Jump to content

Malwarebytes

Still infected with soemthing

- - - - -
Started by sunyesf, Mar 14 2012 12:43 PM


5 replies to this topic

#1
sunyesf
Posted 14 March 2012 - 12:43 PM

    New Member

  • Members
  • Pip
  • 4 posts
I have run the following programs...
TDSS Killer - Found Rootkit.Win32.BackBoot.gen - Removed it and rebooted
SuperAntiSpyware - Pup.Start Now Toolbar
ComboFix.exe - removed several files and rebooted the computer
dds.com - see attached reports
Malwarebytes - nothing found

Malwarebytes - is currently blocking outgoing to 206.161.121.xxx
a whois on that domain is registered in Henton VA


Does anyone else see any glaring issues that would be causing outgoing traffic? If not I will run for the next couple of hours and if still there, will wipe the computer and reinstall the OS (just would like to save myself the 8 hour process with all the WIndows Updates).
Thanks for your assistance.

Attached Files


#2
sunyesf
Posted 14 March 2012 - 01:46 PM

    New Member

  • Members
  • Pip
  • 4 posts
Since I posted, did a little more searching... GMER found the following Rootkit activity...

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-14 14:33:52
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 ST980813ASG rev.3.ADD
Running: h2ys02r2.exe; Driver: C:\DOCUME~1\mabraun\LOCALS~1\Temp\kwlyraod.sys


---- System - GMER 1.0.15 ----

SSDT 89FF3F10 ZwAlertResumeThread
SSDT 89FF3FD0 ZwAlertThread
SSDT 8A073F00 ZwAllocateVirtualMemory
SSDT 8A05D670 ZwConnectPort
SSDT Lbd.sys ZwCreateKey [0xBA0F887E]
SSDT 89FFAE78 ZwCreateMutant
SSDT 89FFA610 ZwCreateThread
SSDT 8A127118 ZwFreeVirtualMemory
SSDT 89FFAF48 ZwImpersonateAnonymousToken
SSDT 89FF3E50 ZwImpersonateThread
SSDT 8A0672B8 ZwMapViewOfSection
SSDT 8A06ED40 ZwOpenEvent
SSDT 8A073FD0 ZwOpenProcessToken
SSDT 8A39F590 ZwOpenThreadToken
SSDT 8A6B67D8 ZwResumeThread
SSDT 8A39F4D0 ZwSetContextThread
SSDT 8A4B4058 ZwSetInformationProcess
SSDT 8A064D28 ZwSetInformationThread
SSDT Lbd.sys ZwSetValueKey [0xBA0F8BFE]
SSDT 8A06EC80 ZwSuspendProcess
SSDT 8A063E10 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA773B640]
SSDT 8A064C68 ZwTerminateThread
SSDT 8A4B4128 ZwUnmapViewOfSection
SSDT 8A05B328 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? Lbd.sys The system cannot find the file specified. !
? Combo-Fix.sys The system cannot find the file specified. !
? C:\ComboFix\catchme.sys The system cannot find the path specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
? C:\DOCUME~1\mabraun\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1436] kernel32.dll!WriteFile 7C810E27 5 Bytes JMP 0092000C
.text C:\WINDOWS\System32\svchost.exe[1436] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 020D000A
.text C:\WINDOWS\System32\svchost.exe[1436] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 0266000A
.text C:\WINDOWS\System32\svchost.exe[1436] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 031E000A
.text C:\WINDOWS\System32\svchost.exe[1436] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 00B6000A
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[4164] kernel32.dll!WriteFile 7C810E27 5 Bytes JMP 00B3000C

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A58E2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8A58E2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A58E2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8A58E2C6

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
---- Processes - GMER 1.0.15 ----

Library C:\Program (*** hidden *** ) @ C:\WINDOWS\explorer.exe [2268] 0x03AC0000

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

will post more if I find a solution before someone else gets to helping.
thanks for your assistance

#3
sunyesf
Posted 14 March 2012 - 02:28 PM

    New Member

  • Members
  • Pip
  • 4 posts
Downloaded a newer version of TDSSKiller.... and it found yet another... Rootkit.Boot.Pihar.b.... here is the log

