[maliprog]

OK. Please restart your system and try to run:

• TDSSKiller
• Combofix
• MBRCheck

and post log if you manage to run ether of them.

[Advertisements]

Will only boot and run programs in safe mode

1.TDSSKiller "Program too big to fit in memory"

2.Combofix

3:22
Preparing to run

Attempting to create a new system restore point

Downloading MS Recovery Console

3:28 Windows Explorer has encountered an error and will need to close

3:31 Congratulations MS Recovery console has installed....

Scan beginning

You are infected with Rootkit.zeroaccess. It has inerted itself into the tcp/ip stack. This is a particularly difficult infection.....

Combofix wants to reboot.

Did not hit OK, just it sit. Prompt went away.

Black screen with Safe Mode in corners, no icons no task bar.



Powering down and rebooting.


Lots of command prompt boxes on reboot


Windows Corrupt file " The file or directory c:docs and settings/NetworkService\Cookies is unreadable. Please run CHkdisk utility."

Hit OK

Combofix is prepering to run

Windows Warning box NIRCMD " Windows cannot find 'NIRCMD'. Please make sure you typed the name correctly... Hit OK

Combofix error "NIRCMD is not recognized as an ineernal or external command operable program or batch file"

Combofix error "NIRCMD is not recognized as an ineernal or external command operable program or batch file" Hit OK

4:32
Scanning...

Combofix warning:
The application has requested the Runtime to terminate in an unusal way. Please contact the apps support team for more info.

Windows warning "pev.3XE has encountered a problem and needs to close"


Combofix warning: The system cannot find NIRCMD.

Windows Warning box NIRCMD " Windows cannot find 'NIRCMD'. Please make sure you typed the name correctly... Hit OK


4:36
completed stage 1
completed stage 2

Windows Warning box NIRCMD " Windows cannot find 'NIRCMD'. Please make sure you typed the name correctly... Hit OK

Windows Warning box NIRCMD " Windows cannot find 'NIRCMD'. Please make sure you typed the name correctly... Hit OK

4:40
completed stage 3

Edited by Maxihup, 14 November 2011 - 04:41 PM.

[Maxihup]

Will only boot and run programs in safe mode

1.TDSSKiller "Program too big to fit in memory"

2.Combofix

3:22
Preparing to run

Attempting to create a new system restore point

Downloading MS Recovery Console

3:28 Windows Explorer has encountered an error and will need to close

3:31 Congratulations MS Recovery console has installed....

Scan beginning

You are infected with Rootkit.zeroaccess. It has inerted itself into the tcp/ip stack. This is a particularly difficult infection.....

Combofix wants to reboot.

Did not hit OK, just it sit. Prompt went away.

Black screen with Safe Mode in corners, no icons no task bar.



Powering down and rebooting.


Lots of command prompt boxes on reboot


Windows Corrupt file " The file or directory c:docs and settings/NetworkService\Cookies is unreadable. Please run CHkdisk utility."

Hit OK

Combofix is prepering to run

Windows Warning box NIRCMD " Windows cannot find 'NIRCMD'. Please make sure you typed the name correctly... Hit OK

Combofix error "NIRCMD is not recognized as an ineernal or external command operable program or batch file"

Combofix error "NIRCMD is not recognized as an ineernal or external command operable program or batch file" Hit OK

4:32
Scanning...

Combofix warning:
The application has requested the Runtime to terminate in an unusal way. Please contact the apps support team for more info.

Windows warning "pev.3XE has encountered a problem and needs to close"


Combofix warning: The system cannot find NIRCMD.

Windows Warning box NIRCMD " Windows cannot find 'NIRCMD'. Please make sure you typed the name correctly... Hit OK


4:36
completed stage 1
completed stage 2

Windows Warning box NIRCMD " Windows cannot find 'NIRCMD'. Please make sure you typed the name correctly... Hit OK

Windows Warning box NIRCMD " Windows cannot find 'NIRCMD'. Please make sure you typed the name correctly... Hit OK

4:40
completed stage 3

Edited by Maxihup, 14 November 2011 - 04:41 PM.

[Maxihup]

Well it finally made it thorught the combofix.


Got this popup between every stage

Windows Warning box NIRCMD " Windows cannot find 'NIRCMD'. Please make sure you typed the name correctly... Hit OK


And about 20 of these during each stage

Windows warning "pev.3XE has encountered a problem and needs to close"




Oce the stages had completed I got warnings like:

All the dll's infected:
System file is infected!! Attempting to restore:
windows\system32\hid.dll
midimap.dll
dsound.dll
rasauto.dll
qmgr.dll
netlogon.dll
scecli.dll
srsvc.dll
comres.dll


Last error I got was:
Could not find Combofix\Type



Combofix is rebooting.

Windows is up, Combofix is running again.

More combofix errors:

The application has requested the Runtime to terminate in an unusal way. Please contact the apps support team for more info.


And

Windows warning "pev.3XE has encountered a problem and needs to close"




now:
More combofix errors:

The system cannot find the file temp01



Preparing log report:

Combofix error "NIRCMD is not recognized as an ineernal or external command operable program or batch file" Hit OK


Combofix warning:
The application has requested the Runtime to terminate in an unusal way. Please contact the apps support team for more info.




Combofix won't close.

[Maxihup]

TDSSKiller and MBRCheck will not run

[maliprog]

At least we manage to get infection name...

Step 1

NOTE: You have very nasty infection! I would strongly advice you to backup all your important data from your system before you begin with the fix.

This malware tends to disable you whole system and let you with nothing. Please backup your date.

Step 2

After you backup all your data please delete your version of Combofix and download new one. After that restart in Safe mode and try to run it one more time. Post log if you manage to get it.

[Maxihup]

Combofix ran in safemode and without all the errors like before (only 1 error on starting combofix: pev.3XE is not a valid program)

Ran all the way through. Deleted a bunch of files like


Documentsandsettings\User\
TEMP
PriceGong
WINDOWS
Desktop


I got a little concerened on those last 2...

Also said system32\hid.dll is infected


Combofix rebooted and windows booted normally but combofix froze when trying to create the log file and reboot again.

[maliprog]

Let's try VRT:

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right



Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan


Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

[Maxihup]

Here is the VRT results


Status: Deleted (events: 2)
11/17/2011 11:53:51 AM Deleted Trojan program Rootkit.Win32.ZAccess.k C:\WINDOWS\system32\drivers\mrxsmb.sys High
11/17/2011 1:53:46 PM Deleted Trojan program Rootkit.Win32.ZAccess.k C:\System Volume Information\_restore{E721B4B4-42D5-44CC-B54E-65BBAC06C015}\RP119\A0160670.sys High
Status: Disinfected (events: 1)
11/17/2011 11:58:41 AM Disinfected Trojan program Rootkit.Boot.SST.b \Device\Harddisk0\DR0 High

[maliprog]

Hi Maxihup,

Good work. VRT removed leftovers and now we have to double check for infection.

• First remove your versions of Combofix and download new one. Try to run it as you did before.
• Remove your version of TDSSKiller and download new one. Try to run it as you did before.
• Remove your version of aswMBR and download new one. Try to run it.

Post logs after the scans for me.

[Maxihup]

Combofix ran fine. Did not reset.

Here is the log

ComboFix 11-11-18.01 - user1 11/18/2011 8:08.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1976.1040 [GMT -6:00]
Running from: c:\documents and settings\user1\Desktop\ComboFix.exe
AV: Trend Micro OfficeScan Antivirus *Enabled/Outdated* {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525}
FW: Trend Micro Personal Firewall *Enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\user1\Application Data\54B8C
c:\documents and settings\user1\Application Data\54B8C\93E9B.exe
c:\documents and settings\user1\Application Data\54B8C\CBA0.4B8
c:\windows\CSC\d6
.
---- Previous Run -------
.
c:\documents and settings\user1\Application Data\dwme.exe
c:\documents and settings\user1\Application Data\ldr.ini
c:\documents and settings\user1\Desktop\AV Security 2012.lnk
c:\documents and settings\user1\Start Menu\Programs\AV Security 2012\AV Security 2012.lnk
c:\program files\LP\9B05\27.tmp
c:\program files\LP\9B05\2FA.exe
c:\program files\LP\9B05\74.tmp
c:\program files\LP\9B05\75.tmp
c:\program files\LP\9B05\76.tmp
c:\program files\LP\9B05\E.tmp
c:\windows\$NtUninstallKB18020$\2165717360
c:\windows\system32\AV Security 2012v121.exe
.
-- Previous Run --
.
c:\windows\system32\upnphost.dll . . . is infected!!
.
--------
.
c:\windows\system32\upnphost.dll . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2011-10-18 to 2011-11-18 )))))))))))))))))))))))))))))))
.
.
2067-05-27 20:16 . 2011-11-08 15:56 1249280 ----a-w- c:\program files\Microsoft Games\Impossible Creatures\InsectMod.dll
2067-05-22 03:35 . 2003-06-05 22:40 106496 ----a-w- c:\program files\Microsoft Games\Impossible Creatures\Filesystem.dll
2011-11-18 04:09 . 2011-11-18 14:00 -------- d-----w- c:\windows\LastGood
2011-11-17 14:24 . 2011-11-16 23:58 133208 ----a-w- c:\windows\system32\drivers\54562378.sys
2011-11-17 14:14 . 2011-11-17 14:14 -------- d-----w- c:\documents and settings\user1\Application Data\g4ppmGG5sQJdE8
2011-11-17 14:14 . 2011-11-17 14:14 -------- d-----w- c:\documents and settings\user1\Application Data\rIIIBrzONyxAuv2
2011-11-17 09:34 . 2011-11-17 09:35 -------- d-----w- c:\program files\8CBA0
2011-11-17 09:34 . 2011-11-17 09:34 -------- d-----w- c:\documents and settings\user1\Application Data\samH6sWJ7E9TqYe
2011-11-17 09:34 . 2011-11-17 09:34 -------- d-----w- c:\documents and settings\user1\Application Data\IIVrzONyx0v2b3m
2011-11-17 09:34 . 2011-11-17 09:34 -------- d-----w- c:\documents and settings\user1\Application Data\LYXwkUVelBx0c1b
2011-11-17 09:34 . 2011-11-17 09:34 -------- d-----w- c:\documents and settings\user1\Application Data\q2ibF3pnGaJd
2011-11-17 02:24 . 2011-11-17 02:24 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-16 23:06 . 2011-11-16 23:06 -------- d-sh--w- c:\documents and settings\user1\IECompatCache
2011-11-16 15:14 . 2011-11-16 23:58 133208 ----a-w- c:\windows\system32\drivers\82388117.sys
2011-11-16 14:42 . 2011-11-16 23:58 133208 ----a-w- c:\windows\system32\drivers\42497254.sys
2011-11-14 21:38 . 2010-02-24 11:57 457216 -c--a-w- c:\windows\system32\dllcache\mrxsmb.sys
2011-11-14 21:38 . 2010-02-24 11:57 457216 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-11-10 20:18 . 2011-11-10 20:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-11-10 20:18 . 2011-11-10 20:26 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-11-10 20:04 . 2011-11-10 20:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-11-09 03:30 . 2011-11-09 16:41 -------- d-----w- c:\documents and settings\user1\Application Data\Skype
2011-11-09 03:29 . 2011-11-09 03:29 -------- d-----w- c:\program files\Common Files\Skype
2011-11-09 03:29 . 2011-11-09 03:29 -------- d-----r- c:\program files\Skype
2011-11-09 03:13 . 2011-11-09 03:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2011-11-08 15:56 . 2011-11-08 15:56 442368 ----a-w- c:\program files\Microsoft Games\Impossible Creatures\Locale\German\Insect\ModText.dll
2011-11-08 15:56 . 2011-11-08 15:56 442368 ----a-w- c:\program files\Microsoft Games\Impossible Creatures\Locale\French\Insect\ModText.dll
2011-11-08 15:56 . 2011-11-08 15:56 389120 ----a-w- c:\program files\Microsoft Games\Impossible Creatures\Locale\english\Insect\ModText.dll
2011-11-05 02:21 . 2010-07-07 01:36 301696 ----a-w- c:\windows\system32\UCI32A59.dll
2011-11-05 01:57 . 2011-11-05 01:57 -------- d-----w- c:\documents and settings\user1\TruePianos Settings
2011-11-05 01:55 . 2011-11-05 01:56 -------- d-----w- c:\documents and settings\user1\Application Data\Cakewalk
2011-11-05 01:53 . 2011-11-05 01:53 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{D69A48BF-7653-4AA8-94BC-5847522A4573}
2011-11-05 01:51 . 2011-11-05 01:51 -------- d-----w- c:\program files\Common Files\Digidesign
2011-11-05 01:51 . 2011-11-05 01:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Native Instruments
2011-11-05 01:51 . 2011-11-05 01:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
2011-11-05 01:50 . 2011-11-05 01:50 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
2011-11-05 01:50 . 2011-11-05 01:51 -------- d-----w- c:\program files\Common Files\Native Instruments
2011-11-05 01:50 . 2011-11-05 01:51 -------- d-----w- c:\program files\Native Instruments
2011-11-05 01:21 . 2006-02-24 14:00 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-11-05 01:21 . 2006-02-24 14:00 487424 ----a-w- c:\windows\system32\msvcp70.dll
2011-11-05 01:04 . 2011-11-15 18:25 -------- d-----w- c:\program files\Cakewalk
2011-11-05 01:04 . 2011-11-15 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Cakewalk
2011-11-04 22:59 . 2011-11-04 23:18 -------- d-----w- c:\documents and settings\user1\Application Data\ImgBurn
2011-11-04 22:50 . 2011-11-04 22:50 -------- d-----w- c:\program files\ImgBurn
2011-11-03 03:18 . 2011-11-03 03:18 -------- d-----w- c:\documents and settings\user1\Application Data\Voxatron
2011-10-23 00:43 . 2011-10-23 00:43 -------- d-----w- c:\documents and settings\user1\Local Settings\Application Data\Logitech® Webcam Software
2011-10-23 00:43 . 2011-10-23 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2011-10-22 18:51 . 2011-10-22 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2011-10-22 18:51 . 2011-10-22 18:51 -------- d-----w- c:\program files\Logitech
2011-10-22 18:51 . 2011-10-22 18:52 -------- d-----w- c:\program files\Common Files\LogiShrd
2011-10-22 01:51 . 2011-10-22 01:51 -------- d-----w- c:\documents and settings\user1\Local Settings\Application Data\TechSmith
2011-10-22 01:42 . 2011-10-22 01:42 -------- d-----w- c:\windows\system32\QuickTime
2011-10-22 01:41 . 2011-10-22 01:41 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2011-10-22 01:41 . 2011-10-22 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2011-10-22 01:41 . 2011-10-22 01:41 -------- d-----w- c:\program files\TechSmith
2011-10-22 01:33 . 2011-10-22 01:33 -------- d-----w- c:\documents and settings\user1\Bluetooth Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-15 00:22 . 2011-09-20 17:19 102400 ----a-w- c:\windows\RegBootClean.exe
2011-08-31 23:00 . 2009-06-10 18:16 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-18 03:08 . 2011-10-18 03:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-10-17 . BA3D691CBA9DFDB3D50C16F6AA62F18B . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[-] 2008-04-14 09:42 . 022A00180AE900C90AA9BA5DE8BD961C . 185856 . . [------] . . c:\windows\system32\upnphost.dll
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user1\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user1\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user1\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user1\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-11 143360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-04 1323008]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2010-12-30 874832]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3776512]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2011-07-05 421888]
"U6sWJ7fELgZjCk8234A"="c:\windows\system32\AV Security 2012v121.exe" [BU]
"h3onG4aQHsKfLgX"="c:\documents and settings\user1\Application Data\dwme.exe" [BU]
"2FA.exe"="c:\program files\LP\9B05\2FA.exe" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\user1\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\user1\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
_uninst_54562378.lnk - c:\documents and settings\user1\Local Settings\temp\_uninst_54562378.bat [N/A]
_uninst_97853193.lnk - c:\documents and settings\user1\Local Settings\temp\_uninst_97853193.bat [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Install Pending Files.LNK - c:\program files\New Boundary\Client\LocalClient.EXE [2008-10-17 1945600]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2009-03-19 08:55 180224 ----a-w- c:\windows\system32\FpWinlogonNp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4027829005-1107895287-290554039-19765\Scripts\Logon\0\0]
"Script"=\\corp.local\netlogon\teamviewer\corp-teamviewerinstall.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4027829005-1107895287-290554039-19765\Scripts\Logon\1\0]
"Script"=\\corp.local\NETLOGON\CABEL\KIX32.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4027829005-1107895287-290554039-19765\Scripts\Logon\2\0]
"Script"=\\corp.local\NETLOGON\admpwupd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntivirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Teamviewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Teamviewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Documents and Settings\\user1\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\LeapFTP\\LeapFTP.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4899:TCP"= 4899:TCP:RAdmin
"48900:UDP"= 48900:UDP:RAdmin-UDP
"54601:TCP"= 54601:TCP:Trend Micro OfficeScan Listener
"6112:TCP"= 6112:TCP:Blizzard Downloader
.
R0 42497254;42497254;c:\windows\system32\drivers\42497254.sys [11/16/2011 8:42 AM 133208]
R0 54562378;54562378;c:\windows\system32\drivers\54562378.sys [11/17/2011 8:24 AM 133208]
R1 82388117;82388117;c:\windows\system32\drivers\82388117.sys [11/16/2011 9:14 AM 133208]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [3/19/2009 2:48 AM 1680632]
R2 DB2MGMTSVC_TAEVAL10;DB2 Management Service (TAEVAL10);c:\program files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2mgmtsvc.exe [11/6/2006 6:33 PM 35880]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [3/19/2009 2:53 AM 98304]
R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [7/17/2009 7:32 AM 3576320]
R2 TeamViewer5;TeamViewer 5;c:\program files\Teamviewer\Version5\TeamViewer_Service.exe [12/21/2010 12:05 PM 2002728]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [4/2/2010 12:19 PM 57424]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [11/26/2008 7:42 PM 262416]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [11/26/2008 7:42 PM 36624]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [10/17/2008 8:34 AM 243856]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [12/23/2010 3:25 PM 28160]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [1/23/2009 7:21 AM 341584]
R3 TmPfw;OfficeScan NT Firewall;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [1/23/2009 7:17 AM 497080]
R3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [1/23/2009 7:17 AM 689416]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [5/14/2009 4:19 PM 33920]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\user1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\user1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\user1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\user1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2010 7:03 PM 136176]
S2 NetworkLog;NetworkLog;c:\windows\svcs.exe --> c:\windows\svcs.exe [?]
S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [3/19/2009 2:52 AM 106496]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [5/7/2009 2:26 AM 482176]
S3 DB2NTSECSERVER_TAEVAL10;DB2 Security Server (TAEVAL10);c:\program files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2sec.exe [11/6/2006 6:35 PM 14376]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [5/8/2009 10:01 AM 10752]
S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [3/19/2009 2:55 AM 118784]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2010 7:03 PM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11/16/2011 8:24 PM 41272]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 6:15 AM 1120752]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [8/10/2011 10:53 PM 229376]
S4 r_server;Remote Administrator Service;"c:\windows\system32\r_server.exe" /service --> c:\windows\system32\r_server.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 90178160
*NewlyCreated* - CWBNETNT
*NewlyCreated* - MDM
*NewlyCreated* - OSE
*Deregistered* - 97853193
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 19:34]
.
2011-11-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-20 20:43]
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 01:03]
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 01:03]
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4027829005-1107895287-290554039-19765Core.job
- c:\documents and settings\user1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 02:13]
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4027829005-1107895287-290554039-19765UA.job
- c:\documents and settings\user1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 02:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.hyperionics.com/index.asp?Page=hsdx/changelog.asp
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 68.87.72.134 68.87.77.134
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - hxxps://access.cengage.com/vdesk/terminal/f5opswati.cab#Version=7001,2011,803,1915
DPF: {21EC36C8-5D54-4EF8-AAFC-BE6D34661A2A} - hxxp://magellan.cengage.com/sales_enu/20417/applets/SiebelAx_OutBound_mail.cab
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - hxxps://access.cengage.com/vdesk/terminal/f5opswati.cab#Version=7001,2011,803,1915
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - hxxps://access.cengage.com/vdesk/terminal/f5opswati.cab#Version=7001,2011,803,1915
DPF: {609DE3A4-42CB-4C10-8D47-67D81B53E59A} - hxxp://magellan.cengage.com/sales_enu/20417/applets/SiebelAx_Calendar.cab
DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} - hxxp://magellan.cengage.com/sales_enu/20417/applets/SiebelAx_Desktop_Integration.cab
DPF: {E1025617-5E52-47B1-A865-AC4AD132A16B} - hxxp://magellan.cengage.com/sales_enu/20417/applets/SiebelAx_HI_Client.cab
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - hxxps://access.cengage.com/vdesk/terminal/f5opswati.cab#Version=7001,2011,803,1915
FF - ProfilePath - c:\documents and settings\user1\Application Data\Mozilla\Firefox\Profiles\slul1wop.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-WinDefend
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-18 08:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1476)
c:\windows\system32\FpWinLogonNp.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-11-18 08:24:49
ComboFix-quarantined-files.txt 2011-11-18 14:24
.
Pre-Run: 76,481,884,160 bytes free
Post-Run: 76,717,543,424 bytes free
.
- - End Of File - - A0DF9BA87026B2FE9F58292B5F62A33D

Edited by Maxihup, 18 November 2011 - 09:09 AM.

[Maxihup]

TDSSKiller ran fine. Did not reboot. Here is the log


09:05:27.0578 5892 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
09:05:29.0593 5892 ============================================================
09:05:29.0593 5892 Current date / time: 2011/11/18 09:05:29.0593
09:05:29.0593 5892 SystemInfo:
09:05:29.0593 5892
09:05:29.0593 5892 OS Version: 5.1.2600 ServicePack: 3.0
09:05:29.0593 5892 Product type: Workstation
09:05:29.0593 5892 ComputerName: L1
09:05:29.0593 5892 UserName: user1
09:05:29.0593 5892 Windows directory: C:\WINDOWS
09:05:29.0593 5892 System windows directory: C:\WINDOWS
09:05:29.0593 5892 Processor architecture: Intel x86
09:05:29.0593 5892 Number of processors: 2
09:05:29.0593 5892 Page size: 0x1000
09:05:29.0593 5892 Boot type: Normal boot
09:05:29.0593 5892 ============================================================
09:05:29.0968 5892 Initialize success
09:05:34.0812 4880 ============================================================
09:05:34.0812 4880 Scan started
09:05:34.0812 4880 Mode: Manual;
09:05:34.0812 4880 ============================================================
09:05:35.0765 4880 42497254 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\42497254.sys
09:05:35.0765 4880 42497254 - ok
09:05:35.0843 4880 54562378 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\54562378.sys
09:05:35.0859 4880 54562378 - ok
09:05:35.0937 4880 82388117 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\82388117.sys
09:05:35.0937 4880 82388117 - ok
09:05:35.0984 4880 Abiosdsk - ok
09:05:36.0015 4880 abp480n5 - ok
09:05:36.0093 4880 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:05:36.0093 4880 ACPI - ok
09:05:36.0125 4880 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
09:05:36.0125 4880 ACPIEC - ok
09:05:36.0171 4880 adpu160m - ok
09:05:36.0234 4880 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:05:36.0234 4880 aec - ok
09:05:36.0296 4880 AFD (4d43e74f2a1239d53929b82600f1971c) C:\WINDOWS\System32\drivers\afd.sys
09:05:36.0296 4880 AFD - ok
09:05:36.0343 4880 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:05:36.0343 4880 agp440 - ok
09:05:36.0359 4880 Aha154x - ok
09:05:36.0375 4880 aic78u2 - ok
09:05:36.0390 4880 aic78xx - ok
09:05:36.0421 4880 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
09:05:36.0421 4880 AliIde - ok
09:05:36.0437 4880 amsint - ok
09:05:36.0468 4880 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:05:36.0484 4880 Arp1394 - ok
09:05:36.0484 4880 asc - ok
09:05:36.0500 4880 asc3350p - ok
09:05:36.0531 4880 asc3550 - ok
09:05:36.0578 4880 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:05:36.0578 4880 AsyncMac - ok
09:05:36.0640 4880 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:05:36.0656 4880 atapi - ok
09:05:36.0656 4880 Atdisk - ok
09:05:36.0796 4880 ati2mtag (2b6f1b90dd34910f329b5a655140032b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
09:05:36.0828 4880 ati2mtag - ok
09:05:36.0890 4880 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
09:05:36.0906 4880 atksgt - ok
09:05:36.0937 4880 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:05:36.0937 4880 Atmarpc - ok
09:05:36.0984 4880 ATSwpWDF (40e3212da94acf9e120c30acebc6ea80) C:\WINDOWS\system32\Drivers\ATSwpWDF.sys
09:05:37.0000 4880 ATSwpWDF - ok
09:05:37.0031 4880 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:05:37.0031 4880 audstub - ok
09:05:37.0093 4880 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:05:37.0093 4880 Beep - ok
09:05:37.0140 4880 BrScnUsb (6cf3aed19c2185c60de2ae50ee37a342) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
09:05:37.0140 4880 BrScnUsb - ok
09:05:37.0171 4880 BrSerIf (26051d886f3333cb41857d6f52248de1) C:\WINDOWS\system32\Drivers\BrSerIf.sys
09:05:37.0171 4880 BrSerIf - ok
09:05:37.0203 4880 BrUsbSer (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
09:05:37.0203 4880 BrUsbSer - ok
09:05:37.0281 4880 BTKRNL (70455baffc078b6152d1e52376296467) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
09:05:37.0296 4880 BTKRNL - ok
09:05:37.0343 4880 BTWUSB (2cfc2bd8785f82a42fcad83de1fa5a36) C:\WINDOWS\system32\Drivers\btwusb.sys
09:05:37.0343 4880 BTWUSB - ok
09:05:37.0484 4880 catchme - ok
09:05:37.0562 4880 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:05:37.0562 4880 cbidf2k - ok
09:05:37.0609 4880 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:05:37.0609 4880 CCDECODE - ok
09:05:37.0625 4880 cd20xrnt - ok
09:05:37.0640 4880 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:05:37.0640 4880 Cdaudio - ok
09:05:37.0687 4880 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:05:37.0687 4880 Cdfs - ok
09:05:37.0718 4880 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:05:37.0718 4880 Cdrom - ok
09:05:37.0734 4880 Changer - ok
09:05:37.0796 4880 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:05:37.0796 4880 CmBatt - ok
09:05:37.0828 4880 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:05:37.0843 4880 CmdIde - ok
09:05:37.0890 4880 CnxtHdAudService (8e00f3c5697f967e3529309657e462cb) C:\WINDOWS\system32\drivers\CHDAU32.sys
09:05:37.0906 4880 CnxtHdAudService - ok
09:05:37.0937 4880 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:05:37.0937 4880 Compbatt - ok
09:05:37.0953 4880 Cpqarray - ok
09:05:37.0984 4880 dac2w2k - ok
09:05:38.0000 4880 dac960nt - ok
09:05:38.0031 4880 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys
09:05:38.0031 4880 Disk - ok
09:05:38.0109 4880 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:05:38.0125 4880 dmboot - ok
09:05:38.0140 4880 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:05:38.0156 4880 dmio - ok
09:05:38.0171 4880 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:05:38.0187 4880 dmload - ok
09:05:38.0218 4880 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:05:38.0218 4880 DMusic - ok
09:05:38.0234 4880 dpti2o - ok
09:05:38.0250 4880 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:05:38.0265 4880 drmkaud - ok
09:05:38.0312 4880 e1express (33dc2a5b6298633f4dd8e4d407cdf8b4) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
09:05:38.0312 4880 e1express - ok
09:05:38.0375 4880 e1yexpress (25c954c8e80eeca41dfc03946ef3fbf4) C:\WINDOWS\system32\DRIVERS\e1y5132.sys
09:05:38.0375 4880 e1yexpress - ok
09:05:38.0421 4880 f5ipfw (06babcfbe83453d1673878afa5d5b8c2) C:\WINDOWS\system32\drivers\urfltw2k.sys
09:05:38.0421 4880 f5ipfw - ok
09:05:38.0468 4880 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:05:38.0468 4880 Fastfat - ok
09:05:38.0531 4880 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
09:05:38.0531 4880 Fdc - ok
09:05:38.0546 4880 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:05:38.0546 4880 Fips - ok
09:05:38.0562 4880 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
09:05:38.0578 4880 Flpydisk - ok
09:05:38.0625 4880 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:05:38.0625 4880 FltMgr - ok
09:05:38.0656 4880 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:05:38.0656 4880 Fs_Rec - ok
09:05:38.0671 4880 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:05:38.0671 4880 Ftdisk - ok
09:05:38.0718 4880 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:05:38.0718 4880 GEARAspiWDM - ok
09:05:38.0781 4880 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:05:38.0781 4880 Gpc - ok
09:05:38.0843 4880 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:05:38.0843 4880 HDAudBus - ok
09:05:38.0890 4880 HECI (2df64415a28ce036ac6acec7645a996f) C:\WINDOWS\system32\DRIVERS\HECI.sys
09:05:38.0890 4880 HECI - ok
09:05:38.0937 4880 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:05:38.0937 4880 hidusb - ok
09:05:38.0953 4880 hpn - ok
09:05:39.0000 4880 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
09:05:39.0000 4880 HPZid412 - ok
09:05:39.0046 4880 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
09:05:39.0046 4880 HPZipr12 - ok
09:05:39.0093 4880 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
09:05:39.0093 4880 HPZius12 - ok
09:05:39.0140 4880 HSFHWAZL (03a51d7d5666df3d4331581b3a3109dc) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
09:05:39.0140 4880 HSFHWAZL - ok
09:05:39.0203 4880 HSF_DPV (d92272a376bba4a0ed61f92280d71a10) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
09:05:39.0218 4880 HSF_DPV - ok
09:05:39.0265 4880 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
09:05:39.0265 4880 HTTP - ok
09:05:39.0281 4880 i2omgmt - ok
09:05:39.0296 4880 i2omp - ok
09:05:39.0375 4880 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:05:39.0375 4880 i8042prt - ok
09:05:39.0656 4880 ialm (d1359e54d9755d28e56b17a352ab8aae) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
09:05:39.0734 4880 ialm - ok
09:05:39.0796 4880 iaStor (abfebc5f846c71afebd7f8f6ba740c03) C:\WINDOWS\system32\Drivers\iaStor.sys
09:05:39.0812 4880 iaStor - ok
09:05:39.0843 4880 IBMPMDRV (ff2dbf3b183516eec87dad241ec50e7a) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
09:05:39.0843 4880 IBMPMDRV - ok
09:05:39.0875 4880 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:05:39.0875 4880 Imapi - ok
09:05:39.0890 4880 ini910u - ok
09:05:39.0953 4880 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:05:39.0953 4880 IntelIde - ok
09:05:39.0984 4880 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:05:39.0984 4880 intelppm - ok
09:05:40.0000 4880 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:05:40.0015 4880 Ip6Fw - ok
09:05:40.0031 4880 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:05:40.0046 4880 IpFilterDriver - ok
09:05:40.0062 4880 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:05:40.0062 4880 IpInIp - ok
09:05:40.0093 4880 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:05:40.0093 4880 IpNat - ok
09:05:40.0125 4880 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:05:40.0125 4880 IPSec - ok
09:05:40.0171 4880 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
09:05:40.0171 4880 irda - ok
09:05:40.0203 4880 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:05:40.0203 4880 IRENUM - ok
09:05:40.0250 4880 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:05:40.0250 4880 isapnp - ok
09:05:40.0296 4880 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:05:40.0296 4880 Kbdclass - ok
09:05:40.0343 4880 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:05:40.0343 4880 kbdhid - ok
09:05:40.0390 4880 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:05:40.0406 4880 kmixer - ok
09:05:40.0453 4880 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
09:05:40.0453 4880 KSecDD - ok
09:05:40.0468 4880 lbrtfdc - ok
09:05:40.0531 4880 libusb0 (03e12dbfacf1aeb86c553b0db488fb81) C:\WINDOWS\system32\drivers\libusb0.sys
09:05:40.0531 4880 libusb0 - ok
09:05:40.0593 4880 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
09:05:40.0593 4880 lirsgt - ok
09:05:40.0656 4880 MBAMSwissArmy (0905dc0814d738cff53577a59ccd81e0) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
09:05:40.0656 4880 MBAMSwissArmy - ok
09:05:40.0703 4880 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
09:05:40.0703 4880 mcdbus - ok
09:05:40.0765 4880 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:05:40.0765 4880 mdmxsdk - ok
09:05:40.0828 4880 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:05:40.0828 4880 mnmdd - ok
09:05:40.0875 4880 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:05:40.0875 4880 Modem - ok
09:05:40.0921 4880 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:05:40.0921 4880 Mouclass - ok
09:05:40.0968 4880 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:05:40.0968 4880 mouhid - ok
09:05:41.0031 4880 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:05:41.0031 4880 MountMgr - ok
09:05:41.0046 4880 mraid35x - ok
09:05:41.0062 4880 MRxDAV (0a25b866933d126d1e831fd025a278c2) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:05:41.0062 4880 MRxDAV - ok
09:05:41.0125 4880 MRxSmb (d09b9f0b9960dd41e73127b7814c115f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:05:41.0125 4880 MRxSmb - ok
09:05:41.0156 4880 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:05:41.0156 4880 Msfs - ok
09:05:41.0203 4880 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:05:41.0203 4880 MSKSSRV - ok
09:05:41.0218 4880 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:05:41.0218 4880 MSPCLOCK - ok
09:05:41.0234 4880 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:05:41.0234 4880 MSPQM - ok
09:05:41.0281 4880 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:05:41.0281 4880 mssmbios - ok
09:05:41.0312 4880 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:05:41.0312 4880 MSTEE - ok
09:05:41.0343 4880 Mup (6546fe6639499fa4bef180bdf08266a1) C:\WINDOWS\system32\drivers\Mup.sys
09:05:41.0343 4880 Mup - ok
09:05:41.0390 4880 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:05:41.0390 4880 NABTSFEC - ok
09:05:41.0421 4880 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:05:41.0421 4880 NDIS - ok
09:05:41.0468 4880 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:05:41.0468 4880 NdisIP - ok
09:05:41.0484 4880 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:05:41.0484 4880 NdisTapi - ok
09:05:41.0500 4880 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:05:41.0500 4880 Ndisuio - ok
09:05:41.0515 4880 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:05:41.0515 4880 NdisWan - ok
09:05:41.0546 4880 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
09:05:41.0546 4880 NDProxy - ok
09:05:41.0609 4880 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:05:41.0609 4880 NetBIOS - ok
09:05:41.0625 4880 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:05:41.0625 4880 NetBT - ok
09:05:41.0781 4880 NETw5x32 (a3b69acd14051ae87ab9e1823a508b6d) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
09:05:41.0843 4880 NETw5x32 - ok
09:05:41.0875 4880 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:05:41.0875 4880 NIC1394 - ok
09:05:41.0921 4880 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:05:41.0921 4880 Npfs - ok
09:05:41.0953 4880 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
09:05:41.0968 4880 NSCIRDA - ok
09:05:42.0000 4880 Ntfs (a0857c97770034fd2af17dc4014b5abd) C:\WINDOWS\system32\drivers\Ntfs.sys
09:05:42.0015 4880 Ntfs - ok
09:05:42.0078 4880 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:05:42.0078 4880 Null - ok
09:05:42.0109 4880 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:05:42.0109 4880 NwlnkFlt - ok
09:05:42.0125 4880 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:05:42.0125 4880 NwlnkFwd - ok
09:05:42.0171 4880 ohci1394 (29afb382b68bfd768651a68b12a550a5) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:05:42.0171 4880 ohci1394 - ok
09:05:42.0218 4880 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:05:42.0234 4880 Parport - ok
09:05:42.0250 4880 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:05:42.0250 4880 PartMgr - ok
09:05:42.0281 4880 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:05:42.0281 4880 ParVdm - ok
09:05:42.0296 4880 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:05:42.0296 4880 PCI - ok
09:05:42.0312 4880 PCIDump - ok
09:05:42.0343 4880 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:05:42.0359 4880 PCIIde - ok
09:05:42.0375 4880 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
09:05:42.0375 4880 Pcmcia - ok
09:05:42.0390 4880 PDCOMP - ok
09:05:42.0406 4880 PDFRAME - ok
09:05:42.0406 4880 PDRELI - ok
09:05:42.0437 4880 PDRFRAME - ok
09:05:42.0453 4880 perc2 - ok
09:05:42.0484 4880 perc2hib - ok
09:05:42.0562 4880 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:05:42.0578 4880 PptpMiniport - ok
09:05:42.0625 4880 psadd (271f3e304cf2a467188ef393c8fbd2b7) C:\WINDOWS\system32\DRIVERS\psadd.sys
09:05:42.0625 4880 psadd - ok
09:05:42.0640 4880 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:05:42.0640 4880 PSched - ok
09:05:42.0671 4880 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:05:42.0671 4880 Ptilink - ok
09:05:42.0734 4880 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:05:42.0734 4880 PxHelp20 - ok
09:05:42.0750 4880 ql1080 - ok
09:05:42.0765 4880 Ql10wnt - ok
09:05:42.0781 4880 ql12160 - ok
09:05:42.0796 4880 ql1240 - ok
09:05:42.0828 4880 ql1280 - ok
09:05:42.0859 4880 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:05:42.0859 4880 RasAcd - ok
09:05:42.0921 4880 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
09:05:42.0921 4880 Rasirda - ok
09:05:42.0953 4880 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:05:42.0953 4880 Rasl2tp - ok
09:05:42.0968 4880 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:05:42.0968 4880 RasPppoe - ok
09:05:43.0000 4880 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:05:43.0000 4880 Raspti - ok
09:05:43.0046 4880 Rdbss (9629383f70db691cb6aa5bbd828cd9a9) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:05:43.0046 4880 Rdbss - ok
09:05:43.0062 4880 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:05:43.0062 4880 RDPCDD - ok
09:05:43.0125 4880 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:05:43.0140 4880 rdpdr - ok
09:05:43.0203 4880 RDPWD (e8e3107243b16a549b88d145ec051b06) C:\WINDOWS\system32\drivers\RDPWD.sys
09:05:43.0203 4880 RDPWD - ok
09:05:43.0250 4880 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:05:43.0250 4880 redbook - ok
09:05:43.0312 4880 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
09:05:43.0312 4880 rimmptsk - ok
09:05:43.0328 4880 rimsptsk (c398bca91216755b098679a8da8a2300) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
09:05:43.0328 4880 rimsptsk - ok
09:05:43.0375 4880 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
09:05:43.0375 4880 RimVSerPort - ok
09:05:43.0390 4880 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
09:05:43.0390 4880 rismxdp - ok
09:05:43.0421 4880 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
09:05:43.0421 4880 ROOTMODEM - ok
09:05:43.0484 4880 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys
09:05:43.0484 4880 rspndr - ok
09:05:43.0625 4880 SASDIFSV - ok
09:05:43.0625 4880 SASKUTIL - ok
09:05:43.0734 4880 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
09:05:43.0734 4880 sdbus - ok
09:05:43.0781 4880 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:05:43.0781 4880 Secdrv - ok
09:05:43.0843 4880 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:05:43.0843 4880 Serenum - ok
09:05:43.0875 4880 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:05:43.0875 4880 Serial - ok
09:05:43.0921 4880 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:05:43.0921 4880 Sfloppy - ok
09:05:43.0953 4880 Simbad - ok
09:05:44.0000 4880 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:05:44.0000 4880 SLIP - ok
09:05:44.0031 4880 Sparrow - ok
09:05:44.0093 4880 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:05:44.0109 4880 splitter - ok
09:05:44.0187 4880 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:05:44.0187 4880 sr - ok
09:05:44.0250 4880 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
09:05:44.0250 4880 Srv - ok
09:05:44.0312 4880 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:05:44.0328 4880 streamip - ok
09:05:44.0359 4880 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:05:44.0375 4880 swenum - ok
09:05:44.0406 4880 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:05:44.0406 4880 swmidi - ok
09:05:44.0421 4880 symc810 - ok
09:05:44.0437 4880 symc8xx - ok
09:05:44.0468 4880 sym_hi - ok
09:05:44.0484 4880 sym_u3 - ok
09:05:44.0562 4880 SynTP (820d28f30ac01ce86860a35dcc7bfaab) C:\WINDOWS\system32\DRIVERS\SynTP.sys
09:05:44.0562 4880 SynTP - ok
09:05:44.0640 4880 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:05:44.0640 4880 sysaudio - ok
09:05:44.0703 4880 Tcpip (367de8e5f638c091f49273144274f629) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:05:44.0718 4880 Tcpip - ok
09:05:44.0781 4880 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:05:44.0781 4880 TDPIPE - ok
09:05:44.0843 4880 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:05:44.0843 4880 TDTCP - ok
09:05:44.0875 4880 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:05:44.0875 4880 TermDD - ok
09:05:44.0937 4880 tmactmon (0868d7c7a793987dc9a1e3a3b6904466) C:\WINDOWS\system32\drivers\tmactmon.sys
09:05:44.0937 4880 tmactmon - ok
09:05:45.0000 4880 tmcfw (61a50f88d4794e61ff0ae465acfdafb5) C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
09:05:45.0015 4880 tmcfw - ok
09:05:45.0062 4880 tmcomm (c4ddce6124bf6a711ab14d8153eac61d) C:\WINDOWS\system32\drivers\tmcomm.sys
09:05:45.0062 4880 tmcomm - ok
09:05:45.0093 4880 tmevtmgr (63660bb99905a6d78024467b3ec022a1) C:\WINDOWS\system32\drivers\tmevtmgr.sys
09:05:45.0093 4880 tmevtmgr - ok
09:05:45.0171 4880 TmFilter (717e406972bbc07f8fb2a989416cab73) C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys
09:05:45.0171 4880 TmFilter - ok
09:05:45.0187 4880 TmPreFilter (379c4f99994a56b66e11d1e32bb22a1c) C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys
09:05:45.0203 4880 TmPreFilter - ok
09:05:45.0296 4880 tmtdi (5f7f63884a8547981ee379b8c0fb3312) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
09:05:45.0296 4880 tmtdi - ok
09:05:45.0343 4880 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
09:05:45.0343 4880 TosIde - ok
09:05:45.0390 4880 tpm (3724dff72b0f5307cf761cc91c2bb9f7) C:\WINDOWS\system32\DRIVERS\tpm.sys
09:05:45.0390 4880 tpm - ok
09:05:45.0437 4880 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:05:45.0453 4880 Udfs - ok
09:05:45.0468 4880 ultra - ok
09:05:45.0531 4880 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:05:45.0531 4880 Update - ok
09:05:45.0593 4880 urvpndrv (e6264b89c494d2efbf0a51629089da0e) C:\WINDOWS\system32\DRIVERS\covpndrv.sys
09:05:45.0593 4880 urvpndrv - ok
09:05:45.0625 4880 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
09:05:45.0640 4880 USBAAPL - ok
09:05:45.0671 4880 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
09:05:45.0671 4880 usbaudio - ok
09:05:45.0703 4880 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:05:45.0718 4880 usbccgp - ok
09:05:45.0750 4880 usbehci (152ee0baa614388273a0b9ae9c9fd5a0) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:05:45.0765 4880 usbehci - ok
09:05:45.0781 4880 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:05:45.0781 4880 usbhub - ok
09:05:45.0828 4880 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:05:45.0828 4880 usbprint - ok
09:05:45.0890 4880 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:05:45.0890 4880 usbscan - ok
09:05:45.0953 4880 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:05:45.0953 4880 USBSTOR - ok
09:05:46.0000 4880 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:05:46.0000 4880 usbuhci - ok
09:05:46.0046 4880 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
09:05:46.0046 4880 usbvideo - ok
09:05:46.0093 4880 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:05:46.0093 4880 VgaSave - ok
09:05:46.0140 4880 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
09:05:46.0140 4880 ViaIde - ok
09:05:46.0156 4880 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:05:46.0156 4880 VolSnap - ok
09:05:46.0296 4880 VSApiNt (642eb152cb980ad9181b2161066be629) C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys
09:05:46.0296 4880 VSApiNt - ok
09:05:46.0328 4880 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:05:46.0328 4880 Wanarp - ok
09:05:46.0390 4880 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
09:05:46.0390 4880 Wdf01000 - ok
09:05:46.0406 4880 WDICA - ok
09:05:46.0437 4880 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:05:46.0437 4880 wdmaud - ok
09:05:46.0500 4880 winachsf (ed10a3d367dd5596506022d5e2a3cba0) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:05:46.0500 4880 winachsf - ok
09:05:46.0546 4880 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
09:05:46.0546 4880 WmiAcpi - ok
09:05:46.0593 4880 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
09:05:46.0593 4880 WpdUsb - ok
09:05:46.0640 4880 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:05:46.0656 4880 WSTCODEC - ok
09:05:46.0703 4880 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:05:46.0718 4880 WudfPf - ok
09:05:46.0750 4880 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:05:46.0750 4880 WudfRd - ok
09:05:46.0796 4880 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:05:46.0937 4880 \Device\Harddisk0\DR0 - ok
09:05:46.0937 4880 Boot (0x1200) (818c7f2e69af538a6ba780a70ffc3b8d) \Device\Harddisk0\DR0\Partition0
09:05:46.0937 4880 \Device\Harddisk0\DR0\Partition0 - ok
09:05:46.0937 4880 ============================================================
09:05:46.0937 4880 Scan finished
09:05:46.0937 4880 ============================================================
09:05:46.0953 1628 Detected object count: 0
09:05:46.0953 1628 Actual detected object count: 0

[Maxihup]

Wierd results for aswMBR scan:


3ÀŽÐ¼ |ûPPü¾|¿PW¹å
ó¤Ë½¾±8n | uƒÅâôÍ‹õƒÆIt8,tö µ´‹ð¬< tü» ´ÍëòˆNèF s*þF€~t€~t ¶uÒ€FƒFƒV
è! s ¶ë¼�>þ}Uªt€~ tÈ ·ë©‹üW‹õË¿ ŠV ´Ír#ŠÁ$?˜ŠÞŠüC÷ã‹Ñ†Ö±ÒîB÷â9V
w#r9Fs¸
» |‹N‹V ÍsQOtN2äŠV ÍëäŠV `»ªU´AÍr6�ûUªu0öÁ
t+a`j j ÿv
ÿvj h |j
j´B‹ôÍaasOt2äŠV ÍëÖaùÃInvalid partition table Error loading operating system Missing operating system ,Dc>}4i €

ïÿÿ? ц¡ Uª





Have not rebooted or quit aswMBR yet. Waiting on your advise. Should I fixMBR?

Edited by Maxihup, 18 November 2011 - 10:47 AM.

[maliprog]

Please DO NOT PRESS any button. Close aswMBR and test your system. Restart it one more time and test it again. Is there any problems now?

[Maxihup]

Working ok but not 100%


Has these issues:

Gives found new hardware dialog on startup. Have not let it complete.

Outlook express popup(I don't use outlook express): To free up disk space outlook express can compact messages.

Canceled out of both of those.

When I hit the delete key it tries to open an installer dialog. Hit cancel and another installer opens, says it is for Roxio creator but i am not sure it is. cancel out of that.

[maliprog]

I'm not using outlook too but I don't think that malware has anything to do with then...we'll see

If it is really windows message about "found new hardware dialog" then let windows install it. Maybe malware infected some of your drivers and windows need to replace them.

If you don't know that message is genuine then print screen it for me and I'll try to figure it out.

To do this

• Press Alt and Print Screen button on your keyboard
• Open Paint program
• From the menu choose Edit then Paste
• Now save the picture and attach it here for me.

After that let's see new OTL log from your system.

• Run OTL.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.