Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

MBR 0 infected by MBR:Alureon-K [Rtk] [Solved]

Started by dietr , Nov 26 2011 02:11 AM

This topic is locked

#16
Amlak

Posted 01 December 2011 - 03:20 PM

Member 1K

Member
1,470 posts

I think you'd be better off buying an external USB CD/DVD drive than have them do a fixmbr themselves especially if the service is going to cost more than the external device itself.

Anyway, here's my next fix for you:

Step 1

IMPORTANT:
You will need a flash drive with a size of 512 Mb or bigger. Make sure that you do not leave anything important on the flash drive, as all data on it will be deleted during the following steps.

- Download OTLPEStd.exe from the following link and save it to your Desktop: mirror1.
- Download eeepcfr.zip from the following link and save it to your Desktop: the mirror
- Finally, if you do not have a file archiver like 7-zip or Winrar installed, please download 7-zip from the following link and install it: the mirror
Once you have 7-zip install, decompress OTLPEStd.exe by rightclicking on the folder and choosing the options shown in the picture below.
Open the folder OTLPEStd which will be created in the same location as OTLPEStd.exe and right-click OTLPE_New_Std.iso. Select 7-Zip and from the submenu select Extract files... and extract the content onto your Desktop in a OTLPE folder (you'll have to create this new folder):
Please also decompress eeepcfr to your systemroot (usually C:\).
Empty the flash drive you want to install OTLPE on.
Go to C:\eeecpfr and double-click usb_prep8.cmd to launch it.
Press any key when asked to in the black window that opens.
As indicated in the image, make sure you have selected the correct flash drive, before proceeding.
For Drive Label: type in OTLPE.
Under Source Path to built BartPE/WinPE Files click ... and select the folder OTLPE that you created on your Desktop.
Finally check Enable File Copy.
Click on Start, accept the disclaimers and wait for the program to finish.

Your bootable flash drive should now be ready!

Step 2

Booting from the USB flash drive
The next thing that you must do is to configure your PC to allow you to boot from the flash drive. This is all done through the computer's BIOS Setup. I can't give you specific instructions for this part, because every computer is different. I can give you a few pointers though.

You can access your computer's BIOS by pressing a specific key immediately after you turn the PC on. The key varies, but it is usually either [F1], [F2], or [Delete]. If it's not any of the mentioned keys, please pay attention to what the first screen(s) tell(s) you when you first turn on your computer and see if any specific button is mentioned.

Once you are in the BIOS Setup, find the section on boot device priority. Normally, a USB flash drive (which is usually listed as USB-HDD, but may be listed as a removable/external device) will have a very low boot priority. If the USB flash drive's boot priority is lower than the hard disk (often listed as HDD), you must rearrange the boot device priority so that the flash drive has a higher priority than the hard drive. Follow the keyboard instructions on the BIOS screen to figure out how.

When done, find the way to save before/while exiting the BIOS Setup screen. Once again, follow the instructions on the screen.

If you need help in this area, please let me know what kind of BIOS Setup (by mentioning to me any specific name(s) that you see on the screen pertaining to the BIOS for your system) you have so I can guide you with better details.

Step 3

You should now be able to boot from the USB/flash drive. So let it do its thing. Note that it'll take a while to load into the Reatogo environment (which is what we want to access).
Your system should eventually display a Reatogo desktop (similar to Windows XP).
Double-click on the MBRFix icon.
In the black box that appears, type in the following (pressing Enter after you do so):
MbrFix /drive 0 fixmbr
Confirm with Y and press Enter again.
Close the window and shut down your computer.
Pull out the USB/flash drive and boot into the normal Windows.

Step 4

Run MBRCheck again.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A newer report will be produced on the desktop. Post that report in your next reply.

#17
dietr

Posted 02 December 2011 - 03:31 AM

Member

Topic Starter
Member
11 posts

We are inching forward, but we are not quite there.

I created the bootable USB stick, changed BIOS, booted from the stick, saw the REATOGO screen, found the MBRFIX icon, double-clicked on it, was shown a prompt "X:\Programs\MBRFix>", but here the success story ends. I seemed to have run into some kind of encoding problem, because my keyboard didn't work anymore. The left part of the keyboard worked ok, but the right part did not function anymore. The M-Key (kind of crucial if you want to type in 'MbrFix') produced a '0' and most keys on the right part of the keyboard just produced numbers or wild cursor jumps.

Having got so far, I ask you to please look into this. I think we are close, and that encoding problem doesn't appear to be difficult to resolve. Please advise.

Thanks for your support.

#18
Amlak

Posted 02 December 2011 - 03:45 AM

Member 1K

Member
1,470 posts

Yeah, this is usually fixed by Fn + NumLock or some similar combination. Try it out and tell me if it works. If not, I'll do further research for you. Just tell me the model and make of your netbook.

