Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Removal of win32/ramnit.ae virus

Started by JAM266 , Oct 25 2011 05:14 AM

  • This topic is locked This topic is locked

#16
JAM266
Posted 27 October 2011 - 03:05 PM

JAM266

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Not able to download MBRCheck.exe
  • 0

Advertisements

#17
Essexboy
Posted 27 October 2011 - 03:07 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Here you go [attachment=53211:MBRCheck.zip]
  • 0

#18
JAM266
Posted 27 October 2011 - 03:16 PM

JAM266

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 115):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EC000 \WINDOWS\system32\hal.dll
0xF8BB6000 \WINDOWS\system32\KDCOM.DLL
0xF8AC6000 \WINDOWS\system32\BOOTVID.dll
0xF8667000 ACPI.sys
0xF8BB8000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8656000 pci.sys
0xF86B6000 isapnp.sys
0xF8BBA000 intelide.sys
0xF8936000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF86C6000 MountMgr.sys
0xF8637000 ftdisk.sys
0xF8BBC000 dmload.sys
0xF8611000 dmio.sys
0xF893E000 PartMgr.sys
0xF86D6000 VolSnap.sys
0xF85F9000 atapi.sys
0xF86E6000 disk.sys
0xF86F6000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF85D9000 fltMgr.sys
0xF85C7000 sr.sys
0xF8706000 PxHelp20.sys
0xF85B0000 KSecDD.sys
0xF8523000 Ntfs.sys
0xF84F6000 NDIS.sys
0xF84DB000 Mup.sys
0xF8716000 agp440.sys
0xF7B37000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF7B23000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7B06000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF8A36000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8A3E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7AF2000 \SystemRoot\system32\DRIVERS\parport.sys
0xF87B6000 \SystemRoot\system32\DRIVERS\serial.sys
0xF8B76000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF8A46000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF87C6000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF87D6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF87E6000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7ACF000 \SystemRoot\system32\DRIVERS\ks.sys
0xF8A4E000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF8A56000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7AAC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7A1E000 \SystemRoot\system32\drivers\smwdm.sys
0xF79FA000 \SystemRoot\system32\drivers\portcls.sys
0xF87F6000 \SystemRoot\system32\drivers\drmk.sys
0xF79E2000 \SystemRoot\system32\drivers\aeaudio.sys
0xF7D97000 \SystemRoot\system32\DRIVERS\processr.sys
0xF8DC0000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7D87000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8B7E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF79CB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7D77000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7D67000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8A5E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF79BA000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7D57000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8A6E000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8A76000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7989000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7D47000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8BEE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF7930000 \SystemRoot\system32\DRIVERS\update.sys
0xF8BA6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7D37000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8A7E000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7D17000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8BF6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF48A0000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xF8AAE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF8C1E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8C8E000 \SystemRoot\System32\Drivers\Null.SYS
0xF8C20000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8ABE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF8956000 \SystemRoot\System32\drivers\vga.sys
0xF8C22000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8C24000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF895E000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8966000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8B52000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF3DB1000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF3D59000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF3D31000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF3D0F000 \SystemRoot\System32\drivers\afd.sys
0xF8826000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF3CE4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF3C75000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8836000 \SystemRoot\System32\Drivers\Fips.SYS
0xF3C54000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF8846000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF8B66000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF8856000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF8B6A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF8B6E000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF8796000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF38D2000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8C3E000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF4890000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8A26000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8D3C000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF376A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF339F000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF30E2000 \SystemRoot\system32\drivers\wdmaud.sys
0xF3127000 \SystemRoot\system32\drivers\sysaudio.sys
0xF2E08000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF8C66000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF2AE1000 \SystemRoot\system32\DRIVERS\srv.sys
0xF1FF6000 \SystemRoot\System32\Drivers\HTTP.sys
0xF3A4B000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2FF70333-37F8-4622-8CE0-D25FEC2B592C}\MpKsl17ec341c.sys
0xF2FA4000 \??\C:\DOCUME~1\User\LOCALS~1\Temp\aswMBR.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 44):
0 System Idle Process
4 System
560 C:\WINDOWS\system32\smss.exe
608 C:\WINDOWS\system32\csrss.exe
632 C:\WINDOWS\system32\winlogon.exe
676 C:\WINDOWS\system32\services.exe
688 C:\WINDOWS\system32\lsass.exe
844 C:\WINDOWS\system32\svchost.exe
908 C:\WINDOWS\system32\svchost.exe
1000 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1040 C:\WINDOWS\system32\svchost.exe
1140 C:\WINDOWS\system32\svchost.exe
1252 C:\WINDOWS\system32\svchost.exe
1576 C:\WINDOWS\system32\svchost.exe
1588 C:\WINDOWS\explorer.exe
1660 C:\WINDOWS\system32\svchost.exe
1708 C:\WINDOWS\system32\LEXBCES.EXE
288 C:\WINDOWS\system32\spoolsv.exe
292 C:\WINDOWS\system32\LEXPPS.EXE
1840 C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
1920 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
1984 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
480 C:\WINDOWS\Vm_sti.exe
984 C:\Program Files\iTunes\iTunesHelper.exe
1200 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1328 C:\WINDOWS\system32\ctfmon.exe
2060 C:\WINDOWS\system32\svchost.exe
2084 C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
2272 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2336 C:\Program Files\Bonjour\mDNSResponder.exe
2644 C:\Program Files\Java\jre6\bin\jqs.exe
2828 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
3120 C:\WINDOWS\system32\svchost.exe
3192 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2332 C:\Program Files\iPod\bin\iPodService.exe
3708 C:\WINDOWS\system32\alg.exe
2436 C:\WINDOWS\system32\wuauclt.exe
372 C:\Program Files\Mozilla Firefox\firefox.exe
3432 C:\Program Files\Mozilla Firefox\plugin-container.exe
3052 C:\DOCUME~1\User\LOCALS~1\temp\Rar$EX02.140\aswMBR.exe
816 C:\WINDOWS\system32\notepad.exe
2396 C:\Program Files\WinRAR\WinRAR.exe
2100 C:\DOCUME~1\User\LOCALS~1\temp\Rar$EX02.875\MBRCheck.exe
3920 <unknown>

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD200BB-60CJA0, Rev: 16.06V16

Size Device Name MBR Status
--------------------------------------------
18 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 381846F9A49C3889808A0879A5C0BEA9EB427C44


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
  • 0

#19
Essexboy
Posted 27 October 2011 - 03:25 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now download and run this programme please

[attachment=53212:tdsskiller.zip]


  • Download and extract the attached programme
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#20
JAM266
Posted 27 October 2011 - 03:59 PM

JAM266

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Found some threats and the option I am given are 1)skip 2)Copy to quarantin 3)Delete
not sure which one to select
  • 0

#21
JAM266
Posted 27 October 2011 - 04:38 PM

JAM266

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
22:33:16.0234 1072 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
22:33:17.0593 1072 ============================================================
22:33:17.0593 1072 Current date / time: 2011/10/27 22:33:17.0593
22:33:17.0593 1072 SystemInfo:
22:33:17.0593 1072
22:33:17.0593 1072 OS Version: 5.1.2600 ServicePack: 2.0
22:33:17.0593 1072 Product type: Workstation
22:33:17.0625 1072 ComputerName: USER-CCB8100A40
22:33:17.0625 1072 UserName: User
22:33:17.0625 1072 Windows directory: C:\WINDOWS
22:33:17.0625 1072 System windows directory: C:\WINDOWS
22:33:17.0625 1072 Processor architecture: Intel x86
22:33:17.0625 1072 Number of processors: 1
22:33:17.0625 1072 Page size: 0x1000
22:33:17.0625 1072 Boot type: Normal boot
22:33:17.0625 1072 ============================================================
22:33:26.0281 1072 Initialize success
22:35:06.0093 1532 ============================================================
22:35:06.0093 1532 Scan started
22:35:06.0093 1532 Mode: Manual; SigCheck; TDLFS;
22:35:06.0093 1532 ============================================================
22:35:13.0734 1532 Abiosdsk - ok
22:35:14.0625 1532 abp480n5 - ok
22:35:15.0859 1532 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
22:35:56.0937 1532 ac97intc - ok
22:35:58.0250 1532 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:36:00.0015 1532 ACPI - ok
22:36:02.0515 1532 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:36:03.0906 1532 ACPIEC - ok
22:36:05.0125 1532 adpu160m - ok
22:36:06.0750 1532 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
22:36:08.0656 1532 aeaudio - ok
22:36:11.0343 1532 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
22:36:18.0937 1532 aec - ok
22:36:20.0937 1532 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
22:36:21.0671 1532 AFD - ok
22:36:23.0031 1532 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:36:23.0750 1532 agp440 - ok
22:36:24.0828 1532 Aha154x - ok
22:36:26.0156 1532 aic78u2 - ok
22:36:27.0796 1532 aic78xx - ok
22:36:29.0062 1532 AliIde - ok
22:36:30.0296 1532 amsint - ok
22:36:31.0093 1532 asc - ok
22:36:31.0953 1532 asc3350p - ok
22:36:32.0781 1532 asc3550 - ok
22:36:33.0796 1532 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:36:36.0968 1532 AsyncMac - ok
22:36:37.0843 1532 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:36:39.0000 1532 atapi - ok
22:36:39.0390 1532 Atdisk - ok
22:36:39.0968 1532 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:36:41.0140 1532 Atmarpc - ok
22:36:41.0625 1532 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:36:42.0875 1532 audstub - ok
22:36:43.0343 1532 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:36:44.0562 1532 Beep - ok
22:36:44.0984 1532 catchme - ok
22:36:45.0500 1532 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:36:46.0359 1532 cbidf2k - ok
22:36:46.0984 1532 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:36:48.0265 1532 CCDECODE - ok
22:36:48.0703 1532 cd20xrnt - ok
22:36:49.0546 1532 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:36:51.0234 1532 Cdaudio - ok
22:36:51.0593 1532 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
22:36:52.0531 1532 Cdfs - ok
22:36:53.0406 1532 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:36:55.0218 1532 Cdrom - ok
22:36:56.0171 1532 Changer - ok
22:36:57.0718 1532 CmdIde - ok
22:37:00.0640 1532 Cpqarray - ok
22:37:02.0328 1532 dac2w2k - ok
22:37:03.0250 1532 dac960nt - ok
22:37:04.0843 1532 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
22:37:05.0468 1532 Disk - ok
22:37:07.0062 1532 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
22:37:09.0125 1532 dmboot - ok
22:37:11.0218 1532 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
22:37:12.0343 1532 dmio - ok
22:37:14.0468 1532 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:37:16.0031 1532 dmload - ok
22:37:17.0156 1532 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
22:37:17.0812 1532 DMusic - ok
22:37:18.0718 1532 dpti2o - ok
22:37:20.0000 1532 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
22:37:20.0515 1532 drmkaud - ok
22:37:21.0656 1532 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:37:23.0000 1532 E100B - ok
22:37:23.0484 1532 epmntdrv (57cc1bf06c159dfbb989f5783c0e6a50) C:\WINDOWS\system32\epmntdrv.sys
22:37:24.0156 1532 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
22:37:24.0593 1532 epmntdrv - detected UnsignedFile.Multi.Generic (1)
22:37:25.0890 1532 EuGdiDrv (5f779f5edab787f2d090c71a9051f365) C:\WINDOWS\system32\EuGdiDrv.sys
22:37:26.0296 1532 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
22:37:26.0296 1532 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
22:37:26.0984 1532 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
22:37:27.0609 1532 Fastfat - ok
22:37:28.0625 1532 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:37:29.0546 1532 Fdc - ok
22:37:30.0125 1532 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
22:37:30.0968 1532 Fips - ok
22:37:31.0250 1532 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:37:32.0218 1532 Flpydisk - ok
22:37:32.0546 1532 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:37:34.0187 1532 FltMgr - ok
22:37:34.0468 1532 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:37:35.0125 1532 Fs_Rec - ok
22:37:35.0531 1532 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:37:36.0765 1532 Ftdisk - ok
22:37:37.0140 1532 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
22:37:37.0437 1532 GEARAspiWDM - ok
22:37:37.0687 1532 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
22:37:39.0593 1532 ggflt - ok
22:37:40.0234 1532 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
22:37:40.0625 1532 ggsemc - ok
22:37:41.0031 1532 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:37:41.0984 1532 Gpc - ok
22:37:42.0437 1532 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:37:43.0406 1532 HidUsb - ok
22:37:43.0687 1532 hitmanpro35 (60de0d719dd083a8beb476da616d2811) C:\WINDOWS\system32\drivers\hitmanpro35.sys
22:37:44.0062 1532 hitmanpro35 - ok
22:37:44.0281 1532 hpn - ok
22:37:44.0421 1532 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
22:37:46.0343 1532 HTTP - ok
22:37:46.0718 1532 i2omgmt - ok
22:37:46.0843 1532 i2omp - ok
22:37:47.0125 1532 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:37:48.0515 1532 i8042prt - ok
22:37:48.0796 1532 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:37:49.0546 1532 Imapi - ok
22:37:50.0015 1532 ini910u - ok
22:37:50.0421 1532 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:37:51.0140 1532 IntelIde - ok
22:37:51.0656 1532 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:37:52.0562 1532 Ip6Fw - ok
22:37:52.0953 1532 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:37:54.0031 1532 IpFilterDriver - ok
22:37:54.0312 1532 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:37:55.0171 1532 IpInIp - ok
22:37:55.0734 1532 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:37:57.0890 1532 IpNat - ok
22:37:58.0218 1532 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:37:59.0437 1532 IPSec - ok
22:37:59.0812 1532 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:38:00.0546 1532 IRENUM - ok
22:38:00.0875 1532 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:38:01.0765 1532 isapnp - ok
22:38:02.0156 1532 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:38:03.0140 1532 Kbdclass - ok
22:38:03.0843 1532 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:38:04.0531 1532 kbdhid - ok
22:38:05.0062 1532 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
22:38:07.0390 1532 kmixer - ok
22:38:07.0843 1532 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
22:38:08.0500 1532 KSecDD - ok
22:38:09.0093 1532 lbrtfdc - ok
22:38:09.0734 1532 libusb0 (d1598203b19b4922531a8bd6811547f7) C:\WINDOWS\system32\DRIVERS\libusb0.sys
22:38:09.0921 1532 libusb0 ( UnsignedFile.Multi.Generic ) - warning
22:38:10.0000 1532 libusb0 - detected UnsignedFile.Multi.Generic (1)
22:38:10.0640 1532 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:38:11.0421 1532 mnmdd - ok
22:38:12.0046 1532 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
22:38:12.0765 1532 Modem - ok
22:38:13.0218 1532 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:38:14.0015 1532 Mouclass - ok
22:38:14.0421 1532 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:38:15.0265 1532 mouhid - ok
22:38:15.0562 1532 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
22:38:16.0312 1532 MountMgr - ok
22:38:16.0671 1532 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
22:38:17.0140 1532 MpFilter - ok
22:38:17.0343 1532 MpKsl06b19df4 - ok
22:38:17.0390 1532 MpKsl0cf79fe9 - ok
22:38:17.0453 1532 MpKsl13f99ac4 - ok
22:38:17.0593 1532 MpKsl17ec341c (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2FF70333-37F8-4622-8CE0-D25FEC2B592C}\MpKsl17ec341c.sys
22:38:18.0046 1532 MpKsl17ec341c - ok
22:38:18.0187 1532 MpKsl1b9047f5 - ok
22:38:18.0296 1532 MpKsl23c8a940 - ok
22:38:18.0656 1532 MpKsl2763caa9 - ok
22:38:18.0718 1532 MpKsl3555347b - ok
22:38:18.0765 1532 MpKsl3fe45779 - ok
22:38:18.0828 1532 MpKsl6735596a - ok
22:38:19.0000 1532 MpKsl79a6af6a - ok
22:38:19.0140 1532 MpKsl7b3fc78e - ok
22:38:19.0187 1532 MpKsl7f69b9d9 - ok
22:38:19.0296 1532 MpKsl96476bb0 - ok
22:38:19.0375 1532 MpKsla04c51e7 - ok
22:38:19.0453 1532 MpKsla34930c7 - ok
22:38:19.0562 1532 MpKslaf074d40 - ok
22:38:19.0703 1532 MpKslb2427c90 - ok
22:38:19.0796 1532 MpKslc71a369b - ok
22:38:19.0953 1532 MpKslee39272f - ok
22:38:20.0015 1532 MpKslef3cbf47 - ok
22:38:20.0093 1532 MpKslf6d61e9f - ok
22:38:20.0140 1532 MpKslfb7a28dc - ok
22:38:20.0343 1532 mraid35x - ok
22:38:20.0906 1532 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:38:22.0625 1532 MRxDAV - ok
22:38:22.0984 1532 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:38:23.0640 1532 MRxSmb - ok
22:38:24.0421 1532 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
22:38:25.0265 1532 Msfs - ok
22:38:25.0734 1532 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:38:26.0375 1532 MSKSSRV - ok
22:38:26.0718 1532 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:38:27.0593 1532 MSPCLOCK - ok
22:38:27.0890 1532 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
22:38:28.0421 1532 MSPQM - ok
22:38:29.0062 1532 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:38:30.0078 1532 mssmbios - ok
22:38:30.0687 1532 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
22:38:31.0609 1532 MSTEE - ok
22:38:32.0203 1532 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
22:38:33.0156 1532 Mup - ok
22:38:34.0218 1532 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:38:35.0093 1532 NABTSFEC - ok
22:38:35.0921 1532 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
22:38:36.0875 1532 NDIS - ok
22:38:37.0359 1532 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:38:39.0578 1532 NdisIP - ok
22:38:40.0015 1532 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:38:41.0546 1532 NdisTapi - ok
22:38:41.0812 1532 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:38:42.0890 1532 Ndisuio - ok
22:38:43.0296 1532 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:38:44.0671 1532 NdisWan - ok
22:38:44.0906 1532 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
22:38:46.0078 1532 NDProxy - ok
22:38:46.0390 1532 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:38:47.0062 1532 NetBIOS - ok
22:38:47.0546 1532 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:38:48.0421 1532 NetBT - ok
22:38:49.0078 1532 nmwcd (e380bbcad640304737650367ddfa2366) C:\WINDOWS\system32\drivers\nmwcd.sys
22:38:50.0265 1532 nmwcd - ok
22:38:50.0765 1532 nmwcdc (3c4650af9712ae0cb405064b6278ccad) C:\WINDOWS\system32\drivers\nmwcdc.sys
22:38:51.0046 1532 nmwcdc - ok
22:38:51.0656 1532 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
22:38:52.0750 1532 Npfs - ok
22:38:53.0171 1532 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
22:38:55.0890 1532 Ntfs - ok
22:38:56.0218 1532 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:38:56.0734 1532 Null - ok
22:38:58.0046 1532 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:39:01.0828 1532 nv - ok
22:39:02.0515 1532 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:39:03.0421 1532 NwlnkFlt - ok
22:39:04.0203 1532 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:39:05.0015 1532 NwlnkFwd - ok
22:39:05.0687 1532 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
22:39:06.0437 1532 Parport - ok
22:39:07.0250 1532 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
22:39:07.0937 1532 PartMgr - ok
22:39:09.0046 1532 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:39:09.0843 1532 ParVdm - ok
22:39:11.0093 1532 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
22:39:12.0421 1532 PCI - ok
22:39:13.0140 1532 PCIDump - ok
22:39:13.0406 1532 PCIIde - ok
22:39:13.0765 1532 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:39:15.0250 1532 Pcmcia - ok
22:39:15.0484 1532 PDCOMP - ok
22:39:15.0609 1532 PDFRAME - ok
22:39:15.0796 1532 PDRELI - ok
22:39:16.0015 1532 PDRFRAME - ok
22:39:16.0156 1532 perc2 - ok
22:39:16.0312 1532 perc2hib - ok
22:39:16.0640 1532 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:39:17.0843 1532 PptpMiniport - ok
22:39:18.0203 1532 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
22:39:19.0328 1532 Processor - ok
22:39:19.0937 1532 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
22:39:23.0250 1532 PSched - ok
22:39:24.0109 1532 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:39:24.0718 1532 Ptilink - ok
22:39:25.0718 1532 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:39:26.0687 1532 PxHelp20 - ok
22:39:27.0140 1532 ql1080 - ok
22:39:27.0546 1532 Ql10wnt - ok
22:39:28.0062 1532 ql12160 - ok
22:39:28.0484 1532 ql1240 - ok
22:39:29.0062 1532 ql1280 - ok
22:39:29.0687 1532 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:39:30.0531 1532 RasAcd - ok
22:39:31.0156 1532 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:39:31.0796 1532 Rasl2tp - ok
22:39:32.0875 1532 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:39:33.0515 1532 RasPppoe - ok
22:39:34.0187 1532 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:39:34.0609 1532 Raspti - ok
22:39:35.0312 1532 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:39:37.0390 1532 Rdbss - ok
22:39:38.0078 1532 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:39:38.0468 1532 RDPCDD - ok
22:39:39.0140 1532 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:39:39.0968 1532 rdpdr - ok
22:39:40.0734 1532 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
22:39:42.0562 1532 RDPWD - ok
22:39:43.0937 1532 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:39:44.0875 1532 redbook - ok
22:39:46.0156 1532 s115bus (e1ab463b36a7ef31d8a73a97a9b57afa) C:\WINDOWS\system32\DRIVERS\s115bus.sys
22:39:46.0906 1532 s115bus - ok
22:39:48.0015 1532 se45bus (531ebc57db331c8500c042d9f8a6aef2) C:\WINDOWS\system32\DRIVERS\se45bus.sys
22:39:48.0796 1532 se45bus - ok
22:39:50.0125 1532 se45obex (5e003693822460d37516d9a262de9e11) C:\WINDOWS\system32\DRIVERS\se45obex.sys
22:39:51.0140 1532 se45obex - ok
22:39:51.0953 1532 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:39:55.0531 1532 Secdrv - ok
22:39:56.0140 1532 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:39:57.0046 1532 serenum - ok
22:39:58.0000 1532 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
22:39:59.0359 1532 Serial - ok
22:40:00.0031 1532 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:40:00.0859 1532 Sfloppy - ok
22:40:01.0390 1532 Simbad - ok
22:40:01.0640 1532 SliceDisk5 - ok
22:40:02.0437 1532 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:40:03.0593 1532 SLIP - ok
22:40:04.0500 1532 smwdm (fa3368a7039f5abaa4b933703ac34763) C:\WINDOWS\system32\drivers\smwdm.sys
22:40:05.0312 1532 smwdm - ok
22:40:05.0828 1532 Sparrow - ok
22:40:06.0406 1532 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
22:40:09.0296 1532 splitter - ok
22:40:10.0015 1532 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
22:40:12.0578 1532 sr - ok
22:40:13.0562 1532 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
22:40:15.0046 1532 Srv - ok
22:40:16.0109 1532 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:40:19.0875 1532 streamip - ok
22:40:20.0531 1532 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:40:23.0343 1532 swenum - ok
22:40:24.0375 1532 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
22:40:25.0687 1532 swmidi - ok
22:40:25.0843 1532 symc810 - ok
22:40:26.0015 1532 symc8xx - ok
22:40:26.0328 1532 sym_hi - ok
22:40:26.0531 1532 sym_u3 - ok
22:40:26.0796 1532 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
22:40:27.0984 1532 sysaudio - ok
22:40:28.0250 1532 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:40:29.0250 1532 Tcpip - ok
22:40:29.0453 1532 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:40:30.0484 1532 TDPIPE - ok
22:40:30.0937 1532 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
22:40:32.0125 1532 TDTCP - ok
22:40:32.0390 1532 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:40:33.0578 1532 TermDD - ok
22:40:33.0890 1532 TosIde - ok
22:40:34.0125 1532 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
22:40:35.0234 1532 Udfs - ok
22:40:35.0453 1532 ultra - ok
22:40:36.0031 1532 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
22:40:37.0875 1532 Update - ok
22:40:38.0546 1532 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:40:38.0984 1532 USBAAPL - ok
22:40:39.0687 1532 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
22:40:40.0593 1532 usbaudio - ok
22:40:40.0937 1532 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:40:41.0671 1532 usbccgp - ok
22:40:42.0406 1532 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:40:42.0984 1532 usbhub - ok
22:40:43.0218 1532 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:40:43.0687 1532 usbprint - ok
22:40:44.0046 1532 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:40:44.0453 1532 usbscan - ok
22:40:44.0734 1532 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:40:45.0328 1532 USBSTOR - ok
22:40:45.0640 1532 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:40:46.0156 1532 usbuhci - ok
22:40:46.0531 1532 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
22:40:47.0843 1532 usbvideo - ok
22:40:48.0484 1532 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
22:40:49.0015 1532 VgaSave - ok
22:40:49.0234 1532 ViaIde - ok
22:40:49.0734 1532 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
22:40:50.0359 1532 VolSnap - ok
22:40:50.0984 1532 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:40:51.0531 1532 Wanarp - ok
22:40:52.0328 1532 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
22:40:52.0734 1532 Wdf01000 - ok
22:40:53.0203 1532 WDICA - ok
22:40:54.0250 1532 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
22:40:55.0953 1532 wdmaud - ok
22:40:56.0546 1532 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
22:40:57.0218 1532 WpdUsb - ok
22:40:57.0593 1532 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:40:58.0500 1532 WSTCODEC - ok
22:40:59.0328 1532 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:41:01.0437 1532 WudfPf - ok
22:41:01.0937 1532 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
22:41:02.0390 1532 WUDFRd - ok
22:41:03.0281 1532 ZSMC301b (d94d9777e33c70e8489c7e6ce678fd23) C:\WINDOWS\system32\Drivers\usbVM31b.sys
22:41:03.0671 1532 ZSMC301b - ok
22:41:03.0843 1532 MBR (0x1B8) (edc00a9c9e79634953f952c6d701052f) \Device\Harddisk0\DR0
22:41:24.0093 1532 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:41:24.0093 1532 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:41:24.0203 1532 Boot (0x1200) (60669a18b8df7b80011ad46980132f67) \Device\Harddisk0\DR0\Partition0
22:41:24.0218 1532 \Device\Harddisk0\DR0\Partition0 - ok
22:41:24.0265 1532 ============================================================
22:41:24.0265 1532 Scan finished
22:41:24.0265 1532 ============================================================
22:41:25.0078 0504 Detected object count: 4
22:41:25.0078 0504 Actual detected object count: 4
22:44:34.0468 0504 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:44:34.0468 0504 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:44:34.0484 0504 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:44:34.0484 0504 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:44:34.0484 0504 libusb0 ( UnsignedFile.Multi.Generic ) - skipped by user
22:44:34.0484 0504 libusb0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:44:34.0484 0504 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:44:34.0484 0504 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
22:45:44.0515 1224 ============================================================
22:45:44.0515 1224 Scan started
22:45:44.0515 1224 Mode: Manual; SigCheck; TDLFS;
22:45:44.0515 1224 ============================================================
22:45:46.0671 1224 Abiosdsk - ok
22:45:47.0390 1224 abp480n5 - ok
22:45:47.0812 1224 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
22:45:50.0890 1224 ac97intc - ok
22:45:51.0796 1224 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:45:52.0453 1224 ACPI - ok
22:45:53.0421 1224 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:45:54.0031 1224 ACPIEC - ok
22:45:54.0718 1224 adpu160m - ok
22:45:55.0671 1224 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
22:45:56.0093 1224 aeaudio - ok
22:45:57.0140 1224 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
22:45:59.0531 1224 aec - ok
22:46:01.0437 1224 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
22:46:03.0328 1224 AFD - ok
22:46:04.0046 1224 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:46:04.0562 1224 agp440 - ok
22:46:05.0312 1224 Aha154x - ok
22:46:06.0062 1224 aic78u2 - ok
22:46:06.0968 1224 aic78xx - ok
22:46:07.0765 1224 AliIde - ok
22:46:08.0906 1224 amsint - ok
22:46:10.0203 1224 asc - ok
22:46:11.0437 1224 asc3350p - ok
22:46:12.0562 1224 asc3550 - ok
22:46:13.0484 1224 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:46:13.0968 1224 AsyncMac - ok
22:46:14.0875 1224 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:46:15.0484 1224 atapi - ok
22:46:16.0078 1224 Atdisk - ok
22:46:17.0046 1224 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:46:19.0312 1224 Atmarpc - ok
22:46:19.0984 1224 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:46:20.0343 1224 audstub - ok
22:46:21.0234 1224 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:46:21.0640 1224 Beep - ok
22:46:22.0250 1224 catchme - ok
22:46:23.0140 1224 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:46:23.0531 1224 cbidf2k - ok
22:46:24.0421 1224 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:46:26.0640 1224 CCDECODE - ok
22:46:27.0281 1224 cd20xrnt - ok
22:46:28.0265 1224 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:46:28.0687 1224 Cdaudio - ok
22:46:29.0484 1224 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
22:46:30.0406 1224 Cdfs - ok
22:46:31.0359 1224 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:46:32.0937 1224 Cdrom - ok
22:46:33.0515 1224 Changer - ok
22:46:33.0953 1224 CmdIde - ok
22:46:34.0453 1224 Cpqarray - ok
22:46:34.0812 1224 dac2w2k - ok
22:46:35.0093 1224 dac960nt - ok
22:46:35.0781 1224 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
22:46:36.0468 1224 Disk - ok
22:46:37.0375 1224 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
22:46:38.0812 1224 dmboot - ok
22:46:39.0343 1224 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
22:46:39.0953 1224 dmio - ok
22:46:40.0734 1224 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:46:41.0437 1224 dmload - ok
22:46:42.0109 1224 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
22:46:43.0015 1224 DMusic - ok
22:46:43.0734 1224 dpti2o - ok
22:46:44.0593 1224 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
22:46:45.0062 1224 drmkaud - ok
22:46:46.0171 1224 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:46:46.0875 1224 E100B - ok
22:46:48.0000 1224 epmntdrv (57cc1bf06c159dfbb989f5783c0e6a50) C:\WINDOWS\system32\epmntdrv.sys
22:46:48.0312 1224 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
22:46:48.0312 1224 epmntdrv - detected UnsignedFile.Multi.Generic (1)
22:46:49.0234 1224 EuGdiDrv (5f779f5edab787f2d090c71a9051f365) C:\WINDOWS\system32\EuGdiDrv.sys
22:46:49.0375 1224 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
22:46:49.0375 1224 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
22:46:50.0687 1224 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
22:46:51.0250 1224 Fastfat - ok
22:46:52.0875 1224 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:46:55.0484 1224 Fdc - ok
22:46:56.0328 1224 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
22:46:56.0750 1224 Fips - ok
22:46:57.0703 1224 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:46:58.0078 1224 Flpydisk - ok
22:46:58.0859 1224 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:47:00.0500 1224 FltMgr - ok
22:47:02.0250 1224 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:47:02.0703 1224 Fs_Rec - ok
22:47:03.0671 1224 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:47:04.0109 1224 Ftdisk - ok
22:47:04.0921 1224 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
22:47:05.0093 1224 GEARAspiWDM - ok
22:47:06.0000 1224 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
22:47:06.0078 1224 ggflt - ok
22:47:07.0500 1224 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
22:47:07.0640 1224 ggsemc - ok
22:47:09.0578 1224 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:47:10.0140 1224 Gpc - ok
22:47:10.0937 1224 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:47:11.0406 1224 HidUsb - ok
22:47:12.0312 1224 hitmanpro35 (60de0d719dd083a8beb476da616d2811) C:\WINDOWS\system32\drivers\hitmanpro35.sys
22:47:12.0406 1224 hitmanpro35 - ok
22:47:13.0156 1224 hpn - ok
22:47:14.0515 1224 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
22:47:18.0203 1224 HTTP - ok
22:47:18.0953 1224 i2omgmt - ok
22:47:19.0640 1224 i2omp - ok
22:47:20.0578 1224 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:47:21.0031 1224 i8042prt - ok
22:47:22.0062 1224 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:47:24.0437 1224 Imapi - ok
22:47:24.0921 1224 ini910u - ok
22:47:25.0703 1224 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:47:26.0156 1224 IntelIde - ok
22:47:27.0015 1224 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:47:27.0515 1224 Ip6Fw - ok
22:47:28.0328 1224 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:47:28.0750 1224 IpFilterDriver - ok
22:47:29.0484 1224 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:47:29.0906 1224 IpInIp - ok
22:47:30.0687 1224 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:47:32.0421 1224 IpNat - ok
22:47:33.0156 1224 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:47:33.0656 1224 IPSec - ok
22:47:34.0406 1224 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:47:34.0718 1224 IRENUM - ok
22:47:35.0640 1224 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:47:36.0406 1224 isapnp - ok
22:47:37.0765 1224 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:47:38.0218 1224 Kbdclass - ok
22:47:39.0078 1224 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:47:39.0656 1224 kbdhid - ok
22:47:40.0406 1224 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
22:47:42.0093 1224 kmixer - ok
22:47:42.0734 1224 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
22:47:43.0187 1224 KSecDD - ok
22:47:43.0890 1224 lbrtfdc - ok
22:47:44.0250 1224 libusb0 (d1598203b19b4922531a8bd6811547f7) C:\WINDOWS\system32\DRIVERS\libusb0.sys
22:47:44.0484 1224 libusb0 ( UnsignedFile.Multi.Generic ) - warning
22:47:44.0484 1224 libusb0 - detected UnsignedFile.Multi.Generic (1)
22:47:45.0421 1224 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:47:45.0781 1224 mnmdd - ok
22:47:46.0390 1224 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
22:47:46.0781 1224 Modem - ok
22:47:47.0484 1224 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:47:48.0000 1224 Mouclass - ok
22:47:48.0750 1224 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:47:49.0265 1224 mouhid - ok
22:47:50.0453 1224 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
22:47:51.0968 1224 MountMgr - ok
22:47:52.0328 1224 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
22:47:52.0593 1224 MpFilter - ok
22:47:53.0031 1224 MpKsl06b19df4 - ok
22:47:53.0140 1224 MpKsl0cf79fe9 - ok
22:47:53.0640 1224 MpKsl13f99ac4 - ok
22:47:54.0328 1224 MpKsl17ec341c (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2FF70333-37F8-4622-8CE0-D25FEC2B592C}\MpKsl17ec341c.sys
22:47:54.0656 1224 MpKsl17ec341c - ok
22:47:54.0843 1224 MpKsl1b9047f5 - ok
22:47:54.0953 1224 MpKsl23c8a940 - ok
22:47:55.0000 1224 MpKsl2763caa9 - ok
22:47:55.0093 1224 MpKsl3555347b - ok
22:47:55.0156 1224 MpKsl3fe45779 - ok
22:47:55.0234 1224 MpKsl6735596a - ok
22:47:56.0125 1224 MpKsl79a6af6a - ok
22:47:57.0468 1224 MpKsl7b3fc78e - ok
22:47:58.0937 1224 MpKsl7f69b9d9 - ok
22:48:00.0203 1224 MpKsl96476bb0 - ok
22:48:01.0109 1224 MpKsla04c51e7 - ok
22:48:01.0718 1224 MpKsla34930c7 - ok
22:48:02.0328 1224 MpKslaf074d40 - ok
22:48:03.0171 1224 MpKslb2427c90 - ok
22:48:03.0484 1224 MpKslc71a369b - ok
22:48:03.0625 1224 MpKslee39272f - ok
22:48:03.0890 1224 MpKslef3cbf47 - ok
22:48:04.0234 1224 MpKslf6d61e9f - ok
22:48:04.0531 1224 MpKslfb7a28dc - ok
22:48:05.0031 1224 mraid35x - ok
22:48:05.0343 1224 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:48:08.0671 1224 MRxDAV - ok
22:48:09.0765 1224 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:48:10.0734 1224 MRxSmb - ok
22:48:12.0312 1224 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
22:48:15.0718 1224 Msfs - ok
22:48:16.0750 1224 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:48:18.0031 1224 MSKSSRV - ok
22:48:18.0750 1224 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:48:19.0265 1224 MSPCLOCK - ok
22:48:20.0093 1224 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
22:48:20.0546 1224 MSPQM - ok
22:48:22.0015 1224 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:48:22.0578 1224 mssmbios - ok
22:48:23.0406 1224 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
22:48:23.0937 1224 MSTEE - ok
22:48:24.0718 1224 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
22:48:25.0312 1224 Mup - ok
22:48:26.0156 1224 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:48:27.0109 1224 NABTSFEC - ok
22:48:27.0890 1224 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
22:48:28.0953 1224 NDIS - ok
22:48:30.0515 1224 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:48:32.0750 1224 NdisIP - ok
22:48:33.0515 1224 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:48:33.0984 1224 NdisTapi - ok
22:48:34.0843 1224 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:48:35.0390 1224 Ndisuio - ok
22:48:36.0078 1224 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:48:36.0625 1224 NdisWan - ok
22:48:37.0734 1224 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
22:48:39.0750 1224 NDProxy - ok
22:48:40.0484 1224 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:48:41.0203 1224 NetBIOS - ok
22:48:41.0765 1224 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:48:42.0250 1224 NetBT - ok
22:48:43.0109 1224 nmwcd (e380bbcad640304737650367ddfa2366) C:\WINDOWS\system32\drivers\nmwcd.sys
22:48:44.0812 1224 nmwcd - ok
22:48:45.0281 1224 nmwcdc (3c4650af9712ae0cb405064b6278ccad) C:\WINDOWS\system32\drivers\nmwcdc.sys
22:48:45.0781 1224 nmwcdc - ok
22:48:46.0062 1224 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
22:48:47.0671 1224 Npfs - ok
22:48:47.0968 1224 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
22:48:50.0671 1224 Ntfs - ok
22:48:51.0343 1224 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:48:51.0921 1224 Null - ok
22:48:55.0046 1224 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:48:59.0171 1224 nv - ok
22:48:59.0531 1224 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:49:00.0203 1224 NwlnkFlt - ok
22:49:01.0703 1224 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:49:02.0656 1224 NwlnkFwd - ok
22:49:03.0156 1224 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
22:49:04.0171 1224 Parport - ok
22:49:04.0890 1224 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
22:49:05.0328 1224 PartMgr - ok
22:49:06.0062 1224 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:49:06.0531 1224 ParVdm - ok
22:49:07.0250 1224 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
22:49:07.0890 1224 PCI - ok
22:49:08.0218 1224 PCIDump - ok
22:49:08.0687 1224 PCIIde - ok
22:49:09.0421 1224 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:49:10.0015 1224 Pcmcia - ok
22:49:10.0453 1224 PDCOMP - ok
22:49:10.0875 1224 PDFRAME - ok
22:49:11.0343 1224 PDRELI - ok
22:49:11.0687 1224 PDRFRAME - ok
22:49:12.0062 1224 perc2 - ok
22:49:12.0312 1224 perc2hib - ok
22:49:12.0953 1224 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:49:13.0906 1224 PptpMiniport - ok
22:49:14.0187 1224 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
22:49:14.0828 1224 Processor - ok
22:49:15.0234 1224 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
22:49:15.0906 1224 PSched - ok
22:49:16.0203 1224 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:49:16.0828 1224 Ptilink - ok
22:49:17.0171 1224 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:49:17.0359 1224 PxHelp20 - ok
22:49:17.0562 1224 ql1080 - ok
22:49:17.0687 1224 Ql10wnt - ok
22:49:17.0859 1224 ql12160 - ok
22:49:18.0109 1224 ql1240 - ok
22:49:18.0312 1224 ql1280 - ok
22:49:18.0593 1224 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:49:19.0468 1224 RasAcd - ok
22:49:19.0765 1224 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:49:22.0375 1224 Rasl2tp - ok
22:49:22.0703 1224 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:49:23.0593 1224 RasPppoe - ok
22:49:23.0828 1224 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:49:24.0468 1224 Raspti - ok
22:49:24.0796 1224 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:49:26.0625 1224 Rdbss - ok
22:49:26.0953 1224 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:49:28.0359 1224 RDPCDD - ok
22:49:28.0718 1224 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:49:29.0265 1224 rdpdr - ok
22:49:29.0562 1224 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
22:49:31.0437 1224 RDPWD - ok
22:49:32.0109 1224 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:49:32.0718 1224 redbook - ok
22:49:33.0281 1224 s115bus (e1ab463b36a7ef31d8a73a97a9b57afa) C:\WINDOWS\system32\DRIVERS\s115bus.sys
22:49:33.0453 1224 s115bus - ok
22:49:34.0234 1224 se45bus (531ebc57db331c8500c042d9f8a6aef2) C:\WINDOWS\system32\DRIVERS\se45bus.sys
22:49:34.0531 1224 se45bus - ok
22:49:35.0234 1224 se45obex (5e003693822460d37516d9a262de9e11) C:\WINDOWS\system32\DRIVERS\se45obex.sys
22:49:35.0578 1224 se45obex - ok
22:49:36.0796 1224 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:49:38.0515 1224 Secdrv - ok
22:49:39.0250 1224 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:49:39.0703 1224 serenum - ok
22:49:40.0578 1224 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
22:49:41.0703 1224 Serial - ok
22:49:42.0828 1224 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:49:43.0656 1224 Sfloppy - ok
22:49:44.0109 1224 Simbad - ok
22:49:44.0453 1224 SliceDisk5 - ok
22:49:45.0156 1224 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:49:45.0781 1224 SLIP - ok
22:49:46.0968 1224 smwdm (fa3368a7039f5abaa4b933703ac34763) C:\WINDOWS\system32\drivers\smwdm.sys
22:49:47.0796 1224 smwdm - ok
22:49:48.0484 1224 Sparrow - ok
22:49:49.0046 1224 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
22:49:51.0125 1224 splitter - ok
22:49:51.0625 1224 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
22:49:52.0125 1224 sr - ok
22:49:52.0734 1224 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
22:49:53.0328 1224 Srv - ok
22:49:54.0000 1224 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:49:54.0750 1224 streamip - ok
22:49:55.0656 1224 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:49:56.0312 1224 swenum - ok
22:49:56.0875 1224 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
22:49:59.0031 1224 swmidi - ok
22:49:59.0468 1224 symc810 - ok
22:50:00.0031 1224 symc8xx - ok
22:50:00.0937 1224 sym_hi - ok
22:50:02.0234 1224 sym_u3 - ok
22:50:05.0046 1224 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
22:50:08.0078 1224 sysaudio - ok
22:50:08.0796 1224 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:50:09.0906 1224 Tcpip - ok
22:50:11.0437 1224 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:50:12.0406 1224 TDPIPE - ok
22:50:14.0218 1224 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
22:50:15.0046 1224 TDTCP - ok
22:50:15.0687 1224 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:50:17.0250 1224 TermDD - ok
22:50:17.0671 1224 TosIde - ok
22:50:18.0296 1224 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
22:50:19.0234 1224 Udfs - ok
22:50:20.0062 1224 ultra - ok
22:50:22.0125 1224 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
22:50:26.0078 1224 Update - ok
22:50:26.0343 1224 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:50:26.0718 1224 USBAAPL - ok
22:50:27.0093 1224 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
22:50:28.0578 1224 usbaudio - ok
22:50:28.0828 1224 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:50:30.0281 1224 usbccgp - ok
22:50:30.0562 1224 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:50:31.0734 1224 usbhub - ok
22:50:32.0015 1224 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:50:33.0312 1224 usbprint - ok
22:50:33.0625 1224 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:50:34.0796 1224 usbscan - ok
22:50:35.0109 1224 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:50:36.0031 1224 USBSTOR - ok
22:50:36.0265 1224 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:50:37.0375 1224 usbuhci - ok
22:50:37.0656 1224 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
22:50:38.0812 1224 usbvideo - ok
22:50:39.0218 1224 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
22:50:40.0531 1224 VgaSave - ok
22:50:40.0718 1224 ViaIde - ok
22:50:40.0875 1224 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
22:50:42.0265 1224 VolSnap - ok
22:50:42.0687 1224 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:50:44.0718 1224 Wanarp - ok
22:50:45.0078 1224 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
22:50:45.0375 1224 Wdf01000 - ok
22:50:45.0671 1224 WDICA - ok
22:50:46.0000 1224 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
22:50:48.0453 1224 wdmaud - ok
22:50:49.0171 1224 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
22:50:49.0734 1224 WpdUsb - ok
22:50:50.0078 1224 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:50:51.0312 1224 WSTCODEC - ok
22:50:51.0734 1224 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:50:52.0296 1224 WudfPf - ok
22:50:52.0625 1224 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
22:50:53.0265 1224 WUDFRd - ok
22:50:53.0656 1224 ZSMC301b (d94d9777e33c70e8489c7e6ce678fd23) C:\WINDOWS\system32\Drivers\usbVM31b.sys
22:50:54.0265 1224 ZSMC301b - ok
22:50:54.0421 1224 MBR (0x1B8) (edc00a9c9e79634953f952c6d701052f) \Device\Harddisk0\DR0
22:51:42.0531 1224 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:51:42.0531 1224 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:51:42.0593 1224 Boot (0x1200) (60669a18b8df7b80011ad46980132f67) \Device\Harddisk0\DR0\Partition0
22:51:42.0718 1224 \Device\Harddisk0\DR0\Partition0 - ok
22:51:42.0734 1224 ============================================================
22:51:42.0734 1224 Scan finished
22:51:42.0734 1224 ============================================================
22:51:44.0796 3668 Detected object count: 4
22:51:44.0796 3668 Actual detected object count: 4
23:07:35.0671 3668 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
23:07:35.0671 3668 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:07:35.0687 3668 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
23:07:35.0687 3668 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:07:35.0750 3668 libusb0 ( UnsignedFile.Multi.Generic ) - skipped by user
23:07:35.0750 3668 libusb0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:07:35.0750 3668 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
23:07:35.0750 3668 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
  • 0

