 - ok
04:13:44.0856 1552 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
04:13:44.0856 1552 LSI_SCSI - ok
04:13:44.0903 1552 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
04:13:44.0903 1552 luafv - ok
04:13:44.0965 1552 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
04:13:44.0965 1552 LVPr2M64 - ok
04:13:44.0996 1552 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
04:13:44.0996 1552 LVPr2Mon - ok
04:13:45.0028 1552 LVUSBS64 (5c3ff68267a5d242ee79ee01b993d6ce) C:\Windows\system32\DRIVERS\LVUSBS64.sys
04:13:45.0028 1552 LVUSBS64 - ok
04:13:45.0074 1552 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
04:13:45.0074 1552 MBAMProtector - ok
04:13:45.0106 1552 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
04:13:45.0106 1552 megasas - ok
04:13:45.0121 1552 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
04:13:45.0137 1552 MegaSR - ok
04:13:45.0199 1552 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
04:13:45.0199 1552 Modem - ok
04:13:45.0215 1552 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
04:13:45.0215 1552 monitor - ok
04:13:45.0246 1552 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
04:13:45.0246 1552 mouclass - ok
04:13:45.0262 1552 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
04:13:45.0262 1552 mouhid - ok
04:13:45.0308 1552 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
04:13:45.0308 1552 mountmgr - ok
04:13:45.0324 1552 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
04:13:45.0340 1552 mpio - ok
04:13:45.0355 1552 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
04:13:45.0355 1552 mpsdrv - ok
04:13:45.0418 1552 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
04:13:45.0418 1552 MRxDAV - ok
04:13:45.0449 1552 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:13:45.0449 1552 mrxsmb - ok
04:13:45.0480 1552 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:13:45.0480 1552 mrxsmb10 - ok
04:13:45.0496 1552 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:13:45.0496 1552 mrxsmb20 - ok
04:13:45.0542 1552 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
04:13:45.0542 1552 msahci - ok
04:13:45.0558 1552 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
04:13:45.0558 1552 msdsm - ok
04:13:45.0605 1552 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
04:13:45.0605 1552 Msfs - ok
04:13:45.0652 1552 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
04:13:45.0652 1552 mshidkmdf - ok
04:13:45.0667 1552 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
04:13:45.0667 1552 msisadrv - ok
04:13:45.0730 1552 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
04:13:45.0730 1552 MSKSSRV - ok
04:13:45.0761 1552 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
04:13:45.0761 1552 MSPCLOCK - ok
04:13:45.0776 1552 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
04:13:45.0776 1552 MSPQM - ok
04:13:45.0839 1552 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
04:13:45.0839 1552 MsRPC - ok
04:13:45.0886 1552 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
04:13:45.0886 1552 mssmbios - ok
04:13:45.0932 1552 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
04:13:45.0932 1552 MSTEE - ok
04:13:45.0964 1552 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
04:13:45.0964 1552 MTConfig - ok
04:13:45.0995 1552 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
04:13:45.0995 1552 Mup - ok
04:13:46.0042 1552 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
04:13:46.0042 1552 NativeWifiP - ok
04:13:46.0104 1552 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
04:13:46.0135 1552 NDIS - ok
04:13:46.0182 1552 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
04:13:46.0182 1552 NdisCap - ok
04:13:46.0229 1552 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
04:13:46.0229 1552 NdisTapi - ok
04:13:46.0276 1552 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
04:13:46.0276 1552 Ndisuio - ok
04:13:46.0338 1552 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
04:13:46.0338 1552 NdisWan - ok
04:13:46.0385 1552 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
04:13:46.0385 1552 NDProxy - ok
04:13:46.0432 1552 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
04:13:46.0432 1552 NetBIOS - ok
04:13:46.0494 1552 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
04:13:46.0494 1552 NetBT - ok
04:13:46.0588 1552 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
04:13:46.0588 1552 nfrd960 - ok
04:13:46.0634 1552 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
04:13:46.0650 1552 Npfs - ok
04:13:46.0666 1552 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
04:13:46.0666 1552 nsiproxy - ok
04:13:46.0728 1552 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
04:13:46.0744 1552 Ntfs - ok
04:13:46.0775 1552 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
04:13:46.0775 1552 Null - ok
04:13:47.0383 1552 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
04:13:47.0477 1552 nvlddmkm - ok
04:13:47.0617 1552 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
04:13:47.0633 1552 NVNET - ok
04:13:47.0648 1552 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
04:13:47.0664 1552 nvraid - ok
04:13:47.0664 1552 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
04:13:47.0680 1552 nvstor - ok
04:13:47.0695 1552 nvstor64 (6ba747b1a9297a6c0271700d12fdd495) C:\Windows\system32\DRIVERS\nvstor64.sys
04:13:47.0695 1552 nvstor64 - ok
04:13:47.0804 1552 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
04:13:47.0804 1552 nv_agp - ok
04:13:47.0867 1552 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
04:13:47.0867 1552 ohci1394 - ok
04:13:47.0882 1552 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
04:13:47.0882 1552 Parport - ok
04:13:47.0929 1552 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
04:13:47.0929 1552 partmgr - ok
04:13:47.0960 1552 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
04:13:47.0960 1552 pci - ok
04:13:47.0976 1552 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
04:13:47.0976 1552 pciide - ok
04:13:48.0007 1552 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
04:13:48.0007 1552 pcmcia - ok
04:13:48.0054 1552 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
04:13:48.0054 1552 pcw - ok
04:13:48.0085 1552 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
04:13:48.0085 1552 PEAUTH - ok
04:13:48.0272 1552 PID_PEPI (ae0b94363da0f60d42b9d05b352f61ed) C:\Windows\system32\DRIVERS\LV302V64.SYS
04:13:48.0319 1552 PID_PEPI - ok
04:13:48.0444 1552 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
04:13:48.0444 1552 PptpMiniport - ok
04:13:48.0491 1552 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
04:13:48.0491 1552 Processor - ok
04:13:48.0553 1552 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
04:13:48.0569 1552 Psched - ok
04:13:48.0662 1552 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
04:13:48.0709 1552 ql2300 - ok
04:13:48.0725 1552 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
04:13:48.0725 1552 ql40xx - ok
04:13:48.0756 1552 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
04:13:48.0756 1552 QWAVEdrv - ok
04:13:48.0787 1552 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
04:13:48.0787 1552 RasAcd - ok
04:13:48.0834 1552 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
04:13:48.0834 1552 RasAgileVpn - ok
04:13:48.0881 1552 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:13:48.0896 1552 Rasl2tp - ok
04:13:48.0928 1552 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
04:13:48.0928 1552 RasPppoe - ok
04:13:48.0959 1552 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
04:13:48.0959 1552 RasSstp - ok
04:13:49.0006 1552 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
04:13:49.0021 1552 rdbss - ok
04:13:49.0052 1552 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
04:13:49.0052 1552 rdpbus - ok
04:13:49.0068 1552 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:13:49.0068 1552 RDPCDD - ok
04:13:49.0130 1552 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
04:13:49.0130 1552 RDPENCDD - ok
04:13:49.0146 1552 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
04:13:49.0146 1552 RDPREFMP - ok
04:13:49.0193 1552 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
04:13:49.0208 1552 RDPWD - ok
04:13:49.0271 1552 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
04:13:49.0271 1552 rdyboost - ok
04:13:49.0349 1552 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
04:13:49.0349 1552 rspndr - ok
04:13:49.0380 1552 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
04:13:49.0396 1552 sbp2port - ok
04:13:49.0442 1552 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
04:13:49.0442 1552 scfilter - ok
04:13:49.0489 1552 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
04:13:49.0489 1552 secdrv - ok
04:13:49.0520 1552 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
04:13:49.0520 1552 Serenum - ok
04:13:49.0567 1552 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
04:13:49.0567 1552 Serial - ok
04:13:49.0614 1552 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
04:13:49.0614 1552 sermouse - ok
04:13:49.0645 1552 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
04:13:49.0661 1552 sffdisk - ok
04:13:49.0676 1552 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
04:13:49.0676 1552 sffp_mmc - ok
04:13:49.0692 1552 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
04:13:49.0692 1552 sffp_sd - ok
04:13:49.0723 1552 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
04:13:49.0723 1552 sfloppy - ok
04:13:49.0770 1552 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
04:13:49.0770 1552 SiSRaid2 - ok
04:13:49.0801 1552 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
04:13:49.0801 1552 SiSRaid4 - ok
04:13:49.0864 1552 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
04:13:49.0864 1552 Smb - ok
04:13:49.0926 1552 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
04:13:49.0926 1552 spldr - ok
04:13:49.0988 1552 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
04:13:49.0988 1552 srv - ok
04:13:50.0004 1552 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
04:13:50.0020 1552 srv2 - ok
04:13:50.0035 1552 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
04:13:50.0035 1552 srvnet - ok
04:13:50.0098 1552 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
04:13:50.0098 1552 stexstor - ok
04:13:50.0144 1552 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
04:13:50.0144 1552 swenum - ok
04:13:50.0269 1552 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
04:13:50.0300 1552 Tcpip - ok
04:13:50.0394 1552 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
04:13:50.0410 1552 TCPIP6 - ok
04:13:50.0456 1552 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
04:13:50.0456 1552 tcpipreg - ok
04:13:50.0503 1552 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
04:13:50.0503 1552 TDPIPE - ok
04:13:50.0519 1552 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
04:13:50.0519 1552 TDTCP - ok
04:13:50.0581 1552 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
04:13:50.0581 1552 tdx - ok
04:13:50.0612 1552 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
04:13:50.0612 1552 TermDD - ok
04:13:50.0690 1552 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:13:50.0690 1552 tssecsrv - ok
04:13:50.0768 1552 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
04:13:50.0768 1552 TsUsbFlt - ok
04:13:50.0831 1552 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
04:13:50.0831 1552 tunnel - ok
04:13:50.0862 1552 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
04:13:50.0862 1552 uagp35 - ok
04:13:50.0909 1552 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
04:13:50.0924 1552 udfs - ok
04:13:50.0971 1552 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
04:13:50.0987 1552 uliagpkx - ok
04:13:51.0018 1552 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
04:13:51.0018 1552 umbus - ok
04:13:51.0034 1552 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
04:13:51.0049 1552 UmPass - ok
04:13:51.0080 1552 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
04:13:51.0080 1552 usbccgp - ok
04:13:51.0112 1552 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
04:13:51.0112 1552 usbcir - ok
04:13:51.0127 1552 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
04:13:51.0127 1552 usbehci - ok
04:13:51.0174 1552 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
04:13:51.0190 1552 usbhub - ok
04:13:51.0205 1552 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
04:13:51.0205 1552 usbohci - ok
04:13:51.0221 1552 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
04:13:51.0221 1552 usbprint - ok
04:13:51.0252 1552 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:13:51.0252 1552 USBSTOR - ok
04:13:51.0268 1552 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
04:13:51.0268 1552 usbuhci - ok
04:13:51.0299 1552 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
04:13:51.0314 1552 vdrvroot - ok
04:13:51.0346 1552 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
04:13:51.0346 1552 vga - ok
04:13:51.0377 1552 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
04:13:51.0377 1552 VgaSave - ok
04:13:51.0424 1552 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
04:13:51.0424 1552 vhdmp - ok
04:13:51.0455 1552 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
04:13:51.0455 1552 viaide - ok
04:13:51.0486 1552 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
04:13:51.0486 1552 volmgr - ok
04:13:51.0533 1552 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
04:13:51.0548 1552 volmgrx - ok
04:13:51.0580 1552 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
04:13:51.0580 1552 volsnap - ok
04:13:51.0626 1552 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
04:13:51.0642 1552 vsmraid - ok
04:13:51.0689 1552 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
04:13:51.0689 1552 vwifibus - ok
04:13:51.0704 1552 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
04:13:51.0704 1552 WacomPen - ok
04:13:51.0782 1552 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
04:13:51.0782 1552 WANARP - ok
04:13:51.0798 1552 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
04:13:51.0798 1552 Wanarpv6 - ok
04:13:51.0845 1552 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
04:13:51.0845 1552 Wd - ok
04:13:51.0923 1552 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
04:13:51.0923 1552 WDC_SAM - ok
04:13:51.0970 1552 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
04:13:52.0001 1552 Wdf01000 - ok
04:13:52.0110 1552 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
04:13:52.0110 1552 WfpLwf - ok
04:13:52.0141 1552 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
04:13:52.0141 1552 WIMMount - ok
04:13:52.0250 1552 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
04:13:52.0250 1552 WmiAcpi - ok
04:13:52.0313 1552 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
04:13:52.0313 1552 ws2ifsl - ok
04:13:52.0375 1552 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
04:13:52.0391 1552 WudfPf - ok
04:13:52.0422 1552 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:13:52.0438 1552 WUDFRd - ok
04:13:52.0500 1552 MBR (0x1B8) (6c6fdff834aa5d876c307bee53974486) \Device\Harddisk0\DR0
04:13:52.0531 1552 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
04:13:52.0531 1552 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
04:13:52.0578 1552 Boot (0x1200) (b6c414b55ef9ddd33ec682088ed36bb4) \Device\Harddisk0\DR0\Partition0
04:13:52.0578 1552 \Device\Harddisk0\DR0\Partition0 - ok
04:13:52.0578 1552 Boot (0x1200) (86ec59d35f1690c50b4ae208bf998153) \Device\Harddisk0\DR0\Partition1
04:13:52.0578 1552 \Device\Harddisk0\DR0\Partition1 - ok
04:13:52.0625 1552 Boot (0x1200) (9fbcce8df17be463660c89cdbc5afbdb) \Device\Harddisk0\DR0\Partition2
04:13:52.0625 1552 \Device\Harddisk0\DR0\Partition2 - ok
04:13:52.0640 1552 ============================================================
04:13:52.0640 1552 Scan finished
04:13:52.0640 1552 ============================================================
04:13:52.0640 1544 Detected object count: 1
04:13:52.0640 1544 Actual detected object count: 1
04:14:47.0786 1544 \Device\Harddisk0\DR0\# - copied to quarantine
04:14:47.0786 1544 \Device\Harddisk0\DR0 - copied to quarantine
04:14:47.0849 1544 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
04:14:47.0849 1544 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
04:14:47.0849 1544 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
04:14:47.0849 1544 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
04:14:47.0864 1544 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
04:14:47.0864 1544 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
04:14:47.0864 1544 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
04:14:47.0911 1544 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
04:14:47.0911 1544 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
04:14:47.0911 1544 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
04:14:47.0911 1544 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
04:14:47.0911 1544 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
04:14:47.0942 1544 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
04:14:47.0942 1544 \Device\Harddisk0\DR0 - ok
04:14:58.0878 1544 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
04:15:03.0589 1344 Deinitialize success

#4
Elise
Posted 13 February 2012 - 05:33 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,720 posts
  • Gender:Female
  • Location:Romania
That did the trick indeed, however this was a nasty rootkit, please read the following information first.

BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and cleaned, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image

#5
joseph3443
Posted 13 February 2012 - 05:05 PM

    New Member

  • Members
  • Pip
  • 3 posts
I actually ran ComboFix before and after I used TDSS, I then installed AVG. I must of deleted the log for ComboFix and I cant rescan with AVG... should I uninstal AVG then use ComboFix again?

#6
Elise
Posted 14 February 2012 - 03:01 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,720 posts
  • Gender:Female
  • Location:Romania
No need to uninstall AVG, just disable it, then rerun Combofix and post me the new log.
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image

#7
screen317
Posted 10 April 2012 - 04:51 PM

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,464 posts
  • Gender:Male
  • Location:New Haven, CT
Are you still with us? This topic will be closed in a few days if we do not hear back from you.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#8
screen317
Posted 18 May 2012 - 11:50 PM

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,464 posts
  • Gender:Male
  • Location:New Haven, CT
Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us