#19
dietr

Posted 02 December 2011 - 10:05 AM

Member

Topic Starter
Member
11 posts

I couldn't find a key combination that worked. Please find out what I should use. My computer is a Lenovo Ideapad S10-2. The CPU is an Intel Atom N270. Thanks.

#20
Amlak

Posted 02 December 2011 - 04:54 PM

Member 1K

Member
1,470 posts

Hold FN and press Insert.

Here's the manual for you to view:
http://consumerdl.le... Guide V1.0.pdf

#21
dietr

Posted 02 December 2011 - 09:21 PM

Member

Topic Starter
Member
11 posts

Thanks for the info. I had simply overlooked the num lock and was suspecting some kind of a driver problem.

I entered the command, ran MBRCheck (see below) and an Avast! startup scan. Everything seems to be ok.

So if you also think that the problem has been resolved, you could close this topic.

Thank you very much for your patient support. I appreciate your competence and your excellent style of steering me through the various task to analyze and resolve the problem. I am certainly not an expert on computer viruses or on the Windows XP operating system, and yet it was easy to follow your instructions. So thanks again. Great job.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Here is the last (I hope) MBRCheck report:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 117):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF7AEE000 \WINDOWS\system32\KDCOM.DLL
0xF79FE000 \WINDOWS\system32\BOOTVID.dll
0xF74BE000 ACPI.sys
0xF7AF0000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74AD000 pci.sys
0xF75EE000 isapnp.sys
0xF75FE000 ohci1394.sys
0xF760E000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7A02000 compbatt.sys
0xF7A06000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7BB6000 pciide.sys
0xF786E000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF761E000 MountMgr.sys
0xF748E000 ftdisk.sys
0xF7A0A000 ACPIEC.sys
0xF7BB7000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7876000 PartMgr.sys
0xF762E000 VolSnap.sys
0xF7476000 atapi.sys
0xF739C000 iaStor.sys
0xF763E000 disk.sys
0xF764E000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF737C000 fltMgr.sys
0xF736A000 sr.sys
0xF7353000 KSecDD.sys
0xF72C6000 Ntfs.sys
0xF7299000 NDIS.sys
0xF727F000 Mup.sys
0xF779E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF5AFD000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF5AE9000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF5AC1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF596E000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF594E000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xF78E6000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF592A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78EE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF723F000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF723B000 \SystemRoot\system32\DRIVERS\AcpiVpc.sys
0xF77AE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF78F6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF58F8000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7B14000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF77BE000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xF587C000 \SystemRoot\System32\Drivers\wdf01000.sys
0xF78FE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF77CE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7237000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5865000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF77DE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF77EE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7906000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5854000 \SystemRoot\system32\DRIVERS\psched.sys
0xF77FE000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF790E000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7916000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF780E000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B16000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5831000 \SystemRoot\system32\DRIVERS\ks.sys
0xF57D3000 \SystemRoot\system32\DRIVERS\update.sys
0xF7209000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF613B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF772E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xA92F6000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA92D2000 \SystemRoot\system32\drivers\portcls.sys
0xF773E000 \SystemRoot\system32\drivers\drmk.sys
0xA6E92000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7B94000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xA4397000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B96000 \SystemRoot\System32\Drivers\Beep.SYS
0xA6301000 \SystemRoot\System32\drivers\vga.sys
0xF7B98000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B9A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA62F9000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA62F1000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA6E8E000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA23F1000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA2398000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA5BA6000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xA2372000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA234A000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA62E9000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA2328000 \SystemRoot\System32\drivers\afd.sys
0xA5B96000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA22FD000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA228D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA5B56000 \SystemRoot\System32\Drivers\Fips.SYS
0xA2264000 \SystemRoot\system32\DRIVERS\SMIksdrv.sys
0xA1FF9000 \SystemRoot\system32\DRIVERS\SMIEXP.SYS
0xA1FAE000 \SystemRoot\System32\Drivers\aswSP.SYS
0xA1F41000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xA24B4000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0x9910E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x98781000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0x99EFC000 \SystemRoot\System32\drivers\Dxapi.sys
0x99AE4000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0x99078000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBF47A000 \SystemRoot\System32\ATMFD.DLL
0xA92BE000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xF767E000 \SystemRoot\system32\DRIVERS\tvtumon.sys
0xA92A2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x98767000 \SystemRoot\System32\Drivers\aswMon2.SYS
0x98612000 \SystemRoot\system32\drivers\wdmaud.sys
0xA82B3000 \SystemRoot\system32\drivers\sysaudio.sys
0x985C4000 \SystemRoot\system32\drivers\kmixer.sys
0x98427000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x9828F000 \SystemRoot\system32\DRIVERS\srv.sys
0x97FCE000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 43):
0 System Idle Process
4 System
828 C:\WINDOWS\system32\smss.exe
880 csrss.exe
904 C:\WINDOWS\system32\winlogon.exe
948 C:\WINDOWS\system32\services.exe
960 C:\WINDOWS\system32\lsass.exe
1116 C:\WINDOWS\system32\svchost.exe
1184 svchost.exe
1224 C:\WINDOWS\system32\svchost.exe
1368 svchost.exe
1452 svchost.exe
1716 C:\Programme\AVAST Software\Avast\AvastSvc.exe
1840 C:\WINDOWS\explorer.exe
716 C:\WINDOWS\system32\spoolsv.exe
812 C:\WINDOWS\RTHDCPL.EXE
860 C:\Programme\Synaptics\SynTP\SynTPEnh.exe
1268 C:\Programme\Adobe\Reader 9.0\Reader\reader_sl.exe
1300 C:\WINDOWS\system32\igfxtray.exe
1312 C:\WINDOWS\system32\hkcmd.exe
1324 C:\WINDOWS\system32\igfxpers.exe
1468 C:\Programme\Lenovo\VeriFaceIII\PManage.exe
1520 C:\Program Files\Lenovo\Energy Management\utility.exe
1564 C:\WINDOWS\system32\igfxsrvc.exe
1572 C:\Program Files\Lenovo\Energy Management\Energy Management.exe
1588 C:\Programme\AVAST Software\Avast\AvastUI.exe
1600 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
1616 C:\WINDOWS\system32\ctfmon.exe
1640 C:\Programme\Messenger\msmsgs.exe
1124 C:\Programme\OpenOffice.org 3\program\soffice.exe
1528 C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
1536 C:\Programme\OpenOffice.org 3\program\soffice.bin
1740 C:\QSTART.SYS\config\DVMExportService.exe
2076 C:\Programme\Java\jre6\bin\jqs.exe
2232 C:\WINDOWS\system32\svchost.exe
2492 C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
2936 C:\WINDOWS\system32\wuauclt.exe
3528 alg.exe
3728 C:\WINDOWS\system32\wbem\wmiapsrv.exe
3824 wmiprvse.exe
3868 wmiprvse.exe
2252 C:\WINDOWS\system32\wscntfy.exe
2400 C:\Dokumente und Einstellungen\db\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001a`46a00000 (NTFS)

PhysicalDrive0 Model Number: HITACHIHTS545016B9A300, Rev: PBBZC61H

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

#22
Amlak

Posted 02 December 2011 - 10:37 PM

Member 1K

Member
1,470 posts

Congratulations. Looks like it's all good now!

But just to be sure, please run aswMBR.exe and TDSSKiller and see if, this time, they both open.

If all things go well, then I'll post the Cleanup/Finalizing speech and then we're done for good. :thumbsup:

#23
dietr

Posted 03 December 2011 - 09:14 PM

Member

Topic Starter
Member
11 posts

aswMBR and TDSSkiller both opened. See the respective logs below. Thanks for your support.

*********************************************************************************************

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-04 11:01:08
-----------------------------
11:01:08.546 OS Version: Windows 5.1.2600 Service Pack 3
11:01:08.546 Number of processors: 2 586 0x1C02
11:01:08.546 ComputerName: LENOVO-A6F13EA5 UserName: db
11:01:09.968 Initialize success
11:01:10.265 AVAST engine defs: 11120302
11:02:01.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
11:02:01.843 Disk 0 Vendor: HITACHI_ PBBZ Size: 152627MB BusType: 3
11:02:01.875 Disk 0 MBR read successfully
11:02:01.875 Disk 0 MBR scan
11:02:01.875 Disk 0 Windows XP default MBR code
11:02:01.890 Disk 0 scanning sectors +312581808
11:02:02.234 Disk 0 scanning C:\WINDOWS\system32\drivers
11:02:10.468 Service scanning
11:02:11.765 Modules scanning
11:02:19.781 Disk 0 trace - called modules:
11:02:19.843 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
11:02:19.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865c5678]
11:02:19.843 3 CLASSPNP.SYS[f764efd7] -> nt!IofCallDriver -> \Device\0000006a[0x8658c910]
11:02:19.843 5 ACPI.sys[f74c4620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8657d028]
11:02:20.453 AVAST engine scan C:\WINDOWS
11:02:30.593 AVAST engine scan C:\WINDOWS\system32
11:04:08.328 AVAST engine scan C:\WINDOWS\system32\drivers
11:04:21.234 AVAST engine scan C:\Dokumente und Einstellungen\db
11:05:09.562 AVAST engine scan C:\Dokumente und Einstellungen\All Users
11:05:20.312 Scan finished successfully
11:06:08.281 Disk 0 MBR has been saved successfully to "C:\DB\DB\(2) DBWerkstatt-Web\MBR.dat"
11:06:08.296 The log file has been saved successfully to "C:\DB\DB\(2) DBWerkstatt-Web\111204-aswMBR.txt"

