Background music/ads playing virus with logs

Solved
By minicrocop
Oct 19, 2011
  1. There is more info and a story but it keeps telling me too many words so will wait till this posts and add on to it.

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-10-19 21:38:40
    Windows 6.1.7601 Service Pack 1
    Running: 1e31ijqw.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0f8dafcb6ae
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0f8dafcb6ae@f49f549dd5bb 0x71 0x85 0x71 0x21 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0f8dafcb6ae (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0f8dafcb6ae@f49f549dd5bb 0x71 0x85 0x71 0x21 ...

    ---- EOF - GMER 1.0.15 ----



    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7985

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    10/19/2011 9:17:11 PM
    mbam-log-2011-10-19 (21-17-11).txt

    Scan type: Quick scan
    Objects scanned: 175451
    Time elapsed: 4 minute(s), 45 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    [HJT log removed by Broni]
  2. minicrocop

    minicrocop Newcomer, in training Topic Starter Posts: 31

    [RSIT log removed by Broni]
  3. minicrocop

    minicrocop Newcomer, in training Topic Starter Posts: 31

    Okay so my story is kinda all over the place. Above are the logs from the 6 step thing. The one program would not work so I followed another thread to one that did and all above are the logs.

    I am dumb when it comes to computers so please bare with me. I am a Paramedic/Firefighter, when you call 911, we come help you...I am calling the CPU 911 needing your help.

    I was watching a video on a website
    Something happened and I got a system error
    Ended up with an icon called system restore, it showed errors, I clicked fix
    That then led to red x errors all over the place
    Security Essentials was clean and current
    Did a system restore from 24 hours before and it got rid of the icon and problems
    Then redirects started with search engine
    SE, Malwarebytes, and spybot were downloaded and used.
    SB found cookies and malwarebytes found nothing
    A lil later I started hearing music and ads playing in the background
    Scans come up empty
    Another system restore from 10 days ago, still have same music problem

    Did some searching on the web and seems like others have had this problem in the past going back 5 years. Which begs the question, if what I am dealing with is 5 years old, why didn't SE stop it and why can't malwarebytes see it?

    Help Please
  4. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  5. minicrocop

    minicrocop Newcomer, in training Topic Starter Posts: 31

    Steps

    1. Done with nothing found using Security Essentials
    2. Done with nothing found using MBAM log is above
    3. GMER done and I believe the log is above
    4. DDS would not work, unsure how to turn of scripts, used another program from another thread and log is above
    5. Done I believe
    6. I don't know what step six means
  6. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    What happens?
  7. minicrocop

    minicrocop Newcomer, in training Topic Starter Posts: 31

    DDS starts to run and say it will be 3 minutes. After a few minutes ## start to appear a few spaces below the text and #### grows. I don't know if this is because of scripts. I turned off MS Security Essentials, I don't know how to disable scripts.

    FYI Still with the music and ads and slower speed on the web. Thanks
  8. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  9. minicrocop

    minicrocop Newcomer, in training Topic Starter Posts: 31

    15:51:03.0587 3028 TDSS rootkit removing tool 2.6.11.0 Oct 19 2011 13:50:27
    15:51:04.0022 3028 ============================================================
    15:51:04.0022 3028 Current date / time: 2011/10/20 15:51:04.0022
    15:51:04.0022 3028 SystemInfo:
    15:51:04.0022 3028
    15:51:04.0022 3028 OS Version: 6.1.7601 ServicePack: 1.0
    15:51:04.0022 3028 Product type: Workstation
    15:51:04.0027 3028 ComputerName: JOE-PC
    15:51:04.0027 3028 UserName: Joe
    15:51:04.0027 3028 Windows directory: C:\Windows
    15:51:04.0027 3028 System windows directory: C:\Windows
    15:51:04.0027 3028 Running under WOW64
    15:51:04.0027 3028 Processor architecture: Intel x64
    15:51:04.0027 3028 Number of processors: 4
    15:51:04.0027 3028 Page size: 0x1000
    15:51:04.0027 3028 Boot type: Normal boot
    15:51:04.0027 3028 ============================================================
    15:51:04.0495 3028 Initialize success
    15:51:09.0280 6064 ============================================================
    15:51:09.0280 6064 Scan started
    15:51:09.0280 6064 Mode: Manual;
    15:51:09.0280 6064 ============================================================
    15:51:11.0923 6064 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    15:51:11.0929 6064 1394ohci - ok
    15:51:12.0038 6064 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    15:51:12.0043 6064 ACPI - ok
    15:51:12.0317 6064 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    15:51:12.0321 6064 AcpiPmi - ok
    15:51:12.0440 6064 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    15:51:12.0451 6064 adp94xx - ok
    15:51:12.0653 6064 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    15:51:12.0659 6064 adpahci - ok
    15:51:12.0764 6064 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    15:51:12.0768 6064 adpu320 - ok
    15:51:12.0893 6064 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    15:51:12.0902 6064 AFD - ok
    15:51:12.0953 6064 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    15:51:12.0955 6064 agp440 - ok
    15:51:13.0079 6064 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    15:51:13.0080 6064 aliide - ok
    15:51:13.0122 6064 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    15:51:13.0124 6064 amdide - ok
    15:51:13.0217 6064 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    15:51:13.0219 6064 AmdK8 - ok
    15:51:13.0274 6064 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    15:51:13.0276 6064 AmdPPM - ok
    15:51:13.0370 6064 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    15:51:13.0373 6064 amdsata - ok
    15:51:13.0460 6064 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    15:51:13.0465 6064 amdsbs - ok
    15:51:13.0585 6064 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    15:51:13.0587 6064 amdxata - ok
    15:51:13.0681 6064 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    15:51:13.0683 6064 AppID - ok
    15:51:13.0806 6064 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    15:51:13.0809 6064 arc - ok
    15:51:13.0915 6064 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    15:51:13.0917 6064 arcsas - ok
    15:51:14.0028 6064 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    15:51:14.0029 6064 AsyncMac - ok
    15:51:14.0136 6064 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    15:51:14.0137 6064 atapi - ok
    15:51:14.0293 6064 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    15:51:14.0311 6064 b06bdrv - ok
    15:51:14.0439 6064 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    15:51:14.0445 6064 b57nd60a - ok
    15:51:14.0547 6064 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    15:51:14.0548 6064 Beep - ok
    15:51:14.0672 6064 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    15:51:14.0674 6064 blbdrive - ok
    15:51:14.0724 6064 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    15:51:14.0726 6064 bowser - ok
    15:51:14.0771 6064 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    15:51:14.0772 6064 BrFiltLo - ok
    15:51:14.0900 6064 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    15:51:14.0901 6064 BrFiltUp - ok
    15:51:15.0039 6064 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    15:51:15.0046 6064 Brserid - ok
    15:51:15.0170 6064 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    15:51:15.0172 6064 BrSerWdm - ok
    15:51:15.0295 6064 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    15:51:15.0298 6064 BrUsbMdm - ok
    15:51:15.0423 6064 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    15:51:15.0424 6064 BrUsbSer - ok
    15:51:15.0566 6064 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
    15:51:15.0569 6064 BthEnum - ok
    15:51:15.0675 6064 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    15:51:15.0677 6064 BTHMODEM - ok
    15:51:15.0809 6064 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    15:51:15.0812 6064 BthPan - ok
    15:51:15.0959 6064 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
    15:51:15.0971 6064 BTHPORT - ok
    15:51:16.0112 6064 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
    15:51:16.0114 6064 BTHUSB - ok
    15:51:16.0204 6064 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys
    15:51:16.0206 6064 btusbflt - ok
    15:51:16.0323 6064 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
    15:51:16.0326 6064 btwaudio - ok
    15:51:16.0454 6064 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys
    15:51:16.0458 6064 btwavdt - ok
    15:51:16.0606 6064 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
    15:51:16.0609 6064 btwl2cap - ok
    15:51:16.0729 6064 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
    15:51:16.0732 6064 btwrchid - ok
    15:51:16.0858 6064 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    15:51:16.0861 6064 cdfs - ok
    15:51:16.0992 6064 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    15:51:16.0996 6064 cdrom - ok
    15:51:17.0131 6064 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    15:51:17.0133 6064 circlass - ok
    15:51:17.0230 6064 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    15:51:17.0238 6064 CLFS - ok
    15:51:17.0371 6064 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    15:51:17.0373 6064 CmBatt - ok
    15:51:17.0482 6064 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    15:51:17.0484 6064 cmdide - ok
    15:51:17.0605 6064 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    15:51:17.0611 6064 CNG - ok
    15:51:17.0749 6064 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    15:51:17.0750 6064 Compbatt - ok
    15:51:17.0876 6064 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    15:51:17.0878 6064 CompositeBus - ok
    15:51:18.0010 6064 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    15:51:18.0012 6064 crcdisk - ok
    15:51:18.0148 6064 CtClsFlt (fbe228abeab2be13b9c3a3a112d4d8dc) C:\Windows\system32\DRIVERS\CtClsFlt.sys
    15:51:18.0153 6064 CtClsFlt - ok
    15:51:18.0326 6064 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    15:51:18.0329 6064 DfsC - ok
    15:51:18.0454 6064 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    15:51:18.0455 6064 discache - ok
    15:51:18.0573 6064 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    15:51:18.0575 6064 Disk - ok
    15:51:18.0742 6064 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
    15:51:18.0746 6064 Dot4 - ok
    15:51:18.0876 6064 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    15:51:18.0878 6064 Dot4Print - ok
    15:51:19.0007 6064 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
    15:51:19.0010 6064 dot4usb - ok
    15:51:19.0134 6064 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    15:51:19.0135 6064 drmkaud - ok
    15:51:19.0274 6064 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    15:51:19.0311 6064 DXGKrnl - ok
    15:51:19.0499 6064 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    15:51:19.0591 6064 ebdrv - ok
    15:51:19.0758 6064 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    15:51:19.0767 6064 elxstor - ok
    15:51:19.0861 6064 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    15:51:19.0863 6064 ErrDev - ok
    15:51:20.0012 6064 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    15:51:20.0016 6064 exfat - ok
    15:51:20.0171 6064 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    15:51:20.0175 6064 fastfat - ok
    15:51:20.0326 6064 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    15:51:20.0328 6064 fdc - ok
    15:51:20.0482 6064 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    15:51:20.0485 6064 FileInfo - ok
    15:51:20.0617 6064 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    15:51:20.0618 6064 Filetrace - ok
    15:51:20.0747 6064 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    15:51:20.0749 6064 flpydisk - ok
    15:51:20.0906 6064 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    15:51:20.0912 6064 FltMgr - ok
    15:51:21.0050 6064 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    15:51:21.0052 6064 FsDepends - ok
    15:51:21.0175 6064 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    15:51:21.0176 6064 Fs_Rec - ok
    15:51:21.0321 6064 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    15:51:21.0325 6064 fvevol - ok
    15:51:21.0463 6064 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    15:51:21.0466 6064 gagp30kx - ok
    15:51:21.0667 6064 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    15:51:21.0669 6064 hcw85cir - ok
    15:51:21.0817 6064 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    15:51:21.0819 6064 HDAudBus - ok
    15:51:21.0958 6064 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
    15:51:21.0961 6064 HECIx64 - ok
    15:51:22.0097 6064 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    15:51:22.0100 6064 HidBatt - ok
    15:51:22.0233 6064 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    15:51:22.0237 6064 HidBth - ok
    15:51:22.0376 6064 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    15:51:22.0435 6064 HidIr - ok
    15:51:22.0603 6064 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
    15:51:22.0604 6064 HidUsb - ok
    15:51:22.0814 6064 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    15:51:22.0819 6064 HpSAMD - ok
    15:51:22.0982 6064 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    15:51:22.0999 6064 HTTP - ok
    15:51:23.0157 6064 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    15:51:23.0157 6064 hwpolicy - ok
    15:51:23.0302 6064 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    15:51:23.0305 6064 i8042prt - ok
    15:51:23.0472 6064 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
    15:51:23.0481 6064 iaStor - ok
    15:51:23.0635 6064 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    15:51:23.0645 6064 iaStorV - ok
    15:51:23.0959 6064 igfx (31569a2e836c12014148bf7342716946) C:\Windows\system32\DRIVERS\igdkmd64.sys
    15:51:24.0176 6064 igfx - ok
    15:51:24.0323 6064 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    15:51:24.0325 6064 iirsp - ok
    15:51:24.0386 6064 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
    15:51:24.0390 6064 Impcd - ok
    15:51:24.0496 6064 IntcAzAudAddService (6e4ccb3aff07e2b9f2a937385c84b573) C:\Windows\system32\drivers\RTKVHD64.sys
    15:51:24.0564 6064 IntcAzAudAddService - ok
    15:51:24.0683 6064 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
    15:51:24.0688 6064 IntcDAud - ok
    15:51:24.0764 6064 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    15:51:24.0766 6064 intelide - ok
    15:51:24.0848 6064 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    15:51:24.0850 6064 intelppm - ok
    15:51:24.0912 6064 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    15:51:24.0914 6064 IpFilterDriver - ok
    15:51:24.0959 6064 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    15:51:24.0962 6064 IPMIDRV - ok
    15:51:24.0998 6064 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    15:51:25.0002 6064 IPNAT - ok
    15:51:25.0113 6064 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    15:51:25.0115 6064 IRENUM - ok
    15:51:25.0180 6064 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    15:51:25.0181 6064 isapnp - ok
    15:51:25.0232 6064 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    15:51:25.0238 6064 iScsiPrt - ok
    15:51:25.0278 6064 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    15:51:25.0281 6064 kbdclass - ok
    15:51:25.0425 6064 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    15:51:25.0426 6064 kbdhid - ok
    15:51:25.0490 6064 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    15:51:25.0493 6064 KSecDD - ok
    15:51:25.0542 6064 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    15:51:25.0545 6064 KSecPkg - ok
    15:51:25.0647 6064 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    15:51:25.0649 6064 ksthunk - ok
    15:51:25.0721 6064 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys
    15:51:25.0723 6064 L1C - ok
    15:51:25.0841 6064 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    15:51:25.0843 6064 lltdio - ok
    15:51:25.0916 6064 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    15:51:25.0918 6064 LSI_FC - ok
    15:51:25.0956 6064 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    15:51:25.0959 6064 LSI_SAS - ok
    15:51:26.0004 6064 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    15:51:26.0006 6064 LSI_SAS2 - ok
    15:51:26.0031 6064 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    15:51:26.0034 6064 LSI_SCSI - ok
    15:51:26.0082 6064 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    15:51:26.0085 6064 luafv - ok
    15:51:26.0230 6064 MBAMProtector - ok
    15:51:26.0317 6064 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    15:51:26.0319 6064 megasas - ok
    15:51:26.0359 6064 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    15:51:26.0364 6064 MegaSR - ok
    15:51:26.0405 6064 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    15:51:26.0407 6064 Modem - ok
    15:51:26.0437 6064 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    15:51:26.0438 6064 monitor - ok
    15:51:26.0491 6064 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    15:51:26.0495 6064 mouclass - ok
    15:51:26.0547 6064 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    15:51:26.0549 6064 mouhid - ok
    15:51:26.0592 6064 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    15:51:26.0594 6064 mountmgr - ok
    15:51:26.0719 6064 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
    15:51:26.0724 6064 MpFilter - ok
    15:51:26.0780 6064 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    15:51:26.0783 6064 mpio - ok
    15:51:26.0828 6064 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
    15:51:26.0830 6064 MpNWMon - ok
    15:51:26.0862 6064 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    15:51:26.0864 6064 mpsdrv - ok
    15:51:26.0921 6064 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    15:51:26.0925 6064 MRxDAV - ok
    15:51:26.0969 6064 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    15:51:26.0973 6064 mrxsmb - ok
    15:51:27.0021 6064 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    15:51:27.0028 6064 mrxsmb10 - ok
    15:51:27.0091 6064 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    15:51:27.0094 6064 mrxsmb20 - ok
    15:51:27.0128 6064 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    15:51:27.0129 6064 msahci - ok
    15:51:27.0171 6064 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    15:51:27.0174 6064 msdsm - ok
    15:51:27.0231 6064 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    15:51:27.0232 6064 Msfs - ok
    15:51:27.0262 6064 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    15:51:27.0264 6064 mshidkmdf - ok
    15:51:27.0303 6064 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    15:51:27.0305 6064 msisadrv - ok
    15:51:27.0364 6064 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    15:51:27.0366 6064 MSKSSRV - ok
    15:51:27.0409 6064 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    15:51:27.0410 6064 MSPCLOCK - ok
    15:51:27.0423 6064 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    15:51:27.0424 6064 MSPQM - ok
    15:51:27.0492 6064 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    15:51:27.0500 6064 MsRPC - ok
    15:51:27.0564 6064 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    15:51:27.0566 6064 mssmbios - ok
    15:51:27.0603 6064 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    15:51:27.0605 6064 MSTEE - ok
    15:51:27.0630 6064 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    15:51:27.0631 6064 MTConfig - ok
    15:51:27.0652 6064 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    15:51:27.0654 6064 Mup - ok
    15:51:27.0703 6064 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    15:51:27.0708 6064 NativeWifiP - ok
    15:51:27.0784 6064 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
    15:51:27.0816 6064 NDIS - ok
    15:51:27.0878 6064 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    15:51:27.0879 6064 NdisCap - ok
    15:51:27.0955 6064 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    15:51:27.0957 6064 NdisTapi - ok
    15:51:27.0999 6064 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    15:51:28.0001 6064 Ndisuio - ok
    15:51:28.0045 6064 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    15:51:28.0050 6064 NdisWan - ok
    15:51:28.0095 6064 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    15:51:28.0098 6064 NDProxy - ok
    15:51:28.0177 6064 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    15:51:28.0179 6064 NetBIOS - ok
    15:51:28.0220 6064 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    15:51:28.0224 6064 NetBT - ok
    15:51:28.0476 6064 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\Windows\system32\DRIVERS\NETw5s64.sys
    15:51:28.0662 6064 NETw5s64 - ok
    15:51:28.0720 6064 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    15:51:28.0723 6064 nfrd960 - ok
    15:51:28.0764 6064 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    15:51:28.0766 6064 NisDrv - ok
    15:51:28.0812 6064 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    15:51:28.0814 6064 Npfs - ok
    15:51:28.0837 6064 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    15:51:28.0838 6064 nsiproxy - ok
    15:51:28.0916 6064 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    15:51:28.0967 6064 Ntfs - ok
    15:51:28.0992 6064 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    15:51:28.0993 6064 Null - ok
    15:51:29.0040 6064 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    15:51:29.0044 6064 nvraid - ok
    15:51:29.0068 6064 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    15:51:29.0072 6064 nvstor - ok
    15:51:29.0127 6064 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    15:51:29.0130 6064 nv_agp - ok
    15:51:29.0164 6064 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    15:51:29.0166 6064 ohci1394 - ok
    15:51:29.0209 6064 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    15:51:29.0211 6064 Parport - ok
    15:51:29.0251 6064 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    15:51:29.0253 6064 partmgr - ok
    15:51:29.0307 6064 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    15:51:29.0311 6064 pci - ok
    15:51:29.0358 6064 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    15:51:29.0360 6064 pciide - ok
    15:51:29.0383 6064 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    15:51:29.0387 6064 pcmcia - ok
    15:51:29.0410 6064 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    15:51:29.0411 6064 pcw - ok
    15:51:29.0439 6064 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    15:51:29.0447 6064 PEAUTH - ok
    15:51:29.0558 6064 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    15:51:29.0561 6064 PptpMiniport - ok
    15:51:29.0600 6064 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    15:51:29.0603 6064 Processor - ok
    15:51:29.0664 6064 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    15:51:29.0667 6064 Psched - ok
    15:51:29.0723 6064 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
    15:51:29.0724 6064 PxHlpa64 - ok
    15:51:29.0799 6064 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    15:51:29.0852 6064 ql2300 - ok
    15:51:29.0875 6064 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    15:51:29.0879 6064 ql40xx - ok
    15:51:29.0908 6064 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    15:51:29.0909 6064 QWAVEdrv - ok
    15:51:29.0931 6064 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    15:51:29.0932 6064 RasAcd - ok
    15:51:29.0969 6064 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    15:51:29.0971 6064 RasAgileVpn - ok
    15:51:30.0026 6064 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    15:51:30.0030 6064 Rasl2tp - ok
    15:51:30.0077 6064 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    15:51:30.0080 6064 RasPppoe - ok
    15:51:30.0114 6064 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    15:51:30.0117 6064 RasSstp - ok
    15:51:30.0164 6064 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    15:51:30.0170 6064 rdbss - ok
    15:51:30.0190 6064 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    15:51:30.0192 6064 rdpbus - ok
    15:51:30.0213 6064 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    15:51:30.0213 6064 RDPCDD - ok
    15:51:30.0246 6064 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    15:51:30.0247 6064 RDPENCDD - ok
    15:51:30.0267 6064 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    15:51:30.0268 6064 RDPREFMP - ok
    15:51:30.0312 6064 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    15:51:30.0317 6064 RDPWD - ok
    15:51:30.0382 6064 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    15:51:30.0386 6064 rdyboost - ok
    15:51:30.0456 6064 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    15:51:30.0459 6064 RFCOMM - ok
    15:51:30.0539 6064 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    15:51:30.0542 6064 rspndr - ok
    15:51:30.0587 6064 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys
    15:51:30.0590 6064 RSUSBSTOR - ok
    15:51:30.0635 6064 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    15:51:30.0637 6064 sbp2port - ok
    15:51:30.0673 6064 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    15:51:30.0675 6064 scfilter - ok
    15:51:30.0725 6064 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    15:51:30.0727 6064 secdrv - ok
    15:51:30.0770 6064 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    15:51:30.0772 6064 Serenum - ok
    15:51:30.0795 6064 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    15:51:30.0798 6064 Serial - ok
    15:51:30.0847 6064 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    15:51:30.0848 6064 sermouse - ok
    15:51:30.0909 6064 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    15:51:30.0911 6064 sffdisk - ok
    15:51:30.0937 6064 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    15:51:30.0938 6064 sffp_mmc - ok
    15:51:30.0954 6064 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    15:51:30.0956 6064 sffp_sd - ok
    15:51:30.0994 6064 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    15:51:30.0997 6064 sfloppy - ok
    15:51:31.0054 6064 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
    15:51:31.0073 6064 Sftfs - ok
    15:51:31.0125 6064 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
    15:51:31.0131 6064 Sftplay - ok
    15:51:31.0153 6064 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
    15:51:31.0154 6064 Sftredir - ok
    15:51:31.0195 6064 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
    15:51:31.0197 6064 Sftvol - ok
    15:51:31.0251 6064 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    15:51:31.0253 6064 SiSRaid2 - ok
    15:51:31.0270 6064 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    15:51:31.0272 6064 SiSRaid4 - ok
    15:51:31.0315 6064 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    15:51:31.0317 6064 Smb - ok
    15:51:31.0356 6064 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    15:51:31.0358 6064 spldr - ok
    15:51:31.0415 6064 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    15:51:31.0424 6064 srv - ok
    15:51:31.0452 6064 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    15:51:31.0458 6064 srv2 - ok
    15:51:31.0482 6064 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    15:51:31.0484 6064 srvnet - ok
    15:51:31.0540 6064 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    15:51:31.0542 6064 stexstor - ok
    15:51:31.0604 6064 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    15:51:31.0606 6064 swenum - ok
    15:51:31.0699 6064 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
    15:51:31.0745 6064 Tcpip - ok
    15:51:31.0794 6064 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
    15:51:31.0803 6064 TCPIP6 - ok
    15:51:31.0838 6064 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    15:51:31.0840 6064 tcpipreg - ok
    15:51:31.0874 6064 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    15:51:31.0879 6064 TDPIPE - ok
    15:51:31.0907 6064 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    15:51:31.0909 6064 TDTCP - ok
    15:51:31.0950 6064 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    15:51:31.0952 6064 tdx - ok
    15:51:31.0990 6064 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    15:51:31.0992 6064 TermDD - ok
    15:51:32.0070 6064 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    15:51:32.0072 6064 tssecsrv - ok
    15:51:32.0127 6064 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    15:51:32.0130 6064 TsUsbFlt - ok
    15:51:32.0175 6064 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    15:51:32.0177 6064 tunnel - ok
    15:51:32.0216 6064 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    15:51:32.0218 6064 uagp35 - ok
    15:51:32.0264 6064 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    15:51:32.0269 6064 udfs - ok
    15:51:32.0326 6064 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    15:51:32.0328 6064 uliagpkx - ok
    15:51:32.0372 6064 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    15:51:32.0374 6064 umbus - ok
    15:51:32.0408 6064 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    15:51:32.0410 6064 UmPass - ok
    15:51:32.0584 6064 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    15:51:32.0586 6064 usbaudio - ok
    15:51:32.0694 6064 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    15:51:32.0696 6064 usbccgp - ok
    15:51:32.0776 6064 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    15:51:32.0779 6064 usbcir - ok
    15:51:32.0920 6064 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
    15:51:32.0922 6064 usbehci - ok
    15:51:33.0095 6064 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    15:51:33.0103 6064 usbhub - ok
    15:51:33.0217 6064 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    15:51:33.0218 6064 usbohci - ok
    15:51:33.0322 6064 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    15:51:33.0323 6064 usbprint - ok
    15:51:33.0472 6064 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    15:51:33.0474 6064 usbscan - ok
    15:51:33.0572 6064 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
    15:51:33.0574 6064 USBSTOR - ok
    15:51:33.0700 6064 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    15:51:33.0702 6064 usbuhci - ok
    15:51:33.0792 6064 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
    15:51:33.0796 6064 usbvideo - ok
    15:51:34.0001 6064 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    15:51:34.0003 6064 vdrvroot - ok
    15:51:34.0145 6064 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    15:51:34.0147 6064 vga - ok
    15:51:34.0268 6064 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    15:51:34.0270 6064 VgaSave - ok
    15:51:34.0420 6064 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    15:51:34.0424 6064 vhdmp - ok
    15:51:34.0593 6064 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    15:51:34.0595 6064 viaide - ok
    15:51:34.0750 6064 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    15:51:34.0753 6064 volmgr - ok
    15:51:34.0946 6064 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    15:51:34.0951 6064 volmgrx - ok
    15:51:35.0056 6064 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    15:51:35.0061 6064 volsnap - ok
    15:51:35.0234 6064 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    15:51:35.0239 6064 vsmraid - ok
    15:51:35.0399 6064 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    15:51:35.0399 6064 vwifibus - ok
    15:51:35.0589 6064 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    15:51:35.0591 6064 vwififlt - ok
    15:51:35.0781 6064 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    15:51:35.0783 6064 vwifimp - ok
    15:51:35.0957 6064 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    15:51:35.0959 6064 WacomPen - ok
    15:51:36.0125 6064 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    15:51:36.0127 6064 WANARP - ok
    15:51:36.0137 6064 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    15:51:36.0139 6064 Wanarpv6 - ok
    15:51:36.0269 6064 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    15:51:36.0271 6064 Wd - ok
    15:51:36.0384 6064 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    15:51:36.0400 6064 Wdf01000 - ok
    15:51:36.0601 6064 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    15:51:36.0602 6064 WfpLwf - ok
    15:51:36.0776 6064 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
    15:51:36.0780 6064 WimFltr - ok
    15:51:36.0947 6064 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    15:51:36.0948 6064 WIMMount - ok
    15:51:37.0193 6064 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    15:51:37.0195 6064 WmiAcpi - ok
    15:51:37.0398 6064 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    15:51:37.0400 6064 ws2ifsl - ok
    15:51:37.0564 6064 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
    15:51:37.0566 6064 WSDPrintDevice - ok
    15:51:37.0754 6064 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    15:51:37.0757 6064 WudfPf - ok
    15:51:37.0922 6064 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    15:51:37.0925 6064 WUDFRd - ok
    15:51:37.0981 6064 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    15:51:38.0000 6064 \Device\Harddisk0\DR0 - ok
    15:51:38.0007 6064 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
    15:51:38.0016 6064 \Device\Harddisk1\DR1 - ok
    15:51:38.0020 6064 Boot (0x1200) (9542d70692076d71c711810401cafea7) \Device\Harddisk0\DR0\Partition0
    15:51:38.0021 6064 \Device\Harddisk0\DR0\Partition0 - ok
    15:51:38.0057 6064 Boot (0x1200) (decd427da8ab025eb63f1e08a7a4bcee) \Device\Harddisk0\DR0\Partition1
    15:51:38.0058 6064 \Device\Harddisk0\DR0\Partition1 - ok
    15:51:38.0066 6064 Boot (0x1200) (0468398622aa70098f277cec929b8dbf) \Device\Harddisk1\DR1\Partition0
    15:51:38.0067 6064 \Device\Harddisk1\DR1\Partition0 - ok
    15:51:38.0068 6064 ============================================================
    15:51:38.0068 6064 Scan finished
    15:51:38.0068 6064 ============================================================
    15:51:38.0088 6400 Detected object count: 0
    15:51:38.0088 6400 Actual detected object count: 0
  10. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  11. minicrocop

    minicrocop Newcomer, in training Topic Starter Posts: 31

    Just so I am clear, I first download aswmbr, update it then scan. Do I need to disable anything? As it started to scan I got an alert from MSSE for:

    Trojan DOS/Alureon.C

    Report from aswmbr

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-10-20 16:13:36
    -----------------------------
    16:13:36.900 OS Version: Windows x64 6.1.7601 Service Pack 1
    16:13:36.901 Number of processors: 4 586 0x2505
    16:13:36.902 ComputerName: JOE-PC UserName: Joe
    16:13:38.585 Initialize success
    16:14:45.752 AVAST engine defs: 11102002
    16:14:56.016 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    16:14:56.019 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
    16:14:56.035 Disk 0 MBR read successfully
    16:14:56.039 Disk 0 MBR scan
    16:14:56.100 Disk 0 TDL4@MBR code has been found
    16:14:56.106 Disk 0 MBR hidden
    16:14:56.112 Disk 0 MBR [TDL4] **ROOTKIT**
    16:14:56.120 Disk 0 trace - called modules:
    16:14:56.125 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80033d8254]<<
    16:14:56.128 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80033c0060]
    16:14:56.132 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003133050]
    16:14:56.135 \Driver\iaStor[0xfffffa80030ba940] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80033d8254
    16:14:59.973 AVAST engine scan C:\Windows
    16:15:03.325 AVAST engine scan C:\Windows\system32
    16:17:37.572 AVAST engine scan C:\Windows\system32\drivers
    16:17:52.150 AVAST engine scan C:\Users\Joe
    16:20:40.720 Disk 0 MBR has been saved successfully to "C:\Users\Joe\Desktop\MBR.dat"
    16:20:40.740 The log file has been saved successfully to "C:\Users\Joe\Desktop\aswMBR.txt"

    Now do combofix?
  12. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    Not yet.
    Re-run aswMBR and this time click on "Fix" button.
    Post resulting log.
  13. minicrocop

    minicrocop Newcomer, in training Topic Starter Posts: 31

    Serious issues have developed.

    Ran the above scan twice and then selected fix. Both times it locked up for 10 minutes each time.
    Third time I ran it with www and msse disabled. Both times resulted in scans followed by BSOD twice. Restart in safe mode and run scan. It ran and I selected fix and it said it did. It then did a restart and opened up into a start up error that windows was going to fix...fail. Retry again and fail. Restart into setup and ended up at an option to fix, restore, image, etc. Opted to restore from earlier today...failed. Tried again from ten days ago and failed. So now I am unable to get it to get me into windows.

    Am using my friends iPad to send this. Any ideas?
     
  14. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    Please Boot to the System Recovery Options
    If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
    It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...

    On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt

    Choose Command Prompt
    You should see X:\SOURCES>...

    Execute the following commands in bold.
    Press Enter after every one of them.

    bootrec /fixmbr (<--- there is a "space" after "bootrec")

    exit

    Restart computer.

    If you still can't boot, go back to system recovery and run this command:

    bootrec /fixboot
  15. minicrocop

    minicrocop Newcomer, in training Topic Starter Posts: 31

    As crazy that this may sound I don't believe Dell included a windows 7 restore disk. Is there a work around?
  16. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    You may not need it.
    Re-read my link:
  17. minicrocop

    minicrocop Newcomer, in training Topic Starter Posts: 31

    F8 is not working goes to startup repair. I pressed it rapidly as well as holding the key down, all it did was beep at me
  18. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run aswMBR again and post its log.
  19. minicrocop

    minicrocop Newcomer, in training Topic Starter Posts: 31

    StartupRepairOffline
    6.1.7600.16385
    6.1.7600.16385
    Unknown
    11
    AutoFailover
    1
    MissingOsLoader
    6.1.7600.2.0.0.256.1
    1033


    The above is the error text I get when I try to start my system
  20. minicrocop

    minicrocop Newcomer, in training Topic Starter Posts: 31

    Okay will try that, thanks
  21. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    Re-read my previous reply.
  22. minicrocop

