HiJack Log: svchost.exe Trogan.agent Please help...

[joseph3443]

Got this virus and have been trying to get rid of it all day. Malwarebytes helped a little, but its still thriving. Any help at all would be great, thank you

DDS

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26

Run by Joseph at 0:56:11 on 2012-02-13

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1918.967 [GMT -6:00]

.

AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe

C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

-netsvcs

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\SysWow64\NOTEPAD.EXE

C:\Windows\SysWow64\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

uPolicies-explorer: NoViewOnDrive = 0 (0x0)

uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)

uPolicies-explorer: NoWindowsUpdate = 0 (0x0)

uPolicies-system: NoDispAppearancePage = 0 (0x0)

uPolicies-system: NoDispSettingsPage = 0 (0x0)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoViewOnDrive = 0 (0x0)

mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)

mPolicies-explorer: NoWindowsUpdate = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: NoDispAppearancePage = 0 (0x0)

mPolicies-system: NoDispSettingsPage = 0 (0x0)

dPolicies-explorer: NoViewOnDrive = 0 (0x0)

dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)

dPolicies-explorer: NoWindowsUpdate = 0 (0x0)

dPolicies-system: NoDispAppearancePage = 0 (0x0)

dPolicies-system: NoDispSettingsPage = 0 (0x0)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{61B11B6F-7F6B-497F-ABEE-28E0486A9DE5} : DhcpNameServer = 192.168.2.1

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\6tux2k27.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=

FF - user.js: keyword.enabled - 1

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false

============= SERVICES / DRIVERS ===============

.

R0 WRkrn;WRkrn;C:\Windows\system32\drivers\WRkrn.sys --> C:\Windows\system32\drivers\WRkrn.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-12 652360]

R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-11-8 288256]

R2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-11-8 1060352]

R2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-11-8 485376]

R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-12 136176]

S2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-2-12 648656]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-12 136176]

S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]

S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\DRIVERS\LVUSBS64.sys --> C:\Windows\system32\DRIVERS\LVUSBS64.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

SUnknown JIpLMQIh;JIpLMQIh; [x]

.

=============== File Associations ===============

.

inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*

txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2012-02-13 06:43:45 111592 -c--a-w- C:\Windows\System32\drivers\JIpLMQIh.sys

2012-02-13 06:43:35 20480 -c--a-w- C:\Windows\svchost.exe.vir

2012-02-13 05:44:05 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9A6C7948-45BB-4E48-AB15-D3ECBCE6E6CD}\offreg.dll

2012-02-13 02:21:16 -------- dc----w- C:\Users\Joseph\AppData\Roaming\Malwarebytes

2012-02-13 02:20:52 23152 -c--a-w- C:\Windows\System32\drivers\mbam.sys

2012-02-13 02:20:52 -------- dc----w- C:\ProgramData\Malwarebytes

2012-02-13 02:20:52 -------- dc----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-02-13 01:49:50 97136 -c--a-w- C:\Windows\System32\WRusr.dll

2012-02-13 01:49:50 145528 -c--a-w- C:\Windows\SysWow64\WRusr.dll

2012-02-13 01:49:50 111592 -c--a-w- C:\Windows\System32\drivers\WRkrn.sys

2012-02-13 01:49:48 -------- dc----w- C:\Program Files\Webroot

2012-02-13 01:49:43 -------- dc----w- C:\ProgramData\WRData

2012-02-13 01:39:43 -------- dc----w- C:\ProgramData\Kaspersky Lab Setup Files

2012-02-13 00:36:42 -------- dc----w- C:\Program Files (x86)\Safer Networking

2012-02-12 20:32:05 -------- dc----w- C:\Users\Joseph\AppData\Local\Google

2012-02-12 19:05:49 -------- dc-h--w- C:\ProgramData\GFI Software

2012-02-12 19:01:51 -------- dc-h--w- C:\Program Files (x86)\GFI Software

2012-02-12 19:01:39 -------- dc-h--w- C:\Users\Joseph\AppData\Roaming\GFI Software