*********************************************************************************************

11:06:45.0187 3960 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
11:06:46.0203 3960 ============================================================
11:06:46.0203 3960 Current date / time: 2011/12/04 11:06:46.0203
11:06:46.0203 3960 SystemInfo:
11:06:46.0203 3960
11:06:46.0203 3960 OS Version: 5.1.2600 ServicePack: 3.0
11:06:46.0203 3960 Product type: Workstation
11:06:46.0203 3960 ComputerName: LENOVO-A6F13EA5
11:06:46.0218 3960 UserName: db
11:06:46.0218 3960 Windows directory: C:\WINDOWS
11:06:46.0218 3960 System windows directory: C:\WINDOWS
11:06:46.0218 3960 Processor architecture: Intel x86
11:06:46.0218 3960 Number of processors: 2
11:06:46.0218 3960 Page size: 0x1000
11:06:46.0218 3960 Boot type: Normal boot
11:06:46.0218 3960 ============================================================
11:06:47.0046 3960 Initialize success
11:06:51.0171 0696 ============================================================
11:06:51.0171 0696 Scan started
11:06:51.0171 0696 Mode: Manual;
11:06:51.0171 0696 ============================================================
11:06:51.0671 0696 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
11:06:51.0687 0696 Aavmker4 - ok
11:06:51.0734 0696 Abiosdsk - ok
11:06:51.0796 0696 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:06:51.0812 0696 abp480n5 - ok
11:06:51.0859 0696 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:06:51.0875 0696 ACPI - ok
11:06:51.0937 0696 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:06:51.0937 0696 ACPIEC - ok
11:06:52.0093 0696 ACPIVPC (5508e9f55799c6551d54dfbc4a068b68) C:\WINDOWS\system32\DRIVERS\AcpiVpc.sys
11:06:52.0109 0696 ACPIVPC - ok
11:06:52.0156 0696 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:06:52.0156 0696 adpu160m - ok
11:06:52.0250 0696 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:06:52.0265 0696 aec - ok
11:06:52.0296 0696 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:06:52.0312 0696 AFD - ok
11:06:52.0343 0696 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:06:52.0359 0696 agp440 - ok
11:06:52.0375 0696 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:06:52.0375 0696 agpCPQ - ok
11:06:52.0390 0696 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:06:52.0390 0696 Aha154x - ok
11:06:52.0421 0696 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:06:52.0421 0696 aic78u2 - ok
11:06:52.0468 0696 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:06:52.0484 0696 aic78xx - ok
11:06:52.0531 0696 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
11:06:52.0531 0696 AliIde - ok
11:06:52.0546 0696 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:06:52.0546 0696 alim1541 - ok
11:06:52.0625 0696 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
11:06:52.0671 0696 Ambfilt - ok
11:06:52.0781 0696 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:06:52.0781 0696 amdagp - ok
11:06:52.0828 0696 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
11:06:52.0828 0696 amsint - ok
11:06:52.0859 0696 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:06:52.0859 0696 Arp1394 - ok
11:06:52.0875 0696 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
11:06:52.0890 0696 asc - ok
11:06:52.0906 0696 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:06:52.0906 0696 asc3350p - ok
11:06:52.0921 0696 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:06:52.0921 0696 asc3550 - ok
11:06:52.0984 0696 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
11:06:52.0984 0696 aswFsBlk - ok
11:06:53.0000 0696 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
11:06:53.0015 0696 aswMon2 - ok
11:06:53.0031 0696 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
11:06:53.0031 0696 aswRdr - ok
11:06:53.0109 0696 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
11:06:53.0125 0696 aswSnx - ok
11:06:53.0187 0696 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
11:06:53.0203 0696 aswSP - ok
11:06:53.0265 0696 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
11:06:53.0281 0696 aswTdi - ok
11:06:53.0328 0696 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:06:53.0343 0696 AsyncMac - ok
11:06:53.0390 0696 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:06:53.0390 0696 atapi - ok
11:06:53.0406 0696 Atdisk - ok
11:06:53.0437 0696 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:06:53.0437 0696 Atmarpc - ok
11:06:53.0484 0696 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:06:53.0500 0696 audstub - ok
11:06:53.0656 0696 BCM43XX (cc03987ee5d0f956706b40d2f91f9e4f) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
11:06:53.0687 0696 BCM43XX - ok
11:06:53.0812 0696 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:06:53.0812 0696 Beep - ok
11:06:53.0968 0696 catchme - ok
11:06:54.0078 0696 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:06:54.0078 0696 cbidf - ok
11:06:54.0093 0696 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:06:54.0109 0696 cbidf2k - ok
11:06:54.0140 0696 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:06:54.0140 0696 CCDECODE - ok
11:06:54.0156 0696 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:06:54.0171 0696 cd20xrnt - ok
11:06:54.0218 0696 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:06:54.0218 0696 Cdaudio - ok
11:06:54.0265 0696 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:06:54.0265 0696 Cdfs - ok
11:06:54.0281 0696 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:06:54.0296 0696 Cdrom - ok
11:06:54.0312 0696 Changer - ok
11:06:54.0375 0696 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:06:54.0375 0696 CmBatt - ok
11:06:54.0468 0696 CmdIde (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:06:54.0468 0696 CmdIde - ok
11:06:54.0515 0696 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:06:54.0515 0696 Compbatt - ok
11:06:54.0546 0696 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:06:54.0562 0696 Cpqarray - ok
11:06:54.0593 0696 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:06:54.0609 0696 dac2w2k - ok
11:06:54.0625 0696 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:06:54.0625 0696 dac960nt - ok
11:06:54.0687 0696 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:06:54.0687 0696 Disk - ok
11:06:54.0750 0696 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
11:06:54.0765 0696 dmboot - ok
11:06:54.0843 0696 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
11:06:54.0843 0696 dmio - ok
11:06:54.0859 0696 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:06:54.0859 0696 dmload - ok
11:06:54.0906 0696 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:06:54.0906 0696 DMusic - ok
11:06:54.0937 0696 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:06:54.0937 0696 dpti2o - ok
11:06:54.0953 0696 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:06:54.0953 0696 drmkaud - ok
11:06:55.0015 0696 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:06:55.0015 0696 Fastfat - ok
11:06:55.0078 0696 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
11:06:55.0078 0696 Fdc - ok
11:06:55.0171 0696 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
11:06:55.0171 0696 Fips - ok
11:06:55.0187 0696 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:06:55.0187 0696 Flpydisk - ok
11:06:55.0218 0696 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:06:55.0218 0696 FltMgr - ok
11:06:55.0250 0696 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:06:55.0250 0696 Fs_Rec - ok
11:06:55.0312 0696 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:06:55.0312 0696 Ftdisk - ok
11:06:55.0375 0696 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:06:55.0375 0696 Gpc - ok
11:06:55.0484 0696 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:06:55.0484 0696 HDAudBus - ok
11:06:55.0531 0696 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
11:06:55.0546 0696 hpn - ok
11:06:55.0593 0696 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:06:55.0609 0696 HTTP - ok
11:06:55.0671 0696 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
11:06:55.0671 0696 i2omgmt - ok
11:06:55.0734 0696 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:06:55.0734 0696 i2omp - ok
11:06:55.0796 0696 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:06:55.0796 0696 i8042prt - ok
11:06:56.0078 0696 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
11:06:56.0296 0696 ialm - ok
11:06:56.0421 0696 iaStor (baabb0301949774a66b955c65319635a) C:\WINDOWS\system32\drivers\iaStor.sys
11:06:56.0437 0696 iaStor - ok
11:06:56.0484 0696 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:06:56.0484 0696 Imapi - ok
11:06:56.0562 0696 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:06:56.0562 0696 ini910u - ok
11:06:56.0843 0696 IntcAzAudAddService (3a3a539d7db808fad3b55740474a6d02) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:06:57.0062 0696 IntcAzAudAddService - ok
11:06:57.0140 0696 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:06:57.0156 0696 IntelIde - ok
11:06:57.0203 0696 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:06:57.0203 0696 intelppm - ok
11:06:57.0234 0696 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:06:57.0234 0696 Ip6Fw - ok
11:06:57.0250 0696 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:06:57.0265 0696 IpFilterDriver - ok
11:06:57.0281 0696 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:06:57.0281 0696 IpInIp - ok
11:06:57.0328 0696 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:06:57.0328 0696 IpNat - ok
11:06:57.0359 0696 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:06:57.0359 0696 IPSec - ok
11:06:57.0421 0696 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:06:57.0421 0696 IRENUM - ok
11:06:57.0500 0696 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:06:57.0500 0696 isapnp - ok
11:06:57.0546 0696 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:06:57.0546 0696 Kbdclass - ok
11:06:57.0609 0696 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:06:57.0609 0696 kmixer - ok
11:06:57.0640 0696 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:06:57.0640 0696 KSecDD - ok
11:06:57.0703 0696 lbrtfdc - ok
11:06:57.0796 0696 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:06:57.0796 0696 mnmdd - ok
11:06:57.0859 0696 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
11:06:57.0859 0696 Modem - ok
11:06:57.0968 0696 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
11:06:58.0015 0696 Monfilt - ok
11:06:58.0125 0696 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:06:58.0125 0696 Mouclass - ok
11:06:58.0187 0696 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:06:58.0187 0696 MountMgr - ok
11:06:58.0265 0696 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:06:58.0265 0696 mraid35x - ok
11:06:58.0343 0696 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:06:58.0343 0696 MRxDAV - ok
11:06:58.0421 0696 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:06:58.0437 0696 MRxSmb - ok
11:06:58.0546 0696 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:06:58.0546 0696 Msfs - ok
11:06:58.0609 0696 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:06:58.0609 0696 MSKSSRV - ok
11:06:58.0625 0696 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:06:58.0625 0696 MSPCLOCK - ok
11:06:58.0656 0696 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:06:58.0656 0696 MSPQM - ok
11:06:58.0718 0696 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:06:58.0718 0696 mssmbios - ok
11:06:58.0765 0696 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:06:58.0781 0696 MSTEE - ok
11:06:58.0828 0696 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:06:58.0843 0696 Mup - ok
11:06:58.0906 0696 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:06:58.0906 0696 NABTSFEC - ok
11:06:58.0984 0696 NAVENG - ok
11:06:59.0000 0696 NAVEX15 - ok
11:06:59.0046 0696 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:06:59.0062 0696 NDIS - ok
11:06:59.0093 0696 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:06:59.0093 0696 NdisIP - ok
11:06:59.0140 0696 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:06:59.0140 0696 NdisTapi - ok
11:06:59.0265 0696 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:06:59.0265 0696 Ndisuio - ok
11:06:59.0312 0696 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:06:59.0312 0696 NdisWan - ok
11:06:59.0375 0696 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:06:59.0375 0696 NDProxy - ok
11:06:59.0406 0696 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:06:59.0406 0696 NetBIOS - ok
11:06:59.0515 0696 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:06:59.0531 0696 NetBT - ok
11:06:59.0593 0696 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:06:59.0609 0696 NIC1394 - ok
11:06:59.0640 0696 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:06:59.0640 0696 Npfs - ok
11:06:59.0687 0696 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:06:59.0718 0696 Ntfs - ok
11:06:59.0843 0696 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:06:59.0843 0696 Null - ok
11:06:59.0859 0696 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:06:59.0875 0696 NwlnkFlt - ok
11:06:59.0890 0696 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:06:59.0890 0696 NwlnkFwd - ok
11:06:59.0953 0696 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:06:59.0953 0696 ohci1394 - ok
11:07:00.0000 0696 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
11:07:00.0000 0696 Parport - ok
11:07:00.0015 0696 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:07:00.0031 0696 PartMgr - ok
11:07:00.0046 0696 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
11:07:00.0046 0696 ParVdm - ok
11:07:00.0078 0696 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
11:07:00.0093 0696 PCI - ok
11:07:00.0109 0696 PCIDump - ok
11:07:00.0140 0696 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:07:00.0140 0696 PCIIde - ok
11:07:00.0203 0696 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:07:00.0218 0696 Pcmcia - ok
11:07:00.0234 0696 PDCOMP - ok
11:07:00.0265 0696 PDFRAME - ok
11:07:00.0281 0696 PDRELI - ok
11:07:00.0296 0696 PDRFRAME - ok
11:07:00.0343 0696 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
11:07:00.0343 0696 perc2 - ok
11:07:00.0359 0696 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:07:00.0359 0696 perc2hib - ok
11:07:00.0421 0696 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:07:00.0421 0696 PptpMiniport - ok
11:07:00.0453 0696 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:07:00.0453 0696 PSched - ok
11:07:00.0468 0696 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:07:00.0468 0696 Ptilink - ok
11:07:00.0484 0696 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:07:00.0484 0696 ql1080 - ok
11:07:00.0500 0696 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:07:00.0500 0696 Ql10wnt - ok
11:07:00.0515 0696 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:07:00.0515 0696 ql12160 - ok
11:07:00.0531 0696 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:07:00.0546 0696 ql1240 - ok
11:07:00.0546 0696 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:07:00.0562 0696 ql1280 - ok
11:07:00.0578 0696 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:07:00.0578 0696 RasAcd - ok
11:07:00.0609 0696 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:07:00.0609 0696 Rasl2tp - ok
11:07:00.0625 0696 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:07:00.0640 0696 RasPppoe - ok
11:07:00.0640 0696 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:07:00.0656 0696 Raspti - ok
11:07:00.0750 0696 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:07:00.0750 0696 Rdbss - ok
11:07:00.0765 0696 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:07:00.0765 0696 RDPCDD - ok
11:07:00.0828 0696 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:07:00.0828 0696 rdpdr - ok
11:07:00.0875 0696 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:07:00.0875 0696 RDPWD - ok
11:07:00.0921 0696 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:07:00.0937 0696 redbook - ok
11:07:00.0953 0696 RSUSBSTOR - ok
11:07:01.0015 0696 RTLE8023xp (832f27e6962a14ebf3b09af0e65fd7b4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
11:07:01.0031 0696 RTLE8023xp - ok
11:07:01.0078 0696 RtsUIR - ok
11:07:01.0140 0696 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
11:07:01.0140 0696 sdbus - ok
11:07:01.0187 0696 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:07:01.0187 0696 Secdrv - ok
11:07:01.0250 0696 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:07:01.0250 0696 serenum - ok
11:07:01.0328 0696 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
11:07:01.0328 0696 Serial - ok
11:07:01.0375 0696 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:07:01.0390 0696 Sfloppy - ok
11:07:01.0421 0696 Simbad - ok
11:07:01.0484 0696 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:07:01.0484 0696 sisagp - ok
11:07:01.0531 0696 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:07:01.0531 0696 SLIP - ok
11:07:01.0609 0696 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:07:01.0609 0696 Sparrow - ok
11:07:01.0703 0696 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:07:01.0703 0696 splitter - ok
11:07:01.0781 0696 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
11:07:01.0781 0696 sr - ok
11:07:01.0812 0696 SRTSP - ok
11:07:01.0843 0696 SRTSPX - ok
11:07:01.0890 0696 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:07:01.0906 0696 Srv - ok
11:07:01.0968 0696 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:07:01.0968 0696 streamip - ok
11:07:02.0078 0696 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:07:02.0093 0696 swenum - ok
11:07:02.0140 0696 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:07:02.0156 0696 swmidi - ok
11:07:02.0187 0696 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
11:07:02.0187 0696 symc810 - ok
11:07:02.0218 0696 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:07:02.0218 0696 symc8xx - ok
11:07:02.0250 0696 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:07:02.0250 0696 sym_hi - ok
11:07:02.0281 0696 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:07:02.0281 0696 sym_u3 - ok
11:07:02.0328 0696 SynTP (8e25a1dbb8527b2074af9b682f818768) C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:07:02.0328 0696 SynTP - ok
11:07:02.0359 0696 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:07:02.0375 0696 sysaudio - ok
11:07:02.0500 0696 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:07:02.0500 0696 Tcpip - ok
11:07:02.0562 0696 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:07:02.0562 0696 TDPIPE - ok
11:07:02.0578 0696 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:07:02.0578 0696 TDTCP - ok
11:07:02.0625 0696 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:07:02.0625 0696 TermDD - ok
11:07:02.0687 0696 TosIde (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
11:07:02.0687 0696 TosIde - ok
11:07:02.0781 0696 tvtumon (3385d48304443d0ee42af5dbf89634b6) C:\WINDOWS\system32\DRIVERS\tvtumon.sys
11:07:02.0781 0696 tvtumon - ok
11:07:02.0843 0696 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:07:02.0843 0696 Udfs - ok
11:07:02.0859 0696 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
11:07:02.0859 0696 ultra - ok
11:07:02.0890 0696 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:07:02.0906 0696 Update - ok
11:07:03.0031 0696 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:07:03.0031 0696 usbccgp - ok
11:07:03.0046 0696 USBCCID - ok
11:07:03.0109 0696 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:07:03.0125 0696 usbehci - ok
11:07:03.0171 0696 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:07:03.0187 0696 usbhub - ok
11:07:03.0250 0696 usbsmi (1d3395cb6226b2dd03645b074bd6cf4a) C:\WINDOWS\system32\DRIVERS\SMIksdrv.sys
11:07:03.0250 0696 usbsmi - ok
11:07:03.0343 0696 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:07:03.0359 0696 USBSTOR - ok
11:07:03.0406 0696 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:07:03.0406 0696 usbuhci - ok
11:07:03.0468 0696 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
11:07:03.0468 0696 usbvideo - ok
11:07:03.0500 0696 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:07:03.0515 0696 VgaSave - ok
11:07:03.0546 0696 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:07:03.0546 0696 viaagp - ok
11:07:03.0609 0696 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:07:03.0609 0696 ViaIde - ok
11:07:03.0656 0696 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
11:07:03.0656 0696 VolSnap - ok
11:07:03.0718 0696 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:07:03.0718 0696 Wanarp - ok
11:07:03.0796 0696 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
11:07:03.0812 0696 Wdf01000 - ok
11:07:03.0875 0696 WDICA - ok
11:07:03.0937 0696 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:07:03.0953 0696 wdmaud - ok
11:07:04.0015 0696 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\WINDOWS\system32\DRIVERS\wimfltr.sys
11:07:04.0031 0696 WimFltr - ok
11:07:04.0187 0696 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:07:04.0187 0696 WmiAcpi - ok
11:07:04.0265 0696 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:07:04.0265 0696 WSTCODEC - ok
11:07:04.0312 0696 WSVD (5d0a08ebf9660e07865907fb1ab022b5) C:\WINDOWS\system32\drivers\WSVD.sys
11:07:04.0328 0696 WSVD - ok
11:07:04.0390 0696 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:07:04.0609 0696 \Device\Harddisk0\DR0 - ok
11:07:04.0609 0696 Boot (0x1200) (a6b38754d0695fecd9858e22449513ef) \Device\Harddisk0\DR0\Partition0
11:07:04.0609 0696 \Device\Harddisk0\DR0\Partition0 - ok
11:07:04.0640 0696 Boot (0x1200) (beeec702e61e04163ed463b77f5de65b) \Device\Harddisk0\DR0\Partition1
11:07:04.0656 0696 \Device\Harddisk0\DR0\Partition1 - ok
11:07:04.0656 0696 ============================================================
11:07:04.0656 0696 Scan finished
11:07:04.0656 0696 ============================================================
11:07:04.0687 2496 Detected object count: 0
11:07:04.0687 2496 Actual detected object count: 0

*********************************************************************************************

#24
Amlak

Posted 04 December 2011 - 06:46 AM

Member 1K

Member
1,470 posts

Congratulations. Your computer looks clean now.

It's now time to take some further steps to have your system protected from any potential attacks in the future.

Uninstall ComboFix
Click on the Start button and select Run...
In the Open: text field, type combofix /uninstall

OTL Clean-Up
Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot.
On the OTL main screen, press the CLEANUP button.
Say Yes to the prompt and then allow the program to reboot your computer.

Turn off System Restore and then turn it back on.

Right click on My Computer and select Properties.
In the System Restore tab, check "Turn off System Restore on all drives" and then click Apply.
Click Yes and then OK.
Once again, right click on My Computer and select Properties.
In the System Restore tab, uncheck "Turn off System Restore on all drives" and then click Apply.
When the Apply button greys out, click OK.

Your Windows and some of your programs may have vulnerabilities that malicious hackers and programs like to exploit to get into your computer and/or take control of it. This is why you MUST keep your Windows up to date with the latest security patches. The same goes for your programs like Java and Adobe applications.

For Windows Updates:
http://windowsupdate.microsoft.com

For Java updates:
http://www.java.com/en/download/

For Adobe security updates:
http://www.adobe.com/support/security/

Note: It's strongly recommended that you uninstall any versions of Java and Adobe products that are already installed on your computer before you install the most current ones from the sites that are linked to above.

Programs that I recommend for you to have/keep on your system.

Avast (don't download this if you already have an antivirus installed on your system): One of the best antivirus programs out there, and it's free. Keeps you protected from a lot of viruses and other malicious programs.
Comodo Firewall (don't download this if you already have a software firewall installed on your system): A great firewall that does its job well without using too many resources. Good at keeping you protected from hackers.
TFC Cleaner: Cleans your computer from unneeded junk, some of which may very well be malware.
Spybot - Search & Destroy: A good anti-spyware program. Everytime you have it updated, use its Immunize feature to have your system immune to a large number of malware attacks.
SUPERAntiSpyware: One of the best anti-spyware programs out there. Just use the free version to get rid of most of the malware out there.
Malwarebytes' Anti-Malware: Another great anti-malware program. You can have Spybot, SUPERAntiSpyware and the free version of Malwarebytes' Anti-Malware installed on your system, but try not to scan with them all at the same time.
SpywareBlaster: This one is unique in the sense that it actually blocks your system from certain spyware attacks. For optimal security, make sure you "enable all protection" after every time you have it updated. This program works well in conjunction with Spybot's Immunize feature.

Make sure all the security programs on your computer are up-to-date. An outdated version can be just as bad as no version at all.

For more reading on how to get your system protected, please read Tony Klein's "How did I get infected in the first place?".

By following the above steps, your system will be well-protected from most of the malware attacks that hit our systems. If, despite everything, your system gets infected again in the future, please don't hesitate to come back here and ask us for help.

Enjoy your computer.

#25
Essexboy

Posted 06 December 2011 - 02:00 PM

GeekU Moderator

Retired Staff
69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.