15:02:59.0218 4424 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
15:02:59.0234 4424 ============================================================
15:02:59.0234 4424 Current date / time: 2012/03/14 15:02:59.0234
15:02:59.0234 4424 SystemInfo:
15:02:59.0234 4424
15:02:59.0234 4424 OS Version: 5.1.2600 ServicePack: 3.0
15:02:59.0234 4424 Product type: Workstation
15:02:59.0234 4424 ComputerName: CHEM-STOCKROAM
15:02:59.0250 4424 UserName: mabraun
15:02:59.0250 4424 Windows directory: C:\WINDOWS
15:02:59.0250 4424 System windows directory: C:\WINDOWS
15:02:59.0250 4424 Processor architecture: Intel x86
15:02:59.0250 4424 Number of processors: 2
15:02:59.0250 4424 Page size: 0x1000
15:02:59.0250 4424 Boot type: Normal boot
15:02:59.0250 4424 ============================================================
15:03:00.0937 4424 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0',

Flags 0x00000054
15:03:00.0937 4424 Drive \Device\Harddisk1\DR3 - Size: 0x1E0BFFE00 (7.51 Gb), SectorSize: 0x200, Cylinders: 0x3D4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:03:00.0937 4424 \Device\Harddisk0\DR0:
15:03:00.0937 4424 MBR used
15:03:00.0937 4424 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0x94EAFF8
15:03:00.0937 4424 \Device\Harddisk1\DR3:
15:03:00.0937 4424 MBR used
15:03:00.0937 4424 \Device\Harddisk1\DR3\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xF05FDF
15:03:01.0000 4424 Initialize success
15:03:01.0000 4424 ============================================================
15:03:02.0875 4604 ============================================================
15:03:02.0875 4604 Scan started
15:03:02.0875 4604 Mode: Manual;
15:03:02.0875 4604 ============================================================
15:03:03.0484 4604 Abiosdsk - ok
15:03:03.0531 4604 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:03:03.0531 4604 abp480n5 - ok
15:03:03.0578 4604 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:03:03.0578 4604 ACPI - ok
15:03:03.0625 4604 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:03:03.0640 4604 ACPIEC - ok
15:03:03.0671 4604 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:03:03.0687 4604 adpu160m - ok
15:03:03.0718 4604 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:03:03.0734 4604 aec - ok
15:03:03.0781 4604 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:03:03.0781 4604 AFD - ok
15:03:03.0828 4604 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:03:03.0828 4604 agp440 - ok
15:03:03.0890 4604 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:03:03.0890 4604 agpCPQ - ok
15:03:03.0906 4604 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:03:03.0921 4604 Aha154x - ok
15:03:03.0937 4604 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:03:03.0953 4604 aic78u2 - ok
15:03:04.0000 4604 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:03:04.0000 4604 aic78xx - ok
15:03:04.0031 4604 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:03:04.0031 4604 AliIde - ok
15:03:04.0078 4604 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:03:04.0078 4604 alim1541 - ok
15:03:04.0093 4604 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:03:04.0109 4604 amdagp - ok
15:03:04.0140 4604 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:03:04.0156 4604 amsint - ok
15:03:04.0187 4604 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
15:03:04.0187 4604 ApfiltrService - ok
15:03:04.0218 4604 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
15:03:04.0218 4604 APPDRV - ok
15:03:04.0265 4604 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:03:04.0265 4604 Arp1394 - ok
15:03:04.0281 4604 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:03:04.0281 4604 asc - ok
15:03:04.0312 4604 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:03:04.0312 4604 asc3350p - ok
15:03:04.0343 4604 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:03:04.0359 4604 asc3550 - ok
15:03:04.0406 4604 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:03:04.0406 4604 AsyncMac - ok
15:03:04.0437 4604 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:03:04.0437 4604 atapi - ok
15:03:04.0453 4604 Atdisk - ok
15:03:04.0468 4604 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:03:04.0484 4604 Atmarpc - ok
15:03:04.0500 4604 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:03:04.0500 4604 audstub - ok
15:03:04.0531 4604 b57w2k (71509c9db1a4b2c05141563fbe3e18a0) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
15:03:04.0531 4604 b57w2k - ok
15:03:04.0578 4604 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
15:03:04.0578 4604 BASFND - ok
15:03:04.0656 4604 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
15:03:04.0703 4604 BCM43XX - ok
15:03:04.0718 4604 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:03:04.0718 4604 Beep - ok
15:03:04.0765 4604 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
15:03:04.0765 4604 BrScnUsb - ok
15:03:04.0828 4604 BrSerIf (d48c13f4a409aee8dafaddac81e34557) C:\WINDOWS\system32\Drivers\BrSerIf.sys
15:03:04.0828 4604 BrSerIf - ok
15:03:04.0859 4604 BrUsbSer (8fa0ac830a8312912a3aa0c0431cba0d) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
15:03:04.0859 4604 BrUsbSer - ok
15:03:04.0859 4604 catchme - ok
15:03:04.0906 4604 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:03:04.0921 4604 cbidf - ok
15:03:04.0937 4604 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:03:04.0937 4604 cbidf2k - ok
15:03:04.0953 4604 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:03:04.0968 4604 cd20xrnt - ok
15:03:04.0984 4604 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:03:04.0984 4604 Cdaudio - ok
15:03:05.0046 4604 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:03:05.0046 4604 Cdfs - ok
15:03:05.0078 4604 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:03:05.0078 4604 Cdrom - ok
15:03:05.0093 4604 Changer - ok
15:03:05.0125 4604 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:03:05.0125 4604 CmBatt - ok
15:03:05.0140 4604 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:03:05.0156 4604 CmdIde - ok
15:03:05.0171 4604 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:03:05.0171 4604 Compbatt - ok
15:03:05.0203 4604 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:03:05.0218 4604 Cpqarray - ok
15:03:05.0250 4604 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:03:05.0250 4604 dac2w2k - ok
15:03:05.0265 4604 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:03:05.0281 4604 dac960nt - ok
15:03:05.0312 4604 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:03:05.0312 4604 Disk - ok
15:03:05.0343 4604 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
15:03:05.0343 4604 DLABMFSM - ok
15:03:05.0359 4604 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
15:03:05.0359 4604 DLABOIOM - ok
15:03:05.0375 4604 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
15:03:05.0375 4604 DLACDBHM - ok
15:03:05.0406 4604 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
15:03:05.0406 4604 DLADResM - ok
15:03:05.0437 4604 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
15:03:05.0437 4604 DLAIFS_M - ok
15:03:05.0453 4604 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
15:03:05.0453 4604 DLAOPIOM - ok
15:03:05.0484 4604 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
15:03:05.0484 4604 DLAPoolM - ok
15:03:05.0546 4604 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
15:03:05.0546 4604 DLARTL_M - ok
15:03:05.0562 4604 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
15:03:05.0578 4604 DLAUDFAM - ok
15:03:05.0609 4604 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
15:03:05.0609 4604 DLAUDF_M - ok
15:03:05.0656 4604 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:03:05.0718 4604 dmboot - ok
15:03:05.0750 4604 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:03:05.0750 4604 dmio - ok
15:03:05.0765 4604 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:03:05.0781 4604 dmload - ok
15:03:05.0812 4604 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:03:05.0812 4604 DMusic - ok
15:03:05.0843 4604 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:03:05.0843 4604 dpti2o - ok
15:03:05.0875 4604 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:03:05.0875 4604 drmkaud - ok
15:03:05.0906 4604 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
15:03:05.0906 4604 DRVMCDB - ok
15:03:06.0015 4604 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
15:03:06.0015 4604 DRVNDDM - ok
15:03:06.0187 4604 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys
15:03:06.0187 4604 DXEC01 - ok
15:03:06.0296 4604 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:03:06.0312 4604 E100B - ok
15:03:06.0390 4604 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
15:03:06.0390 4604 eeCtrl - ok
15:03:06.0421 4604 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:03:06.0421 4604 EraserUtilRebootDrv - ok
15:03:06.0515 4604 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:03:06.0515 4604 Fastfat - ok
15:03:06.0531 4604 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:03:06.0531 4604 Fdc - ok
15:03:06.0562 4604 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:03:06.0562 4604 Fips - ok
15:03:06.0578 4604 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:03:06.0593 4604 Flpydisk - ok
15:03:06.0640 4604 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:03:06.0640 4604 FltMgr - ok
15:03:06.0687 4604 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:03:06.0687 4604 Fs_Rec - ok
15:03:06.0734 4604 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:03:06.0734 4604 Ftdisk - ok
15:03:06.0765 4604 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:03:06.0765 4604 GEARAspiWDM - ok
15:03:06.0796 4604 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:03:06.0796 4604 Gpc - ok
15:03:06.0859 4604 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:03:06.0859 4604 HDAudBus - ok
15:03:06.0890 4604 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:03:06.0890 4604 HidUsb - ok
15:03:06.0937 4604 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:03:06.0937 4604 hpn - ok
15:03:06.0984 4604 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
15:03:06.0984 4604 HSFHWAZL - ok
15:03:07.0031 4604 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
15:03:07.0078 4604 HSF_DPV - ok
15:03:07.0125 4604 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:03:07.0125 4604 HTTP - ok
15:03:07.0156 4604 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:03:07.0156 4604 i2omgmt - ok
15:03:07.0171 4604 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:03:07.0171 4604 i2omp - ok
15:03:07.0187 4604 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:03:07.0203 4604 i8042prt - ok
15:03:07.0375 4604 ialm (8b998e6c0aebbaecd6da33df947695d3) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:03:07.0515 4604 ialm - ok
15:03:07.0578 4604 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:03:07.0578 4604 Imapi - ok
15:03:07.0609 4604 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:03:07.0609 4604 ini910u - ok
15:03:07.0656 4604 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:03:07.0656 4604 IntelIde - ok
15:03:07.0687 4604 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:03:07.0703 4604 intelppm - ok
15:03:07.0718 4604 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:03:07.0718 4604 Ip6Fw - ok
15:03:07.0734 4604 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:03:07.0734 4604 IpFilterDriver - ok
15:03:07.0765 4604 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:03:07.0765 4604 IpInIp - ok
15:03:07.0781 4604 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:03:07.0781 4604 IpNat - ok
15:03:07.0828 4604 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:03:07.0828 4604 IPSec - ok
15:03:07.0843 4604 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:03:07.0859 4604 IRENUM - ok
15:03:07.0890 4604 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:03:07.0890 4604 isapnp - ok
15:03:07.0937 4604 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:03:07.0937 4604 Kbdclass - ok
15:03:07.0968 4604 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:03:07.0968 4604 kbdhid - ok
15:03:08.0000 4604 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:03:08.0000 4604 kmixer - ok
15:03:08.0031 4604 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:03:08.0031 4604 KSecDD - ok
15:03:08.0046 4604 Lbd - ok
15:03:08.0062 4604 lbrtfdc - ok
15:03:08.0140 4604 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
15:03:08.0140 4604 MBAMProtector - ok
15:03:08.0171 4604 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:03:08.0187 4604 mdmxsdk - ok
15:03:08.0234 4604 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:03:08.0234 4604 mnmdd - ok
15:03:08.0296 4604 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:03:08.0296 4604 Modem - ok
15:03:08.0312 4604 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:03:08.0328 4604 Mouclass - ok
15:03:08.0359 4604 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:03:08.0359 4604 mouhid - ok
15:03:08.0406 4604 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:03:08.0406 4604 MountMgr - ok
15:03:08.0437 4604 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:03:08.0437 4604 mraid35x - ok
15:03:08.0468 4604 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:03:08.0468 4604 MRxDAV - ok
15:03:08.0515 4604 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:03:08.0531 4604 MRxSmb - ok
15:03:08.0578 4604 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:03:08.0578 4604 Msfs - ok
15:03:08.0609 4604 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:03:08.0609 4604 MSKSSRV - ok
15:03:08.0640 4604 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:03:08.0640 4604 MSPCLOCK - ok
15:03:08.0656 4604 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:03:08.0671 4604 MSPQM - ok
15:03:08.0703 4604 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:03:08.0703 4604 mssmbios - ok
15:03:08.0750 4604 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:03:08.0765 4604 Mup - ok
15:03:08.0796 4604 mvusbews (b9df137953a5280eddbd4a705ca093a2) C:\WINDOWS\system32\Drivers\mvusbews.sys
15:03:08.0796 4604 mvusbews - ok
15:03:08.0890 4604 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120313.020\NAVENG.SYS
15:03:08.0890 4604 NAVENG - ok
15:03:08.0953 4604 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120313.020\NAVEX15.SYS
15:03:08.0968 4604 NAVEX15 - ok
15:03:09.0062 4604 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:03:09.0062 4604 NDIS - ok
15:03:09.0093 4604 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:03:09.0109 4604 NdisTapi - ok
15:03:09.0125 4604 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:03:09.0125 4604 Ndisuio - ok
15:03:09.0171 4604 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:03:09.0187 4604 NdisWan - ok
15:03:09.0218 4604 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:03:09.0218 4604 NDProxy - ok
15:03:09.0234 4604 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:03:09.0250 4604 NetBIOS - ok
15:03:09.0265 4604 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:03:09.0265 4604 NetBT - ok
15:03:09.0296 4604 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:03:09.0296 4604 NIC1394 - ok
15:03:09.0359 4604 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:03:09.0359 4604 Npfs - ok
15:03:09.0390 4604 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:03:09.0406 4604 Ntfs - ok
15:03:09.0437 4604 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
15:03:09.0453 4604 NuidFltr - ok
15:03:09.0468 4604 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:03:09.0468 4604 Null - ok
15:03:09.0546 4604 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:03:09.0640 4604 nv - ok
15:03:09.0656 4604 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:03:09.0656 4604 NwlnkFlt - ok
15:03:09.0687 4604 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:03:09.0687 4604 NwlnkFwd - ok
15:03:09.0734 4604 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:03:09.0734 4604 ohci1394 - ok
15:03:09.0765 4604 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:03:09.0781 4604 Parport - ok
15:03:09.0796 4604 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:03:09.0796 4604 PartMgr - ok
15:03:09.0812 4604 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:03:09.0828 4604 ParVdm - ok
15:03:09.0859 4604 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
15:03:09.0859 4604 PBADRV - ok
15:03:09.0937 4604 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:03:09.0937 4604 PCI - ok
15:03:09.0937 4604 PCIDump - ok
15:03:09.0968 4604 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:03:09.0968 4604 PCIIde - ok
15:03:10.0000 4604 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:03:10.0000 4604 Pcmcia - ok
15:03:10.0000 4604 PDCOMP - ok
15:03:10.0015 4604 PDFRAME - ok
15:03:10.0015 4604 PDRELI - ok
15:03:10.0031 4604 PDRFRAME - ok
15:03:10.0046 4604 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:03:10.0046 4604 perc2 - ok
15:03:10.0078 4604 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:03:10.0078 4604 perc2hib - ok
15:03:10.0125 4604 Point32 (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys
15:03:10.0140 4604 Point32 - ok
15:03:10.0171 4604 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:03:10.0171 4604 PptpMiniport - ok
15:03:10.0187 4604 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:03:10.0203 4604 PSched - ok
15:03:10.0218 4604 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:03:10.0234 4604 Ptilink - ok
15:03:10.0265 4604 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:03:10.0265 4604 PxHelp20 - ok
15:03:10.0296 4604 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:03:10.0296 4604 ql1080 - ok
15:03:10.0312 4604 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:03:10.0312 4604 Ql10wnt - ok
15:03:10.0343 4604 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:03:10.0343 4604 ql12160 - ok
15:03:10.0375 4604 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:03:10.0375 4604 ql1240 - ok
15:03:10.0390 4604 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:03:10.0406 4604 ql1280 - ok
15:03:10.0437 4604 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:03:10.0437 4604 RasAcd - ok
15:03:10.0484 4604 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:03:10.0484 4604 Rasl2tp - ok
15:03:10.0515 4604 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:03:10.0515 4604 RasPppoe - ok
15:03:10.0546 4604 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:03:10.0546 4604 Raspti - ok
15:03:10.0578 4604 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:03:10.0578 4604 Rdbss - ok
15:03:10.0625 4604 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:03:10.0625 4604 RDPCDD - ok
15:03:10.0656 4604 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:03:10.0656 4604 rdpdr - ok
15:03:10.0703 4604 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:03:10.0718 4604 RDPWD - ok
15:03:10.0750 4604 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:03:10.0765 4604 redbook - ok
15:03:10.0859 4604 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:03:10.0859 4604 SASDIFSV - ok
15:03:10.0859 4604 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:03:10.0875 4604 SASKUTIL - ok
15:03:10.0968 4604 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:03:10.0984 4604 Secdrv - ok
15:03:11.0031 4604 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:03:11.0031 4604 serenum - ok
15:03:11.0046 4604 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:03:11.0062 4604 Serial - ok
15:03:11.0078 4604 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:03:11.0093 4604 Sfloppy - ok
15:03:11.0109 4604 Simbad - ok
15:03:11.0140 4604 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:03:11.0140 4604 sisagp - ok
15:03:11.0187 4604 SmartDefragDriver (14bb60a4f1c5291217a05d5728c403e6) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
15:03:11.0187 4604 SmartDefragDriver - ok
15:03:11.0218 4604 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:03:11.0234 4604 Sparrow - ok
15:03:11.0406 4604 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
15:03:11.0406 4604 SPBBCDrv - ok
15:03:11.0468 4604 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:03:11.0468 4604 splitter - ok
15:03:11.0484 4604 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:03:11.0500 4604 sr - ok
15:03:11.0546 4604 SRTSP (5a293729e1f9fce3a2106d1f5dc5e98a) C:\WINDOWS\system32\Drivers\SRTSP.SYS
15:03:11.0546 4604 SRTSP - ok
15:03:11.0562 4604 SRTSPL (0ddb7fba32be09d8057063c0cee24137) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
15:03:11.0578 4604 SRTSPL - ok
15:03:11.0609 4604 SRTSPX (a99719dfb61b61aa5026341bbb733c0a) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
15:03:11.0609 4604 SRTSPX - ok
15:03:11.0640 4604 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:03:11.0656 4604 Srv - ok
15:03:11.0718 4604 STHDA (58f855684e163466a5c565adf0865536) C:\WINDOWS\system32\drivers\sthda.sys
15:03:11.0734 4604 STHDA - ok
15:03:11.0781 4604 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:03:11.0781 4604 swenum - ok
15:03:11.0843 4604 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:03:11.0843 4604 swmidi - ok
15:03:11.0875 4604 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:03:11.0890 4604 symc810 - ok
15:03:11.0906 4604 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:03:11.0921 4604 symc8xx - ok
15:03:11.0984 4604 SymEvent (e42a34e6f5ca71a84d4c2de620aad13d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
15:03:11.0984 4604 SymEvent - ok
15:03:12.0015 4604 SYMREDRV (394b2368212114d538316812af60fddd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
15:03:12.0015 4604 SYMREDRV - ok
15:03:12.0062 4604 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
15:03:12.0062 4604 SYMTDI - ok
15:03:12.0093 4604 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:03:12.0093 4604 sym_hi - ok
15:03:12.0125 4604 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:03:12.0125 4604 sym_u3 - ok
15:03:12.0156 4604 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:03:12.0156 4604 sysaudio - ok
15:03:12.0203 4604 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:03:12.0218 4604 Tcpip - ok
15:03:12.0250 4604 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:03:12.0265 4604 TDPIPE - ok
15:03:12.0281 4604 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:03:12.0281 4604 TDTCP - ok
15:03:12.0312 4604 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:03:12.0312 4604 TermDD - ok
15:03:12.0343 4604 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
15:03:12.0343 4604 TosIde - ok
15:03:12.0390 4604 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:03:12.0390 4604 Udfs - ok
15:03:12.0421 4604 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:03:12.0421 4604 ultra - ok
15:03:12.0468 4604 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:03:12.0484 4604 Update - ok
15:03:12.0515 4604 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:03:12.0515 4604 usbccgp - ok
15:03:12.0546 4604 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:03:12.0562 4604 usbehci - ok
15:03:12.0593 4604 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:03:12.0593 4604 usbhub - ok
15:03:12.0625 4604 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:03:12.0625 4604 usbprint - ok
15:03:12.0656 4604 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:03:12.0656 4604 USBSTOR - ok
15:03:12.0671 4604 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:03:12.0687 4604 usbuhci - ok
15:03:12.0703 4604 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:03:12.0703 4604 VgaSave - ok
15:03:12.0734 4604 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:03:12.0734 4604 viaagp - ok
15:03:12.0750 4604 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:03:12.0765 4604 ViaIde - ok
15:03:12.0781 4604 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:03:12.0781 4604 VolSnap - ok
15:03:12.0812 4604 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:03:12.0812 4604 Wanarp - ok
15:03:12.0859 4604 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys
15:03:12.0859 4604 WaveFDE - ok
15:03:12.0890 4604 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
15:03:12.0890 4604 WavxDMgr - ok
15:03:12.0953 4604 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
15:03:12.0953 4604 wceusbsh - ok
15:03:13.0000 4604 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:03:13.0000 4604 Wdf01000 - ok
15:03:13.0015 4604 WDICA - ok
15:03:13.0046 4604 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:03:13.0046 4604 wdmaud - ok
15:03:13.0093 4604 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
15:03:13.0093 4604 winachsf - ok
15:03:13.0156 4604 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
15:03:13.0156 4604 WinUSB - ok
15:03:13.0218 4604 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:03:13.0218 4604 WmiAcpi - ok
15:03:13.0234 4604 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:03:13.0250 4604 WS2IFSL - ok
15:03:13.0296 4604 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:03:13.0296 4604 WudfPf - ok
15:03:13.0328 4604 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:03:13.0343 4604 WudfRd - ok
15:03:13.0375 4604 zumbus (ae279cd76b38fc079eec3ca6d65a5926) C:\WINDOWS\system32\DRIVERS\zumbus.sys
15:03:13.0375 4604 zumbus - ok
15:03:13.0390 4604 MBR (0x1B8) (faee7e40dfb0440ad2cfc39befa1f4c2) \Device\Harddisk0\DR0
15:03:13.0421 4604 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
15:03:13.0421 4604 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
15:03:13.0453 4604 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR3
15:03:26.0656 4604 \Device\Harddisk1\DR3 - ok
15:03:26.0687 4604 Boot (0x1200) (abad944c83832225061cf9c0d8326255) \Device\Harddisk0\DR0\Partition0
15:03:26.0687 4604 \Device\Harddisk0\DR0\Partition0 - ok
15:03:26.0687 4604 Boot (0x1200) (eb2ea23801cfaff4b54c39c248c4e4e9) \Device\Harddisk1\DR3\Partition0
15:03:26.0687 4604 \Device\Harddisk1\DR3\Partition0 - ok
15:03:26.0687 4604 ============================================================
15:03:26.0687 4604 Scan finished
15:03:26.0687 4604 ============================================================
15:03:26.0687 4596 Detected object count: 1
15:03:26.0687 4596 Actual detected object count: 1
15:03:51.0640 4596 \Device\Harddisk0\DR0\# - copied to quarantine
15:03:51.0640 4596 \Device\Harddisk0\DR0 - copied to quarantine
15:03:51.0765 4596 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
15:03:51.0796 4596 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
15:03:52.0203 4596 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
15:03:52.0234 4596 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
15:03:52.0265 4596 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
15:03:52.0328 4596 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
15:03:52.0343 4596 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
15:03:52.0343 4596 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
15:03:52.0390 4596 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
15:03:52.0390 4596 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
15:03:52.0390 4596 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
15:03:52.0406 4596 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
15:03:52.0437 4596 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
15:03:52.0437 4596 \Device\Harddisk0\DR0 - ok
15:03:52.0437 4596 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
15:04:23.0609 4172 Deinitialize success



Turning back on the network to see if Clickfraud is still there..... every other scan is coming up clean. I will be leaving for the day but will respond in the morning. IF there are other programs that I should run, please let me know and I will be happy to run them in the morning.

Thanks again for any follow up.

#4
sunyesf
Posted 15 March 2012 - 04:16 PM

    New Member

  • Members
  • Pip
  • 4 posts
All clean now... definitely use GMER to see if you have a root kit and use the latest version of TDSS Killer for removing it....

#5
Maurice Naggar
Posted 13 May 2012 - 10:53 AM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,146 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.


Next, please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

~Maurice Naggar

I close my threads if there is 5 days without a response.

#6
Maurice Naggar
Posted 17 May 2012 - 12:48 PM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,146 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
~Maurice Naggar

I close my threads if there is 5 days without a response.
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us