2012-02-12 18:54:12 -------- dc-h--w- C:\Program Files (x86)\FB0A9

2012-02-12 18:53:38 -------- dc-h--w- C:\Program Files (x86)\LP

2012-02-12 18:46:26 6656 -c-ha-w- C:\ProgramData\Microsoft\Windows\DRM\98A8.tmp

2012-02-12 18:46:26 6656 -c-ha-w- C:\ProgramData\Microsoft\Windows\DRM\9898.tmp

2012-02-06 09:16:12 -------- dc----w- C:\Program Files\iPod

2012-02-06 09:16:11 -------- dc----w- C:\Program Files\iTunes

2012-01-16 22:16:05 -------- dc----w- C:\Program Files (x86)\PricePeep

.

==================== Find3M ====================

.

2012-01-12 09:03:12 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-01-12 09:03:12 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-01-12 09:03:12 1572864 ----a-w- C:\Windows\System32\quartz.dll

2012-01-12 09:03:12 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll

2012-01-12 09:01:15 1731920 ----a-w- C:\Windows\System32\ntdll.dll

2012-01-12 09:01:15 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-01-12 09:00:54 77312 ----a-w- C:\Windows\System32\packager.dll

2012-01-12 09:00:54 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2011-12-01 15:48:06 414368 -c--a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 0:56:39.85 ===============

Attach.txt

[Elise]

Hi and

Lets first do a rootkit scan as well.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
  
• If TDSSKiller does not run, try renaming it.
  
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  
• Click the Start Scan button.
  
• Do not use the computer during the scan
  
• If the scan completes with nothing found, click Close to exit.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  
• Copy and paste the contents of that file in your next reply.

[joseph3443]

Alright, here it is. It looks like it did the job, but you are the expert.

04:12:34.0952 1348 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52

04:12:34.0968 1348 ============================================================

04:12:34.0968 1348 Current date / time: 2012/02/13 04:12:34.0968

04:12:34.0968 1348 SystemInfo:

04:12:34.0968 1348

04:12:34.0968 1348 OS Version: 6.1.7601 ServicePack: 1.0

04:12:34.0968 1348 Product type: Workstation

04:12:34.0968 1348 ComputerName: SETH

04:12:34.0968 1348 UserName: Joseph

04:12:34.0968 1348 Windows directory: C:\Windows

04:12:34.0968 1348 System windows directory: C:\Windows

04:12:34.0968 1348 Running under WOW64

04:12:34.0968 1348 Processor architecture: Intel x64

04:12:34.0968 1348 Number of processors: 1

04:12:34.0968 1348 Page size: 0x1000

04:12:34.0968 1348 Boot type: Safe boot

04:12:34.0968 1348 ============================================================

04:12:36.0091 1348 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

04:12:36.0107 1348 Drive \Device\Harddisk2\DR2 - Size: 0xEFBFFE00 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

04:12:36.0107 1348 \Device\Harddisk0\DR0:

04:12:36.0107 1348 MBR used

04:12:36.0107 1348 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

04:12:36.0107 1348 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x23BA8000

04:12:36.0107 1348 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23BDA800, BlocksNum 0x1853800

04:12:36.0107 1348 \Device\Harddisk2\DR2:

04:12:36.0107 1348 MBR used

04:12:36.0107 1348 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xB, StartLBA 0x26, BlocksNum 0x779FC2

04:12:36.0169 1348 Initialize success

04:12:36.0169 1348 ============================================================

04:13:37.0976 1552 ============================================================

04:13:37.0976 1552 Scan started

04:13:37.0976 1552 Mode: Manual;

04:13:37.0976 1552 ============================================================

04:13:38.0803 1552 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

04:13:38.0803 1552 1394ohci - ok

04:13:38.0881 1552 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

04:13:38.0881 1552 ACPI - ok

04:13:38.0897 1552 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

04:13:38.0897 1552 AcpiPmi - ok

04:13:39.0022 1552 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

04:13:39.0037 1552 adp94xx - ok

04:13:39.0084 1552 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

04:13:39.0084 1552 adpahci - ok

04:13:39.0146 1552 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

04:13:39.0146 1552 adpu320 - ok

04:13:39.0224 1552 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

04:13:39.0224 1552 AFD - ok

04:13:39.0302 1552 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

04:13:39.0302 1552 agp440 - ok

04:13:39.0365 1552 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

04:13:39.0365 1552 aliide - ok

04:13:39.0380 1552 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

04:13:39.0396 1552 amdide - ok

04:13:39.0427 1552 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

04:13:39.0443 1552 AmdK8 - ok

04:13:39.0458 1552 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

04:13:39.0458 1552 AmdPPM - ok

04:13:39.0490 1552 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

04:13:39.0490 1552 amdsata - ok

04:13:39.0521 1552 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

04:13:39.0521 1552 amdsbs - ok

04:13:39.0552 1552 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

04:13:39.0552 1552 amdxata - ok

04:13:39.0630 1552 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

04:13:39.0630 1552 AppID - ok

04:13:39.0755 1552 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

04:13:39.0770 1552 arc - ok

04:13:39.0802 1552 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

04:13:39.0802 1552 arcsas - ok

04:13:39.0848 1552 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

04:13:39.0848 1552 AsyncMac - ok

04:13:39.0880 1552 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

04:13:39.0880 1552 atapi - ok

04:13:39.0942 1552 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

04:13:39.0958 1552 b06bdrv - ok

04:13:40.0004 1552 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

04:13:40.0004 1552 b57nd60a - ok

04:13:40.0067 1552 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

04:13:40.0067 1552 Beep - ok

04:13:40.0176 1552 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

04:13:40.0176 1552 blbdrive - ok

04:13:40.0285 1552 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

04:13:40.0285 1552 bowser - ok

04:13:40.0316 1552 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

04:13:40.0316 1552 BrFiltLo - ok

04:13:40.0348 1552 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

04:13:40.0363 1552 BrFiltUp - ok

04:13:40.0426 1552 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

04:13:40.0426 1552 BridgeMP - ok

04:13:40.0535 1552 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

04:13:40.0535 1552 Brserid - ok

04:13:40.0550 1552 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

04:13:40.0550 1552 BrSerWdm - ok

04:13:40.0582 1552 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

04:13:40.0582 1552 BrUsbMdm - ok

04:13:40.0597 1552 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

04:13:40.0597 1552 BrUsbSer - ok

04:13:40.0644 1552 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

04:13:40.0644 1552 BTHMODEM - ok

04:13:40.0675 1552 catchme - ok

04:13:40.0722 1552 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

04:13:40.0722 1552 cdfs - ok

04:13:40.0800 1552 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

04:13:40.0800 1552 cdrom - ok

04:13:40.0894 1552 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

04:13:40.0894 1552 circlass - ok

04:13:40.0940 1552 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

04:13:40.0972 1552 CLFS - ok

04:13:41.0050 1552 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

04:13:41.0050 1552 CmBatt - ok

04:13:41.0065 1552 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

04:13:41.0065 1552 cmdide - ok

04:13:41.0096 1552 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

04:13:41.0096 1552 CNG - ok

04:13:41.0128 1552 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

04:13:41.0128 1552 Compbatt - ok

04:13:41.0174 1552 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

04:13:41.0174 1552 CompositeBus - ok

04:13:41.0206 1552 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

04:13:41.0206 1552 crcdisk - ok

04:13:41.0299 1552 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

04:13:41.0299 1552 DfsC - ok

04:13:41.0330 1552 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

04:13:41.0330 1552 discache - ok

04:13:41.0424 1552 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

04:13:41.0424 1552 Disk - ok

04:13:41.0471 1552 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

04:13:41.0471 1552 drmkaud - ok

04:13:41.0533 1552 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

04:13:41.0533 1552 DXGKrnl - ok

04:13:41.0908 1552 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

04:13:42.0313 1552 ebdrv - ok

04:13:42.0547 1552 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

04:13:42.0547 1552 elxstor - ok

04:13:42.0625 1552 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

04:13:42.0625 1552 ErrDev - ok

04:13:42.0688 1552 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

04:13:42.0703 1552 exfat - ok

04:13:42.0734 1552 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

04:13:42.0734 1552 fastfat - ok

04:13:42.0781 1552 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

04:13:42.0781 1552 fdc - ok

04:13:42.0828 1552 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

04:13:42.0828 1552 FileInfo - ok

04:13:42.0859 1552 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

04:13:42.0859 1552 Filetrace - ok

04:13:42.0890 1552 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

04:13:42.0890 1552 flpydisk - ok

04:13:42.0953 1552 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

04:13:42.0953 1552 FltMgr - ok

04:13:43.0000 1552 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

04:13:43.0000 1552 FsDepends - ok

04:13:43.0015 1552 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

04:13:43.0015 1552 Fs_Rec - ok

04:13:43.0093 1552 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

04:13:43.0093 1552 fvevol - ok

04:13:43.0156 1552 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

04:13:43.0156 1552 gagp30kx - ok

04:13:43.0171 1552 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

04:13:43.0171 1552 GEARAspiWDM - ok

04:13:43.0234 1552 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

04:13:43.0234 1552 hcw85cir - ok

04:13:43.0280 1552 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

04:13:43.0280 1552 HDAudBus - ok

04:13:43.0312 1552 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

04:13:43.0312 1552 HidBatt - ok

04:13:43.0327 1552 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

04:13:43.0327 1552 HidBth - ok

04:13:43.0358 1552 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

04:13:43.0358 1552 HidIr - ok

04:13:43.0405 1552 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

04:13:43.0405 1552 HidUsb - ok

04:13:43.0483 1552 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

04:13:43.0483 1552 HpSAMD - ok

04:13:43.0546 1552 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

04:13:43.0546 1552 HTTP - ok

04:13:43.0592 1552 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

04:13:43.0592 1552 hwpolicy - ok

04:13:43.0670 1552 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

04:13:43.0670 1552 i8042prt - ok

04:13:43.0748 1552 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

04:13:43.0764 1552 iaStorV - ok

04:13:43.0795 1552 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

04:13:43.0795 1552 iirsp - ok

04:13:43.0904 1552 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys

04:13:43.0920 1552 IntcAzAudAddService - ok

04:13:43.0998 1552 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

04:13:43.0998 1552 intelide - ok

04:13:44.0045 1552 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

04:13:44.0045 1552 intelppm - ok

04:13:44.0092 1552 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

04:13:44.0092 1552 IpFilterDriver - ok

04:13:44.0123 1552 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

04:13:44.0123 1552 IPMIDRV - ok

04:13:44.0138 1552 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

04:13:44.0138 1552 IPNAT - ok

04:13:44.0232 1552 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

04:13:44.0232 1552 IRENUM - ok

04:13:44.0279 1552 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

04:13:44.0279 1552 isapnp - ok

04:13:44.0310 1552 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

04:13:44.0310 1552 iScsiPrt - ok

04:13:44.0404 1552 ivusb (2f9f76349bb8c578873a58c840ba0589) C:\Windows\system32\DRIVERS\ivusb.sys

04:13:44.0404 1552 ivusb - ok

04:13:44.0482 1552 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

04:13:44.0482 1552 kbdclass - ok

04:13:44.0528 1552 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

04:13:44.0528 1552 kbdhid - ok

04:13:44.0575 1552 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

04:13:44.0575 1552 KSecDD - ok

04:13:44.0606 1552 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

04:13:44.0606 1552 KSecPkg - ok

04:13:44.0653 1552 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

04:13:44.0653 1552 ksthunk - ok

04:13:44.0716 1552 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

04:13:44.0716 1552 lltdio - ok

04:13:44.0794 1552 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

04:13:44.0794 1552 LSI_FC - ok

04:13:44.0809 1552 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

04:13:44.0809 1552 LSI_SAS - ok

04:13:44.0825 1552 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

04:13:44.0840 1552 LSI_SAS2 - ok

04:13:44.0856 1552 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

04:13:44.0856 1552 LSI_SCSI - ok

04:13:44.0903 1552 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

04:13:44.0903 1552 luafv - ok

04:13:44.0965 1552 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys

04:13:44.0965 1552 LVPr2M64 - ok

04:13:44.0996 1552 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys

04:13:44.0996 1552 LVPr2Mon - ok

04:13:45.0028 1552 LVUSBS64 (5c3ff68267a5d242ee79ee01b993d6ce) C:\Windows\system32\DRIVERS\LVUSBS64.sys

04:13:45.0028 1552 LVUSBS64 - ok

04:13:45.0074 1552 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

04:13:45.0074 1552 MBAMProtector - ok

04:13:45.0106 1552 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

04:13:45.0106 1552 megasas - ok

04:13:45.0121 1552 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

04:13:45.0137 1552 MegaSR - ok

04:13:45.0199 1552 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

04:13:45.0199 1552 Modem - ok

04:13:45.0215 1552 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

04:13:45.0215 1552 monitor - ok

04:13:45.0246 1552 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

04:13:45.0246 1552 mouclass - ok

04:13:45.0262 1552 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

04:13:45.0262 1552 mouhid - ok

04:13:45.0308 1552 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

04:13:45.0308 1552 mountmgr - ok

04:13:45.0324 1552 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

04:13:45.0340 1552 mpio - ok

04:13:45.0355 1552 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

04:13:45.0355 1552 mpsdrv - ok

04:13:45.0418 1552 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

04:13:45.0418 1552 MRxDAV - ok

04:13:45.0449 1552 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

04:13:45.0449 1552 mrxsmb - ok

04:13:45.0480 1552 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

04:13:45.0480 1552 mrxsmb10 - ok

04:13:45.0496 1552 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

04:13:45.0496 1552 mrxsmb20 - ok

04:13:45.0542 1552 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

04:13:45.0542 1552 msahci - ok

04:13:45.0558 1552 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

04:13:45.0558 1552 msdsm - ok

04:13:45.0605 1552 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

04:13:45.0605 1552 Msfs - ok

04:13:45.0652 1552 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

04:13:45.0652 1552 mshidkmdf - ok

04:13:45.0667 1552 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

04:13:45.0667 1552 msisadrv - ok

04:13:45.0730 1552 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

04:13:45.0730 1552 MSKSSRV - ok

04:13:45.0761 1552 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

04:13:45.0761 1552 MSPCLOCK - ok

04:13:45.0776 1552 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

04:13:45.0776 1552 MSPQM - ok

04:13:45.0839 1552 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

04:13:45.0839 1552 MsRPC - ok

04:13:45.0886 1552 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

04:13:45.0886 1552 mssmbios - ok

04:13:45.0932 1552 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

04:13:45.0932 1552 MSTEE - ok

04:13:45.0964 1552 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

04:13:45.0964 1552 MTConfig - ok

04:13:45.0995 1552 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

04:13:45.0995 1552 Mup - ok

04:13:46.0042 1552 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

04:13:46.0042 1552 NativeWifiP - ok

04:13:46.0104 1552 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

04:13:46.0135 1552 NDIS - ok

04:13:46.0182 1552 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

04:13:46.0182 1552 NdisCap - ok

04:13:46.0229 1552 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

04:13:46.0229 1552 NdisTapi - ok

04:13:46.0276 1552 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

04:13:46.0276 1552 Ndisuio - ok

04:13:46.0338 1552 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

04:13:46.0338 1552 NdisWan - ok

04:13:46.0385 1552 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

04:13:46.0385 1552 NDProxy - ok

04:13:46.0432 1552 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

04:13:46.0432 1552 NetBIOS - ok

04:13:46.0494 1552 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

04:13:46.0494 1552 NetBT - ok

04:13:46.0588 1552 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

04:13:46.0588 1552 nfrd960 - ok

04:13:46.0634 1552 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

04:13:46.0650 1552 Npfs - ok

04:13:46.0666 1552 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

04:13:46.0666 1552 nsiproxy - ok

04:13:46.0728 1552 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

04:13:46.0744 1552 Ntfs - ok

04:13:46.0775 1552 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

04:13:46.0775 1552 Null - ok

04:13:47.0383 1552 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys

04:13:47.0477 1552 nvlddmkm - ok

04:13:47.0617 1552 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys

04:13:47.0633 1552 NVNET - ok

04:13:47.0648 1552 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

04:13:47.0664 1552 nvraid - ok

04:13:47.0664 1552 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

04:13:47.0680 1552 nvstor - ok

04:13:47.0695 1552 nvstor64 (6ba747b1a9297a6c0271700d12fdd495) C:\Windows\system32\DRIVERS\nvstor64.sys

04:13:47.0695 1552 nvstor64 - ok

04:13:47.0804 1552 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

04:13:47.0804 1552 nv_agp - ok

04:13:47.0867 1552 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

04:13:47.0867 1552 ohci1394 - ok

04:13:47.0882 1552 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

04:13:47.0882 1552 Parport - ok

04:13:47.0929 1552 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

04:13:47.0929 1552 partmgr - ok

04:13:47.0960 1552 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

04:13:47.0960 1552 pci - ok

04:13:47.0976 1552 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

04:13:47.0976 1552 pciide - ok

04:13:48.0007 1552 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

04:13:48.0007 1552 pcmcia - ok

04:13:48.0054 1552 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

04:13:48.0054 1552 pcw - ok

04:13:48.0085 1552 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

04:13:48.0085 1552 PEAUTH - ok

04:13:48.0272 1552 PID_PEPI (ae0b94363da0f60d42b9d05b352f61ed) C:\Windows\system32\DRIVERS\LV302V64.SYS

04:13:48.0319 1552 PID_PEPI - ok

04:13:48.0444 1552 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

04:13:48.0444 1552 PptpMiniport - ok

04:13:48.0491 1552 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

04:13:48.0491 1552 Processor - ok

04:13:48.0553 1552 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

04:13:48.0569 1552 Psched - ok

04:13:48.0662 1552 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

04:13:48.0709 1552 ql2300 - ok

04:13:48.0725 1552 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

04:13:48.0725 1552 ql40xx - ok

04:13:48.0756 1552 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

04:13:48.0756 1552 QWAVEdrv - ok

04:13:48.0787 1552 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

04:13:48.0787 1552 RasAcd - ok

04:13:48.0834 1552 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

04:13:48.0834 1552 RasAgileVpn - ok

04:13:48.0881 1552 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

04:13:48.0896 1552 Rasl2tp - ok

04:13:48.0928 1552 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

04:13:48.0928 1552 RasPppoe - ok

04:13:48.0959 1552 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

04:13:48.0959 1552 RasSstp - ok

04:13:49.0006 1552 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

04:13:49.0021 1552 rdbss - ok

04:13:49.0052 1552 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

04:13:49.0052 1552 rdpbus - ok

04:13:49.0068 1552 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

04:13:49.0068 1552 RDPCDD - ok

04:13:49.0130 1552 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

04:13:49.0130 1552 RDPENCDD - ok

04:13:49.0146 1552 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

04:13:49.0146 1552 RDPREFMP - ok

04:13:49.0193 1552 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

04:13:49.0208 1552 RDPWD - ok

04:13:49.0271 1552 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

04:13:49.0271 1552 rdyboost - ok

04:13:49.0349 1552 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

04:13:49.0349 1552 rspndr - ok

04:13:49.0380 1552 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

04:13:49.0396 1552 sbp2port - ok

04:13:49.0442 1552 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

04:13:49.0442 1552 scfilter - ok

04:13:49.0489 1552 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

04:13:49.0489 1552 secdrv - ok

04:13:49.0520 1552 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

04:13:49.0520 1552 Serenum - ok

04:13:49.0567 1552 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

04:13:49.0567 1552 Serial - ok

04:13:49.0614 1552 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

04:13:49.0614 1552 sermouse - ok

04:13:49.0645 1552 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

04:13:49.0661 1552 sffdisk - ok

04:13:49.0676 1552 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

04:13:49.0676 1552 sffp_mmc - ok

04:13:49.0692 1552 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

04:13:49.0692 1552 sffp_sd - ok

04:13:49.0723 1552 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

04:13:49.0723 1552 sfloppy - ok

04:13:49.0770 1552 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

04:13:49.0770 1552 SiSRaid2 - ok

04:13:49.0801 1552 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

04:13:49.0801 1552 SiSRaid4 - ok

04:13:49.0864 1552 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

04:13:49.0864 1552 Smb - ok

04:13:49.0926 1552 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

04:13:49.0926 1552 spldr - ok

04:13:49.0988 1552 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

04:13:49.0988 1552 srv - ok

04:13:50.0004 1552 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

04:13:50.0020 1552 srv2 - ok

04:13:50.0035 1552 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

04:13:50.0035 1552 srvnet - ok

04:13:50.0098 1552 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

04:13:50.0098 1552 stexstor - ok

04:13:50.0144 1552 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

04:13:50.0144 1552 swenum - ok

04:13:50.0269 1552 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

04:13:50.0300 1552 Tcpip - ok

04:13:50.0394 1552 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

04:13:50.0410 1552 TCPIP6 - ok

04:13:50.0456 1552 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

04:13:50.0456 1552 tcpipreg - ok

04:13:50.0503 1552 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

04:13:50.0503 1552 TDPIPE - ok

04:13:50.0519 1552 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

04:13:50.0519 1552 TDTCP - ok

04:13:50.0581 1552 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

04:13:50.0581 1552 tdx - ok

04:13:50.0612 1552 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

04:13:50.0612 1552 TermDD - ok

04:13:50.0690 1552 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

04:13:50.0690 1552 tssecsrv - ok

04:13:50.0768 1552 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

04:13:50.0768 1552 TsUsbFlt - ok

04:13:50.0831 1552 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

04:13:50.0831 1552 tunnel - ok

04:13:50.0862 1552 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

04:13:50.0862 1552 uagp35 - ok

04:13:50.0909 1552 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

04:13:50.0924 1552 udfs - ok

04:13:50.0971 1552 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

04:13:50.0987 1552 uliagpkx - ok

04:13:51.0018 1552 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

04:13:51.0018 1552 umbus - ok

04:13:51.0034 1552 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

04:13:51.0049 1552 UmPass - ok

04:13:51.0080 1552 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

04:13:51.0080 1552 usbccgp - ok

04:13:51.0112 1552 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

04:13:51.0112 1552 usbcir - ok

04:13:51.0127 1552 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

04:13:51.0127 1552 usbehci - ok

04:13:51.0174 1552 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

04:13:51.0190 1552 usbhub - ok

04:13:51.0205 1552 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

04:13:51.0205 1552 usbohci - ok

04:13:51.0221 1552 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

04:13:51.0221 1552 usbprint - ok

04:13:51.0252 1552 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

04:13:51.0252 1552 USBSTOR - ok

04:13:51.0268 1552 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

04:13:51.0268 1552 usbuhci - ok

04:13:51.0299 1552 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

04:13:51.0314 1552 vdrvroot - ok

04:13:51.0346 1552 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

04:13:51.0346 1552 vga - ok

04:13:51.0377 1552 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

04:13:51.0377 1552 VgaSave - ok

04:13:51.0424 1552 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

04:13:51.0424 1552 vhdmp - ok

04:13:51.0455 1552 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

04:13:51.0455 1552 viaide - ok

04:13:51.0486 1552 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

04:13:51.0486 1552 volmgr - ok

04:13:51.0533 1552 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

04:13:51.0548 1552 volmgrx - ok

04:13:51.0580 1552 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

04:13:51.0580 1552 volsnap - ok

04:13:51.0626 1552 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

04:13:51.0642 1552 vsmraid - ok

04:13:51.0689 1552 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

04:13:51.0689 1552 vwifibus - ok

04:13:51.0704 1552 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

04:13:51.0704 1552 WacomPen - ok

04:13:51.0782 1552 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

04:13:51.0782 1552 WANARP - ok

04:13:51.0798 1552 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

04:13:51.0798 1552 Wanarpv6 - ok

04:13:51.0845 1552 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

04:13:51.0845 1552 Wd - ok

04:13:51.0923 1552 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys

04:13:51.0923 1552 WDC_SAM - ok

04:13:51.0970 1552 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

04:13:52.0001 1552 Wdf01000 - ok

04:13:52.0110 1552 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

04:13:52.0110 1552 WfpLwf - ok

04:13:52.0141 1552 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

04:13:52.0141 1552 WIMMount - ok

04:13:52.0250 1552 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

04:13:52.0250 1552 WmiAcpi - ok

04:13:52.0313 1552 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

04:13:52.0313 1552 ws2ifsl - ok

04:13:52.0375 1552 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

04:13:52.0391 1552 WudfPf - ok

04:13:52.0422 1552 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

04:13:52.0438 1552 WUDFRd - ok

04:13:52.0500 1552 MBR (0x1B8) (6c6fdff834aa5d876c307bee53974486) \Device\Harddisk0\DR0

04:13:52.0531 1552 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

04:13:52.0531 1552 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

04:13:52.0578 1552 Boot (0x1200) (b6c414b55ef9ddd33ec682088ed36bb4) \Device\Harddisk0\DR0\Partition0

04:13:52.0578 1552 \Device\Harddisk0\DR0\Partition0 - ok

04:13:52.0578 1552 Boot (0x1200) (86ec59d35f1690c50b4ae208bf998153) \Device\Harddisk0\DR0\Partition1

04:13:52.0578 1552 \Device\Harddisk0\DR0\Partition1 - ok

04:13:52.0625 1552 Boot (0x1200) (9fbcce8df17be463660c89cdbc5afbdb) \Device\Harddisk0\DR0\Partition2

04:13:52.0625 1552 \Device\Harddisk0\DR0\Partition2 - ok

04:13:52.0640 1552 ============================================================

04:13:52.0640 1552 Scan finished

04:13:52.0640 1552 ============================================================

04:13:52.0640 1544 Detected object count: 1

04:13:52.0640 1544 Actual detected object count: 1

04:14:47.0786 1544 \Device\Harddisk0\DR0\# - copied to quarantine

04:14:47.0786 1544 \Device\Harddisk0\DR0 - copied to quarantine

04:14:47.0849 1544 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

04:14:47.0849 1544 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

04:14:47.0849 1544 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

04:14:47.0849 1544 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

04:14:47.0864 1544 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

04:14:47.0864 1544 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

04:14:47.0864 1544 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

04:14:47.0911 1544 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

04:14:47.0911 1544 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

04:14:47.0911 1544 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

04:14:47.0911 1544 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

04:14:47.0911 1544 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

04:14:47.0942 1544 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

04:14:47.0942 1544 \Device\Harddisk0\DR0 - ok

04:14:58.0878 1544 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

04:15:03.0589 1344 Deinitialize success

[Elise]

That did the trick indeed, however this was a nasty rootkit, please read the following information first.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and cleaned, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

• 
  

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

[joseph3443]

I actually ran ComboFix before and after I used TDSS, I then installed AVG. I must of deleted the log for ComboFix and I cant rescan with AVG... should I uninstal AVG then use ComboFix again?

[Elise]

No need to uninstall AVG, just disable it, then rerun Combofix and post me the new log.

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!