    minicrocop Newcomer, in training Topic Starter Posts: 31

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-10-20 16:13:36
    -----------------------------
    16:13:36.900 OS Version: Windows x64 6.1.7601 Service Pack 1
    16:13:36.901 Number of processors: 4 586 0x2505
    16:13:36.902 ComputerName: JOE-PC UserName: Joe
    16:13:38.585 Initialize success
    16:14:45.752 AVAST engine defs: 11102002
    16:14:56.016 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    16:14:56.019 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
    16:14:56.035 Disk 0 MBR read successfully
    16:14:56.039 Disk 0 MBR scan
    16:14:56.100 Disk 0 TDL4@MBR code has been found
    16:14:56.106 Disk 0 MBR hidden
    16:14:56.112 Disk 0 MBR [TDL4] **ROOTKIT**
    16:14:56.120 Disk 0 trace - called modules:
    16:14:56.125 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80033d8254]<<
    16:14:56.128 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80033c0060]
    16:14:56.132 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003133050]
    16:14:56.135 \Driver\iaStor[0xfffffa80030ba940] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80033d8254
    16:14:59.973 AVAST engine scan C:\Windows
    16:15:03.325 AVAST engine scan C:\Windows\system32
    16:17:37.572 AVAST engine scan C:\Windows\system32\drivers
    16:17:52.150 AVAST engine scan C:\Users\Joe
    16:20:40.720 Disk 0 MBR has been saved successfully to "C:\Users\Joe\Desktop\MBR.dat"
    16:20:40.740 The log file has been saved successfully to "C:\Users\Joe\Desktop\aswMBR.txt"


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-10-20 17:24:15
    -----------------------------
    17:24:15.610 OS Version: Windows x64 6.1.7601 Service Pack 1
    17:24:15.610 Number of processors: 4 586 0x2505
    17:24:15.610 ComputerName: JOE-PC UserName: Joe
    17:24:17.451 Initialize success
    17:24:22.224 AVAST engine defs: 11102002
    17:24:24.814 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    17:24:24.814 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
    17:24:24.830 Disk 0 MBR read successfully
    17:24:24.830 Disk 0 MBR scan
    17:24:24.830 Disk 0 MBR:Alureon-I [Rtk]
    17:24:24.845 Disk 0 TDL4@MBR code has been found
    17:24:24.845 Disk 0 MBR hidden
    17:24:24.845 Disk 0 MBR [TDL4] **ROOTKIT**
    17:24:24.845 Disk 0 trace - called modules:
    17:24:24.845 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800339b254]<<
    17:24:24.845 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003387060]
    17:24:24.876 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003097050]
    17:24:24.876 \Driver\iaStor[0xfffffa8003087720] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa800339b254
    17:24:25.922 AVAST engine scan C:\Windows
    17:24:27.716 AVAST engine scan C:\Windows\system32
    17:25:54.046 AVAST engine scan C:\Windows\system32\drivers
    17:26:03.921 AVAST engine scan C:\Users\Joe
    17:26:14.061 Disk 0 MBR read successfully
    17:26:14.061 Disk 0 MBR:Alureon-I [Rtk]
    17:26:14.077 Disk 0 TDL4@MBR code has been found
    17:26:14.077 Disk 0 fixing MBR ...
    17:26:24.107 Disk 0 MBR restored successfully
    17:26:24.139 Verifying
    17:26:52.234 Disk 0 MBR fix error
    17:27:08.926 Disk 0 MBR has been saved successfully to "C:\Users\Joe\Desktop\MBR.dat"
    17:27:08.958 The log file has been saved successfully to "C:\Users\Joe\Desktop\aswMBR.txt"


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-10-21 17:29:13
    -----------------------------
    17:29:13.986 OS Version: Windows x64 6.1.7601 Service Pack 1
    17:29:13.986 Number of processors: 4 586 0x2505
    17:29:13.988 ComputerName: JOE-PC UserName: Joe
    17:29:15.613 Initialize success
    17:29:21.567 AVAST engine defs: 11102002
    17:29:25.661 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    17:29:25.663 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
    17:29:25.674 Disk 0 MBR read successfully
    17:29:25.676 Disk 0 MBR scan
    17:29:25.706 Disk 0 Windows 7 default MBR code
    17:29:25.709 Service scanning
    17:29:30.615 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
    17:29:35.830 Modules scanning
    17:29:35.836 Disk 0 trace - called modules:
    17:29:35.862 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    17:29:35.871 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80033de060]
    17:29:35.879 3 CLASSPNP.SYS[fffff88001b7843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800315f050]
    17:29:38.902 AVAST engine scan C:\Windows
    17:29:44.514 AVAST engine scan C:\Windows\system32
    17:36:45.666 AVAST engine scan C:\Windows\system32\drivers
    17:37:12.165 AVAST engine scan C:\Users\Joe
    17:48:58.351 AVAST engine scan C:\ProgramData
    17:52:16.086 Scan finished successfully
    18:16:10.415 Disk 0 MBR has been saved successfully to "C:\Users\Joe\Desktop\MBR.dat"
    18:16:10.500 The log file has been saved successfully to "C:\Users\Joe\Desktop\aswMBR.txt"
  23. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    Excellent!
    Am I assuming correctly you're back in business?

    If so, go ahead with Combofix.
  24. minicrocop

    minicrocop Newcomer, in training Topic Starter Posts: 31

    Thanks!

    Okay just wanna make sure, you do not want me to do fixmbr?

    How would I disable scripts on my computer?
  25. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    Your MBR has been fixed.

    Do you use Spybot or Windows Defender?


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.