#22
Essexboy
Posted 28 October 2011 - 10:44 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

23:07:35.0750 3668 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
23:07:35.0750 3668 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


Did you get the option to cure this one ?

Run MBRCheck.exe once again.

You will be presented with the following dialog:

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Enter Y and press Enter.

The following dialog will be presented:

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:



Enter 2 and press Enter

The following dialog will be presented:

Enter the physical disk number to fix (0-99, -1 to cancel):



Enter >>0<< and press Enter

The following dialog will be presented:

Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive:



Enter >>1<< and press Enter

The following dialog will be presented:

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue:



Type YES and press Enter (Must type the full word, YES). You will be inform if successfully wrote a new MBR code!

And last the following dialog will be presented:

Done! Press ENTER to exit...



Press Enter. A report will be produced on the desktop. Post that report in your next reply.


There is the possibility that this will not cure it, but I will need to confirm this so on completion re-run TDSSKiller please and post that log as well
  • 0

#23
JAM266
Posted 28 October 2011 - 11:42 AM

JAM266

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
No option to cure was given for the above quote.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 115):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EC000 \WINDOWS\system32\hal.dll
0xF8BB6000 \WINDOWS\system32\KDCOM.DLL
0xF8AC6000 \WINDOWS\system32\BOOTVID.dll
0xF8667000 ACPI.sys
0xF8BB8000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8656000 pci.sys
0xF86B6000 isapnp.sys
0xF8BBA000 intelide.sys
0xF8936000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF86C6000 MountMgr.sys
0xF8637000 ftdisk.sys
0xF8BBC000 dmload.sys
0xF8611000 dmio.sys
0xF893E000 PartMgr.sys
0xF86D6000 VolSnap.sys
0xF85F9000 atapi.sys
0xF86E6000 disk.sys
0xF86F6000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF85D9000 fltMgr.sys
0xF85C7000 sr.sys
0xF8706000 PxHelp20.sys
0xF85B0000 KSecDD.sys
0xF8523000 Ntfs.sys
0xF84F6000 NDIS.sys
0xF84DB000 Mup.sys
0xF8716000 agp440.sys
0xF70FB000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF70E7000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF70CA000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF8A46000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8A4E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF70B6000 \SystemRoot\system32\DRIVERS\parport.sys
0xF72DB000 \SystemRoot\system32\DRIVERS\serial.sys
0xF8B86000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF8A56000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF72CB000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF87B6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF87C6000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7093000 \SystemRoot\system32\DRIVERS\ks.sys
0xF8A5E000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF8A66000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7070000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF6FE2000 \SystemRoot\system32\drivers\smwdm.sys
0xF6FBE000 \SystemRoot\system32\drivers\portcls.sys
0xF87D6000 \SystemRoot\system32\drivers\drmk.sys
0xF6FA6000 \SystemRoot\system32\drivers\aeaudio.sys
0xF87E6000 \SystemRoot\system32\DRIVERS\processr.sys
0xF8DCF000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF87F6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8B96000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6F8F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8806000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8816000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8A6E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6F7E000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8826000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8A76000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8A7E000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6F4D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8836000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8BEE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6EF4000 \SystemRoot\system32\DRIVERS\update.sys
0xF8BB2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8846000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8A86000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF8866000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8BF8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF3E64000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xF8986000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF8C44000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8D98000 \SystemRoot\System32\Drivers\Null.SYS
0xF8C46000 \SystemRoot\System32\Drivers\Beep.SYS
0xF88F6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8B7E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF8906000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF8996000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF899E000 \SystemRoot\System32\drivers\vga.sys
0xF8C48000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8C4A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF89A6000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF89E6000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8B8E000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF333D000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF32E5000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF32BD000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF329B000 \SystemRoot\System32\drivers\afd.sys
0xF8916000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF3270000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF3201000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8926000 \SystemRoot\System32\Drivers\Fips.SYS
0xF31E0000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF8746000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF3EA3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF3E9F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF3400000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF27A1000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8C6A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF8B62000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8A9E000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8DF5000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF2641000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF2296000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF2001000 \SystemRoot\system32\drivers\wdmaud.sys
0xF21BE000 \SystemRoot\system32\drivers\sysaudio.sys
0xF1E67000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF8C06000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF1910000 \SystemRoot\system32\DRIVERS\srv.sys
0xF0E9D000 \SystemRoot\System32\Drivers\HTTP.sys
0xF2875000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2FF70333-37F8-4622-8CE0-D25FEC2B592C}\MpKsl3db88dd0.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 43):
0 System Idle Process
4 System
564 C:\WINDOWS\system32\smss.exe
612 C:\WINDOWS\system32\csrss.exe
636 C:\WINDOWS\system32\winlogon.exe
680 C:\WINDOWS\system32\services.exe
692 C:\WINDOWS\system32\lsass.exe
848 C:\WINDOWS\system32\svchost.exe
912 C:\WINDOWS\system32\svchost.exe
1004 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1044 C:\WINDOWS\system32\svchost.exe
1124 C:\WINDOWS\system32\svchost.exe
1284 C:\WINDOWS\system32\svchost.exe
1584 C:\WINDOWS\system32\svchost.exe
1592 C:\WINDOWS\explorer.exe
1676 C:\WINDOWS\system32\svchost.exe
1820 C:\WINDOWS\system32\LEXBCES.EXE
272 C:\WINDOWS\system32\spoolsv.exe
396 C:\WINDOWS\system32\LEXPPS.EXE
284 C:\WINDOWS\system32\svchost.exe
1448 C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
256 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
1264 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
1192 C:\WINDOWS\Vm_sti.exe
1456 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2084 C:\Program Files\iTunes\iTunesHelper.exe
2092 C:\Program Files\Microsoft Security Client\msseces.exe
2104 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2136 C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
2148 C:\WINDOWS\system32\ctfmon.exe
2380 C:\Program Files\Bonjour\mDNSResponder.exe
2748 C:\Program Files\Java\jre6\bin\jqs.exe
2948 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
3388 C:\WINDOWS\system32\svchost.exe
3440 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
1444 C:\Program Files\iPod\bin\iPodService.exe
3696 C:\WINDOWS\system32\alg.exe
2884 C:\WINDOWS\system32\wuauclt.exe
3376 C:\Program Files\Mozilla Firefox\firefox.exe
1228 C:\Program Files\Mozilla Firefox\plugin-container.exe
3808 C:\Program Files\WinRAR\WinRAR.exe
2376 C:\WINDOWS\system32\wuauclt.exe
1120 C:\DOCUME~1\User\LOCALS~1\temp\Rar$EX15.079\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD200BB-60CJA0, Rev: 16.06V16

Size Device Name MBR Status
--------------------------------------------
18 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 381846F9A49C3889808A0879A5C0BEA9EB427C44


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!
  • 0

#24
JAM266
Posted 28 October 2011 - 12:04 PM

JAM266

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
18:44:55.0625 2988 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
18:44:57.0687 2988 ============================================================
18:44:57.0687 2988 Current date / time: 2011/10/28 18:44:57.0687
18:44:57.0687 2988 SystemInfo:
18:44:57.0687 2988
18:44:57.0750 2988 OS Version: 5.1.2600 ServicePack: 2.0
18:44:57.0750 2988 Product type: Workstation
18:44:57.0750 2988 ComputerName: USER-CCB8100A40
18:44:57.0750 2988 UserName: User
18:44:57.0750 2988 Windows directory: C:\WINDOWS
18:44:57.0750 2988 System windows directory: C:\WINDOWS
18:44:57.0750 2988 Processor architecture: Intel x86
18:44:57.0750 2988 Number of processors: 1
18:44:57.0750 2988 Page size: 0x1000
18:44:57.0750 2988 Boot type: Normal boot
18:44:57.0750 2988 ============================================================
18:45:06.0453 2988 Initialize success
18:46:25.0968 3756 ============================================================
18:46:25.0968 3756 Scan started
18:46:25.0968 3756 Mode: Manual; SigCheck; TDLFS;
18:46:25.0968 3756 ============================================================
18:46:28.0968 3756 Abiosdsk - ok
18:46:29.0375 3756 abp480n5 - ok
18:46:29.0781 3756 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
18:46:39.0093 3756 ac97intc - ok
18:46:39.0578 3756 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:46:40.0000 3756 ACPI - ok
18:46:40.0390 3756 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:46:40.0828 3756 ACPIEC - ok
18:46:41.0265 3756 adpu160m - ok
18:46:42.0015 3756 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
18:46:42.0375 3756 aeaudio - ok
18:46:43.0765 3756 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
18:46:45.0359 3756 aec - ok
18:46:46.0046 3756 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
18:46:46.0437 3756 AFD - ok
18:46:47.0171 3756 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:46:47.0640 3756 agp440 - ok
18:46:48.0140 3756 Aha154x - ok
18:46:48.0546 3756 aic78u2 - ok
18:46:48.0937 3756 aic78xx - ok
18:46:49.0312 3756 AliIde - ok
18:46:49.0625 3756 amsint - ok
18:46:49.0921 3756 asc - ok
18:46:50.0250 3756 asc3350p - ok
18:46:51.0156 3756 asc3550 - ok
18:46:52.0250 3756 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:46:52.0890 3756 AsyncMac - ok
18:46:53.0250 3756 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:46:53.0828 3756 atapi - ok
18:46:54.0250 3756 Atdisk - ok
18:46:54.0640 3756 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:46:55.0171 3756 Atmarpc - ok
18:46:55.0593 3756 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:46:56.0125 3756 audstub - ok
18:46:56.0484 3756 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:46:57.0593 3756 Beep - ok
18:46:58.0828 3756 catchme - ok
18:47:00.0093 3756 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:47:03.0312 3756 cbidf2k - ok
18:47:04.0375 3756 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:47:07.0937 3756 CCDECODE - ok
18:47:08.0984 3756 cd20xrnt - ok
18:47:10.0015 3756 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:47:14.0156 3756 Cdaudio - ok
18:47:15.0062 3756 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
18:47:15.0734 3756 Cdfs - ok
18:47:16.0546 3756 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:47:18.0093 3756 Cdrom - ok
18:47:18.0484 3756 Changer - ok
18:47:18.0843 3756 CmdIde - ok
18:47:19.0187 3756 Cpqarray - ok
18:47:19.0515 3756 dac2w2k - ok
18:47:19.0812 3756 dac960nt - ok
18:47:20.0625 3756 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
18:47:21.0093 3756 Disk - ok
18:47:22.0109 3756 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
18:47:23.0468 3756 dmboot - ok
18:47:23.0859 3756 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
18:47:24.0578 3756 dmio - ok
18:47:24.0953 3756 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:47:25.0406 3756 dmload - ok
18:47:25.0906 3756 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
18:47:26.0390 3756 DMusic - ok
18:47:26.0687 3756 dpti2o - ok
18:47:26.0890 3756 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
18:47:27.0296 3756 drmkaud - ok
18:47:27.0687 3756 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:47:28.0312 3756 E100B - ok
18:47:28.0828 3756 epmntdrv (57cc1bf06c159dfbb989f5783c0e6a50) C:\WINDOWS\system32\epmntdrv.sys
18:47:29.0109 3756 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
18:47:29.0109 3756 epmntdrv - detected UnsignedFile.Multi.Generic (1)
18:47:29.0515 3756 EuGdiDrv (5f779f5edab787f2d090c71a9051f365) C:\WINDOWS\system32\EuGdiDrv.sys
18:47:29.0687 3756 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
18:47:29.0687 3756 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
18:47:30.0078 3756 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
18:47:30.0546 3756 Fastfat - ok
18:47:30.0937 3756 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:47:31.0437 3756 Fdc - ok
18:47:31.0843 3756 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
18:47:32.0281 3756 Fips - ok
18:47:32.0812 3756 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:47:33.0234 3756 Flpydisk - ok
18:47:33.0765 3756 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:47:35.0468 3756 FltMgr - ok
18:47:36.0328 3756 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:47:36.0718 3756 Fs_Rec - ok
18:47:37.0500 3756 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:47:37.0906 3756 Ftdisk - ok
18:47:38.0328 3756 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
18:47:38.0515 3756 GEARAspiWDM - ok
18:47:39.0062 3756 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
18:47:40.0656 3756 ggflt - ok
18:47:41.0218 3756 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
18:47:41.0328 3756 ggsemc - ok
18:47:41.0937 3756 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:47:42.0515 3756 Gpc - ok
18:47:43.0343 3756 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:47:43.0781 3756 HidUsb - ok
18:47:44.0375 3756 hitmanpro35 (60de0d719dd083a8beb476da616d2811) C:\WINDOWS\system32\drivers\hitmanpro35.sys
18:47:44.0453 3756 hitmanpro35 - ok
18:47:44.0890 3756 hpn - ok
18:47:45.0468 3756 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
18:47:46.0781 3756 HTTP - ok
18:47:47.0156 3756 i2omgmt - ok
18:47:47.0609 3756 i2omp - ok
18:47:48.0140 3756 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:47:48.0781 3756 i8042prt - ok
18:47:49.0281 3756 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:47:50.0187 3756 Imapi - ok
18:47:50.0609 3756 ini910u - ok
18:47:51.0187 3756 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:47:51.0687 3756 IntelIde - ok
18:47:52.0734 3756 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:47:53.0750 3756 Ip6Fw - ok
18:47:54.0234 3756 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:47:54.0953 3756 IpFilterDriver - ok
18:47:55.0531 3756 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:47:55.0984 3756 IpInIp - ok
18:47:56.0265 3756 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:47:57.0656 3756 IpNat - ok
18:47:58.0406 3756 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:47:59.0156 3756 IPSec - ok
18:47:59.0718 3756 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:48:00.0296 3756 IRENUM - ok
18:48:00.0656 3756 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:48:01.0187 3756 isapnp - ok
18:48:01.0671 3756 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:48:02.0140 3756 Kbdclass - ok
18:48:02.0484 3756 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:48:02.0921 3756 kbdhid - ok
18:48:03.0531 3756 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
18:48:04.0890 3756 kmixer - ok
18:48:05.0343 3756 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
18:48:05.0671 3756 KSecDD - ok
18:48:06.0031 3756 lbrtfdc - ok
18:48:06.0515 3756 libusb0 (d1598203b19b4922531a8bd6811547f7) C:\WINDOWS\system32\DRIVERS\libusb0.sys
18:48:06.0703 3756 libusb0 ( UnsignedFile.Multi.Generic ) - warning
18:48:06.0703 3756 libusb0 - detected UnsignedFile.Multi.Generic (1)
18:48:07.0218 3756 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:48:08.0468 3756 mnmdd - ok
18:48:08.0875 3756 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
18:48:09.0250 3756 Modem - ok
18:48:09.0734 3756 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:48:10.0140 3756 Mouclass - ok
18:48:10.0593 3756 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:48:11.0015 3756 mouhid - ok
18:48:11.0515 3756 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
18:48:11.0968 3756 MountMgr - ok
18:48:12.0531 3756 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
18:48:12.0734 3756 MpFilter - ok
18:48:13.0125 3756 MpKsl06b19df4 - ok
18:48:13.0171 3756 MpKsl0cf79fe9 - ok
18:48:13.0203 3756 MpKsl13f99ac4 - ok
18:48:13.0343 3756 MpKsl1b9047f5 - ok
18:48:13.0390 3756 MpKsl23c8a940 - ok
18:48:13.0453 3756 MpKsl2763caa9 - ok
18:48:13.0562 3756 MpKsl3555347b - ok
18:48:13.0812 3756 MpKsl3db88dd0 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2FF70333-37F8-4622-8CE0-D25FEC2B592C}\MpKsl3db88dd0.sys
18:48:13.0953 3756 MpKsl3db88dd0 - ok
18:48:14.0343 3756 MpKsl3fe45779 - ok
18:48:14.0406 3756 MpKsl6735596a - ok
18:48:14.0531 3756 MpKsl79a6af6a - ok
18:48:14.0562 3756 MpKsl7b3fc78e - ok
18:48:14.0625 3756 MpKsl7f69b9d9 - ok
18:48:14.0687 3756 MpKsl96476bb0 - ok
18:48:14.0828 3756 MpKsla04c51e7 - ok
18:48:14.0890 3756 MpKsla34930c7 - ok
18:48:14.0937 3756 MpKslaf074d40 - ok
18:48:15.0046 3756 MpKslb2427c90 - ok
18:48:15.0125 3756 MpKslc71a369b - ok
18:48:15.0171 3756 MpKslee39272f - ok
18:48:15.0281 3756 MpKslef3cbf47 - ok
18:48:15.0343 3756 MpKslf6d61e9f - ok
18:48:15.0375 3756 MpKslfb7a28dc - ok
18:48:15.0734 3756 mraid35x - ok
18:48:16.0375 3756 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:48:17.0718 3756 MRxDAV - ok
18:48:18.0687 3756 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:48:19.0234 3756 MRxSmb - ok
18:48:19.0734 3756 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
18:48:20.0234 3756 Msfs - ok
18:48:20.0656 3756 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:48:22.0187 3756 MSKSSRV - ok
18:48:22.0656 3756 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:48:23.0125 3756 MSPCLOCK - ok
18:48:23.0640 3756 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
18:48:24.0000 3756 MSPQM - ok
18:48:24.0484 3756 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:48:24.0875 3756 mssmbios - ok
18:48:25.0453 3756 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
18:48:26.0000 3756 MSTEE - ok
18:48:26.0578 3756 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
18:48:27.0078 3756 Mup - ok
18:48:27.0609 3756 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:48:28.0234 3756 NABTSFEC - ok
18:48:28.0781 3756 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
18:48:29.0250 3756 NDIS - ok
18:48:29.0703 3756 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:48:30.0093 3756 NdisIP - ok
18:48:30.0593 3756 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:48:30.0968 3756 NdisTapi - ok
18:48:31.0765 3756 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:48:32.0234 3756 Ndisuio - ok
18:48:32.0734 3756 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:48:33.0250 3756 NdisWan - ok
18:48:33.0656 3756 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
18:48:34.0203 3756 NDProxy - ok
18:48:34.0609 3756 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:48:35.0031 3756 NetBIOS - ok
18:48:35.0750 3756 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:48:36.0484 3756 NetBT - ok
18:48:37.0250 3756 nmwcd (e380bbcad640304737650367ddfa2366) C:\WINDOWS\system32\drivers\nmwcd.sys
18:48:38.0593 3756 nmwcd - ok
18:48:39.0140 3756 nmwcdc (3c4650af9712ae0cb405064b6278ccad) C:\WINDOWS\system32\drivers\nmwcdc.sys
18:48:39.0296 3756 nmwcdc - ok
18:48:39.0687 3756 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
18:48:40.0125 3756 Npfs - ok
18:48:41.0140 3756 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
18:48:43.0312 3756 Ntfs - ok
18:48:43.0796 3756 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:48:44.0468 3756 Null - ok
18:48:46.0796 3756 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:48:48.0859 3756 nv - ok
18:48:49.0390 3756 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:48:50.0000 3756 NwlnkFlt - ok
18:48:50.0343 3756 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:48:50.0984 3756 NwlnkFwd - ok
18:48:51.0359 3756 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
18:48:51.0937 3756 Parport - ok
18:48:52.0531 3756 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
18:48:53.0140 3756 PartMgr - ok
18:48:53.0671 3756 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:48:54.0218 3756 ParVdm - ok
18:48:54.0531 3756 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
18:48:55.0109 3756 PCI - ok
18:48:55.0546 3756 PCIDump - ok
18:48:55.0937 3756 PCIIde - ok
18:48:56.0609 3756 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:48:57.0203 3756 Pcmcia - ok
18:48:57.0718 3756 PDCOMP - ok
18:48:58.0078 3756 PDFRAME - ok
18:48:58.0359 3756 PDRELI - ok
18:48:58.0671 3756 PDRFRAME - ok
18:48:58.0984 3756 perc2 - ok
18:48:59.0281 3756 perc2hib - ok
18:49:00.0031 3756 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:49:00.0609 3756 PptpMiniport - ok
18:49:01.0234 3756 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
18:49:02.0000 3756 Processor - ok
18:49:02.0656 3756 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
18:49:03.0453 3756 PSched - ok
18:49:03.0906 3756 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:49:04.0718 3756 Ptilink - ok
18:49:05.0093 3756 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:49:05.0234 3756 PxHelp20 - ok
18:49:05.0750 3756 ql1080 - ok
18:49:06.0062 3756 Ql10wnt - ok
18:49:06.0484 3756 ql12160 - ok
18:49:06.0921 3756 ql1240 - ok
18:49:07.0375 3756 ql1280 - ok
18:49:07.0937 3756 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:49:08.0531 3756 RasAcd - ok
18:49:08.0859 3756 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:49:09.0546 3756 Rasl2tp - ok
18:49:09.0859 3756 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:49:10.0390 3756 RasPppoe - ok
18:49:10.0875 3756 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:49:11.0390 3756 Raspti - ok
18:49:11.0921 3756 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:49:13.0359 3756 Rdbss - ok
18:49:13.0859 3756 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:49:14.0250 3756 RDPCDD - ok
18:49:14.0671 3756 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:49:15.0203 3756 rdpdr - ok
18:49:15.0812 3756 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
18:49:17.0140 3756 RDPWD - ok
18:49:17.0484 3756 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:49:17.0937 3756 redbook - ok
18:49:18.0468 3756 s115bus (e1ab463b36a7ef31d8a73a97a9b57afa) C:\WINDOWS\system32\DRIVERS\s115bus.sys
18:49:18.0625 3756 s115bus - ok
18:49:19.0093 3756 se45bus (531ebc57db331c8500c042d9f8a6aef2) C:\WINDOWS\system32\DRIVERS\se45bus.sys
18:49:19.0375 3756 se45bus - ok
18:49:19.0718 3756 se45obex (5e003693822460d37516d9a262de9e11) C:\WINDOWS\system32\DRIVERS\se45obex.sys
18:49:20.0031 3756 se45obex - ok
18:49:20.0437 3756 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:49:21.0734 3756 Secdrv - ok
18:49:22.0125 3756 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:49:22.0593 3756 serenum - ok
18:49:23.0140 3756 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
18:49:24.0171 3756 Serial - ok
18:49:24.0734 3756 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:49:25.0281 3756 Sfloppy - ok
18:49:25.0546 3756 Simbad - ok
18:49:25.0703 3756 SliceDisk5 - ok
18:49:26.0093 3756 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:49:26.0578 3756 SLIP - ok
18:49:27.0546 3756 smwdm (fa3368a7039f5abaa4b933703ac34763) C:\WINDOWS\system32\drivers\smwdm.sys
18:49:28.0406 3756 smwdm - ok
18:49:28.0875 3756 Sparrow - ok
18:49:30.0343 3756 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
18:49:31.0812 3756 splitter - ok
18:49:32.0140 3756 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
18:49:32.0562 3756 sr - ok
18:49:32.0984 3756 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
18:49:33.0453 3756 Srv - ok
18:49:34.0031 3756 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:49:34.0640 3756 streamip - ok
18:49:34.0937 3756 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:49:35.0656 3756 swenum - ok
18:49:36.0031 3756 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
18:49:36.0593 3756 swmidi - ok
18:49:37.0078 3756 symc810 - ok
18:49:37.0765 3756 symc8xx - ok
18:49:38.0484 3756 sym_hi - ok
18:49:39.0078 3756 sym_u3 - ok
18:49:39.0406 3756 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
18:49:40.0109 3756 sysaudio - ok
18:49:40.0625 3756 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:49:41.0265 3756 Tcpip - ok
18:49:41.0578 3756 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:49:42.0281 3756 TDPIPE - ok
18:49:42.0953 3756 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
18:49:43.0421 3756 TDTCP - ok
18:49:43.0906 3756 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:49:44.0437 3756 TermDD - ok
18:49:44.0734 3756 TosIde - ok
18:49:45.0125 3756 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
18:49:45.0656 3756 Udfs - ok
18:49:45.0921 3756 ultra - ok
18:49:46.0218 3756 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
18:49:47.0703 3756 Update - ok
18:49:48.0484 3756 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:49:48.0875 3756 USBAAPL - ok
18:49:49.0281 3756 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
18:49:50.0015 3756 usbaudio - ok
18:49:50.0281 3756 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:49:50.0968 3756 usbccgp - ok
18:49:51.0234 3756 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:49:52.0078 3756 usbhub - ok
18:49:52.0625 3756 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:49:53.0390 3756 usbprint - ok
18:49:53.0656 3756 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:49:54.0375 3756 usbscan - ok
18:49:54.0640 3756 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:49:55.0343 3756 USBSTOR - ok
18:49:55.0984 3756 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:49:56.0437 3756 usbuhci - ok
18:49:57.0093 3756 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
18:49:57.0578 3756 usbvideo - ok
18:49:57.0921 3756 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
18:49:58.0578 3756 VgaSave - ok
18:49:58.0781 3756 ViaIde - ok
18:49:58.0953 3756 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
18:49:59.0656 3756 VolSnap - ok
18:50:00.0093 3756 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:50:00.0906 3756 Wanarp - ok
18:50:01.0281 3756 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
18:50:01.0562 3756 Wdf01000 - ok
18:50:01.0812 3756 WDICA - ok
18:50:01.0953 3756 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
18:50:03.0765 3756 wdmaud - ok
18:50:04.0234 3756 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
18:50:04.0781 3756 WpdUsb - ok
18:50:05.0109 3756 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:50:05.0656 3756 WSTCODEC - ok
18:50:06.0500 3756 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:50:06.0859 3756 WudfPf - ok
18:50:07.0375 3756 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
18:50:07.0703 3756 WUDFRd - ok
18:50:08.0109 3756 ZSMC301b (d94d9777e33c70e8489c7e6ce678fd23) C:\WINDOWS\system32\Drivers\usbVM31b.sys
18:50:08.0625 3756 ZSMC301b - ok
18:50:08.0828 3756 MBR (0x1B8) (edc00a9c9e79634953f952c6d701052f) \Device\Harddisk0\DR0
18:50:09.0875 3756 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:50:09.0875 3756 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:50:09.0937 3756 Boot (0x1200) (60669a18b8df7b80011ad46980132f67) \Device\Harddisk0\DR0\Partition0
18:50:09.0937 3756 \Device\Harddisk0\DR0\Partition0 - ok
18:50:09.0968 3756 ============================================================
18:50:09.0968 3756 Scan finished
18:50:09.0968 3756 ============================================================
18:50:10.0218 2584 Detected object count: 4
18:50:10.0218 2584 Actual detected object count: 4
18:52:11.0578 2584 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:52:11.0578 2584 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:52:11.0593 2584 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:52:11.0593 2584 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:52:11.0593 2584 libusb0 ( UnsignedFile.Multi.Generic ) - skipped by user
18:52:11.0593 2584 libusb0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:52:11.0593 2584 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:52:11.0593 2584 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
  • 0

#25
Essexboy
Posted 28 October 2011 - 12:28 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK here we go to get technical

Reboot the computer and continually press F8 to get to the safe mode menu

At the menu select recovery console

Select your windows system (usually 1)
enter the password or if none then just press enter
Type in the following commands and press enter :

Fixmbr

You will get a warning - accept it

Exit

to release the recovery console

Reboot to normal mode and then run TDSSKiller again please
  • 0

Advertisements

#26
JAM266
Posted 28 October 2011 - 01:31 PM

JAM266

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
20:19:38.0421 0756 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
20:19:39.0578 0756 ============================================================
20:19:39.0578 0756 Current date / time: 2011/10/28 20:19:39.0578
20:19:39.0578 0756 SystemInfo:
20:19:39.0578 0756
20:19:39.0578 0756 OS Version: 5.1.2600 ServicePack: 2.0
20:19:39.0578 0756 Product type: Workstation
20:19:39.0578 0756 ComputerName: USER-CCB8100A40
20:19:39.0578 0756 UserName: User
20:19:39.0578 0756 Windows directory: C:\WINDOWS
20:19:39.0578 0756 System windows directory: C:\WINDOWS
20:19:39.0578 0756 Processor architecture: Intel x86
20:19:39.0578 0756 Number of processors: 1
20:19:39.0578 0756 Page size: 0x1000
20:19:39.0578 0756 Boot type: Normal boot
20:19:39.0578 0756 ============================================================
20:19:46.0265 0756 Initialize success
20:20:06.0062 3756 ============================================================
20:20:06.0062 3756 Scan started
20:20:06.0062 3756 Mode: Manual; SigCheck; TDLFS;
20:20:06.0062 3756 ============================================================
20:20:12.0703 3756 Abiosdsk - ok
20:20:13.0187 3756 abp480n5 - ok
20:20:14.0140 3756 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
20:20:38.0078 3756 ac97intc - ok
20:20:38.0453 3756 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:20:39.0140 3756 ACPI - ok
20:20:39.0890 3756 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:20:40.0468 3756 ACPIEC - ok
20:20:41.0312 3756 adpu160m - ok
20:20:42.0203 3756 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
20:20:42.0843 3756 aeaudio - ok
20:20:43.0890 3756 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
20:20:46.0140 3756 aec - ok
20:20:46.0703 3756 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
20:20:47.0234 3756 AFD - ok
20:20:48.0000 3756 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
20:20:48.0546 3756 agp440 - ok
20:20:49.0046 3756 Aha154x - ok
20:20:49.0687 3756 aic78u2 - ok
20:20:50.0265 3756 aic78xx - ok
20:20:50.0703 3756 AliIde - ok
20:20:51.0078 3756 amsint - ok
20:20:51.0656 3756 asc - ok
20:20:52.0406 3756 asc3350p - ok
20:20:53.0234 3756 asc3550 - ok
20:20:54.0343 3756 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:20:54.0984 3756 AsyncMac - ok
20:20:56.0015 3756 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:20:56.0890 3756 atapi - ok
20:20:57.0421 3756 Atdisk - ok
20:20:58.0000 3756 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:20:58.0640 3756 Atmarpc - ok
20:20:59.0234 3756 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:20:59.0718 3756 audstub - ok
20:21:00.0531 3756 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:21:01.0234 3756 Beep - ok
20:21:01.0765 3756 catchme - ok
20:21:02.0500 3756 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:21:03.0046 3756 cbidf2k - ok
20:21:03.0984 3756 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:21:04.0531 3756 CCDECODE - ok
20:21:05.0046 3756 cd20xrnt - ok
20:21:05.0968 3756 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:21:06.0578 3756 Cdaudio - ok
20:21:07.0546 3756 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
20:21:08.0140 3756 Cdfs - ok
20:21:08.0921 3756 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:21:10.0234 3756 Cdrom - ok
20:21:10.0875 3756 Changer - ok
20:21:11.0750 3756 CmdIde - ok
20:21:12.0437 3756 Cpqarray - ok
20:21:12.0984 3756 dac2w2k - ok
20:21:13.0656 3756 dac960nt - ok
20:21:14.0562 3756 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
20:21:15.0109 3756 Disk - ok
20:21:16.0484 3756 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
20:21:18.0125 3756 dmboot - ok
20:21:19.0281 3756 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
20:21:19.0906 3756 dmio - ok
20:21:20.0796 3756 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:21:21.0609 3756 dmload - ok
20:21:22.0750 3756 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
20:21:23.0468 3756 DMusic - ok
20:21:23.0921 3756 dpti2o - ok
20:21:24.0812 3756 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
20:21:25.0281 3756 drmkaud - ok
20:21:26.0109 3756 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:21:26.0781 3756 E100B - ok
20:21:27.0484 3756 epmntdrv (57cc1bf06c159dfbb989f5783c0e6a50) C:\WINDOWS\system32\epmntdrv.sys
20:21:27.0859 3756 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
20:21:27.0875 3756 epmntdrv - detected UnsignedFile.Multi.Generic (1)
20:21:28.0765 3756 EuGdiDrv (5f779f5edab787f2d090c71a9051f365) C:\WINDOWS\system32\EuGdiDrv.sys
20:21:29.0093 3756 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
20:21:29.0093 3756 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
20:21:29.0843 3756 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
20:21:30.0328 3756 Fastfat - ok
20:21:31.0187 3756 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:21:31.0750 3756 Fdc - ok
20:21:32.0468 3756 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
20:21:32.0968 3756 Fips - ok
20:21:33.0750 3756 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:21:34.0328 3756 Flpydisk - ok
20:21:35.0156 3756 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:21:36.0531 3756 FltMgr - ok
20:21:37.0390 3756 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:21:37.0843 3756 Fs_Rec - ok
20:21:38.0578 3756 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:21:39.0156 3756 Ftdisk - ok
20:21:40.0046 3756 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:21:40.0250 3756 GEARAspiWDM - ok
20:21:41.0421 3756 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
20:21:43.0343 3756 ggflt - ok
20:21:44.0609 3756 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
20:21:44.0984 3756 ggsemc - ok
20:21:45.0984 3756 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:21:46.0531 3756 Gpc - ok
20:21:47.0593 3756 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:21:48.0156 3756 HidUsb - ok
20:21:49.0046 3756 hitmanpro35 (60de0d719dd083a8beb476da616d2811) C:\WINDOWS\system32\drivers\hitmanpro35.sys
20:21:49.0328 3756 hitmanpro35 - ok
20:21:50.0203 3756 hpn - ok
20:21:51.0593 3756 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
20:21:53.0343 3756 HTTP - ok
20:21:53.0859 3756 i2omgmt - ok
20:21:54.0546 3756 i2omp - ok
20:21:55.0531 3756 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:21:56.0046 3756 i8042prt - ok
20:21:57.0171 3756 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:21:57.0718 3756 Imapi - ok
20:21:58.0421 3756 ini910u - ok
20:21:59.0218 3756 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:21:59.0734 3756 IntelIde - ok
20:22:00.0656 3756 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:22:01.0140 3756 Ip6Fw - ok
20:22:01.0953 3756 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:22:02.0453 3756 IpFilterDriver - ok
20:22:03.0218 3756 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:22:03.0781 3756 IpInIp - ok
20:22:04.0656 3756 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:22:06.0093 3756 IpNat - ok
20:22:06.0921 3756 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:22:07.0515 3756 IPSec - ok
20:22:08.0328 3756 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:22:08.0734 3756 IRENUM - ok
20:22:09.0765 3756 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:22:10.0281 3756 isapnp - ok
20:22:11.0156 3756 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:22:11.0671 3756 Kbdclass - ok
20:22:12.0500 3756 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:22:12.0921 3756 kbdhid - ok
20:22:13.0890 3756 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
20:22:15.0468 3756 kmixer - ok
20:22:16.0296 3756 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
20:22:16.0968 3756 KSecDD - ok
20:22:17.0703 3756 lbrtfdc - ok
20:22:18.0484 3756 libusb0 (d1598203b19b4922531a8bd6811547f7) C:\WINDOWS\system32\DRIVERS\libusb0.sys
20:22:18.0796 3756 libusb0 ( UnsignedFile.Multi.Generic ) - warning
20:22:18.0796 3756 libusb0 - detected UnsignedFile.Multi.Generic (1)
20:22:19.0578 3756 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:22:20.0078 3756 mnmdd - ok
20:22:20.0734 3756 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
20:22:21.0187 3756 Modem - ok
20:22:22.0062 3756 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:22:22.0609 3756 Mouclass - ok
20:22:23.0234 3756 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:22:23.0640 3756 mouhid - ok
20:22:24.0281 3756 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
20:22:24.0765 3756 MountMgr - ok
20:22:25.0546 3756 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
20:22:25.0859 3756 MpFilter - ok
20:22:26.0562 3756 MpKsl06b19df4 - ok
20:22:27.0078 3756 MpKsl0cf79fe9 - ok
20:22:27.0750 3756 MpKsl13f99ac4 - ok
20:22:28.0484 3756 MpKsl1b9047f5 - ok
20:22:29.0078 3756 MpKsl23c8a940 - ok
20:22:29.0843 3756 MpKsl2763caa9 - ok
20:22:30.0640 3756 MpKsl3555347b - ok
20:22:31.0359 3756 MpKsl3fe45779 - ok
20:22:32.0578 3756 MpKsl46cea472 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2FF70333-37F8-4622-8CE0-D25FEC2B592C}\MpKsl46cea472.sys
20:22:32.0953 3756 MpKsl46cea472 - ok
20:22:33.0828 3756 MpKsl6735596a - ok
20:22:34.0640 3756 MpKsl79a6af6a - ok
20:22:35.0562 3756 MpKsl7b3fc78e - ok
20:22:36.0531 3756 MpKsl7f69b9d9 - ok
20:22:37.0500 3756 MpKsl96476bb0 - ok
20:22:38.0500 3756 MpKsla04c51e7 - ok
20:22:39.0562 3756 MpKsla34930c7 - ok
20:22:40.0375 3756 MpKslaf074d40 - ok
20:22:41.0562 3756 MpKslb2427c90 - ok
20:22:42.0593 3756 MpKslc71a369b - ok
20:22:43.0718 3756 MpKslee39272f - ok
20:22:44.0062 3756 MpKslef3cbf47 - ok
20:22:44.0203 3756 MpKslf6d61e9f - ok
20:22:44.0296 3756 MpKslfb7a28dc - ok
20:22:44.0578 3756 mraid35x - ok
20:22:45.0125 3756 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:22:46.0625 3756 MRxDAV - ok
20:22:47.0562 3756 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:22:48.0125 3756 MRxSmb - ok
20:22:48.0531 3756 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
20:22:49.0359 3756 Msfs - ok
20:22:49.0671 3756 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:22:50.0468 3756 MSKSSRV - ok
20:22:50.0875 3756 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:22:51.0406 3756 MSPCLOCK - ok
20:22:51.0671 3756 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
20:22:52.0593 3756 MSPQM - ok
20:22:52.0843 3756 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:22:53.0750 3756 mssmbios - ok
20:22:54.0468 3756 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
20:22:55.0031 3756 MSTEE - ok
20:22:55.0953 3756 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
20:22:56.0718 3756 Mup - ok
20:22:57.0562 3756 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:22:58.0375 3756 NABTSFEC - ok
20:22:59.0218 3756 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
20:22:59.0937 3756 NDIS - ok
20:23:00.0578 3756 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:23:01.0109 3756 NdisIP - ok
20:23:01.0906 3756 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:23:02.0484 3756 NdisTapi - ok
20:23:03.0234 3756 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:23:03.0718 3756 Ndisuio - ok
20:23:05.0375 3756 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:23:06.0093 3756 NdisWan - ok
20:23:06.0765 3756 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
20:23:07.0250 3756 NDProxy - ok
20:23:08.0390 3756 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:23:08.0953 3756 NetBIOS - ok
20:23:10.0031 3756 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:23:10.0781 3756 NetBT - ok
20:23:11.0953 3756 nmwcd (e380bbcad640304737650367ddfa2366) C:\WINDOWS\system32\drivers\nmwcd.sys
20:23:15.0812 3756 nmwcd - ok
20:23:17.0078 3756 nmwcdc (3c4650af9712ae0cb405064b6278ccad) C:\WINDOWS\system32\drivers\nmwcdc.sys
20:23:17.0375 3756 nmwcdc - ok
20:23:19.0687 3756 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
20:23:20.0250 3756 Npfs - ok
20:23:21.0312 3756 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
20:23:23.0734 3756 Ntfs - ok
20:23:24.0890 3756 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:23:25.0296 3756 Null - ok
20:23:29.0265 3756 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:23:34.0500 3756 nv - ok
20:23:35.0718 3756 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:23:36.0281 3756 NwlnkFlt - ok
20:23:37.0625 3756 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:23:38.0156 3756 NwlnkFwd - ok
20:23:39.0875 3756 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
20:23:41.0375 3756 Parport - ok
20:23:42.0218 3756 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
20:23:43.0000 3756 PartMgr - ok
20:23:44.0515 3756 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:23:44.0953 3756 ParVdm - ok
20:23:46.0156 3756 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
20:23:46.0890 3756 PCI - ok
20:23:48.0015 3756 PCIDump - ok
20:23:49.0031 3756 PCIIde - ok
20:23:50.0453 3756 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:23:51.0265 3756 Pcmcia - ok
20:23:52.0046 3756 PDCOMP - ok
20:23:53.0156 3756 PDFRAME - ok
20:23:54.0078 3756 PDRELI - ok
20:23:54.0656 3756 PDRFRAME - ok
20:23:54.0796 3756 perc2 - ok
20:23:55.0187 3756 perc2hib - ok
20:23:55.0703 3756 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:23:56.0500 3756 PptpMiniport - ok
20:23:56.0734 3756 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
20:23:57.0312 3756 Processor - ok
20:23:57.0781 3756 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
20:23:58.0828 3756 PSched - ok
20:23:59.0078 3756 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:23:59.0875 3756 Ptilink - ok
20:24:00.0265 3756 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:24:00.0625 3756 PxHelp20 - ok
20:24:00.0937 3756 ql1080 - ok
20:24:01.0234 3756 Ql10wnt - ok
20:24:01.0625 3756 ql12160 - ok
20:24:01.0937 3756 ql1240 - ok
20:24:02.0109 3756 ql1280 - ok
20:24:02.0406 3756 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:24:03.0109 3756 RasAcd - ok
20:24:03.0421 3756 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:24:04.0187 3756 Rasl2tp - ok
20:24:04.0593 3756 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:24:05.0265 3756 RasPppoe - ok
20:24:05.0828 3756 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:24:06.0593 3756 Raspti - ok
20:24:06.0968 3756 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:24:08.0656 3756 Rdbss - ok
20:24:09.0046 3756 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:24:09.0578 3756 RDPCDD - ok
20:24:09.0968 3756 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:24:10.0750 3756 rdpdr - ok
20:24:11.0468 3756 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
20:24:13.0343 3756 RDPWD - ok
20:24:13.0718 3756 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:24:14.0203 3756 redbook - ok
20:24:14.0968 3756 s115bus (e1ab463b36a7ef31d8a73a97a9b57afa) C:\WINDOWS\system32\DRIVERS\s115bus.sys
20:24:15.0156 3756 s115bus - ok
20:24:15.0921 3756 se45bus (531ebc57db331c8500c042d9f8a6aef2) C:\WINDOWS\system32\DRIVERS\se45bus.sys
20:24:16.0296 3756 se45bus - ok
20:24:16.0796 3756 se45obex (5e003693822460d37516d9a262de9e11) C:\WINDOWS\system32\DRIVERS\se45obex.sys
20:24:17.0156 3756 se45obex - ok
20:24:18.0640 3756 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:24:20.0484 3756 Secdrv - ok
20:24:21.0078 3756 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:24:21.0687 3756 serenum - ok
20:24:22.0734 3756 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
20:24:23.0703 3756 Serial - ok
20:24:24.0390 3756 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:24:24.0781 3756 Sfloppy - ok
20:24:25.0328 3756 Simbad - ok
20:24:25.0656 3756 SliceDisk5 - ok
20:24:26.0171 3756 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:24:26.0546 3756 SLIP - ok
20:24:27.0375 3756 smwdm (fa3368a7039f5abaa4b933703ac34763) C:\WINDOWS\system32\drivers\smwdm.sys
20:24:28.0328 3756 smwdm - ok
20:24:29.0015 3756 Sparrow - ok
20:24:30.0234 3756 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
20:24:31.0812 3756 splitter - ok
20:24:32.0515 3756 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
20:24:32.0953 3756 sr - ok
20:24:33.0671 3756 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
20:24:34.0625 3756 Srv - ok
20:24:35.0531 3756 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:24:35.0984 3756 streamip - ok
20:24:36.0687 3756 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:24:37.0281 3756 swenum - ok
20:24:38.0296 3756 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
20:24:38.0906 3756 swmidi - ok
20:24:39.0328 3756 symc810 - ok
20:24:40.0015 3756 symc8xx - ok
20:24:40.0703 3756 sym_hi - ok
20:24:41.0578 3756 sym_u3 - ok
20:24:42.0640 3756 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
20:24:45.0109 3756 sysaudio - ok
20:24:45.0812 3756 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:24:46.0640 3756 Tcpip - ok
20:24:47.0343 3756 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:24:48.0109 3756 TDPIPE - ok
20:24:48.0953 3756 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
20:24:49.0578 3756 TDTCP - ok
20:24:50.0203 3756 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:24:50.0750 3756 TermDD - ok
20:24:51.0328 3756 TosIde - ok
20:24:51.0968 3756 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
20:24:52.0421 3756 Udfs - ok
20:24:52.0671 3756 ultra - ok
20:24:53.0140 3756 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
20:24:54.0765 3756 Update - ok
20:24:55.0343 3756 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:24:55.0625 3756 USBAAPL - ok
20:24:56.0343 3756 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
20:24:57.0046 3756 usbaudio - ok
20:24:57.0640 3756 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:24:58.0250 3756 usbccgp - ok
20:24:59.0015 3756 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:24:59.0531 3756 usbhub - ok
20:25:00.0250 3756 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:25:00.0750 3756 usbprint - ok
20:25:01.0546 3756 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:25:01.0937 3756 usbscan - ok
20:25:02.0625 3756 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:25:03.0109 3756 USBSTOR - ok
20:25:03.0765 3756 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:25:04.0203 3756 usbuhci - ok
20:25:04.0906 3756 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
20:25:05.0718 3756 usbvideo - ok
20:25:06.0343 3756 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
20:25:06.0906 3756 VgaSave - ok
20:25:07.0421 3756 ViaIde - ok
20:25:08.0125 3756 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
20:25:08.0578 3756 VolSnap - ok
20:25:09.0328 3756 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:25:09.0843 3756 Wanarp - ok
20:25:10.0984 3756 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
20:25:11.0656 3756 Wdf01000 - ok
20:25:12.0203 3756 WDICA - ok
20:25:12.0906 3756 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
20:25:14.0343 3756 wdmaud - ok
20:25:15.0281 3756 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
20:25:15.0765 3756 WpdUsb - ok
20:25:16.0625 3756 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:25:17.0062 3756 WSTCODEC - ok
20:25:17.0718 3756 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:25:18.0046 3756 WudfPf - ok
20:25:18.0921 3756 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
20:25:19.0218 3756 WUDFRd - ok
20:25:20.0234 3756 ZSMC301b (d94d9777e33c70e8489c7e6ce678fd23) C:\WINDOWS\system32\Drivers\usbVM31b.sys
20:25:20.0625 3756 ZSMC301b - ok
20:25:20.0718 3756 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:25:48.0218 3756 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:25:48.0218 3756 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:25:48.0281 3756 Boot (0x1200) (60669a18b8df7b80011ad46980132f67) \Device\Harddisk0\DR0\Partition0
20:25:48.0296 3756 \Device\Harddisk0\DR0\Partition0 - ok
20:25:48.0296 3756 ============================================================
20:25:48.0312 3756 Scan finished
20:25:48.0312 3756 ============================================================
20:25:49.0734 2304 Detected object count: 4
20:25:49.0734 2304 Actual detected object count: 4
20:26:42.0687 2304 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:26:42.0687 2304 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:26:42.0703 2304 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:26:42.0703 2304 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:26:42.0718 2304 libusb0 ( UnsignedFile.Multi.Generic ) - skipped by user
20:26:42.0718 2304 libusb0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:26:42.0718 2304 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:26:42.0734 2304 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
  • 0

#27
Essexboy
Posted 28 October 2011 - 01:40 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK still there - this time we will need to do it with the MBR totally inactive. Once I have confirmed that there is no hidden malware we will fix the MBR from here

OK next we will work outside of windows then Please print these instruction out so that you know what you are doing
  • Download OTLPENet.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start
  • Drag and drop this attached scan.txt into the Custom scans and fixes box, or double click the scan box [attachment=53228:scan.txt]
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#28
JAM266
Posted 28 October 2011 - 01:58 PM

JAM266

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
sorry what do you mean by MBR totally inactive?
  • 0

#29
Essexboy
Posted 28 October 2011 - 02:00 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you boot the system from a live CD then the MBR on your main drive is not called and the malware residing there is inert - and should then be easy pickings
  • 0

#30
JAM266
Posted 28 October 2011 - 02:07 PM

JAM266

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
ok do you want me to check the MBR before downloading OTLPENet.exe ?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP