Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Boot to black screen with cursor [Solved]


  • This topic is locked This topic is locked

#1
Jhackofalltrades

Jhackofalltrades

    Member

  • Member
  • PipPip
  • 71 posts
I did a remarkably stupid thing in that I didn't read what files I was killing when I went malware hunting. My wife complained of slowness loading pages. She'd reboot and it'd do okay for a bit before again slowing down. I ran a rootkit program that failed to read the MBR because that particular program doesn't take long to run. Last time it failed to read the MBR, I had a rootkit and thought this time would be no different. I ran tdsskiller which usually does the trick. Seeing the advanced options, I opened that up, clicked both of them, set it to run. It found some things wrong. I was in a hurry and didn't want to wait for quarantine, so I selected delete for everything that came up. Found them, killed them, I was happy. I wanted to be sure so I rebooted it and got a blank screen with a cursor. Further proddings revealed very little. I poked around online, found some ideas and tried the following solutions. From the XP Windows disk (yay, it reads things) I found that it could tell the correct size of the hard drive. Recovery console let me re-write the MBR (fixmbr), fix boot.ini (fixboot), and fixed errors on the hd (chkdsk /r). I also did a repair installation of windows with install windows option. None of these produced any different results, though I'm confident they did the appropriate things. It's like there was something sitting between the BIOS boot and the part that starts the XP boot and I had ripped it out b/c I'm apparently very stupid like that. I can move around the different directories in the command prompt that the recovery console gives me. The data looks like it's all there. I created an AVG Rescue disk on a CD RW (works in a working computer), but the affected computer doesn't seem to know how to read it. It seems to ignore its existence during a boot routine that would normally recognize the XP installation disk and stop there. I'd like to undo whatever it was that I killed so that I don't have to slave the drive to a new one and do a new install along with all the needed downloads, updates, etc. before I get all the info on the broken drive off. I know things are rough and busy, so I'll be waiting patiently. If it turns out that I can't do anything, then I'll just have to bite the bullet and get a new HD. I just want to avoid it because it seems like the problem was just one of several different files. I'm hoping that someone here can save my bacon and show me how to put those files back in. Thank you for your attention, whenever it gets here :)
  • 0

Advertisements


#2
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

Please note that I am currently in training as a GeekU Senior. My posts must be reviewed by an instructor, so there may be a slight delay.

I will post back some instructions for you soon.
  • 0

#3
Jhackofalltrades

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Thank you for your help. I'll follow your instructions and stop if something goes wonky.
  • 0

#4
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Jhackofalltrades,

Please print these instruction out so that you know what you are doing

  • Download OTLPENet.exe to your desktop
  • Download Farbar Recovery Scan Tool and save it to a flash drive.
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Insert the flash drive with FRST on it
  • Locate the flash drive and run FSRT
  • The tool will start to run.
    Posted Image
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

  • 0

#5
Jhackofalltrades

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Hi again. I've done as you asked, though it was ... problematic getting the cd to read. i changed the dma option from auto to udma4 then to udma2. I'm not even sure if that did it because I was tapping tab and delete to get the thing going. So i'm just going to let the computer stay running because I'm afraid to reboot it until you tell me to. the output file is attached as you've requested. Thank you again for your assistance. I'm glad that I can see a GUI interface, but I'm not going to touch anything else until you tell me. Yay for fear of something going wrong :P

Edited by Jhackofalltrades, 18 December 2012 - 05:33 AM.

  • 0

#6
Jhackofalltrades

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Didn't see the attach button nor does it look like it attached. Here's the copy/pasta of the file's contents.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-12-2012 (ATTENTION: FRST version is 7 days old)
Ran by SYSTEM at 18-12-2012 06:11:55
Running from E:\
(X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKU\Administrator\...\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 [x]
HKU\Administrator\...\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N [x]
HKU\Administrator.DILBERT\...\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 [x]
HKU\Administrator.DILBERT\...\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N [x]
HKU\Administrator.DILBERT\...\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [16432 2007-05-04] (Nero AG)
HKU\Administrator.DILBERT.000\...\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 [x]
HKU\Administrator.DILBERT.000\...\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N [x]
HKU\Administrator.DILBERT.000\...\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [16432 2007-05-04] (Nero AG)
HKU\Default User\...\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 [x]
HKU\Default User\...\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N [x]
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [16432 2007-05-04] (Nero AG)
HKU\Karen\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2008-10-25] (Google Inc.)
HKU\Karen\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2006-02-28] (Microsoft Corporation)
HKU\Philip\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2008-10-25] (Google Inc.)
HKU\Philip\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2006-02-28] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell] [x ] ()
HKLM\...\InprocServer32: [Default-wbemess] ATTENTION! ====> ZeroAccess
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess
Startup: C:\Documents and Settings\Karen\Start Menu\Programs\Startup\JL Alpine Advent Calendar.lnk
ShortcutTarget: JL Alpine Advent Calendar.lnk -> C:\Program Files\JL Alpine Advent Calendar\JL Alpine Advent Calendar.exe ()
Startup: C:\Documents and Settings\Karen\Start Menu\Programs\Startup\Rainlendar.lnk
ShortcutTarget: Rainlendar.lnk -> C:\Program Files\Rainlendar\Rainlendar.exe (Rainy)
Startup: C:\Documents and Settings\Philip\Start Menu\Programs\Startup\JL Alpine Advent Calendar.lnk
ShortcutTarget: JL Alpine Advent Calendar.lnk -> C:\Program Files\JL Alpine Advent Calendar\JL Alpine Advent Calendar.exe ()

==================== Services (Whitelisted) ===================

2 Eventlog; C:\Windows\System32\services.exe [108032 2006-02-28] (Microsoft Corporation)
3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]

==================== Drivers (Whitelisted) ====================

3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
3 Secdrv; C:\Windows\System32\DRIVERS\secdrv.sys [27440 2006-02-28] ()
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
1 lbrtfdc; [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
4 ViaIde; [x]
3 WDICA; [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-12-18 06:11 - 2012-12-18 06:11 - 00000000 ____D C:\FRST
2012-12-12 04:40 - 2012-12-12 04:40 - 00003014 ____N C:\bootex.log
2012-12-12 02:39 - 2012-12-12 02:39 - 00098992 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\75266986.sys
2012-12-12 02:34 - 2012-12-12 02:36 - 00111872 ____A C:\Windows\System32\Drivers\TrueSight.sys
2012-12-12 02:34 - 2012-12-12 02:35 - 00001818 ____A C:\Documents and Settings\Philip\Desktop\Rkill.txt
2012-12-12 02:34 - 2012-12-12 02:34 - 00000000 ____D C:\Documents and Settings\Philip\Desktop\RK_Quarantine
2012-12-12 01:19 - 2012-12-12 01:21 - 00000000 ____D C:\Windows\tmp1
2012-12-12 01:05 - 2012-12-12 01:05 - 00002940 ____A C:\Windows\KB2758857.log
2012-12-12 01:05 - 2012-12-12 01:05 - 00002771 ____A C:\Windows\KB2753842.log
2012-12-12 00:26 - 2012-12-12 00:26 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG
2012-12-12 00:26 - 2012-12-12 00:26 - 00000000 ___AH C:\Windows\System32\config\default.tmp.LOG
2012-12-12 00:25 - 2012-12-12 00:25 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG
2012-12-11 04:35 - 2012-12-11 04:35 - 00000000 ____D C:\Documents and Settings\Philip\Application Data\JLAdventCalendarAlpine2012
2012-12-10 05:55 - 2012-12-10 07:07 - 00000000 ____D C:\Documents and Settings\Philip\Local Settings\Application Data\SecondLife
2012-12-10 05:55 - 2012-12-10 05:55 - 00000000 ____D C:\Documents and Settings\Philip\Application Data\SecondLife
2012-12-10 05:54 - 2012-12-10 05:55 - 00000000 ____D C:\Program Files\SecondLifeViewer
2012-12-05 04:15 - 2012-12-05 15:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-12-01 04:55 - 2012-12-01 04:55 - 00000000 ____D C:\Documents and Settings\Philip\Trillian
2012-11-30 04:39 - 2012-11-30 04:39 - 00000000 ____D C:\Documents and Settings\Karen\Application Data\JLAdventCalendarAlpine2012
2012-11-30 02:50 - 2012-11-30 02:50 - 00000800 ____A C:\Documents and Settings\All Users\Desktop\JL Alpine Advent Calendar.lnk
2012-11-30 02:50 - 2012-11-30 02:50 - 00000000 ____D C:\Program Files\JL Alpine Advent Calendar
2012-11-27 10:13 - 2012-11-27 10:13 - 00000000 ____D C:\Documents and Settings\Philip\Local Settings\Application Data\FreeFileViewer
2012-11-27 10:12 - 2012-11-27 10:12 - 00000000 ____D C:\Documents and Settings\Philip\Local Settings\Application Data\FileTypeAssistant
2012-11-21 02:49 - 2012-11-21 02:49 - 00000000 ____D C:\Documents and Settings\Karen\Local Settings\Application Data\FreeFileViewer
2012-11-21 02:48 - 2012-12-12 01:47 - 00000394 ____A C:\Windows\Tasks\ProgramUpdateCheck.job
2012-11-21 02:48 - 2012-12-12 01:47 - 00000378 ____A C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2012-11-21 02:48 - 2012-11-21 02:48 - 00000000 ____D C:\Program Files\FreeFileViewer
2012-11-21 02:48 - 2012-11-21 02:48 - 00000000 ____D C:\Documents and Settings\Karen\Local Settings\Application Data\FileTypeAssistant
2012-11-19 04:09 - 2012-11-19 04:13 - 00000000 ____D C:\Documents and Settings\Philip\My Documents\From D
2012-11-18 05:40 - 2012-11-18 05:40 - 00000000 ____D C:\Documents and Settings\Philip\Local Settings\Application Data\PCHealth

==================== One Month Modified Files and Folders ========

2012-12-12 04:40 - 2012-12-12 04:40 - 00003014 ____N C:\bootex.log
2012-12-12 02:39 - 2012-12-12 02:39 - 00098992 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\75266986.sys
2012-12-12 02:39 - 2012-07-15 19:31 - 00000214 ____A C:\Windows\wiadebug.log
2012-12-12 02:39 - 2011-01-25 08:04 - 02078813 ____A C:\Windows\WindowsUpdate.log
2012-12-12 02:39 - 2011-01-02 01:26 - 00032218 ____A C:\Windows\SchedLgU.Txt
2012-12-12 02:39 - 2008-07-22 09:47 - 00000178 __ASH C:\Documents and Settings\Philip\ntuser.ini
2012-12-12 02:39 - 2008-07-22 09:47 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-12 02:39 - 2008-07-22 05:24 - 00262144 ____A C:\Windows\System32\config\security.sav
2012-12-12 02:39 - 2008-07-22 05:24 - 00024576 ____A C:\Windows\System32\config\sam.sav
2012-12-12 02:36 - 2012-12-12 02:34 - 00111872 ____A C:\Windows\System32\Drivers\TrueSight.sys
2012-12-12 02:35 - 2012-12-12 02:34 - 00001818 ____A C:\Documents and Settings\Philip\Desktop\Rkill.txt
2012-12-12 02:34 - 2012-12-12 02:34 - 00000000 ____D C:\Documents and Settings\Philip\Desktop\RK_Quarantine
2012-12-12 02:11 - 2012-03-30 19:08 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-12 01:58 - 2008-07-22 05:23 - 00000344 _RASH C:\boot.ini
2012-12-12 01:48 - 2006-02-28 07:00 - 00000670 ____A C:\Windows\win.ini
2012-12-12 01:47 - 2012-11-21 02:48 - 00000394 ____A C:\Windows\Tasks\ProgramUpdateCheck.job
2012-12-12 01:47 - 2012-11-21 02:48 - 00000378 ____A C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2012-12-12 01:47 - 2012-09-14 17:24 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cd92c7b49420c3.job
2012-12-12 01:47 - 2011-06-29 04:09 - 00000272 ____A C:\Windows\Tasks\ASC4_PerformanceMonitor.job
2012-12-12 01:47 - 2008-07-23 17:55 - 00000178 __ASH C:\Documents and Settings\Karen\ntuser.ini
2012-12-12 01:47 - 2008-07-22 09:47 - 00000062 __ASH C:\Documents and Settings\Philip\Local Settings\desktop.ini
2012-12-12 01:38 - 2008-07-23 17:55 - 00000062 __ASH C:\Documents and Settings\Karen\Local Settings\desktop.ini
2012-12-12 01:26 - 2012-07-15 19:31 - 00000050 ____A C:\Windows\wiaservc.log
2012-12-12 01:25 - 2008-07-22 09:47 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-12-12 01:25 - 2008-07-22 09:46 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-12-12 01:21 - 2012-12-12 01:19 - 00000000 ____D C:\Windows\tmp1
2012-12-12 01:05 - 2012-12-12 01:05 - 00002940 ____A C:\Windows\KB2758857.log
2012-12-12 01:05 - 2012-12-12 01:05 - 00002771 ____A C:\Windows\KB2753842.log
2012-12-12 01:05 - 2008-07-22 09:36 - 00000000 ____D C:\Windows\$hf_mig$
2012-12-12 00:31 - 2006-02-28 07:00 - 00002422 ____A C:\Windows\System32\wpa.dbl
2012-12-12 00:26 - 2012-12-12 00:26 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG
2012-12-12 00:26 - 2012-12-12 00:26 - 00000000 ___AH C:\Windows\System32\config\default.tmp.LOG
2012-12-12 00:26 - 2008-07-22 05:23 - 36700160 ____A C:\Windows\System32\config\software.sav
2012-12-12 00:26 - 2008-07-22 05:23 - 12058624 ____A C:\Windows\System32\config\system.sav
2012-12-12 00:26 - 2008-07-22 05:23 - 03481600 ____A C:\Windows\System32\config\default.sav
2012-12-12 00:26 - 2008-07-22 05:23 - 00262144 ____A C:\Windows\System32\config\userdiff
2012-12-12 00:26 - 2008-07-22 05:23 - 00001024 ____A C:\Windows\System32\config\userdiff.LOG
2012-12-12 00:25 - 2012-12-12 00:25 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG
2012-12-12 00:24 - 2008-07-22 05:23 - 00001024 ____A C:\Windows\System32\config\TempKey.LOG
2012-12-12 00:24 - 2008-07-22 05:18 - 00000000 ___RD C:\Windows\Web
2012-12-12 00:24 - 2008-07-22 05:18 - 00000000 ____D C:\Windows\System32\usmt
2012-12-12 00:24 - 2008-07-22 05:18 - 00000000 ____D C:\Windows\System32\npp
2012-12-12 00:24 - 2008-07-22 05:18 - 00000000 ____D C:\Windows\system
2012-12-12 00:24 - 2008-07-22 05:18 - 00000000 ____D C:\Windows\PeerNet
2012-12-12 00:24 - 2008-07-22 05:18 - 00000000 ____D C:\Windows\msagent
2012-12-12 00:24 - 2008-07-22 05:18 - 00000000 ____D C:\Windows\Media
2012-12-12 00:24 - 2008-07-22 05:18 - 00000000 ____D C:\Windows\ime
2012-12-12 00:24 - 2008-07-22 05:18 - 00000000 ____D C:\Windows\Help
2012-12-12 00:21 - 2008-07-22 05:18 - 00000000 ____D C:\Windows\twain_32
2012-12-12 00:20 - 2008-07-22 05:18 - 00000000 ____D C:\Windows\System32\icsxml
2012-12-12 00:19 - 2008-07-22 05:18 - 00000000 ____D C:\Windows\System32\ias
2012-12-12 00:19 - 2008-07-22 05:18 - 00000000 ____D C:\Windows\System32\1033
2012-12-12 00:18 - 2008-07-22 05:18 - 00000000 ____D C:\Windows\Driver Cache
2012-12-11 07:03 - 2010-02-22 08:15 - 00000000 ____D C:\Program Files\Trillian
2012-12-11 05:34 - 2011-04-26 04:29 - 00000926 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-861567501-1801674531-1005Core1cc03f46f882a40.job
2012-12-11 04:35 - 2012-12-11 04:35 - 00000000 ____D C:\Documents and Settings\Philip\Application Data\JLAdventCalendarAlpine2012
2012-12-10 09:25 - 2008-07-23 17:46 - 00000000 ____D C:\Documents and Settings\Philip\My Documents\Toolbox
2012-12-10 07:07 - 2012-12-10 05:55 - 00000000 ____D C:\Documents and Settings\Philip\Local Settings\Application Data\SecondLife
2012-12-10 05:55 - 2012-12-10 05:55 - 00000000 ____D C:\Documents and Settings\Philip\Application Data\SecondLife
2012-12-10 05:55 - 2012-12-10 05:54 - 00000000 ____D C:\Program Files\SecondLifeViewer
2012-12-09 03:15 - 2012-09-07 00:45 - 00000000 ____D C:\Documents and Settings\Karen\My Documents\Neopets
2012-12-08 18:06 - 2008-07-23 18:18 - 00000000 ____D C:\Documents and Settings\Karen\My Documents\Christmas Birthday Lists
2012-12-07 21:27 - 2011-12-05 15:14 - 00000000 ____D C:\Program Files\Cryptic Studios
2012-12-05 15:29 - 2008-09-13 00:03 - 00000000 ____D C:\Documents and Settings\Karen\Local Settings\Application Data\Apple Computer
2012-12-05 15:29 - 2008-07-23 23:11 - 00000000 ____D C:\Documents and Settings\Karen\Application Data\Apple Computer
2012-12-05 15:25 - 2012-12-05 04:15 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-12-05 10:15 - 2012-05-03 15:27 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-12-05 05:36 - 2012-07-24 19:20 - 00003224 ____A C:\Windows\wmsetup.log
2012-12-04 08:14 - 2008-07-24 05:21 - 00236032 ____A C:\Documents and Settings\Philip\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-03 11:37 - 2012-08-07 04:06 - 00000000 ____D C:\Crash
2012-12-03 08:05 - 2008-07-24 02:48 - 00000000 ____D C:\Program Files\Hijack This
2012-12-03 01:33 - 2012-09-17 03:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2012-12-01 04:55 - 2012-12-01 04:55 - 00000000 ____D C:\Documents and Settings\Philip\Trillian
2012-11-30 04:39 - 2012-11-30 04:39 - 00000000 ____D C:\Documents and Settings\Karen\Application Data\JLAdventCalendarAlpine2012
2012-11-30 02:50 - 2012-11-30 02:50 - 00000800 ____A C:\Documents and Settings\All Users\Desktop\JL Alpine Advent Calendar.lnk
2012-11-30 02:50 - 2012-11-30 02:50 - 00000000 ____D C:\Program Files\JL Alpine Advent Calendar
2012-11-27 10:13 - 2012-11-27 10:13 - 00000000 ____D C:\Documents and Settings\Philip\Local Settings\Application Data\FreeFileViewer
2012-11-27 10:12 - 2012-11-27 10:12 - 00000000 ____D C:\Documents and Settings\Philip\Local Settings\Application Data\FileTypeAssistant
2012-11-24 15:38 - 2009-07-25 18:32 - 00000000 ___RD C:\Documents and Settings\Karen\Desktop\Bunch o' crap
2012-11-24 04:48 - 2009-04-10 06:06 - 00000000 ____D C:\Program Files\Diablo II
2012-11-22 11:41 - 2012-07-24 19:13 - 00084783 ____A C:\Windows\setupapi.old
2012-11-21 14:52 - 2011-03-24 02:10 - 00000000 ___DC C:\Windows\$NtUninstallKB2524375$
2012-11-21 02:49 - 2012-11-21 02:49 - 00000000 ____D C:\Documents and Settings\Karen\Local Settings\Application Data\FreeFileViewer
2012-11-21 02:48 - 2012-11-21 02:48 - 00000000 ____D C:\Program Files\FreeFileViewer
2012-11-21 02:48 - 2012-11-21 02:48 - 00000000 ____D C:\Documents and Settings\Karen\Local Settings\Application Data\FileTypeAssistant
2012-11-21 02:48 - 2011-12-18 12:59 - 00000000 ____D C:\Program Files\File Type Assistant
2012-11-19 04:31 - 2009-08-21 03:58 - 00000000 ____D C:\Documents and Settings\Philip\Local Settings\Application Data\Paint.NET
2012-11-19 04:13 - 2012-11-19 04:09 - 00000000 ____D C:\Documents and Settings\Philip\My Documents\From D
2012-11-19 03:54 - 2010-03-24 05:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IObit
2012-11-18 05:40 - 2012-11-18 05:40 - 00000000 ____D C:\Documents and Settings\Philip\Local Settings\Application Data\PCHealth


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2006-02-28 07:00] - [2006-02-28 07:00] - 1032192 ____A (Microsoft Corporation) a0732187050030ae399b241436565e64

C:\Windows\System32\winlogon.exe
[2006-02-28 07:00] - [2006-02-28 07:00] - 0502272 ____A (Microsoft Corporation) 01c3346c241652f43aed8e2149881bfe

C:\Windows\System32\svchost.exe
[2006-02-28 07:00] - [2006-02-28 07:00] - 0014336 ____A (Microsoft Corporation) 8f078ae4ed187aaabc0a305146de6716

C:\Windows\System32\services.exe
[2006-02-28 07:00] - [2006-02-28 07:00] - 0108032 ____A (Microsoft Corporation) c6ce6eec82f187615d1002bb3bb50ed4

C:\Windows\System32\User32.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 0577024 ____A (Microsoft Corporation) c72661f8552ace7c5c85e16a3cf505c4

C:\Windows\System32\userinit.exe
[2006-02-28 07:00] - [2006-02-28 07:00] - 0024576 ____A (Microsoft Corporation) 39b1ffb03c2296323832acbae50d2aff

C:\Windows\System32\Drivers\volsnap.sys
[2006-02-28 07:00] - [2006-02-28 07:00] - 0052352 ____A (Microsoft Corporation) ee4660083deba849ff6c485d944b379b


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!

==================== Restore Points (XP) =====================

RP: -> 2012-12-11 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP693

RP: -> 2012-12-11 04:31 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP692

RP: -> 2012-12-10 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP691

RP: -> 2012-12-09 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP690

RP: -> 2012-12-08 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP689

RP: -> 2012-12-07 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP688

RP: -> 2012-12-06 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP687

RP: -> 2012-12-05 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP686

RP: -> 2012-12-04 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP685

RP: -> 2012-12-04 02:21 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP684

RP: -> 2012-12-03 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP683

RP: -> 2012-12-02 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP682

RP: -> 2012-12-01 10:12 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP681

RP: -> 2012-12-01 08:46 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP680

RP: -> 2012-11-30 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP679

RP: -> 2012-11-29 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP678

RP: -> 2012-11-28 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP677

RP: -> 2012-11-27 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP676

RP: -> 2012-11-26 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP675

RP: -> 2012-11-25 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP674

RP: -> 2012-11-24 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP673


==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 2047.36 MB
Available physical RAM: 1816.84 MB
Total Pagefile: 1878.02 MB
Available Pagefile: 1811.06 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.54 MB

==================== Partitions =============================

2 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
3 Drive c: () (Fixed) (Total:465.76 GB) (Free:241.2 GB) NTFS ==>[Drive with boot components (Windows XP)]
4 Drive d: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
5 Drive e: () (Removable) (Total:1.9 GB) (Free:1.75 GB) FAT
6 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 466 GB 1024 KB
=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 466 GB Healthy
=========================================================
==================== End Of Log ============================
  • 0

#7
Jhackofalltrades

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Also, I recall trying to do things with the sam, security, default, software, and system files. but the directories where other people had theirs didn't match up to mine. I had saved the ones that had happened after the problems began in a temp directory. I tried copying them from the repair directory, but not all of those files were there so I had to use some of the possibly contaminated files. I think that about covers it since most of what I did I had to do with the dos commands in the windows recovery console and I'm not very good with dos commands.
  • 0

#8
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Jhackofalltrades,

Please print these instruction out so that you know what you are doing

  • Please copy the attached "fixlist.txt" file to your flash drive.
  • Please boot your computer with the CD as before.
  • Insert the flash drive with FRST on it.
  • Locate the flash drive and run FSRT.
  • The tool will start to run.
    Posted Image
  • When the tool opens click Yes to disclaimer.
  • Press Fix button.
  • It will make a log (Fixlog.txt) on the flash drive. Please copy and paste it to your reply.

Please try to boot the computer now. If it works, run the scan below. If not, let me know and we will try something else.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please check the box next to Scan All Users.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    [list]
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Attached Files


  • 0

#9
Jhackofalltrades

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
I had left the affected computer running in PE mode because I wasn't sure I'd be able to easily reboot it with the disk in it. Found out later that I wasn't able to easily do it, but the relevant item seems to be moving DMA detection from auto to UDA2. I ran FRST, clicked fix, saved the fix log, pulled out the CD and attempted to reboot. The computer locked up. I shut the power down and rebooted the computer. It didn't auto-detect the CD and failed to boot normally. I changed the DMA setting and got it to read the boot CD. While I was in there, I retrieved the tdsskiller log from when I tore things up and saved it to the flash drive as well. Rebooted the computer again, leaving the disk in the drive this time. It paused during the shut down to eject the disk and then rebooted. Again it failed to boot normally. I apologize if I should have rebooted the affected box first before running FRST again in fix mode this time. The following is the fixlog.txt originally asked for.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-12-2012
Ran by SYSTEM at 2012-12-18 21:39:30 Run:1
Running from E:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit Value was restored successfully .
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value was restored successfully .
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default value was restored successfully .
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default value was restored successfully .
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}] should be deleted in normal mode (if present).
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\\Default value was restored successfully .
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\\Default value was restored successfully .
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\Default value was restored successfully .

==== End of Fixlog ====

The following is the tdsskillerlog from when I came manifested symptoms of my terminal stupidity disease. I don't know if it'll help, but I remember seeing all the objects at the end. I believe that one of the options I chose was related to TDFLS.

02:36:47.0281 2304 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
02:36:50.0125 2304 ============================================================
02:36:50.0125 2304 Current date / time: 2012/12/12 02:36:50.0125
02:36:50.0125 2304 SystemInfo:
02:36:50.0125 2304
02:36:50.0125 2304 OS Version: 5.1.2600 ServicePack: 3.0
02:36:50.0125 2304 Product type: Workstation
02:36:50.0125 2304 ComputerName: DILBERT
02:36:50.0125 2304 UserName: Philip
02:36:50.0125 2304 Windows directory: C:\WINDOWS
02:36:50.0125 2304 System windows directory: C:\WINDOWS
02:36:50.0125 2304 Processor architecture: Intel x86
02:36:50.0125 2304 Number of processors: 2
02:36:50.0125 2304 Page size: 0x1000
02:36:50.0125 2304 Boot type: Normal boot
02:36:50.0125 2304 ============================================================
02:36:50.0843 2304 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
02:36:50.0843 2304 \Device\Harddisk0\DR0:
02:36:50.0843 2304 MBR used
02:36:50.0843 2304 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385800
02:36:50.0875 2304 Initialize success
02:36:50.0875 2304 ============================================================
02:36:52.0812 4052 ============================================================
02:36:52.0812 4052 Scan started
02:36:52.0812 4052 Mode: Manual;
02:36:52.0812 4052 ============================================================
02:36:53.0078 4052 Abiosdsk - ok
02:36:53.0093 4052 abp480n5 - ok
02:36:53.0328 4052 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:36:53.0328 4052 ACPI - ok
02:36:53.0375 4052 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
02:36:53.0375 4052 ACPIEC - ok
02:36:53.0390 4052 adpu160m - ok
02:36:53.0453 4052 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
02:36:53.0468 4052 aec - ok
02:36:53.0515 4052 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
02:36:53.0515 4052 Afc - ok
02:36:53.0578 4052 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
02:36:53.0578 4052 AFD - ok
02:36:53.0593 4052 Aha154x - ok
02:36:53.0609 4052 aic78u2 - ok
02:36:53.0609 4052 aic78xx - ok
02:36:53.0625 4052 AliIde - ok
02:36:53.0671 4052 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
02:36:53.0671 4052 AmdK8 - ok
02:36:53.0734 4052 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
02:36:53.0734 4052 AmdLLD - ok
02:36:53.0734 4052 amsint - ok
02:36:53.0765 4052 asc - ok
02:36:53.0765 4052 asc3350p - ok
02:36:53.0781 4052 asc3550 - ok
02:36:53.0828 4052 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:36:53.0828 4052 AsyncMac - ok
02:36:53.0859 4052 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
02:36:53.0859 4052 atapi - ok
02:36:53.0875 4052 Atdisk - ok
02:36:54.0046 4052 ati2mtag (f27a0b0d1373d36d866f29b434b7aa92) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
02:36:54.0109 4052 ati2mtag - ok
02:36:54.0171 4052 AtiHdmiService (41c8f0eda10da14378d304c20ba6e558) C:\WINDOWS\system32\drivers\AtiHdmi.sys
02:36:54.0171 4052 AtiHdmiService - ok
02:36:54.0203 4052 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:36:54.0203 4052 Atmarpc - ok
02:36:54.0218 4052 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
02:36:54.0218 4052 audstub - ok
02:36:54.0250 4052 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
02:36:54.0265 4052 BANTExt - ok
02:36:54.0296 4052 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
02:36:54.0312 4052 Beep - ok
02:36:54.0453 4052 catchme - ok
02:36:54.0468 4052 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
02:36:54.0468 4052 cbidf2k - ok
02:36:54.0484 4052 cd20xrnt - ok
02:36:54.0500 4052 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
02:36:54.0500 4052 Cdaudio - ok
02:36:54.0546 4052 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
02:36:54.0546 4052 Cdfs - ok
02:36:54.0578 4052 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:36:54.0578 4052 Cdrom - ok
02:36:54.0593 4052 Changer - ok
02:36:54.0609 4052 CmdIde - ok
02:36:54.0625 4052 Cpqarray - ok
02:36:54.0656 4052 dac2w2k - ok
02:36:54.0671 4052 dac960nt - ok
02:36:54.0687 4052 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
02:36:54.0687 4052 Disk - ok
02:36:54.0703 4052 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
02:36:54.0718 4052 dmboot - ok
02:36:54.0734 4052 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
02:36:54.0734 4052 dmio - ok
02:36:54.0765 4052 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
02:36:54.0765 4052 dmload - ok
02:36:54.0812 4052 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
02:36:54.0812 4052 DMusic - ok
02:36:54.0828 4052 dpti2o - ok
02:36:54.0890 4052 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
02:36:54.0890 4052 drmkaud - ok
02:36:54.0921 4052 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
02:36:54.0921 4052 Fastfat - ok
02:36:54.0953 4052 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
02:36:54.0953 4052 Fdc - ok
02:36:55.0078 4052 FileMonitor (9200a69413d69ab86add9bc81960be7b) C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys
02:36:55.0078 4052 FileMonitor - ok
02:36:55.0109 4052 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
02:36:55.0109 4052 Fips - ok
02:36:55.0125 4052 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
02:36:55.0125 4052 Flpydisk - ok
02:36:55.0156 4052 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
02:36:55.0156 4052 FltMgr - ok
02:36:55.0187 4052 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:36:55.0187 4052 Fs_Rec - ok
02:36:55.0187 4052 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:36:55.0203 4052 Ftdisk - ok
02:36:55.0250 4052 GEARAspiWDM (185ada973b5020655cee342059a86cbb) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
02:36:55.0250 4052 GEARAspiWDM - ok
02:36:55.0250 4052 GMSIPCI - ok
02:36:55.0281 4052 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:36:55.0281 4052 Gpc - ok
02:36:55.0343 4052 HdAudAddService (56bf27d7a539f9e6bbc1de201aba0edf) C:\WINDOWS\system32\drivers\AtiHdAud.sys
02:36:55.0343 4052 HdAudAddService - ok
02:36:55.0375 4052 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
02:36:55.0375 4052 HDAudBus - ok
02:36:55.0421 4052 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:36:55.0437 4052 HidUsb - ok
02:36:55.0437 4052 hpn - ok
02:36:55.0578 4052 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
02:36:55.0593 4052 HTTP - ok
02:36:55.0609 4052 i2omgmt - ok
02:36:55.0609 4052 i2omp - ok
02:36:55.0671 4052 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:36:55.0671 4052 i8042prt - ok
02:36:55.0703 4052 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
02:36:55.0703 4052 Imapi - ok
02:36:55.0734 4052 ini910u - ok
02:36:55.0859 4052 IntcAzAudAddService (41bb402c2ade27b32439bb765864ab3b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
02:36:55.0890 4052 IntcAzAudAddService - ok
02:36:55.0921 4052 IntelIde - ok
02:36:55.0937 4052 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
02:36:55.0937 4052 Ip6Fw - ok
02:36:55.0968 4052 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:36:55.0968 4052 IpFilterDriver - ok
02:36:55.0984 4052 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:36:55.0984 4052 IpInIp - ok
02:36:56.0000 4052 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:36:56.0000 4052 IpNat - ok
02:36:56.0015 4052 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:36:56.0015 4052 IPSec - ok
02:36:56.0031 4052 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
02:36:56.0031 4052 IRENUM - ok
02:36:56.0062 4052 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:36:56.0062 4052 isapnp - ok
02:36:56.0078 4052 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:36:56.0078 4052 Kbdclass - ok
02:36:56.0390 4052 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
02:36:56.0390 4052 kbdhid - ok
02:36:56.0437 4052 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
02:36:56.0437 4052 kmixer - ok
02:36:56.0453 4052 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
02:36:56.0468 4052 KSecDD - ok
02:36:56.0484 4052 Lbd - ok
02:36:56.0484 4052 lbrtfdc - ok
02:36:56.0515 4052 MEMSWEEP2 - ok
02:36:56.0531 4052 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
02:36:56.0531 4052 mnmdd - ok
02:36:56.0546 4052 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
02:36:56.0546 4052 Modem - ok
02:36:56.0593 4052 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
02:36:56.0593 4052 MODEMCSA - ok
02:36:56.0609 4052 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:36:56.0609 4052 Mouclass - ok
02:36:56.0656 4052 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:36:56.0656 4052 mouhid - ok
02:36:56.0656 4052 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
02:36:56.0671 4052 MountMgr - ok
02:36:56.0671 4052 mraid35x - ok
02:36:56.0750 4052 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
02:36:56.0750 4052 MREMPR5 - ok
02:36:56.0796 4052 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
02:36:56.0796 4052 MRENDIS5 - ok
02:36:56.0812 4052 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:36:56.0812 4052 MRxDAV - ok
02:36:56.0843 4052 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:36:56.0859 4052 MRxSmb - ok
02:36:56.0875 4052 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
02:36:56.0875 4052 Msfs - ok
02:36:56.0921 4052 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:36:56.0921 4052 MSKSSRV - ok
02:36:56.0984 4052 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:36:56.0984 4052 MSPCLOCK - ok
02:36:57.0000 4052 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
02:36:57.0000 4052 MSPQM - ok
02:36:57.0031 4052 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:36:57.0031 4052 mssmbios - ok
02:36:57.0093 4052 Mtlmnt5 (47c16c6c710b99f2d1cbfb0a3b24d1e8) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
02:36:57.0093 4052 Mtlmnt5 - ok
02:36:57.0140 4052 Mtlstrm (8dcda7ddbd68971e7833ffdc31f63b07) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
02:36:57.0171 4052 Mtlstrm - ok
02:36:57.0203 4052 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
02:36:57.0203 4052 Mup - ok
02:36:57.0218 4052 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
02:36:57.0234 4052 NDIS - ok
02:36:57.0281 4052 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:36:57.0281 4052 NdisTapi - ok
02:36:57.0359 4052 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:36:57.0359 4052 Ndisuio - ok
02:36:57.0375 4052 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:36:57.0375 4052 NdisWan - ok
02:36:57.0453 4052 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
02:36:57.0453 4052 NDProxy - ok
02:36:57.0468 4052 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
02:36:57.0468 4052 NetBIOS - ok
02:36:57.0500 4052 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
02:36:57.0500 4052 NetBT - ok
02:36:57.0531 4052 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
02:36:57.0531 4052 Npfs - ok
02:36:57.0562 4052 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
02:36:57.0562 4052 Ntfs - ok
02:36:57.0609 4052 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
02:36:57.0609 4052 Null - ok
02:36:57.0640 4052 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
02:36:57.0640 4052 NVENETFD - ok
02:36:57.0671 4052 nvgts (a117466b0acb13288deee4f2e936e67f) C:\WINDOWS\system32\DRIVERS\nvgts.sys
02:36:57.0671 4052 nvgts - ok
02:36:57.0703 4052 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
02:36:57.0703 4052 nvnetbus - ok
02:36:57.0750 4052 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:36:57.0750 4052 NwlnkFlt - ok
02:36:57.0781 4052 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:36:57.0781 4052 NwlnkFwd - ok
02:36:57.0812 4052 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
02:36:57.0812 4052 Parport - ok
02:36:57.0828 4052 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
02:36:57.0828 4052 PartMgr - ok
02:36:57.0859 4052 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
02:36:57.0859 4052 ParVdm - ok
02:36:57.0890 4052 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
02:36:57.0890 4052 pavboot - ok
02:36:57.0906 4052 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
02:36:57.0906 4052 PCI - ok
02:36:57.0906 4052 PCIDump - ok
02:36:57.0953 4052 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
02:36:57.0953 4052 PCIIde - ok
02:36:57.0968 4052 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
02:36:57.0984 4052 Pcmcia - ok
02:36:58.0031 4052 PCTAppEvent (3379e7a840de135fb7a829e03bc9cc25) C:\WINDOWS\system32\drivers\PCTAppEvent.sys
02:36:58.0031 4052 PCTAppEvent - ok
02:36:58.0046 4052 pctgntdi (bf770a5817fa8fba1402b2286a7f394c) C:\WINDOWS\system32\drivers\pctgntdi.sys
02:36:58.0046 4052 pctgntdi - ok
02:36:58.0062 4052 pctplfw (0eec24affc5ab0a2bbe4a6a886230aa5) C:\WINDOWS\system32\drivers\pctplfw.sys
02:36:58.0078 4052 pctplfw - ok
02:36:58.0078 4052 PDCOMP - ok
02:36:58.0093 4052 PDFRAME - ok
02:36:58.0109 4052 PDRELI - ok
02:36:58.0109 4052 PDRFRAME - ok
02:36:58.0125 4052 perc2 - ok
02:36:58.0140 4052 perc2hib - ok
02:36:58.0187 4052 Point32 (b4f59a953ef9e507f0d00c3a68580b8b) C:\WINDOWS\system32\DRIVERS\point32.sys
02:36:58.0187 4052 Point32 - ok
02:36:58.0203 4052 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
02:36:58.0203 4052 Processor - ok
02:36:58.0234 4052 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
02:36:58.0234 4052 PSched - ok
02:36:58.0281 4052 PSI (14e6fb92f1788982e2bbc81d915b1f02) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
02:36:58.0281 4052 PSI - ok
02:36:58.0296 4052 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:36:58.0296 4052 Ptilink - ok
02:36:58.0343 4052 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
02:36:58.0343 4052 PxHelp20 - ok
02:36:58.0359 4052 ql1080 - ok
02:36:58.0359 4052 Ql10wnt - ok
02:36:58.0375 4052 ql12160 - ok
02:36:58.0390 4052 ql1240 - ok
02:36:58.0406 4052 ql1280 - ok
02:36:58.0437 4052 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:36:58.0437 4052 RasAcd - ok
02:36:58.0468 4052 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:36:58.0468 4052 Rasl2tp - ok
02:36:58.0484 4052 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:36:58.0484 4052 RasPppoe - ok
02:36:58.0484 4052 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
02:36:58.0500 4052 Raspti - ok
02:36:58.0515 4052 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:36:58.0515 4052 Rdbss - ok
02:36:58.0531 4052 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:36:58.0531 4052 RDPCDD - ok
02:36:58.0578 4052 RDPWD (43af5212bd8fb5ba6eed9754358bd8f7) C:\WINDOWS\system32\drivers\RDPWD.sys
02:36:58.0578 4052 RDPWD - ok
02:36:58.0593 4052 RecAgent (604567bf6f9742f6c69730dbc87227b3) C:\WINDOWS\system32\DRIVERS\RecAgent.sys
02:36:58.0609 4052 RecAgent - ok
02:36:58.0640 4052 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
02:36:58.0640 4052 redbook - ok
02:36:58.0765 4052 RegFilter (d03fa5ec6b855fee1ee16c5b0c0ba42c) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys
02:36:58.0765 4052 RegFilter - ok
02:36:58.0828 4052 SABKUTIL - ok
02:36:58.0843 4052 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
02:36:58.0859 4052 SASDIFSV - ok
02:36:58.0859 4052 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
02:36:58.0859 4052 SASKUTIL - ok
02:36:58.0890 4052 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:36:58.0890 4052 Secdrv - ok
02:36:58.0921 4052 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
02:36:58.0937 4052 serenum - ok
02:36:58.0953 4052 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
02:36:58.0953 4052 Serial - ok
02:36:59.0015 4052 SFilter (975f4e44fd48c36beed30c96a115b2b8) C:\WINDOWS\system32\DRIVERS\pctfw.sys
02:36:59.0015 4052 SFilter - ok
02:36:59.0031 4052 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
02:36:59.0031 4052 Sfloppy - ok
02:36:59.0046 4052 Simbad - ok
02:36:59.0078 4052 Slntamr (0838b9b9fea67da1a2e60c595c2fcbf3) C:\WINDOWS\system32\DRIVERS\slntamr.sys
02:36:59.0078 4052 Slntamr - ok
02:36:59.0109 4052 SlNtHal (ec437c138e5a6c53b2605fbcb77f2845) C:\WINDOWS\system32\DRIVERS\Slnthal.sys
02:36:59.0109 4052 SlNtHal - ok
02:36:59.0125 4052 SlWdmSup (03ec63e1de00d7efa51997ddd208ca2b) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
02:36:59.0125 4052 SlWdmSup - ok
02:36:59.0140 4052 Sparrow - ok
02:36:59.0187 4052 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
02:36:59.0187 4052 splitter - ok
02:36:59.0250 4052 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
02:36:59.0250 4052 sr - ok
02:36:59.0281 4052 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
02:36:59.0296 4052 Srv - ok
02:36:59.0328 4052 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
02:36:59.0343 4052 swenum - ok
02:36:59.0343 4052 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
02:36:59.0359 4052 swmidi - ok
02:36:59.0359 4052 symc810 - ok
02:36:59.0375 4052 symc8xx - ok
02:36:59.0390 4052 sym_hi - ok
02:36:59.0437 4052 sym_u3 - ok
02:36:59.0484 4052 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
02:36:59.0484 4052 sysaudio - ok
02:36:59.0531 4052 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:36:59.0531 4052 Tcpip - ok
02:36:59.0562 4052 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
02:36:59.0562 4052 TDPIPE - ok
02:36:59.0578 4052 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
02:36:59.0578 4052 TDTCP - ok
02:36:59.0625 4052 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
02:36:59.0625 4052 TermDD - ok
02:36:59.0656 4052 TosIde - ok
02:36:59.0703 4052 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
02:36:59.0703 4052 TrueSight - ok
02:36:59.0734 4052 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
02:36:59.0734 4052 Udfs - ok
02:36:59.0750 4052 ultra - ok
02:36:59.0765 4052 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
02:36:59.0765 4052 Update - ok
02:36:59.0906 4052 UrlFilter (cb41cd653916362ca5ecd242382a156e) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys
02:36:59.0921 4052 UrlFilter - ok
02:36:59.0968 4052 usbbus (af9388e736af0c325067f05edc350010) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
02:36:59.0968 4052 usbbus - ok
02:37:00.0015 4052 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:37:00.0015 4052 usbccgp - ok
02:37:00.0031 4052 UsbDiag (ae30ea96e60e823c7b525da356283ae8) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
02:37:00.0031 4052 UsbDiag - ok
02:37:00.0062 4052 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:37:00.0062 4052 usbehci - ok
02:37:00.0078 4052 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:37:00.0078 4052 usbhub - ok
02:37:00.0109 4052 USBModem (46ac66df3d6efe81f69bea823a53aab5) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
02:37:00.0109 4052 USBModem - ok
02:37:00.0140 4052 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
02:37:00.0140 4052 usbohci - ok
02:37:00.0171 4052 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
02:37:00.0171 4052 usbprint - ok
02:37:00.0203 4052 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
02:37:00.0203 4052 usbscan - ok
02:37:00.0234 4052 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:37:00.0234 4052 USBSTOR - ok
02:37:00.0265 4052 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
02:37:00.0265 4052 VgaSave - ok
02:37:00.0265 4052 ViaIde - ok
02:37:00.0296 4052 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
02:37:00.0296 4052 VolSnap - ok
02:37:00.0312 4052 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:37:00.0312 4052 Wanarp - ok
02:37:00.0375 4052 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
02:37:00.0375 4052 wanatw - ok
02:37:00.0390 4052 WDICA - ok
02:37:00.0437 4052 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
02:37:00.0453 4052 wdmaud - ok
02:37:00.0515 4052 WmBEnum (5d410936831f7fb58eff941eac3f6d3d) C:\WINDOWS\system32\drivers\WmBEnum.sys
02:37:00.0531 4052 WmBEnum - ok
02:37:00.0562 4052 WmFilter (7a13cfde92956ca61a0927d766c5ad4f) C:\WINDOWS\system32\drivers\WmFilter.sys
02:37:00.0562 4052 WmFilter - ok
02:37:00.0593 4052 WmVirHid (6f04646bc690f8bbfc344be32a60796d) C:\WINDOWS\system32\drivers\WmVirHid.sys
02:37:00.0593 4052 WmVirHid - ok
02:37:00.0609 4052 WmXlCore (1d6ca43d562333f4dfb40bcef2453f3a) C:\WINDOWS\system32\drivers\WmXlCore.sys
02:37:00.0609 4052 WmXlCore - ok
02:37:00.0640 4052 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
02:37:00.0640 4052 WS2IFSL - ok
02:37:00.0687 4052 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:37:00.0687 4052 WudfPf - ok
02:37:00.0687 4052 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
02:37:00.0703 4052 WudfRd - ok
02:37:00.0734 4052 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
02:37:01.0140 4052 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - warning
02:37:01.0140 4052 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1)
02:37:01.0140 4052 Boot (0x1200) (73674570a41ddbf5d4e994f118a845aa) \Device\Harddisk0\DR0\Partition0
02:37:01.0140 4052 \Device\Harddisk0\DR0\Partition0 - ok
02:37:01.0140 4052 ============================================================
02:37:01.0140 4052 Scan finished
02:37:01.0140 4052 ============================================================
02:37:01.0156 3548 Detected object count: 1
02:37:01.0156 3548 Actual detected object count: 1
02:37:26.0546 3548 \Device\Harddisk0\DR0\# - copied to quarantine
02:37:26.0546 3548 \Device\Harddisk0\DR0 - copied to quarantine
02:37:26.0546 3548 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - User select action: Quarantine
02:37:52.0328 3448 ============================================================
02:37:52.0328 3448 Scan started
02:37:52.0328 3448 Mode: Manual; SigCheck; TDLFS;
02:37:52.0328 3448 ============================================================
02:37:52.0468 3448 Abiosdsk - ok
02:37:52.0484 3448 abp480n5 - ok
02:37:52.0500 3448 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:37:52.0796 3448 ACPI - ok
02:37:52.0843 3448 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
02:37:52.0984 3448 ACPIEC - ok
02:37:53.0015 3448 adpu160m - ok
02:37:53.0078 3448 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
02:37:53.0203 3448 aec - ok
02:37:53.0250 3448 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
02:37:53.0265 3448 Afc ( UnsignedFile.Multi.Generic ) - warning
02:37:53.0265 3448 Afc - detected UnsignedFile.Multi.Generic (1)
02:37:53.0312 3448 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
02:37:53.0390 3448 AFD - ok
02:37:53.0406 3448 Aha154x - ok
02:37:53.0406 3448 aic78u2 - ok
02:37:53.0421 3448 aic78xx - ok
02:37:53.0437 3448 AliIde - ok
02:37:53.0468 3448 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
02:37:53.0515 3448 AmdK8 - ok
02:37:53.0562 3448 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
02:37:53.0609 3448 AmdLLD - ok
02:37:53.0625 3448 amsint - ok
02:37:53.0640 3448 asc - ok
02:37:53.0656 3448 asc3350p - ok
02:37:53.0671 3448 asc3550 - ok
02:37:53.0703 3448 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:37:53.0828 3448 AsyncMac - ok
02:37:53.0890 3448 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
02:37:54.0015 3448 atapi - ok
02:37:54.0015 3448 Atdisk - ok
02:37:54.0203 3448 ati2mtag (f27a0b0d1373d36d866f29b434b7aa92) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
02:37:54.0437 3448 ati2mtag - ok
02:37:54.0500 3448 AtiHdmiService (41c8f0eda10da14378d304c20ba6e558) C:\WINDOWS\system32\drivers\AtiHdmi.sys
02:37:54.0531 3448 AtiHdmiService - ok
02:37:54.0531 3448 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:37:54.0656 3448 Atmarpc - ok
02:37:54.0687 3448 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
02:37:54.0828 3448 audstub - ok
02:37:54.0875 3448 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
02:37:54.0890 3448 BANTExt ( UnsignedFile.Multi.Generic ) - warning
02:37:54.0890 3448 BANTExt - detected UnsignedFile.Multi.Generic (1)
02:37:54.0953 3448 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
02:37:55.0093 3448 Beep - ok
02:37:55.0234 3448 catchme - ok
02:37:55.0265 3448 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
02:37:55.0390 3448 cbidf2k - ok
02:37:55.0406 3448 cd20xrnt - ok
02:37:55.0421 3448 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
02:37:55.0562 3448 Cdaudio - ok
02:37:55.0593 3448 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
02:37:55.0734 3448 Cdfs - ok
02:37:55.0765 3448 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:37:55.0906 3448 Cdrom - ok
02:37:55.0906 3448 Changer - ok
02:37:55.0921 3448 CmdIde - ok
02:37:55.0953 3448 Cpqarray - ok
02:37:55.0968 3448 dac2w2k - ok
02:37:55.0968 3448 dac960nt - ok
02:37:55.0984 3448 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
02:37:56.0125 3448 Disk - ok
02:37:56.0156 3448 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
02:37:56.0296 3448 dmboot - ok
02:37:56.0312 3448 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
02:37:56.0437 3448 dmio - ok
02:37:56.0484 3448 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
02:37:56.0609 3448 dmload - ok
02:37:56.0656 3448 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
02:37:56.0781 3448 DMusic - ok
02:37:56.0796 3448 dpti2o - ok
02:37:56.0812 3448 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
02:37:56.0953 3448 drmkaud - ok
02:37:56.0968 3448 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
02:37:57.0109 3448 Fastfat - ok
02:37:57.0125 3448 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
02:37:57.0250 3448 Fdc - ok
02:37:57.0375 3448 FileMonitor (9200a69413d69ab86add9bc81960be7b) C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys
02:37:57.0406 3448 FileMonitor - ok
02:37:57.0437 3448 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
02:37:57.0562 3448 Fips - ok
02:37:57.0578 3448 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
02:37:57.0734 3448 Flpydisk - ok
02:37:57.0781 3448 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
02:37:57.0921 3448 FltMgr - ok
02:37:57.0968 3448 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:37:58.0125 3448 Fs_Rec - ok
02:37:58.0140 3448 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:37:58.0265 3448 Ftdisk - ok
02:37:58.0296 3448 GEARAspiWDM (185ada973b5020655cee342059a86cbb) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
02:37:58.0312 3448 GEARAspiWDM - ok
02:37:58.0328 3448 GMSIPCI - ok
02:37:58.0343 3448 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:37:58.0468 3448 Gpc - ok
02:37:58.0500 3448 HdAudAddService (56bf27d7a539f9e6bbc1de201aba0edf) C:\WINDOWS\system32\drivers\AtiHdAud.sys
02:37:58.0546 3448 HdAudAddService - ok
02:37:58.0578 3448 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
02:37:58.0734 3448 HDAudBus - ok
02:37:58.0781 3448 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:37:58.0906 3448 HidUsb - ok
02:37:58.0921 3448 hpn - ok
02:37:58.0984 3448 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
02:37:59.0078 3448 HTTP - ok
02:37:59.0093 3448 i2omgmt - ok
02:37:59.0093 3448 i2omp - ok
02:37:59.0140 3448 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:37:59.0296 3448 i8042prt - ok
02:37:59.0312 3448 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
02:37:59.0437 3448 Imapi - ok
02:37:59.0453 3448 ini910u - ok
02:37:59.0593 3448 IntcAzAudAddService (41bb402c2ade27b32439bb765864ab3b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
02:37:59.0765 3448 IntcAzAudAddService - ok
02:37:59.0781 3448 IntelIde - ok
02:37:59.0812 3448 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
02:37:59.0937 3448 Ip6Fw - ok
02:37:59.0968 3448 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:38:00.0109 3448 IpFilterDriver - ok
02:38:00.0125 3448 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:38:00.0250 3448 IpInIp - ok
02:38:00.0265 3448 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:38:00.0375 3448 IpNat - ok
02:38:00.0390 3448 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:38:00.0515 3448 IPSec - ok
02:38:00.0562 3448 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
02:38:00.0625 3448 IRENUM - ok
02:38:00.0671 3448 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:38:00.0796 3448 isapnp - ok
02:38:00.0812 3448 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:38:00.0937 3448 Kbdclass - ok
02:38:00.0968 3448 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
02:38:01.0093 3448 kbdhid - ok
02:38:01.0140 3448 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
02:38:01.0250 3448 kmixer - ok
02:38:01.0281 3448 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
02:38:01.0375 3448 KSecDD - ok
02:38:01.0390 3448 Lbd - ok
02:38:01.0406 3448 lbrtfdc - ok
02:38:01.0437 3448 MEMSWEEP2 - ok
02:38:01.0437 3448 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
02:38:01.0578 3448 mnmdd - ok
02:38:01.0609 3448 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
02:38:01.0734 3448 Modem - ok
02:38:01.0781 3448 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
02:38:01.0937 3448 MODEMCSA - ok
02:38:01.0953 3448 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:38:02.0078 3448 Mouclass - ok
02:38:02.0125 3448 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:38:02.0265 3448 mouhid - ok
02:38:02.0281 3448 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
02:38:02.0390 3448 MountMgr - ok
02:38:02.0406 3448 mraid35x - ok
02:38:02.0500 3448 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
02:38:02.0500 3448 MREMPR5 ( UnsignedFile.Multi.Generic ) - warning
02:38:02.0500 3448 MREMPR5 - detected UnsignedFile.Multi.Generic (1)
02:38:02.0546 3448 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
02:38:02.0546 3448 MRENDIS5 ( UnsignedFile.Multi.Generic ) - warning
02:38:02.0546 3448 MRENDIS5 - detected UnsignedFile.Multi.Generic (1)
02:38:02.0625 3448 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:38:02.0750 3448 MRxDAV - ok
02:38:02.0781 3448 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:38:02.0859 3448 MRxSmb - ok
02:38:02.0890 3448 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
02:38:03.0031 3448 Msfs - ok
02:38:03.0078 3448 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:38:03.0203 3448 MSKSSRV - ok
02:38:03.0250 3448 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:38:03.0375 3448 MSPCLOCK - ok
02:38:03.0390 3448 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
02:38:03.0531 3448 MSPQM - ok
02:38:03.0578 3448 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:38:03.0703 3448 mssmbios - ok
02:38:03.0750 3448 Mtlmnt5 (47c16c6c710b99f2d1cbfb0a3b24d1e8) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
02:38:03.0781 3448 Mtlmnt5 ( UnsignedFile.Multi.Generic ) - warning
02:38:03.0781 3448 Mtlmnt5 - detected UnsignedFile.Multi.Generic (1)
02:38:03.0843 3448 Mtlstrm (8dcda7ddbd68971e7833ffdc31f63b07) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
02:38:03.0890 3448 Mtlstrm ( UnsignedFile.Multi.Generic ) - warning
02:38:03.0890 3448 Mtlstrm - detected UnsignedFile.Multi.Generic (1)
02:38:03.0921 3448 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
02:38:03.0953 3448 Mup - ok
02:38:03.0984 3448 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
02:38:04.0109 3448 NDIS - ok
02:38:04.0156 3448 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:38:04.0234 3448 NdisTapi - ok
02:38:04.0250 3448 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:38:04.0390 3448 Ndisuio - ok
02:38:04.0406 3448 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:38:04.0531 3448 NdisWan - ok
02:38:04.0578 3448 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
02:38:04.0656 3448 NDProxy - ok
02:38:04.0671 3448 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
02:38:04.0796 3448 NetBIOS - ok
02:38:04.0828 3448 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
02:38:04.0968 3448 NetBT - ok
02:38:05.0000 3448 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
02:38:05.0125 3448 Npfs - ok
02:38:05.0156 3448 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
02:38:05.0281 3448 Ntfs - ok
02:38:05.0343 3448 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
02:38:05.0453 3448 Null - ok
02:38:05.0484 3448 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
02:38:05.0515 3448 NVENETFD - ok
02:38:05.0546 3448 nvgts (a117466b0acb13288deee4f2e936e67f) C:\WINDOWS\system32\DRIVERS\nvgts.sys
02:38:05.0578 3448 nvgts - ok
02:38:05.0609 3448 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
02:38:05.0656 3448 nvnetbus - ok
02:38:05.0703 3448 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:38:05.0828 3448 NwlnkFlt - ok
02:38:05.0859 3448 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:38:05.0984 3448 NwlnkFwd - ok
02:38:06.0015 3448 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
02:38:06.0125 3448 Parport - ok
02:38:06.0140 3448 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
02:38:06.0265 3448 PartMgr - ok
02:38:06.0312 3448 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
02:38:06.0468 3448 ParVdm - ok
02:38:06.0500 3448 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
02:38:06.0515 3448 pavboot - ok
02:38:06.0546 3448 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
02:38:06.0687 3448 PCI - ok
02:38:06.0703 3448 PCIDump - ok
02:38:06.0718 3448 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
02:38:06.0828 3448 PCIIde - ok
02:38:06.0875 3448 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
02:38:07.0015 3448 Pcmcia - ok
02:38:07.0062 3448 PCTAppEvent (3379e7a840de135fb7a829e03bc9cc25) C:\WINDOWS\system32\drivers\PCTAppEvent.sys
02:38:07.0078 3448 PCTAppEvent - ok
02:38:07.0093 3448 pctgntdi (bf770a5817fa8fba1402b2286a7f394c) C:\WINDOWS\system32\drivers\pctgntdi.sys
02:38:07.0109 3448 pctgntdi - ok
02:38:07.0125 3448 pctplfw (0eec24affc5ab0a2bbe4a6a886230aa5) C:\WINDOWS\system32\drivers\pctplfw.sys
02:38:07.0140 3448 pctplfw - ok
02:38:07.0140 3448 PDCOMP - ok
02:38:07.0156 3448 PDFRAME - ok
02:38:07.0171 3448 PDRELI - ok
02:38:07.0187 3448 PDRFRAME - ok
02:38:07.0187 3448 perc2 - ok
02:38:07.0203 3448 perc2hib - ok
02:38:07.0250 3448 Point32 (b4f59a953ef9e507f0d00c3a68580b8b) C:\WINDOWS\system32\DRIVERS\point32.sys
02:38:07.0296 3448 Point32 - ok
02:38:07.0312 3448 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
02:38:07.0437 3448 Processor - ok
02:38:07.0484 3448 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
02:38:07.0625 3448 PSched - ok
02:38:07.0656 3448 PSI (14e6fb92f1788982e2bbc81d915b1f02) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
02:38:07.0671 3448 PSI - ok
02:38:07.0718 3448 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:38:07.0859 3448 Ptilink - ok
02:38:07.0906 3448 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
02:38:07.0921 3448 PxHelp20 - ok
02:38:07.0937 3448 ql1080 - ok
02:38:07.0937 3448 Ql10wnt - ok
02:38:07.0953 3448 ql12160 - ok
02:38:07.0968 3448 ql1240 - ok
02:38:07.0984 3448 ql1280 - ok
02:38:08.0000 3448 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:38:08.0125 3448 RasAcd - ok
02:38:08.0140 3448 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:38:08.0281 3448 Rasl2tp - ok
02:38:08.0296 3448 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:38:08.0406 3448 RasPppoe - ok
02:38:08.0421 3448 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
02:38:08.0562 3448 Raspti - ok
02:38:08.0609 3448 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:38:08.0718 3448 Rdbss - ok
02:38:08.0734 3448 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:38:08.0890 3448 RDPCDD - ok
02:38:08.0937 3448 RDPWD (43af5212bd8fb5ba6eed9754358bd8f7) C:\WINDOWS\system32\drivers\RDPWD.sys
02:38:09.0000 3448 RDPWD - ok
02:38:09.0031 3448 RecAgent (604567bf6f9742f6c69730dbc87227b3) C:\WINDOWS\system32\DRIVERS\RecAgent.sys
02:38:09.0046 3448 RecAgent ( UnsignedFile.Multi.Generic ) - warning
02:38:09.0046 3448 RecAgent - detected UnsignedFile.Multi.Generic (1)
02:38:09.0078 3448 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
02:38:09.0203 3448 redbook - ok
02:38:09.0328 3448 RegFilter (d03fa5ec6b855fee1ee16c5b0c0ba42c) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys
02:38:09.0343 3448 RegFilter - ok
02:38:09.0390 3448 SABKUTIL - ok
02:38:09.0421 3448 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
02:38:09.0421 3448 SASDIFSV - ok
02:38:09.0437 3448 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
02:38:09.0453 3448 SASKUTIL - ok
02:38:09.0515 3448 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:38:09.0578 3448 Secdrv - ok
02:38:09.0625 3448 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
02:38:09.0734 3448 serenum - ok
02:38:09.0781 3448 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
02:38:09.0906 3448 Serial - ok
02:38:09.0968 3448 SFilter (975f4e44fd48c36beed30c96a115b2b8) C:\WINDOWS\system32\DRIVERS\pctfw.sys
02:38:09.0968 3448 SFilter ( UnsignedFile.Multi.Generic ) - warning
02:38:09.0968 3448 SFilter - detected UnsignedFile.Multi.Generic (1)
02:38:10.0000 3448 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
02:38:10.0109 3448 Sfloppy - ok
02:38:10.0125 3448 Simbad - ok
02:38:10.0156 3448 Slntamr (0838b9b9fea67da1a2e60c595c2fcbf3) C:\WINDOWS\system32\DRIVERS\slntamr.sys
02:38:10.0171 3448 Slntamr ( UnsignedFile.Multi.Generic ) - warning
02:38:10.0171 3448 Slntamr - detected UnsignedFile.Multi.Generic (1)
02:38:10.0218 3448 SlNtHal (ec437c138e5a6c53b2605fbcb77f2845) C:\WINDOWS\system32\DRIVERS\Slnthal.sys
02:38:10.0234 3448 SlNtHal ( UnsignedFile.Multi.Generic ) - warning
02:38:10.0234 3448 SlNtHal - detected UnsignedFile.Multi.Generic (1)
02:38:10.0250 3448 SlWdmSup (03ec63e1de00d7efa51997ddd208ca2b) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
02:38:10.0265 3448 SlWdmSup ( UnsignedFile.Multi.Generic ) - warning
02:38:10.0265 3448 SlWdmSup - detected UnsignedFile.Multi.Generic (1)
02:38:10.0265 3448 Sparrow - ok
02:38:10.0312 3448 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
02:38:10.0453 3448 splitter - ok
02:38:10.0515 3448 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
02:38:10.0562 3448 sr - ok
02:38:10.0593 3448 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
02:38:10.0656 3448 Srv - ok
02:38:10.0703 3448 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
02:38:10.0812 3448 swenum - ok
02:38:10.0843 3448 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
02:38:10.0968 3448 swmidi - ok
02:38:10.0984 3448 symc810 - ok
02:38:10.0984 3448 symc8xx - ok
02:38:11.0000 3448 sym_hi - ok
02:38:11.0015 3448 sym_u3 - ok
02:38:11.0046 3448 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
02:38:11.0156 3448 sysaudio - ok
02:38:11.0218 3448 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:38:11.0296 3448 Tcpip - ok
02:38:11.0343 3448 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
02:38:11.0453 3448 TDPIPE - ok
02:38:11.0484 3448 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
02:38:11.0625 3448 TDTCP - ok
02:38:11.0656 3448 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
02:38:11.0765 3448 TermDD - ok
02:38:11.0796 3448 TosIde - ok
02:38:11.0843 3448 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
02:38:11.0843 3448 TrueSight ( UnsignedFile.Multi.Generic ) - warning
02:38:11.0843 3448 TrueSight - detected UnsignedFile.Multi.Generic (1)
02:38:11.0890 3448 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
02:38:12.0031 3448 Udfs - ok
02:38:12.0046 3448 ultra - ok
02:38:12.0078 3448 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
02:38:12.0203 3448 Update - ok
02:38:12.0375 3448 UrlFilter (cb41cd653916362ca5ecd242382a156e) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys
02:38:12.0375 3448 UrlFilter - ok
02:38:12.0437 3448 usbbus (af9388e736af0c325067f05edc350010) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
02:38:12.0484 3448 usbbus - ok
02:38:12.0531 3448 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:38:12.0656 3448 usbccgp - ok
02:38:12.0687 3448 UsbDiag (ae30ea96e60e823c7b525da356283ae8) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
02:38:12.0687 3448 UsbDiag - ok
02:38:12.0718 3448 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:38:12.0843 3448 usbehci - ok
02:38:12.0859 3448 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:38:12.0984 3448 usbhub - ok
02:38:13.0015 3448 USBModem (46ac66df3d6efe81f69bea823a53aab5) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
02:38:13.0031 3448 USBModem - ok
02:38:13.0062 3448 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
02:38:13.0187 3448 usbohci - ok
02:38:13.0218 3448 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
02:38:13.0359 3448 usbprint - ok
02:38:13.0375 3448 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
02:38:13.0500 3448 usbscan - ok
02:38:13.0562 3448 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:38:13.0671 3448 USBSTOR - ok
02:38:13.0703 3448 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
02:38:13.0843 3448 VgaSave - ok
02:38:13.0859 3448 ViaIde - ok
02:38:13.0890 3448 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
02:38:14.0015 3448 VolSnap - ok
02:38:14.0031 3448 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:38:14.0171 3448 Wanarp - ok
02:38:14.0218 3448 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
02:38:14.0265 3448 wanatw - ok
02:38:14.0265 3448 WDICA - ok
02:38:14.0312 3448 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
02:38:14.0437 3448 wdmaud - ok
02:38:14.0500 3448 WmBEnum (5d410936831f7fb58eff941eac3f6d3d) C:\WINDOWS\system32\drivers\WmBEnum.sys
02:38:14.0515 3448 WmBEnum - ok
02:38:14.0562 3448 WmFilter (7a13cfde92956ca61a0927d766c5ad4f) C:\WINDOWS\system32\drivers\WmFilter.sys
02:38:14.0562 3448 WmFilter - ok
02:38:14.0625 3448 WmVirHid (6f04646bc690f8bbfc344be32a60796d) C:\WINDOWS\system32\drivers\WmVirHid.sys
02:38:14.0640 3448 WmVirHid - ok
02:38:14.0656 3448 WmXlCore (1d6ca43d562333f4dfb40bcef2453f3a) C:\WINDOWS\system32\drivers\WmXlCore.sys
02:38:14.0671 3448 WmXlCore - ok
02:38:14.0687 3448 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
02:38:14.0812 3448 WS2IFSL - ok
02:38:14.0843 3448 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:38:14.0921 3448 WudfPf - ok
02:38:14.0937 3448 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
02:38:14.0953 3448 WudfRd - ok
02:38:14.0968 3448 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
02:38:15.0375 3448 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - warning
02:38:15.0375 3448 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1)
02:38:15.0390 3448 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
02:38:15.0390 3448 \Device\Harddisk0\DR0 - detected TDSS File System (1)
02:38:15.0390 3448 Boot (0x1200) (73674570a41ddbf5d4e994f118a845aa) \Device\Harddisk0\DR0\Partition0
02:38:15.0390 3448 \Device\Harddisk0\DR0\Partition0 - ok
02:38:15.0390 3448 ============================================================
02:38:15.0390 3448 Scan finished
02:38:15.0390 3448 ============================================================
02:38:15.0500 2904 Detected object count: 14
02:38:15.0500 2904 Actual detected object count: 14
02:39:06.0875 2904 C:\WINDOWS\system32\drivers\Afc.sys - copied to quarantine
02:39:06.0875 2904 HKLM\SYSTEM\ControlSet003\services\Afc - will be deleted on reboot
02:39:06.0890 2904 HKLM\SYSTEM\ControlSet004\services\Afc - will be deleted on reboot
02:39:06.0906 2904 HKLM\SYSTEM\ControlSet005\services\Afc - will be deleted on reboot
02:39:06.0906 2904 C:\WINDOWS\system32\drivers\Afc.sys - will be deleted on reboot
02:39:06.0906 2904 Afc ( UnsignedFile.Multi.Generic ) - User select action: Delete
02:39:06.0953 2904 C:\WINDOWS\System32\Drivers\BANTExt.sys - copied to quarantine
02:39:06.0953 2904 HKLM\SYSTEM\ControlSet003\services\BANTExt - will be deleted on reboot
02:39:06.0953 2904 HKLM\SYSTEM\ControlSet004\services\BANTExt - will be deleted on reboot
02:39:06.0953 2904 HKLM\SYSTEM\ControlSet005\services\BANTExt - will be deleted on reboot
02:39:06.0953 2904 C:\WINDOWS\System32\Drivers\BANTExt.sys - will be deleted on reboot
02:39:06.0953 2904 BANTExt ( UnsignedFile.Multi.Generic ) - User select action: Delete
02:39:07.0062 2904 C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS - copied to quarantine
02:39:07.0062 2904 HKLM\SYSTEM\ControlSet001\services\MREMPR5 - will be deleted on reboot
02:39:07.0062 2904 HKLM\SYSTEM\ControlSet002\services\MREMPR5 - will be deleted on reboot
02:39:07.0062 2904 HKLM\SYSTEM\ControlSet003\services\MREMPR5 - will be deleted on reboot
02:39:07.0062 2904 HKLM\SYSTEM\ControlSet004\services\MREMPR5 - will be deleted on reboot
02:39:07.0062 2904 HKLM\SYSTEM\ControlSet005\services\MREMPR5 - will be deleted on reboot
02:39:07.0062 2904 C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS - will be deleted on reboot
02:39:07.0062 2904 MREMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Delete
02:39:07.0171 2904 C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS - copied to quarantine
02:39:07.0171 2904 HKLM\SYSTEM\ControlSet001\services\MRENDIS5 - will be deleted on reboot
02:39:07.0171 2904 HKLM\SYSTEM\ControlSet002\services\MRENDIS5 - will be deleted on reboot
02:39:07.0171 2904 HKLM\SYSTEM\ControlSet003\services\MRENDIS5 - will be deleted on reboot
02:39:07.0171 2904 HKLM\SYSTEM\ControlSet004\services\MRENDIS5 - will be deleted on reboot
02:39:07.0187 2904 HKLM\SYSTEM\ControlSet005\services\MRENDIS5 - will be deleted on reboot
02:39:07.0187 2904 C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS - will be deleted on reboot
02:39:07.0187 2904 MRENDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Delete
02:39:07.0250 2904 C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys - copied to quarantine
02:39:07.0250 2904 HKLM\SYSTEM\ControlSet001\services\Mtlmnt5 - will be deleted on reboot
02:39:07.0250 2904 HKLM\SYSTEM\ControlSet002\services\Mtlmnt5 - will be deleted on reboot
02:39:07.0250 2904 HKLM\SYSTEM\ControlSet003\services\Mtlmnt5 - will be deleted on reboot
02:39:07.0250 2904 HKLM\SYSTEM\ControlSet004\services\Mtlmnt5 - will be deleted on reboot
02:39:07.0250 2904 HKLM\SYSTEM\ControlSet005\services\Mtlmnt5 - will be deleted on reboot
02:39:07.0250 2904 C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys - will be deleted on reboot
02:39:07.0250 2904 Mtlmnt5 ( UnsignedFile.Multi.Generic ) - User select action: Delete
02:39:07.0375 2904 C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys - copied to quarantine
02:39:07.0375 2904 HKLM\SYSTEM\ControlSet001\services\Mtlstrm - will be deleted on reboot
02:39:07.0375 2904 HKLM\SYSTEM\ControlSet002\services\Mtlstrm - will be deleted on reboot
02:39:07.0375 2904 HKLM\SYSTEM\ControlSet003\services\Mtlstrm - will be deleted on reboot
02:39:07.0375 2904 HKLM\SYSTEM\ControlSet004\services\Mtlstrm - will be deleted on reboot
02:39:07.0375 2904 HKLM\SYSTEM\ControlSet005\services\Mtlstrm - will be deleted on reboot
02:39:07.0375 2904 C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys - will be deleted on reboot
02:39:07.0375 2904 Mtlstrm ( UnsignedFile.Multi.Generic ) - User select action: Delete
02:39:07.0421 2904 C:\WINDOWS\system32\DRIVERS\RecAgent.sys - copied to quarantine
02:39:07.0421 2904 HKLM\SYSTEM\ControlSet001\services\RecAgent - will be deleted on reboot
02:39:07.0421 2904 HKLM\SYSTEM\ControlSet002\services\RecAgent - will be deleted on reboot
02:39:07.0421 2904 HKLM\SYSTEM\ControlSet003\services\RecAgent - will be deleted on reboot
02:39:07.0421 2904 HKLM\SYSTEM\ControlSet004\services\RecAgent - will be deleted on reboot
02:39:07.0421 2904 HKLM\SYSTEM\ControlSet005\services\RecAgent - will be deleted on reboot
02:39:07.0421 2904 C:\WINDOWS\system32\DRIVERS\RecAgent.sys - will be deleted on reboot
02:39:07.0421 2904 RecAgent ( UnsignedFile.Multi.Generic ) - User select action: Delete
02:39:07.0484 2904 C:\WINDOWS\system32\DRIVERS\pctfw.sys - copied to quarantine
02:39:07.0484 2904 HKLM\SYSTEM\ControlSet001\services\SFilter - will be deleted on reboot
02:39:07.0484 2904 HKLM\SYSTEM\ControlSet002\services\SFilter - will be deleted on reboot
02:39:07.0484 2904 HKLM\SYSTEM\ControlSet003\services\SFilter - will be deleted on reboot
02:39:07.0484 2904 HKLM\SYSTEM\ControlSet004\services\SFilter - will be deleted on reboot
02:39:07.0484 2904 HKLM\SYSTEM\ControlSet005\services\SFilter - will be deleted on reboot
02:39:07.0484 2904 C:\WINDOWS\system32\DRIVERS\pctfw.sys - will be deleted on reboot
02:39:07.0484 2904 SFilter ( UnsignedFile.Multi.Generic ) - User select action: Delete
02:39:07.0578 2904 C:\WINDOWS\system32\DRIVERS\slntamr.sys - copied to quarantine
02:39:07.0578 2904 HKLM\SYSTEM\ControlSet001\services\Slntamr - will be deleted on reboot
02:39:07.0578 2904 HKLM\SYSTEM\ControlSet002\services\Slntamr - will be deleted on reboot
02:39:07.0578 2904 HKLM\SYSTEM\ControlSet003\services\Slntamr - will be deleted on reboot
02:39:07.0578 2904 HKLM\SYSTEM\ControlSet004\services\Slntamr - will be deleted on reboot
02:39:07.0578 2904 HKLM\SYSTEM\ControlSet005\services\Slntamr - will be deleted on reboot
02:39:07.0578 2904 C:\WINDOWS\system32\DRIVERS\slntamr.sys - will be deleted on reboot
02:39:07.0578 2904 Slntamr ( UnsignedFile.Multi.Generic ) - User select action: Delete
02:39:07.0625 2904 C:\WINDOWS\system32\DRIVERS\Slnthal.sys - copied to quarantine
02:39:07.0625 2904 HKLM\SYSTEM\ControlSet001\services\SlNtHal - will be deleted on reboot
02:39:07.0625 2904 HKLM\SYSTEM\ControlSet002\services\SlNtHal - will be deleted on reboot
02:39:07.0625 2904 HKLM\SYSTEM\ControlSet003\services\SlNtHal - will be deleted on reboot
02:39:07.0625 2904 HKLM\SYSTEM\ControlSet004\services\SlNtHal - will be deleted on reboot
02:39:07.0625 2904 HKLM\SYSTEM\ControlSet005\services\SlNtHal - will be deleted on reboot
02:39:07.0625 2904 C:\WINDOWS\system32\DRIVERS\Slnthal.sys - will be deleted on reboot
02:39:07.0625 2904 SlNtHal ( UnsignedFile.Multi.Generic ) - User select action: Delete
02:39:07.0640 2904 C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys - copied to quarantine
02:39:07.0640 2904 HKLM\SYSTEM\ControlSet001\services\SlWdmSup - will be deleted on reboot
02:39:07.0640 2904 HKLM\SYSTEM\ControlSet002\services\SlWdmSup - will be deleted on reboot
02:39:07.0640 2904 HKLM\SYSTEM\ControlSet003\services\SlWdmSup - will be deleted on reboot
02:39:07.0640 2904 HKLM\SYSTEM\ControlSet004\services\SlWdmSup - will be deleted on reboot
02:39:07.0640 2904 HKLM\SYSTEM\ControlSet005\services\SlWdmSup - will be deleted on reboot
02:39:07.0640 2904 C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys - will be deleted on reboot
02:39:07.0640 2904 SlWdmSup ( UnsignedFile.Multi.Generic ) - User select action: Delete
02:39:07.0718 2904 c:\windows\system32\drivers\TrueSight.sys - copied to quarantine
02:39:07.0718 2904 HKLM\SYSTEM\ControlSet003\services\TrueSight - will be deleted on reboot
02:39:07.0734 2904 HKLM\SYSTEM\ControlSet004\services\TrueSight - will be deleted on reboot
02:39:07.0734 2904 c:\windows\system32\drivers\TrueSight.sys - will be deleted on reboot
02:39:07.0734 2904 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Delete
02:39:08.0203 2904 \Device\Harddisk0\DR0\# - copied to quarantine
02:39:08.0203 2904 \Device\Harddisk0\DR0 - copied to quarantine
02:39:08.0203 2904 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - User select action: Quarantine
02:39:08.0203 2904 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
02:39:08.0218 2904 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
02:39:08.0218 2904 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
02:39:08.0218 2904 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
02:39:08.0234 2904 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
02:39:08.0234 2904 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
02:39:08.0234 2904 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
02:39:08.0234 2904 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
02:39:08.0250 2904 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
02:39:08.0265 2904 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
02:39:08.0265 2904 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
02:39:08.0265 2904 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
02:39:08.0265 2904 \Device\Harddisk0\DR0\TDLFS - deleted
02:39:08.0265 2904 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
02:39:10.0328 2268 Deinitialize success


I hope that I am not making your attempts to help me more troublesome or problematic than they would be normally. I thank you for the assistance given me thus far.
  • 0

#10
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Jhackofalltrades,

We need to do a repair install of Windows XP because you are missing a lot of drivers. This will not delete any of your personal data or programs, but will only repair the OS. If you would like, you can backup any important files to external media like you did for the TDSSKiller log.

Please make sure you have your license key handy just in case you need it. If it is not printed on a sticker somewhere on your computer, you can retrieve it using the free Magical Jellybean KeyFinder.

Please follow this tutorial to perform the repair install. You will need an XP disc with Service Pack 3. If your disk does not have SP3, let me know and I will give you directions to add it in. Make sure you select the repair option and not the fresh install option.

Let me know how it goes and if you have any questions.
  • 0

Advertisements


#11
Jhackofalltrades

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
My XP install disk only has SP 2 on it. I will need those instructions. I have to go to work now, I'll return later with the results or questions.
  • 0

#12
Jhackofalltrades

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Yay, work's done. I'll need those instructions since my install disk only has sp2
  • 0

#13
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Slipstreaming your XP CD.
  • First, download Service Pack 3 and save it to a convenient place on your computer.
  • Next, make a new folder in a convenient location on your computer named "XPSetup." Please insert your XP CD and copy all of the files and folders on the CD into you newly created folder.
  • Go to this page and download the Self-extracting archive for nLite and install it on your computer.
  • Once it is installed, open the nLite program. Choose your language and click the Next button.
  • You should now see the screen below. Please click the Browse button and navigate to your folder named "XPSetup." After you do this, the installation details from your CD should appear below. In your case, it should say Service Pack: 2.

    Posted Image
  • Please click Next until you get the screen below. Please click on the Service Pack button and the Bootable ISO button so that the circles next to them turn green, as below.

    Posted Image
  • Click Next again and you will see this screen. Click on the Select button and then navigate to where you downloaded the Service Pack 3 file. Click the okay button and allow the program to integrate the service pack. This may take a few minutes.

    Posted Image
  • Click Next again. Under the Mode menu, please select Direct Burn and under the Device menu, make sure your CD drive is selected. Please insert a blank CD and then click the Burn button. Allow the program to burn your disc.

    Posted Image

  • 0

#14
Jhackofalltrades

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
I have created the XP install disk with SP3 on it. When I pop it in and run the windows setup (not the recovery option), I'm not given an R option for repair. All that it lists are as follows

----------------
to set up windows xp on the selcted item, press ENTER.

to create a partition in the unpartitioned space, prec C.

to delete the selected partition, press D.

476938 MB Disk 0 at Id 0 on bus 0 on atapi {MBR}
c: Partition1 [NTFS] 476939 MB ( 246988 MB free)

----------------

Both the SP2 original and the newly created SP3 disk give me a warning about choosing to install windows xp on a partition that contains another operating system. Do I continue Setup using this partition?
  • 0

#15
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts

Do I continue Setup using this partition?



Don't do that. It will delete all your files. Can you verify if your XP CD is the Professional version?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP