Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

.dll not valid windows image, XP Security 2012

Started by gopher669 , Dec 21 2011 09:44 PM

  • Please log in to reply

#1
gopher669
Posted 21 December 2011 - 09:44 PM

gopher669

    Member

  • Member
  • PipPip
  • 21 posts
It started with a "xxxxxxxx.dll is not a valid windows image" box every time I booted the computer (actually came up 6 times during booting). Then added the Windows XP Security 2012 problem. I seemed to have gotten rid of those two (among others) by running MBAM, SUPERAntiSpyware, and the downloadable Kaspersky Virus Removal Tool. However, I'm guessing there's something still there as I'm getting the occasional random tab openings in Firefox.

I've tried running OTL (including the alternate versions), but keep getting an error message: OTL has encountered a problem and needs to close.

Hoping for a little help to get completely clean.
  • 0

Advertisements

#2
RKinner
Posted 28 December 2011 - 01:46 AM

RKinner

    Malware Expert

  • Expert
  • 24,638 posts
  • MVP
ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Do the following:
Start -> Run
type diskmgmt.msc
Click "OK"

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.
http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.


Run OTL, Quickscan and post the log.

Ron
  • 0

#3
gopher669
Posted 28 December 2011 - 10:52 PM

gopher669

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Here's a summary of what happened:

Combofix - found a Rootkit and computer rebooted a few times before getting through it. Did get one error saying PEV.exe encountered a problem and needs to close. Log attached.

TDSSKiller - ran fine, log attached.

aswMBR - ran fine, log attached (Fix botton not enabled)

Malwarebyes - couldn't get it to run. have been able to get previous versions to run half a dozen times or so. New version kept giving me the Malwarebytes Anti-Malware encountered a problem and needs to close.

diskmgmt - screen shot attached.

OTL - couldn't get it to run. OTL encountered a problem and needs to close.

Combofix log:
ComboFix 11-12-28.03 - Kel 12/28/2011 18:47:13.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.289 [GMT -6:00]
Running from: c:\documents and settings\Kel\Desktop\ComboFix.exe
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\program files\AskSearch\bin\DeFAultsearch.dll
c:\windows\$NtUninstallKB43867$
c:\windows\$NtUninstallKB43867$\2993891252
c:\windows\$NtUninstallKB43867$\752650119\@
c:\windows\$NtUninstallKB43867$\752650119\bckfg.tmp
c:\windows\$NtUninstallKB43867$\752650119\cfg.ini
c:\windows\$NtUninstallKB43867$\752650119\Desktop.ini
c:\windows\$NtUninstallKB43867$\752650119\keywords
c:\windows\$NtUninstallKB43867$\752650119\kwrd.dll
c:\windows\$NtUninstallKB43867$\752650119\L\asobptkf
c:\windows\$NtUninstallKB43867$\752650119\lsflt7.ver
c:\windows\$NtUninstallKB43867$\752650119\U\00000001.@
c:\windows\$NtUninstallKB43867$\752650119\U\00000002.@
c:\windows\$NtUninstallKB43867$\752650119\U\00000004.@
c:\windows\$NtUninstallKB43867$\752650119\U\80000000.@
c:\windows\$NtUninstallKB43867$\752650119\U\80000004.@
c:\windows\$NtUninstallKB43867$\752650119\U\80000032.@
c:\windows\Downloaded Program Files\Temp
c:\windows\system32\13712.exe
c:\windows\system32\14556.exe
c:\windows\system32\16192.exe
c:\windows\system32\21040.exe
c:\windows\system32\25974.exe
c:\windows\system32\28178.exe
c:\windows\system32\6241.exe
c:\windows\system32\6384.exe
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))
.
.
2011-12-17 02:55 . 2011-12-17 02:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-12-16 04:13 . 2011-12-16 13:45 -------- d-----w- c:\documents and settings\Kel\Application Data\Melanu
2011-12-16 04:13 . 2011-12-16 04:13 -------- d-----w- c:\documents and settings\Kel\Application Data\Inny
2011-12-15 16:15 . 2011-12-15 16:15 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2011-12-10 14:25 . 2011-12-10 14:25 -------- d-----w- c:\documents and settings\Kel\Application Data\SUPERAntiSpyware.com
2011-12-10 14:25 . 2011-12-10 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-12-10 01:40 . 2010-11-09 19:56 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-10 01:40 . 2010-11-09 19:56 27984 ----a-w- c:\windows\system32\sbbd.exe
2011-12-10 01:38 . 2011-12-10 06:36 -------- d-----w- C:\VIPRERESCUE
2011-12-03 21:42 . 2011-12-03 21:42 -------- d-s---w- c:\documents and settings\NetworkService\UserData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-08 02:48 . 2002-08-29 11:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-11-19 17:39 . 2011-05-14 01:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-08 22:01 . 2011-10-08 22:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-08 22:01 . 2008-05-17 16:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-10 02:40 . 2011-05-10 03:14 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-08-21 151552]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-10-26 4632576]
"nwiz"="nwiz.exe" [2004-10-26 921600]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-12-12 217088]
"VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-09 122880]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 212992]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2003-08-18 163840]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-22 229437]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-02-27 151597]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"ZCfgSvc.exe"="c:\windows\system32\ZCfgSvc.exe" [2005-07-05 639040]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2005-06-27 135168]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-12-18 197928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-4-29 1787224]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-2-26 24576]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-4-27 635019]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2005-07-05 06:33 188482 ----a-w- c:\windows\SYSTEM32\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 SBRE;SBRE;c:\windows\SYSTEM32\DRIVERS\SBREDrv.sys [12/9/2011 7:40 PM 98392]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [12/18/2009 11:25 AM 189736]
R3 NaiFiltr;NaiFiltr;c:\windows\SYSTEM32\DRIVERS\NaiFiltr.sys [3/10/2004 4:36 PM 23296]
S0 gftsh;gftsh;c:\windows\system32\drivers\fkdwu.sys --> c:\windows\system32\drivers\fkdwu.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Kel\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Kel\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Kel\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Kel\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2011-12-18 c:\windows\Tasks\HP DArC Task 2003-04-11 09:53ewlett-PackardHewlett-Packard Companyeskjet36002003-04-11 21:25N3AQ3F3FB6B.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-04-11 21:25]
.
2004-03-03 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 07:56]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo....//www.yahoo.com
mStart Page = about:blank
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Save with Download Manager... - file://c:\program files\WOW! Music\DMDownload.htm
Trusted Zone: intuit.com\ttlc
Trusted Zone: oaklandcc.edu\webreg
TCP: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
DPF: {18F616CD-4B28-4C47-815A-560AC6A33C8D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-emerald-city-confidential/EmeraldCityConfidential_Web.1.0.0.9.cab
DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} - hxxp://aolsvc.aol.com/onlinegames/free-trial-nightshift-legacy-the-jaguars-eye/Nightshift2Web.1.0.0.9.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/iwincarambadeluxe/zylomgamesplayer.cab
DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://ll.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab
DPF: {FCB28D51-A017-46B2-9FB3-F7BFD53B2E42} - hxxp://aolsvc.aol.com/onlinegames/free-trial-decadence-by-design/Chocolatier3Web.1.0.0.6.cab
FF - ProfilePath - c:\documents and settings\Kel\Application Data\Mozilla\Firefox\Profiles\isswyepi.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 62020
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Sonic RecordNow! - (no file)
HKCU-Run-MoneyAgent - c:\program files\Microsoft Money\System\mnyexpr.exe
HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-CarboniteSetupLite - c:\program files\Carbonite\CarbonitePreinstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-28 19:15
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\LgNotify.dll
.
- - - - - - - > 'explorer.exe'(2600)
c:\progra~1\mcafee.com\vso\McVSSkt.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\S24EvMon.exe
c:\windows\system32\1XConfig.exe
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\progra~1\mcafee.com\agent\mctskshd.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\progra~1\mcafee.com\vso\mcvsrte.exe
c:\windows\System32\nvsvc32.exe
c:\windows\system32\RegSrvc.exe
c:\windows\System32\ScsiAccess.EXE
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcshield.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-12-28 19:23:35 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-29 01:23
.
Pre-Run: 11,449,188,352 bytes free
Post-Run: 12,309,311,488 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - DA52532B5E1E51F570B6621095E3CECB



TDSSKiller (Run 1):
19:28:51.0616 3412 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
19:28:52.0036 3412 ============================================================
19:28:52.0036 3412 Current date / time: 2011/12/28 19:28:52.0036
19:28:52.0036 3412 SystemInfo:
19:28:52.0036 3412
19:28:52.0036 3412 OS Version: 5.1.2600 ServicePack: 2.0
19:28:52.0036 3412 Product type: Workstation
19:28:52.0036 3412 ComputerName: KELLY
19:28:52.0036 3412 UserName: Kel
19:28:52.0036 3412 Windows directory: C:\WINDOWS
19:28:52.0036 3412 System windows directory: C:\WINDOWS
19:28:52.0036 3412 Processor architecture: Intel x86
19:28:52.0036 3412 Number of processors: 1
19:28:52.0036 3412 Page size: 0x1000
19:28:52.0036 3412 Boot type: Normal boot
19:28:52.0036 3412 ============================================================
19:28:54.0370 3412 Initialize success
19:29:13.0728 3792 ============================================================
19:29:13.0728 3792 Scan started
19:29:13.0728 3792 Mode: Manual;
19:29:13.0728 3792 ============================================================
19:29:15.0610 3792 Abiosdsk - ok
19:29:15.0700 3792 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
19:29:15.0720 3792 abp480n5 - ok
19:29:15.0791 3792 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:29:15.0831 3792 ACPI - ok
19:29:15.0891 3792 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:29:15.0911 3792 ACPIEC - ok
19:29:15.0951 3792 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
19:29:15.0991 3792 adpu160m - ok
19:29:16.0091 3792 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
19:29:16.0111 3792 aec - ok
19:29:16.0151 3792 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
19:29:16.0171 3792 AegisP - ok
19:29:16.0221 3792 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
19:29:16.0261 3792 AFD - ok
19:29:16.0321 3792 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
19:29:16.0331 3792 AFS2K - ok
19:29:16.0562 3792 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
19:29:16.0572 3792 agp440 - ok
19:29:16.0622 3792 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
19:29:16.0642 3792 agpCPQ - ok
19:29:16.0682 3792 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
19:29:16.0702 3792 Aha154x - ok
19:29:16.0762 3792 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
19:29:16.0792 3792 aic78u2 - ok
19:29:16.0832 3792 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
19:29:16.0862 3792 aic78xx - ok
19:29:16.0942 3792 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
19:29:16.0952 3792 AliIde - ok
19:29:16.0972 3792 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\System32\DRIVERS\alim1541.sys
19:29:16.0982 3792 alim1541 - ok
19:29:17.0012 3792 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\System32\DRIVERS\amdagp.sys
19:29:17.0022 3792 amdagp - ok
19:29:17.0072 3792 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
19:29:17.0082 3792 amsint - ok
19:29:17.0142 3792 ApfiltrService (42860ba463d5c9c58a91d1ad208169a9) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
19:29:17.0152 3792 ApfiltrService - ok
19:29:17.0223 3792 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:29:17.0233 3792 Arp1394 - ok
19:29:17.0303 3792 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
19:29:17.0313 3792 asc - ok
19:29:17.0443 3792 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
19:29:17.0463 3792 asc3350p - ok
19:29:17.0543 3792 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
19:29:17.0563 3792 asc3550 - ok
19:29:17.0643 3792 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:29:17.0663 3792 AsyncMac - ok
19:29:17.0703 3792 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:29:17.0703 3792 atapi - ok
19:29:17.0723 3792 Atdisk - ok
19:29:17.0763 3792 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:29:17.0783 3792 Atmarpc - ok
19:29:17.0843 3792 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:29:17.0853 3792 audstub - ok
19:29:17.0904 3792 bcm4sbxp (068523d2cd260069b19ad68adea0d739) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
19:29:17.0924 3792 bcm4sbxp - ok
19:29:17.0964 3792 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:29:17.0974 3792 Beep - ok
19:29:18.0134 3792 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
19:29:18.0154 3792 BrScnUsb - ok
19:29:18.0364 3792 BrSerIf (1a5fc78e41840edf79d65ec16eff2787) C:\WINDOWS\system32\Drivers\BrSerIf.sys
19:29:18.0384 3792 BrSerIf - ok
19:29:18.0424 3792 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
19:29:18.0444 3792 BrUsbSer - ok
19:29:18.0464 3792 bvrp_pci - ok
19:29:18.0484 3792 catchme - ok
19:29:18.0544 3792 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
19:29:18.0555 3792 cbidf - ok
19:29:18.0585 3792 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:29:18.0595 3792 cbidf2k - ok
19:29:18.0615 3792 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
19:29:18.0625 3792 cd20xrnt - ok
19:29:18.0685 3792 CdaC15BA (f76cb7259aa575cc53f3996bc6b68c18) C:\WINDOWS\system32\drivers\CDAC15BA.SYS
19:29:18.0695 3792 CdaC15BA - ok
19:29:18.0855 3792 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:29:18.0865 3792 Cdaudio - ok
19:29:18.0935 3792 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
19:29:18.0945 3792 Cdfs - ok
19:29:18.0985 3792 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:29:18.0995 3792 Cdrom - ok
19:29:19.0015 3792 Changer - ok
19:29:19.0105 3792 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:29:19.0115 3792 CmBatt - ok
19:29:19.0165 3792 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
19:29:19.0185 3792 CmdIde - ok
19:29:19.0225 3792 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:29:19.0245 3792 Compbatt - ok
19:29:19.0286 3792 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
19:29:19.0306 3792 Cpqarray - ok
19:29:19.0376 3792 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
19:29:19.0416 3792 dac2w2k - ok
19:29:19.0466 3792 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
19:29:19.0486 3792 dac960nt - ok
19:29:19.0546 3792 DcCam (6f9ea0f7edd83a67b52482df721a5fa4) C:\WINDOWS\system32\DRIVERS\DcCam.sys
19:29:19.0556 3792 DcCam - ok
19:29:19.0626 3792 DcFpoint (cbb5f72a33fa4013acd8e9a2382e898b) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
19:29:19.0656 3792 DcFpoint - ok
19:29:19.0696 3792 DCFS2K (8214bfcbcf2ed5751b1db9288dae88ca) C:\WINDOWS\system32\drivers\dcfs2k.sys
19:29:19.0726 3792 DCFS2K - ok
19:29:19.0947 3792 DcLps (b4b9ed249a335aba7afd7dd71917be69) C:\WINDOWS\system32\DRIVERS\DcLps.sys
19:29:19.0957 3792 DcLps - ok
19:29:20.0017 3792 DcPTP (4ec04b31ac8870e9cb1c5379c54ee49d) C:\WINDOWS\system32\DRIVERS\DcPTP.sys
19:29:20.0067 3792 DcPTP - ok
19:29:20.0127 3792 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
19:29:20.0147 3792 Disk - ok
19:29:20.0227 3792 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
19:29:20.0297 3792 dmboot - ok
19:29:20.0347 3792 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
19:29:20.0377 3792 dmio - ok
19:29:20.0417 3792 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:29:20.0427 3792 dmload - ok
19:29:20.0487 3792 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
19:29:20.0497 3792 DMusic - ok
19:29:20.0587 3792 Dot4 (ad7fc1963b152b3728e3c4f83554a576) C:\WINDOWS\system32\DRIVERS\Dot4.sys
19:29:20.0607 3792 Dot4 - ok
19:29:20.0658 3792 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
19:29:20.0668 3792 Dot4Print - ok
19:29:20.0858 3792 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
19:29:20.0868 3792 dpti2o - ok
19:29:20.0918 3792 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
19:29:20.0928 3792 drmkaud - ok
19:29:20.0978 3792 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:\WINDOWS\system32\drivers\drvmcdb.sys
19:29:20.0998 3792 drvmcdb - ok
19:29:21.0028 3792 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\WINDOWS\system32\drivers\drvnddm.sys
19:29:21.0068 3792 drvnddm - ok
19:29:21.0218 3792 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
19:29:21.0228 3792 DSproct - ok
19:29:21.0298 3792 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
19:29:21.0318 3792 dsunidrv - ok
19:29:21.0369 3792 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
19:29:21.0379 3792 EL90XBC - ok
19:29:21.0469 3792 Exportit (6ee877616dcbd14fe34807bcd4418289) C:\WINDOWS\system32\DRIVERS\exportit.sys
19:29:21.0479 3792 Exportit - ok
19:29:21.0509 3792 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
19:29:21.0519 3792 Fastfat - ok
19:29:21.0579 3792 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:29:21.0589 3792 Fdc - ok
19:29:21.0679 3792 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
19:29:21.0689 3792 Fips - ok
19:29:21.0819 3792 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:29:21.0829 3792 Flpydisk - ok
19:29:21.0879 3792 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
19:29:21.0899 3792 FltMgr - ok
19:29:21.0979 3792 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:29:21.0989 3792 Fs_Rec - ok
19:29:22.0090 3792 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:29:22.0130 3792 Ftdisk - ok
19:29:22.0170 3792 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
19:29:22.0190 3792 GEARAspiWDM - ok
19:29:22.0220 3792 gftsh - ok
19:29:22.0300 3792 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:29:22.0320 3792 Gpc - ok
19:29:22.0390 3792 gv3 (01cdb5b4649fae249e787a83be22916a) C:\WINDOWS\system32\DRIVERS\gv3.sys
19:29:22.0400 3792 gv3 - ok
19:29:22.0460 3792 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:29:22.0470 3792 HidUsb - ok
19:29:22.0510 3792 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
19:29:22.0520 3792 hpn - ok
19:29:22.0580 3792 HSFHWICH (dd33c6b441ca381f8fc82b06be2e2cac) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
19:29:22.0600 3792 HSFHWICH - ok
19:29:22.0751 3792 HSF_DP (272914d8e356bbbffbe7e88871a188ef) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
19:29:22.0861 3792 HSF_DP - ok
19:29:22.0951 3792 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
19:29:22.0991 3792 HTTP - ok
19:29:23.0061 3792 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
19:29:23.0081 3792 i2omgmt - ok
19:29:23.0191 3792 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\System32\DRIVERS\i2omp.sys
19:29:23.0211 3792 i2omp - ok
19:29:23.0391 3792 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:29:23.0422 3792 i8042prt - ok
19:29:23.0472 3792 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
19:29:23.0512 3792 i81x - ok
19:29:23.0602 3792 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
19:29:23.0622 3792 iAimFP0 - ok
19:29:23.0692 3792 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
19:29:23.0712 3792 iAimFP1 - ok
19:29:23.0742 3792 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
19:29:23.0762 3792 iAimFP2 - ok
19:29:23.0852 3792 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
19:29:23.0872 3792 iAimFP3 - ok
19:29:24.0022 3792 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
19:29:24.0042 3792 iAimFP4 - ok
19:29:24.0123 3792 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
19:29:24.0143 3792 iAimTV0 - ok
19:29:24.0183 3792 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
19:29:24.0193 3792 iAimTV1 - ok
19:29:24.0243 3792 iAimTV2 - ok
19:29:24.0303 3792 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
19:29:24.0313 3792 iAimTV3 - ok
19:29:24.0463 3792 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
19:29:24.0473 3792 iAimTV4 - ok
19:29:24.0563 3792 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:29:24.0573 3792 Imapi - ok
19:29:24.0633 3792 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
19:29:24.0643 3792 ini910u - ok
19:29:24.0723 3792 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:29:24.0733 3792 IntelIde - ok
19:29:24.0793 3792 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:29:24.0814 3792 intelppm - ok
19:29:24.0874 3792 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
19:29:24.0884 3792 ip6fw - ok
19:29:25.0024 3792 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:29:25.0034 3792 IpFilterDriver - ok
19:29:25.0094 3792 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:29:25.0104 3792 IpInIp - ok
19:29:25.0174 3792 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:29:25.0184 3792 IpNat - ok
19:29:25.0234 3792 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:29:25.0244 3792 IPSec - ok
19:29:25.0294 3792 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:29:25.0304 3792 IRENUM - ok
19:29:25.0374 3792 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:29:25.0394 3792 isapnp - ok
19:29:25.0434 3792 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:29:25.0444 3792 Kbdclass - ok
19:29:25.0494 3792 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:29:25.0504 3792 kbdhid - ok
19:29:25.0565 3792 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
19:29:25.0595 3792 kmixer - ok
19:29:25.0785 3792 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
19:29:25.0795 3792 KSecDD - ok
19:29:25.0905 3792 lbrtfdc - ok
19:29:26.0035 3792 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:29:26.0055 3792 mdmxsdk - ok
19:29:26.0185 3792 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:29:26.0195 3792 mnmdd - ok
19:29:26.0246 3792 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
19:29:26.0266 3792 Modem - ok
19:29:26.0326 3792 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:29:26.0346 3792 Mouclass - ok
19:29:26.0456 3792 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:29:26.0476 3792 mouhid - ok
19:29:26.0536 3792 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
19:29:26.0556 3792 MountMgr - ok
19:29:26.0616 3792 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
19:29:26.0636 3792 mraid35x - ok
19:29:26.0716 3792 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:29:26.0746 3792 MRxDAV - ok
19:29:26.0896 3792 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:29:26.0937 3792 MRxSmb - ok
19:29:27.0047 3792 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
19:29:27.0057 3792 Msfs - ok
19:29:27.0137 3792 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:29:27.0147 3792 MSKSSRV - ok
19:29:27.0217 3792 msloop (64e8b7c65eb4796939c0f64f8170821b) C:\WINDOWS\system32\DRIVERS\loop.sys
19:29:27.0227 3792 msloop - ok
19:29:27.0267 3792 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:29:27.0277 3792 MSPCLOCK - ok
19:29:27.0307 3792 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
19:29:27.0307 3792 MSPQM - ok
19:29:27.0387 3792 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:29:27.0397 3792 mssmbios - ok
19:29:27.0447 3792 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
19:29:27.0457 3792 Mup - ok
19:29:27.0497 3792 NaiFiltr (102de6d24087fb53ad47ca059a32fb66) C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys
19:29:27.0537 3792 NaiFiltr - ok
19:29:27.0628 3792 NAL (ebbef7d3ddeb24239ab8d067f3a27ccf) C:\WINDOWS\system32\Drivers\iqvw32.sys
19:29:27.0638 3792 NAL - ok
19:29:27.0738 3792 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
19:29:27.0748 3792 NDIS - ok
19:29:27.0848 3792 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:29:27.0868 3792 NdisTapi - ok
19:29:27.0928 3792 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:29:27.0948 3792 Ndisuio - ok
19:29:28.0018 3792 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:29:28.0038 3792 NdisWan - ok
19:29:28.0158 3792 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
19:29:28.0178 3792 NDProxy - ok
19:29:28.0208 3792 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:29:28.0228 3792 NetBIOS - ok
19:29:28.0299 3792 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:29:28.0329 3792 NetBT - ok
19:29:28.0409 3792 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:29:28.0419 3792 NIC1394 - ok
19:29:28.0459 3792 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
19:29:28.0469 3792 Npfs - ok
19:29:28.0529 3792 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
19:29:28.0589 3792 Ntfs - ok
19:29:28.0689 3792 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:29:28.0699 3792 Null - ok
19:29:28.0949 3792 nv (9e4b052c76949de445ad6439cd473548) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:29:29.0160 3792 nv - ok
19:29:29.0350 3792 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:29:29.0360 3792 NwlnkFlt - ok
19:29:29.0410 3792 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:29:29.0420 3792 NwlnkFwd - ok
19:29:29.0470 3792 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:29:29.0490 3792 ohci1394 - ok
19:29:29.0580 3792 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
19:29:29.0600 3792 omci - ok
19:29:29.0650 3792 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys
19:29:29.0660 3792 P3 - ok
19:29:29.0781 3792 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
19:29:29.0791 3792 Parport - ok
19:29:29.0851 3792 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
19:29:29.0861 3792 PartMgr - ok
19:29:29.0901 3792 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:29:29.0911 3792 ParVdm - ok
19:29:29.0941 3792 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
19:29:29.0951 3792 PCI - ok
19:29:29.0971 3792 PCIDump - ok
19:29:30.0001 3792 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:29:30.0011 3792 PCIIde - ok
19:29:30.0041 3792 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
19:29:30.0061 3792 Pcmcia - ok
19:29:30.0081 3792 PDCOMP - ok
19:29:30.0101 3792 PDFRAME - ok
19:29:30.0131 3792 PDRELI - ok
19:29:30.0151 3792 PDRFRAME - ok
19:29:30.0241 3792 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
19:29:30.0261 3792 perc2 - ok
19:29:30.0371 3792 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
19:29:30.0382 3792 perc2hib - ok
19:29:30.0462 3792 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:29:30.0482 3792 PptpMiniport - ok
19:29:30.0502 3792 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
19:29:30.0522 3792 Processor - ok
19:29:30.0552 3792 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
19:29:30.0572 3792 PSched - ok
19:29:30.0602 3792 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:29:30.0612 3792 Ptilink - ok
19:29:30.0672 3792 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
19:29:30.0712 3792 PxHelp20 - ok
19:29:30.0752 3792 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
19:29:30.0782 3792 ql1080 - ok
19:29:30.0822 3792 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
19:29:30.0842 3792 Ql10wnt - ok
19:29:31.0022 3792 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
19:29:31.0042 3792 ql12160 - ok
19:29:31.0123 3792 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
19:29:31.0133 3792 ql1240 - ok
19:29:31.0173 3792 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
19:29:31.0183 3792 ql1280 - ok
19:29:31.0223 3792 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:29:31.0233 3792 RasAcd - ok
19:29:31.0283 3792 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:29:31.0293 3792 Rasl2tp - ok
19:29:31.0323 3792 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:29:31.0343 3792 RasPppoe - ok
19:29:31.0363 3792 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:29:31.0373 3792 Raspti - ok
19:29:31.0423 3792 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:29:31.0433 3792 Rdbss - ok
19:29:31.0483 3792 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:29:31.0493 3792 RDPCDD - ok
19:29:31.0573 3792 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:29:31.0603 3792 rdpdr - ok
19:29:31.0824 3792 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
19:29:31.0864 3792 RDPWD - ok
19:29:31.0934 3792 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:29:31.0944 3792 redbook - ok
19:29:32.0044 3792 s24trans (423ae506c8d55bba9e429eeeec035a40) C:\WINDOWS\system32\DRIVERS\s24trans.sys
19:29:32.0054 3792 s24trans - ok
19:29:32.0274 3792 SASDIFSV - ok
19:29:32.0294 3792 SASKUTIL - ok
19:29:32.0434 3792 SbcpHid (30d94039a729571146eb9d736ec1aadd) C:\WINDOWS\system32\Drivers\SbcpHid.sys
19:29:32.0454 3792 SbcpHid - ok
19:29:32.0635 3792 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\WINDOWS\system32\drivers\SBREdrv.sys
19:29:32.0655 3792 SBRE - ok
19:29:32.0695 3792 SDDMI2 - ok
19:29:32.0785 3792 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:29:32.0795 3792 Secdrv - ok
19:29:32.0855 3792 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:29:32.0875 3792 serenum - ok
19:29:32.0925 3792 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
19:29:32.0945 3792 Serial - ok
19:29:33.0055 3792 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
19:29:33.0075 3792 Sfloppy - ok
19:29:33.0115 3792 Simbad - ok
19:29:33.0206 3792 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\System32\DRIVERS\sisagp.sys
19:29:33.0216 3792 sisagp - ok
19:29:33.0246 3792 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
19:29:33.0256 3792 Sparrow - ok
19:29:33.0396 3792 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
19:29:33.0406 3792 splitter - ok
19:29:33.0576 3792 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
19:29:33.0586 3792 sr - ok
19:29:33.0646 3792 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
19:29:33.0686 3792 Srv - ok
19:29:33.0836 3792 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\WINDOWS\system32\drivers\sscdbhk5.sys
19:29:33.0846 3792 sscdbhk5 - ok
19:29:33.0937 3792 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\WINDOWS\system32\drivers\ssrtln.sys
19:29:33.0957 3792 ssrtln - ok
19:29:34.0017 3792 STAC97 (eef5877a1bfc9684d7e2435fdd3c5853) C:\WINDOWS\system32\drivers\STAC97.sys
19:29:34.0047 3792 STAC97 - ok
19:29:34.0127 3792 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:29:34.0137 3792 swenum - ok
19:29:34.0177 3792 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
19:29:34.0187 3792 swmidi - ok
19:29:34.0317 3792 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
19:29:34.0327 3792 symc810 - ok
19:29:34.0437 3792 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
19:29:34.0447 3792 symc8xx - ok
19:29:34.0558 3792 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
19:29:34.0578 3792 sym_hi - ok
19:29:34.0608 3792 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
19:29:34.0638 3792 sym_u3 - ok
19:29:34.0698 3792 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
19:29:34.0728 3792 sysaudio - ok
19:29:34.0818 3792 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:29:34.0878 3792 Tcpip - ok
19:29:34.0938 3792 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:29:34.0948 3792 TDPIPE - ok
19:29:34.0978 3792 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
19:29:34.0988 3792 TDTCP - ok
19:29:35.0038 3792 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:29:35.0038 3792 TermDD - ok
19:29:35.0148 3792 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:\WINDOWS\system32\dla\tfsnboio.sys
19:29:35.0158 3792 tfsnboio - ok
19:29:35.0188 3792 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:\WINDOWS\system32\dla\tfsncofs.sys
19:29:35.0198 3792 tfsncofs - ok
19:29:35.0279 3792 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:\WINDOWS\system32\dla\tfsndrct.sys
19:29:35.0289 3792 tfsndrct - ok
19:29:35.0329 3792 tfsndres (130254995ebedcb34d62e8d78ec9dbd0) C:\WINDOWS\system32\dla\tfsndres.sys
19:29:35.0339 3792 tfsndres - ok
19:29:35.0419 3792 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:\WINDOWS\system32\dla\tfsnifs.sys
19:29:35.0449 3792 tfsnifs - ok
19:29:35.0559 3792 tfsnopio (818047ad850b312705aa17ca96b9427d) C:\WINDOWS\system32\dla\tfsnopio.sys
19:29:35.0579 3792 tfsnopio - ok
19:29:35.0619 3792 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:\WINDOWS\system32\dla\tfsnpool.sys
19:29:35.0629 3792 tfsnpool - ok
19:29:35.0659 3792 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:\WINDOWS\system32\dla\tfsnudf.sys
19:29:35.0679 3792 tfsnudf - ok
19:29:35.0769 3792 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:\WINDOWS\system32\dla\tfsnudfa.sys
19:29:35.0789 3792 tfsnudfa - ok
19:29:35.0940 3792 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
19:29:35.0950 3792 TosIde - ok
19:29:36.0070 3792 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
19:29:36.0080 3792 Udfs - ok
19:29:36.0190 3792 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
19:29:36.0220 3792 ultra - ok
19:29:36.0320 3792 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
19:29:36.0350 3792 Update - ok
19:29:36.0410 3792 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:29:36.0420 3792 USBAAPL - ok
19:29:36.0480 3792 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:29:36.0490 3792 usbccgp - ok
19:29:36.0540 3792 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:29:36.0550 3792 usbehci - ok
19:29:36.0600 3792 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:29:36.0610 3792 usbhub - ok
19:29:36.0741 3792 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:29:36.0741 3792 usbprint - ok
19:29:36.0791 3792 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:29:36.0801 3792 usbscan - ok
19:29:36.0881 3792 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:29:36.0891 3792 USBSTOR - ok
19:29:36.0981 3792 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:29:37.0001 3792 usbuhci - ok
19:29:37.0031 3792 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
19:29:37.0051 3792 VgaSave - ok
19:29:37.0141 3792 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\System32\DRIVERS\viaagp.sys
19:29:37.0151 3792 viaagp - ok
19:29:37.0231 3792 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys
19:29:37.0241 3792 ViaIde - ok
19:29:37.0301 3792 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
19:29:37.0321 3792 VolSnap - ok
19:29:37.0452 3792 w70n51 (fb4d7a34ef3b49c2b5439e330b785313) C:\WINDOWS\system32\DRIVERS\w70n51.sys
19:29:37.0552 3792 w70n51 - ok
19:29:37.0702 3792 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:29:37.0712 3792 Wanarp - ok
19:29:37.0762 3792 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
19:29:37.0782 3792 wanatw - ok
19:29:37.0892 3792 WDICA - ok
19:29:37.0952 3792 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
19:29:37.0972 3792 wdmaud - ok
19:29:38.0103 3792 winachsf (8d4f833289e769dca80c0067cc2e40d8) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
19:29:38.0223 3792 winachsf - ok
19:29:38.0363 3792 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:29:38.0373 3792 WS2IFSL - ok
19:29:38.0473 3792 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:29:38.0683 3792 \Device\Harddisk0\DR0 - ok
19:29:38.0693 3792 Boot (0x1200) (05b2b682e1277840afce70446b35c374) \Device\Harddisk0\DR0\Partition0
19:29:38.0693 3792 \Device\Harddisk0\DR0\Partition0 - ok
19:29:38.0693 3792 ============================================================
19:29:38.0693 3792 Scan finished
19:29:38.0693 3792 ============================================================
19:29:38.0713 3616 Detected object count: 0
19:29:38.0713 3616 Actual detected object count: 0
19:30:46.0321 1256 Deinitialize success



TDSSKiller (Run 2):
19:30:56.0866 0464 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
19:30:57.0276 0464 ============================================================
19:30:57.0276 0464 Current date / time: 2011/12/28 19:30:57.0276
19:30:57.0276 0464 SystemInfo:
19:30:57.0276 0464
19:30:57.0276 0464 OS Version: 5.1.2600 ServicePack: 2.0
19:30:57.0276 0464 Product type: Workstation
19:30:57.0276 0464 ComputerName: KELLY
19:30:57.0276 0464 UserName: Kel
19:30:57.0276 0464 Windows directory: C:\WINDOWS
19:30:57.0276 0464 System windows directory: C:\WINDOWS
19:30:57.0276 0464 Processor architecture: Intel x86
19:30:57.0276 0464 Number of processors: 1
19:30:57.0276 0464 Page size: 0x1000
19:30:57.0276 0464 Boot type: Normal boot
19:30:57.0276 0464 ============================================================
19:30:59.0089 0464 Initialize success
19:31:11.0887 3484 ============================================================
19:31:11.0887 3484 Scan started
19:31:11.0887 3484 Mode: Manual; SigCheck; TDLFS;
19:31:11.0887 3484 ============================================================
19:31:12.0248 3484 Abiosdsk - ok
19:31:12.0328 3484 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
19:31:15.0062 3484 abp480n5 - ok
19:31:15.0292 3484 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:31:15.0463 3484 ACPI - ok
19:31:15.0503 3484 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:31:15.0693 3484 ACPIEC - ok
19:31:15.0743 3484 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
19:31:15.0943 3484 adpu160m - ok
19:31:15.0993 3484 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
19:31:16.0514 3484 aec - ok
19:31:16.0584 3484 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
19:31:16.0604 3484 AegisP ( UnsignedFile.Multi.Generic ) - warning
19:31:16.0604 3484 AegisP - detected UnsignedFile.Multi.Generic (1)
19:31:16.0644 3484 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
19:31:16.0714 3484 AFD - ok
19:31:16.0774 3484 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
19:31:16.0825 3484 AFS2K - ok
19:31:17.0065 3484 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
19:31:17.0245 3484 agp440 - ok
19:31:17.0305 3484 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
19:31:17.0465 3484 agpCPQ - ok
19:31:17.0536 3484 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
19:31:17.0646 3484 Aha154x - ok
19:31:17.0696 3484 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
19:31:17.0886 3484 aic78u2 - ok
19:31:17.0926 3484 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
19:31:18.0096 3484 aic78xx - ok
19:31:18.0156 3484 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
19:31:18.0347 3484 AliIde - ok
19:31:18.0377 3484 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\System32\DRIVERS\alim1541.sys
19:31:18.0517 3484 alim1541 - ok
19:31:18.0557 3484 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\System32\DRIVERS\amdagp.sys
19:31:18.0727 3484 amdagp - ok
19:31:18.0767 3484 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
19:31:18.0878 3484 amsint - ok
19:31:18.0978 3484 ApfiltrService (42860ba463d5c9c58a91d1ad208169a9) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
19:31:19.0048 3484 ApfiltrService - ok
19:31:19.0238 3484 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:31:19.0438 3484 Arp1394 - ok
19:31:19.0488 3484 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
19:31:19.0679 3484 asc - ok
19:31:19.0709 3484 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
19:31:19.0829 3484 asc3350p - ok
19:31:19.0849 3484 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
19:31:20.0029 3484 asc3550 - ok
19:31:20.0089 3484 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:31:20.0249 3484 AsyncMac - ok
19:31:20.0280 3484 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:31:20.0430 3484 atapi - ok
19:31:20.0450 3484 Atdisk - ok
19:31:20.0490 3484 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:31:20.0640 3484 Atmarpc - ok
19:31:20.0690 3484 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:31:20.0860 3484 audstub - ok
19:31:20.0910 3484 bcm4sbxp (068523d2cd260069b19ad68adea0d739) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
19:31:20.0971 3484 bcm4sbxp - ok
19:31:20.0991 3484 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:31:21.0161 3484 Beep - ok
19:31:21.0221 3484 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
19:31:21.0291 3484 BrScnUsb - ok
19:31:21.0481 3484 BrSerIf (1a5fc78e41840edf79d65ec16eff2787) C:\WINDOWS\system32\Drivers\BrSerIf.sys
19:31:21.0551 3484 BrSerIf - ok
19:31:21.0601 3484 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
19:31:21.0631 3484 BrUsbSer - ok
19:31:21.0662 3484 bvrp_pci - ok
19:31:21.0672 3484 catchme - ok
19:31:21.0752 3484 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
19:31:22.0002 3484 cbidf - ok
19:31:22.0012 3484 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:31:22.0192 3484 cbidf2k - ok
19:31:22.0222 3484 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
19:31:22.0343 3484 cd20xrnt - ok
19:31:22.0383 3484 CdaC15BA (f76cb7259aa575cc53f3996bc6b68c18) C:\WINDOWS\system32\drivers\CDAC15BA.SYS
19:31:22.0413 3484 CdaC15BA ( UnsignedFile.Multi.Generic ) - warning
19:31:22.0413 3484 CdaC15BA - detected UnsignedFile.Multi.Generic (1)
19:31:22.0463 3484 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:31:22.0643 3484 Cdaudio - ok
19:31:22.0723 3484 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
19:31:22.0903 3484 Cdfs - ok
19:31:23.0104 3484 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:31:23.0244 3484 Cdrom - ok
19:31:23.0264 3484 Changer - ok
19:31:23.0314 3484 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:31:23.0464 3484 CmBatt - ok
19:31:23.0514 3484 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
19:31:23.0704 3484 CmdIde - ok
19:31:23.0765 3484 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:31:23.0945 3484 Compbatt - ok
19:31:24.0005 3484 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
19:31:24.0185 3484 Cpqarray - ok
19:31:24.0235 3484 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
19:31:24.0415 3484 dac2w2k - ok
19:31:24.0456 3484 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
19:31:24.0646 3484 dac960nt - ok
19:31:24.0716 3484 DcCam (6f9ea0f7edd83a67b52482df721a5fa4) C:\WINDOWS\system32\DRIVERS\DcCam.sys
19:31:24.0776 3484 DcCam - ok
19:31:24.0846 3484 DcFpoint (cbb5f72a33fa4013acd8e9a2382e898b) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
19:31:24.0866 3484 DcFpoint - ok
19:31:24.0906 3484 DCFS2K (8214bfcbcf2ed5751b1db9288dae88ca) C:\WINDOWS\system32\drivers\dcfs2k.sys
19:31:24.0936 3484 DCFS2K - ok
19:31:25.0137 3484 DcLps (b4b9ed249a335aba7afd7dd71917be69) C:\WINDOWS\system32\DRIVERS\DcLps.sys
19:31:25.0157 3484 DcLps - ok
19:31:25.0207 3484 DcPTP (4ec04b31ac8870e9cb1c5379c54ee49d) C:\WINDOWS\system32\DRIVERS\DcPTP.sys
19:31:25.0267 3484 DcPTP - ok
19:31:25.0307 3484 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
19:31:25.0527 3484 Disk - ok
19:31:25.0587 3484 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
19:31:25.0797 3484 dmboot - ok
19:31:25.0848 3484 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
19:31:26.0008 3484 dmio - ok
19:31:26.0058 3484 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:31:26.0228 3484 dmload - ok
19:31:26.0298 3484 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
19:31:26.0458 3484 DMusic - ok
19:31:26.0559 3484 Dot4 (ad7fc1963b152b3728e3c4f83554a576) C:\WINDOWS\system32\DRIVERS\Dot4.sys
19:31:26.0719 3484 Dot4 - ok
19:31:26.0899 3484 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
19:31:27.0109 3484 Dot4Print - ok
19:31:27.0169 3484 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
19:31:27.0390 3484 dpti2o - ok
19:31:27.0430 3484 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
19:31:27.0590 3484 drmkaud - ok
19:31:27.0650 3484 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:\WINDOWS\system32\drivers\drvmcdb.sys
19:31:27.0660 3484 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
19:31:27.0660 3484 drvmcdb - detected UnsignedFile.Multi.Generic (1)
19:31:27.0690 3484 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\WINDOWS\system32\drivers\drvnddm.sys
19:31:27.0710 3484 drvnddm ( UnsignedFile.Multi.Generic ) - warning
19:31:27.0710 3484 drvnddm - detected UnsignedFile.Multi.Generic (1)
19:31:27.0820 3484 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
19:31:27.0850 3484 DSproct ( UnsignedFile.Multi.Generic ) - warning
19:31:27.0850 3484 DSproct - detected UnsignedFile.Multi.Generic (1)
19:31:27.0911 3484 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
19:31:27.0941 3484 dsunidrv - ok
19:31:28.0011 3484 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
19:31:28.0221 3484 EL90XBC - ok
19:31:28.0481 3484 Exportit (6ee877616dcbd14fe34807bcd4418289) C:\WINDOWS\system32\DRIVERS\exportit.sys
19:31:28.0511 3484 Exportit - ok
19:31:28.0531 3484 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
19:31:28.0692 3484 Fastfat - ok
19:31:28.0772 3484 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:31:28.0952 3484 Fdc - ok
19:31:29.0002 3484 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
19:31:29.0182 3484 Fips - ok
19:31:29.0232 3484 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:31:29.0393 3484 Flpydisk - ok
19:31:29.0453 3484 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
19:31:29.0983 3484 FltMgr - ok
19:31:30.0044 3484 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:31:30.0224 3484 Fs_Rec - ok
19:31:30.0294 3484 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:31:30.0494 3484 Ftdisk - ok
19:31:30.0544 3484 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
19:31:30.0564 3484 GEARAspiWDM - ok
19:31:30.0765 3484 gftsh - ok
19:31:30.0825 3484 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:31:31.0035 3484 Gpc - ok
19:31:31.0075 3484 gv3 (01cdb5b4649fae249e787a83be22916a) C:\WINDOWS\system32\DRIVERS\gv3.sys
19:31:31.0185 3484 gv3 - ok
19:31:31.0225 3484 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:31:31.0386 3484 HidUsb - ok
19:31:31.0436 3484 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
19:31:31.0646 3484 hpn - ok
19:31:31.0706 3484 HSFHWICH (dd33c6b441ca381f8fc82b06be2e2cac) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
19:31:31.0756 3484 HSFHWICH - ok
19:31:32.0036 3484 HSF_DP (272914d8e356bbbffbe7e88871a188ef) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
19:31:32.0167 3484 HSF_DP - ok
19:31:32.0237 3484 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
19:31:32.0337 3484 HTTP - ok
19:31:32.0397 3484 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
19:31:32.0587 3484 i2omgmt - ok
19:31:32.0667 3484 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\System32\DRIVERS\i2omp.sys
19:31:32.0838 3484 i2omp - ok
19:31:32.0878 3484 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:31:33.0038 3484 i8042prt - ok
19:31:33.0088 3484 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
19:31:33.0268 3484 i81x - ok
19:31:33.0479 3484 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
19:31:33.0649 3484 iAimFP0 - ok
19:31:33.0689 3484 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
19:31:33.0869 3484 iAimFP1 - ok
19:31:33.0919 3484 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
19:31:34.0069 3484 iAimFP2 - ok
19:31:34.0109 3484 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
19:31:34.0250 3484 iAimFP3 - ok
19:31:34.0290 3484 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
19:31:34.0460 3484 iAimFP4 - ok
19:31:34.0510 3484 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
19:31:34.0650 3484 iAimTV0 - ok
19:31:34.0690 3484 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
19:31:34.0850 3484 iAimTV1 - ok
19:31:34.0891 3484 iAimTV2 - ok
19:31:34.0951 3484 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
19:31:35.0101 3484 iAimTV3 - ok
19:31:35.0171 3484 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
19:31:35.0361 3484 iAimTV4 - ok
19:31:35.0582 3484 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:31:35.0742 3484 Imapi - ok
19:31:35.0792 3484 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
19:31:36.0012 3484 ini910u - ok
19:31:36.0052 3484 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:31:36.0202 3484 IntelIde - ok
19:31:36.0232 3484 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:31:36.0393 3484 intelppm - ok
19:31:36.0443 3484 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
19:31:36.0633 3484 ip6fw - ok
19:31:36.0673 3484 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:31:36.0833 3484 IpFilterDriver - ok
19:31:36.0913 3484 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:31:37.0064 3484 IpInIp - ok
19:31:37.0154 3484 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:31:37.0705 3484 IpNat - ok
19:31:37.0955 3484 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:31:38.0105 3484 IPSec - ok
19:31:38.0145 3484 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:31:38.0305 3484 IRENUM - ok
19:31:38.0366 3484 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:31:38.0546 3484 isapnp - ok
19:31:38.0606 3484 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:31:38.0766 3484 Kbdclass - ok
19:31:38.0796 3484 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:31:38.0956 3484 kbdhid - ok
19:31:39.0016 3484 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
19:31:39.0537 3484 kmixer - ok
19:31:39.0617 3484 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
19:31:39.0748 3484 KSecDD - ok
19:31:39.0808 3484 lbrtfdc - ok
19:31:39.0938 3484 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:31:39.0958 3484 mdmxsdk - ok
19:31:39.0998 3484 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:31:40.0198 3484 mnmdd - ok
19:31:40.0429 3484 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
19:31:40.0579 3484 Modem - ok
19:31:40.0629 3484 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:31:40.0789 3484 Mouclass - ok
19:31:40.0829 3484 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:31:40.0989 3484 mouhid - ok
19:31:41.0029 3484 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
19:31:41.0190 3484 MountMgr - ok
19:31:41.0250 3484 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
19:31:41.0410 3484 mraid35x - ok
19:31:41.0470 3484 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:31:42.0041 3484 MRxDAV - ok
19:31:42.0121 3484 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:31:42.0241 3484 MRxSmb - ok
19:31:42.0311 3484 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
19:31:42.0461 3484 Msfs - ok
19:31:42.0532 3484 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:31:42.0722 3484 MSKSSRV - ok
19:31:42.0952 3484 msloop (64e8b7c65eb4796939c0f64f8170821b) C:\WINDOWS\system32\DRIVERS\loop.sys
19:31:43.0122 3484 msloop - ok
19:31:43.0182 3484 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:31:43.0343 3484 MSPCLOCK - ok
19:31:43.0373 3484 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
19:31:43.0513 3484 MSPQM - ok
19:31:43.0573 3484 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:31:43.0723 3484 mssmbios - ok
19:31:43.0753 3484 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
19:31:43.0924 3484 Mup - ok
19:31:43.0974 3484 NaiFiltr (102de6d24087fb53ad47ca059a32fb66) C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys
19:31:44.0034 3484 NaiFiltr - ok
19:31:44.0104 3484 NAL (ebbef7d3ddeb24239ab8d067f3a27ccf) C:\WINDOWS\system32\Drivers\iqvw32.sys
19:31:44.0144 3484 NAL ( UnsignedFile.Multi.Generic ) - warning
19:31:44.0144 3484 NAL - detected UnsignedFile.Multi.Generic (1)
19:31:44.0214 3484 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
19:31:44.0374 3484 NDIS - ok
19:31:44.0605 3484 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:31:44.0915 3484 NdisTapi - ok
19:31:44.0975 3484 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:31:45.0165 3484 Ndisuio - ok
19:31:45.0195 3484 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:31:45.0356 3484 NdisWan - ok
19:31:45.0386 3484 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
19:31:45.0576 3484 NDProxy - ok
19:31:45.0596 3484 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:31:45.0756 3484 NetBIOS - ok
19:31:45.0806 3484 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:31:45.0966 3484 NetBT - ok
19:31:46.0037 3484 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:31:46.0197 3484 NIC1394 - ok
19:31:46.0237 3484 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
19:31:46.0397 3484 Npfs - ok
19:31:46.0487 3484 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
19:31:47.0068 3484 Ntfs - ok
19:31:47.0298 3484 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:31:47.0479 3484 Null - ok
19:31:47.0709 3484 nv (9e4b052c76949de445ad6439cd473548) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:31:47.0989 3484 nv - ok
19:31:48.0049 3484 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:31:48.0290 3484 NwlnkFlt - ok
19:31:48.0500 3484 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:31:48.0680 3484 NwlnkFwd - ok
19:31:48.0760 3484 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:31:48.0981 3484 ohci1394 - ok
19:31:49.0141 3484 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
19:31:49.0171 3484 omci ( UnsignedFile.Multi.Generic ) - warning
19:31:49.0171 3484 omci - detected UnsignedFile.Multi.Generic (1)
19:31:49.0211 3484 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys
19:31:49.0361 3484 P3 - ok
19:31:49.0391 3484 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
19:31:49.0562 3484 Parport - ok
19:31:49.0622 3484 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
19:31:49.0802 3484 PartMgr - ok
19:31:49.0832 3484 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:31:50.0022 3484 ParVdm - ok
19:31:50.0102 3484 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
19:31:50.0243 3484 PCI - ok
19:31:50.0313 3484 PCIDump - ok
19:31:50.0363 3484 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:31:50.0543 3484 PCIIde - ok
19:31:50.0563 3484 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
19:31:50.0753 3484 Pcmcia - ok
19:31:50.0763 3484 PDCOMP - ok
19:31:50.0783 3484 PDFRAME - ok
19:31:50.0894 3484 PDRELI - ok
19:31:50.0914 3484 PDRFRAME - ok
19:31:50.0964 3484 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
19:31:51.0154 3484 perc2 - ok
19:31:51.0294 3484 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
19:31:51.0484 3484 perc2hib - ok
19:31:51.0585 3484 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:31:51.0745 3484 PptpMiniport - ok
19:31:51.0795 3484 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
19:31:51.0965 3484 Processor - ok
19:31:51.0985 3484 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
19:31:52.0145 3484 PSched - ok
19:31:52.0175 3484 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:31:52.0336 3484 Ptilink - ok
19:31:52.0426 3484 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
19:31:52.0506 3484 PxHelp20 - ok
19:31:52.0596 3484 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
19:31:52.0786 3484 ql1080 - ok
19:31:52.0826 3484 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
19:31:53.0047 3484 Ql10wnt - ok
19:31:53.0077 3484 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
19:31:53.0247 3484 ql12160 - ok
19:31:53.0297 3484 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
19:31:53.0457 3484 ql1240 - ok
19:31:53.0507 3484 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
19:31:53.0708 3484 ql1280 - ok
19:31:53.0868 3484 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:31:54.0048 3484 RasAcd - ok
19:31:54.0098 3484 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:31:54.0268 3484 Rasl2tp - ok
19:31:54.0298 3484 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:31:54.0439 3484 RasPppoe - ok
19:31:54.0469 3484 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:31:54.0669 3484 Raspti - ok
19:31:54.0739 3484 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:31:55.0600 3484 Rdbss - ok
19:31:55.0650 3484 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:31:55.0851 3484 RDPCDD - ok
19:31:55.0951 3484 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:31:56.0101 3484 rdpdr - ok
19:31:56.0181 3484 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
19:31:56.0772 3484 RDPWD - ok
19:31:56.0852 3484 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:31:56.0992 3484 redbook - ok
19:31:57.0062 3484 s24trans (423ae506c8d55bba9e429eeeec035a40) C:\WINDOWS\system32\DRIVERS\s24trans.sys
19:31:57.0092 3484 s24trans ( UnsignedFile.Multi.Generic ) - warning
19:31:57.0092 3484 s24trans - detected UnsignedFile.Multi.Generic (1)
19:31:57.0333 3484 SASDIFSV - ok
19:31:57.0393 3484 SASKUTIL - ok
19:31:57.0703 3484 SbcpHid (30d94039a729571146eb9d736ec1aadd) C:\WINDOWS\system32\Drivers\SbcpHid.sys
19:31:57.0743 3484 SbcpHid ( UnsignedFile.Multi.Generic ) - warning
19:31:57.0743 3484 SbcpHid - detected UnsignedFile.Multi.Generic (1)
19:31:57.0914 3484 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\WINDOWS\system32\drivers\SBREdrv.sys
19:31:57.0954 3484 SBRE - ok
19:31:57.0994 3484 SDDMI2 - ok
19:31:58.0044 3484 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:31:58.0615 3484 Secdrv - ok
19:31:58.0715 3484 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:31:58.0865 3484 serenum - ok
19:31:58.0915 3484 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
19:31:59.0075 3484 Serial - ok
19:31:59.0135 3484 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
19:31:59.0296 3484 Sfloppy - ok
19:31:59.0366 3484 Simbad - ok
19:31:59.0446 3484 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\System32\DRIVERS\sisagp.sys
19:31:59.0616 3484 sisagp - ok
19:31:59.0726 3484 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
19:31:59.0836 3484 Sparrow - ok
19:31:59.0997 3484 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
19:32:00.0658 3484 splitter - ok
19:32:00.0778 3484 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
19:32:00.0938 3484 sr - ok
19:32:01.0028 3484 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
19:32:01.0168 3484 Srv - ok
19:32:01.0299 3484 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\WINDOWS\system32\drivers\sscdbhk5.sys
19:32:01.0339 3484 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
19:32:01.0339 3484 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
19:32:01.0459 3484 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\WINDOWS\system32\drivers\ssrtln.sys
19:32:01.0489 3484 ssrtln ( UnsignedFile.Multi.Generic ) - warning
19:32:01.0489 3484 ssrtln - detected UnsignedFile.Multi.Generic (1)
19:32:01.0639 3484 STAC97 (eef5877a1bfc9684d7e2435fdd3c5853) C:\WINDOWS\system32\drivers\STAC97.sys
19:32:01.0739 3484 STAC97 - ok
19:32:01.0829 3484 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:32:02.0000 3484 swenum - ok
19:32:02.0050 3484 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
19:32:02.0220 3484 swmidi - ok
19:32:02.0280 3484 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
19:32:02.0480 3484 symc810 - ok
19:32:02.0530 3484 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
19:32:02.0721 3484 symc8xx - ok
19:32:02.0811 3484 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
19:32:03.0001 3484 sym_hi - ok
19:32:03.0021 3484 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
19:32:03.0201 3484 sym_u3 - ok
19:32:03.0261 3484 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
19:32:03.0412 3484 sysaudio - ok
19:32:03.0502 3484 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:32:03.0622 3484 Tcpip - ok
19:32:03.0802 3484 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:32:03.0972 3484 TDPIPE - ok
19:32:04.0012 3484 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
19:32:04.0223 3484 TDTCP - ok
19:32:04.0253 3484 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:32:04.0393 3484 TermDD - ok
19:32:04.0493 3484 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:\WINDOWS\system32\dla\tfsnboio.sys
19:32:04.0503 3484 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
19:32:04.0503 3484 tfsnboio - detected UnsignedFile.Multi.Generic (1)
19:32:04.0633 3484 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:\WINDOWS\system32\dla\tfsncofs.sys
19:32:04.0683 3484 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
19:32:04.0683 3484 tfsncofs - detected UnsignedFile.Multi.Generic (1)
19:32:04.0733 3484 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:\WINDOWS\system32\dla\tfsndrct.sys
19:32:04.0743 3484 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
19:32:04.0743 3484 tfsndrct - detected UnsignedFile.Multi.Generic (1)
19:32:04.0774 3484 tfsndres (130254995ebedcb34d62e8d78ec9dbd0) C:\WINDOWS\system32\dla\tfsndres.sys
19:32:04.0804 3484 tfsndres ( UnsignedFile.Multi.Generic ) - warning
19:32:04.0804 3484 tfsndres - detected UnsignedFile.Multi.Generic (1)
19:32:04.0864 3484 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:\WINDOWS\system32\dla\tfsnifs.sys
19:32:04.0884 3484 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
19:32:04.0884 3484 tfsnifs - detected UnsignedFile.Multi.Generic (1)
19:32:04.0924 3484 tfsnopio (818047ad850b312705aa17ca96b9427d) C:\WINDOWS\system32\dla\tfsnopio.sys
19:32:04.0994 3484 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
19:32:04.0994 3484 tfsnopio - detected UnsignedFile.Multi.Generic (1)
19:32:05.0064 3484 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:\WINDOWS\system32\dla\tfsnpool.sys
19:32:05.0084 3484 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
19:32:05.0084 3484 tfsnpool - detected UnsignedFile.Multi.Generic (1)
19:32:05.0134 3484 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:\WINDOWS\system32\dla\tfsnudf.sys
19:32:05.0174 3484 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
19:32:05.0174 3484 tfsnudf - detected UnsignedFile.Multi.Generic (1)
19:32:05.0424 3484 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:\WINDOWS\system32\dla\tfsnudfa.sys
19:32:05.0454 3484 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
19:32:05.0454 3484 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
19:32:05.0635 3484 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
19:32:05.0835 3484 TosIde - ok
19:32:05.0995 3484 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
19:32:06.0166 3484 Udfs - ok
19:32:06.0236 3484 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
19:32:06.0326 3484 ultra - ok
19:32:06.0386 3484 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
19:32:07.0107 3484 Update - ok
19:32:07.0227 3484 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:32:07.0307 3484 USBAAPL - ok
19:32:07.0407 3484 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:32:07.0568 3484 usbccgp - ok
19:32:07.0638 3484 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:32:07.0818 3484 usbehci - ok
19:32:07.0868 3484 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:32:08.0028 3484 usbhub - ok
19:32:08.0068 3484 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:32:08.0218 3484 usbprint - ok
19:32:08.0269 3484 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:32:08.0439 3484 usbscan - ok
19:32:08.0489 3484 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:32:08.0649 3484 USBSTOR - ok
19:32:08.0709 3484 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:32:08.0859 3484 usbuhci - ok
19:32:08.0879 3484 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
19:32:09.0040 3484 VgaSave - ok
19:32:09.0090 3484 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\System32\DRIVERS\viaagp.sys
19:32:09.0240 3484 viaagp - ok
19:32:09.0320 3484 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys
19:32:09.0460 3484 ViaIde - ok
19:32:09.0510 3484 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
19:32:09.0661 3484 VolSnap - ok
19:32:09.0851 3484 w70n51 (fb4d7a34ef3b49c2b5439e330b785313) C:\WINDOWS\system32\DRIVERS\w70n51.sys
19:32:10.0001 3484 w70n51 - ok
19:32:10.0081 3484 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:32:10.0231 3484 Wanarp - ok
19:32:10.0321 3484 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
19:32:10.0392 3484 wanatw - ok
19:32:10.0452 3484 WDICA - ok
19:32:10.0562 3484 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
19:32:11.0233 3484 wdmaud - ok
19:32:11.0343 3484 winachsf (8d4f833289e769dca80c0067cc2e40d8) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
19:32:11.0383 3484 winachsf - ok
19:32:11.0553 3484 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:32:11.0713 3484 WS2IFSL - ok
19:32:11.0774 3484 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:32:12.0064 3484 \Device\Harddisk0\DR0 - ok
19:32:12.0074 3484 Boot (0x1200) (05b2b682e1277840afce70446b35c374) \Device\Harddisk0\DR0\Partition0
19:32:12.0074 3484 \Device\Harddisk0\DR0\Partition0 - ok
19:32:12.0084 3484 ============================================================
19:32:12.0084 3484 Scan finished
19:32:12.0084 3484 ============================================================
19:32:12.0204 2508 Detected object count: 20
19:32:12.0204 2508 Actual detected object count: 20
19:33:39.0189 2508 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:39.0189 2508 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:39.0199 2508 CdaC15BA ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:39.0199 2508 CdaC15BA ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:39.0209 2508 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:39.0209 2508 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:39.0219 2508 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:39.0219 2508 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:39.0219 2508 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:39.0219 2508 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:39.0219 2508 NAL ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:39.0219 2508 NAL ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:39.0229 2508 omci ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:39.0229 2508 omci ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:39.0229 2508 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:39.0229 2508 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:39.0239 2508 SbcpHid ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:39.0239 2508 SbcpHid ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:39.0239 2508 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:39.0239 2508 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:39.0249 2508 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:39.0249 2508 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:39.0249 2508 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:39.0249 2508 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:39.0249 2508 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:39.0249 2508 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:39.0259 2508 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:39.0259 2508 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:39.0259 2508 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:39.0259 2508 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:39.0269 2508 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:39.0269 2508 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:39.0269 2508 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:39.0269 2508 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:39.0279 2508 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:39.0279 2508 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:39.0279 2508 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:39.0279 2508 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:39.0279 2508 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:39.0279 2508 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:43.0325 0164 Deinitialize success


aswMBR:
aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-28 19:35:30
-----------------------------
19:35:30.069 OS Version: Windows 5.1.2600 Service Pack 2
19:35:30.069 Number of processors: 1 586 0x905
19:35:30.069 ComputerName: KELLY UserName: Kel
19:35:31.250 Initialize success
19:37:53.475 AVAST engine defs: 11122801
19:39:13.490 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:39:13.490 Disk 0 Vendor: FUJITSU_MHT2060AH 006C Size: 57231MB BusType: 3
19:39:13.520 Disk 0 MBR read successfully
19:39:13.520 Disk 0 MBR scan
19:39:13.620 Disk 0 Windows XP default MBR code
19:39:13.620 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 31 MB offset 63
19:39:13.650 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 57192 MB offset 64260
19:39:13.670 Disk 0 scanning sectors +117194175
19:39:13.770 Disk 0 scanning C:\WINDOWS\system32\drivers
19:39:41.310 Service scanning
19:39:44.765 Modules scanning
19:39:54.299 Module: C:\WINDOWS\system32\dla\tfsndres.sys **SUSPICIOUS**
19:39:57.203 AVAST engine scan C:\WINDOWS
19:40:32.564 AVAST engine scan C:\WINDOWS\system32
19:43:57.068 AVAST engine scan C:\WINDOWS\system32\drivers
19:44:28.773 AVAST engine scan C:\Documents and Settings\Kel
20:07:40.735 AVAST engine scan C:\Documents and Settings\All Users
20:09:24.344 Scan finished successfully
20:10:33.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kel\Desktop\MBR.dat"
20:10:33.223 The log file has been saved successfully to "C:\Documents and Settings\Kel\Desktop\aswMBR.txt"
  • 0

#4
RKinner
Posted 28 December 2011 - 11:45 PM

RKinner

    Malware Expert

  • Expert
  • 24,638 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\system32\drivers\fkdwu.sys

Firefox::
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 62020
FF - prefs.js: network.proxy.type - 4

Driver::
gftsh
SASDIFSV
SASKUTIL


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

You have a malware proxy in Firefox. I've told Combofix to remove it but I'm not sure how good it is with Firefox. So check by:
In FireFox, (Tools or the Firefox button), Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.


Let's uninstall McAfee and install the free Avast for now. This rootkit often replaces key components of your anti-virus with its own files.


Download and Save the free Avast installer.
http://www.avast.com...ivirus-download
Download the McAfee Removal tool
http://download.mcaf...atches/MCPR.exe
(If you think you might want to reinstall McAfee later then follow the instructions here to save your license info:
http://service.mcafe...spx?id=TS100507 )
Uninstall McAfee, run the McAfee uninstall tool, reboot.
Install Avast.
Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
I think on XP systems the log file can be found in text form in C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\boot.txt. If you can find it please copy and paste it into a reply.



Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Ron
  • 0

#5
gopher669
Posted 29 December 2011 - 11:10 PM

gopher669

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Seems like everything ran as it should. The one exception was the last error in the Avast. The message "File C:\WINDOWS\SYSTEM32\c_7265236.nls is infected by Win32:RLoader-B. File is a Windows folder, are you sure? (Yes, Yes All, No, Esc)". I originally hit No, but when the Scan Results came up a, I changed it to "Move to Chest", and it said the action was successful.

Combofix Log

ComboFix 11-12-28.03 - Kel 12/29/2011 18:09:57.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.259 [GMT -6:00]
Running from: c:\documents and settings\Kel\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kel\Desktop\CFScript.txt
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.
FILE ::
"c:\windows\system32\drivers\fkdwu.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SASDIFSV
-------\Legacy_SASKUTIL
-------\Service_gftsh
-------\Service_SASDIFSV
-------\Service_SASKUTIL
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))))
.
.
2011-12-29 04:23 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-29 04:23 . 2011-12-29 04:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-29 03:48 . 2011-12-29 04:32 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-17 02:55 . 2011-12-17 02:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-12-16 04:13 . 2011-12-16 13:45 -------- d-----w- c:\documents and settings\Kel\Application Data\Melanu
2011-12-16 04:13 . 2011-12-16 04:13 -------- d-----w- c:\documents and settings\Kel\Application Data\Inny
2011-12-15 16:15 . 2011-12-15 16:15 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2011-12-10 14:25 . 2011-12-10 14:25 -------- d-----w- c:\documents and settings\Kel\Application Data\SUPERAntiSpyware.com
2011-12-10 14:25 . 2011-12-10 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-12-10 01:40 . 2010-11-09 19:56 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-10 01:40 . 2010-11-09 19:56 27984 ----a-w- c:\windows\system32\sbbd.exe
2011-12-10 01:38 . 2011-12-10 06:36 -------- d-----w- C:\VIPRERESCUE
2011-12-03 21:42 . 2011-12-03 21:42 -------- d-s---w- c:\documents and settings\NetworkService\UserData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-08 02:48 . 2002-08-29 11:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-11-19 17:39 . 2011-05-14 01:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-08 22:01 . 2011-10-08 22:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-08 22:01 . 2008-05-17 16:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-10 02:40 . 2011-05-10 03:14 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-29_01.15.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-30 00:25 . 2011-12-30 00:25 16384 c:\windows\temp\Perflib_Perfdata_2e0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-08-21 151552]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-10-26 4632576]
"nwiz"="nwiz.exe" [2004-10-26 921600]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-12-12 217088]
"VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-09 122880]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2003-08-18 163840]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-22 229437]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-02-27 151597]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"ZCfgSvc.exe"="c:\windows\system32\ZCfgSvc.exe" [2005-07-05 639040]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2005-06-27 135168]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-12-18 197928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-4-29 1787224]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-2-26 24576]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-4-27 635019]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2005-07-05 06:33 188482 ----a-w- c:\windows\SYSTEM32\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 SBRE;SBRE;c:\windows\SYSTEM32\DRIVERS\SBREDrv.sys [12/9/2011 7:40 PM 98392]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [12/18/2009 11:25 AM 189736]
R3 NaiFiltr;NaiFiltr;c:\windows\SYSTEM32\DRIVERS\NaiFiltr.sys [3/10/2004 4:36 PM 23296]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [12/28/2011 9:48 PM 40776]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2011-12-18 c:\windows\Tasks\HP DArC Task 2003-04-11 09:53ewlett-PackardHewlett-Packard Companyeskjet36002003-04-11 21:25N3AQ3F3FB6B.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-04-11 21:25]
.
2004-03-03 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 07:56]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo....//www.yahoo.com
mStart Page = about:blank
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Save with Download Manager... - file://c:\program files\WOW! Music\DMDownload.htm
Trusted Zone: intuit.com\ttlc
Trusted Zone: oaklandcc.edu\webreg
DPF: {18F616CD-4B28-4C47-815A-560AC6A33C8D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-emerald-city-confidential/EmeraldCityConfidential_Web.1.0.0.9.cab
DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} - hxxp://aolsvc.aol.com/onlinegames/free-trial-nightshift-legacy-the-jaguars-eye/Nightshift2Web.1.0.0.9.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/iwincarambadeluxe/zylomgamesplayer.cab
DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://ll.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab
DPF: {FCB28D51-A017-46B2-9FB3-F7BFD53B2E42} - hxxp://aolsvc.aol.com/onlinegames/free-trial-decadence-by-design/Chocolatier3Web.1.0.0.6.cab
FF - ProfilePath - c:\documents and settings\Kel\Application Data\Mozilla\Firefox\Profiles\isswyepi.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 62020
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-29 18:27
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\LgNotify.dll
.
- - - - - - - > 'explorer.exe'(2980)
c:\progra~1\mcafee.com\vso\McVSSkt.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\S24EvMon.exe
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\progra~1\mcafee.com\agent\mctskshd.exe
c:\windows\System32\nvsvc32.exe
c:\windows\system32\RegSrvc.exe
c:\windows\System32\ScsiAccess.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\1XConfig.exe
c:\program files\Apoint\Apntex.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-12-29 18:34:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-30 00:34
ComboFix2.txt 2011-12-29 01:23
.
Pre-Run: 12,169,920,512 bytes free
Post-Run: 12,191,653,888 bytes free
.
- - End Of File - - 97C09A419A7FA7BF2F13FA90453EEEA9


Avast boot log
12/29/2011 19:58
Scan of all local drives

File C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\GameHouse\Babel\en-US\babel.cab|>babel.dll Error 42127 {CAB archive is corrupted.}
File C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\GameHouse\Delicious\en-US\delicious.cab|>media\sound\effects\Hint_Dialog_Popup.ogg Error 42127 {CAB archive is corrupted.}
File C:\Documents and Settings\Kel\Application Data\Sun\Java\Deployment\cache\6.0\2\38389f42-562d4587|>Final.class is infected by Java:CVE-2011-3544-AB [Expl], Moved to chest
File C:\Documents and Settings\Kel\Application Data\Sun\Java\Deployment\cache\6.0\47\3a421def-6cc49008|>Final.class is infected by Java:CVE-2011-3544-I [Expl], Moved to chest
File C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\0\5efe4c00-679516f7|>Final.class is infected by Java:CVE-2011-3544-AB [Expl], Moved to chest
File C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\17\6e684651-1312b35d|>xmltree\kolan.class is infected by Java:Agent-AHL [Expl], Moved to chest
File C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\17\6e684651-1312b35d|>xmltree\lindsa.class is infected by Java:Agent-AJA [Expl], Moved to chest
File C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\17\6e684651-1312b35d|>xmltree\londa.class is infected by Java:Agent-AIA [Expl], Moved to chest
File C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\17\6e684651-1312b35d|>xmltree\oplef.class is infected by Java:Agent-AIL [Expl], Moved to chest
File C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\17\6e684651-1312b35d|>xmltree\peqras.class is infected by Java:Agent-AIA [Expl], Moved to chest
File C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\17\6e684651-1312b35d|>xmltree\spager.class is infected by Java:Agent-AHJ [Expl], Moved to chest
File C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\56\408dfaf8-15b62a09|>andora.class is infected by Java:CVE-2011-3544-AI [Expl], Moved to chest
File C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\6\2f303146-55b2a2df|>apps\MyApplet.class is infected by Java:CVE-2011-3544-AL [Expl], Moved to chest
File C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\6\2f303146-55b2a2df|>apps\MyWorker.class is infected by Java:Agent-AJG [Expl], Moved to chest
File C:\WINDOWS\SYSTEM32\c_7265236.nls is infected by Win32:RLoader-B
Number of searched folders: 13779
Number of tested files: 507094
Number of infected files: 13


VEW log
Vino's Event Viewer v01c run on Windows XP in English
Report run at 29/12/2011 11:01:41 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/12/2011 10:57:30 PM
Type: warning Category: 0
Event: 1007 Source: Dhcp
Your computer has automatically configured the IP address for the Network Card with network address 02004C4F4F50. The IP address being used is 169.254.25.129.

Log: 'System' Date/Time: 29/12/2011 10:56:44 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 000CF11A45E9. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 29/12/2011 10:56:42 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 000CF11A45E9. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
  • 0

#6
RKinner
Posted 29 December 2011 - 11:32 PM

RKinner

    Malware Expert

  • Expert
  • 24,638 posts
  • MVP
Logs look good (except it says you didn't get a valid IP address)

How is it running now?
  • 0

#7
gopher669
Posted 30 December 2011 - 05:29 PM

gopher669

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Seems to be working well. Haven't had any randomly opening tabs in Firefox.

I really appreciate the help.
  • 0

#8
RKinner
Posted 30 December 2011 - 05:35 PM

RKinner

    Malware Expert

  • Expert
  • 24,638 posts
  • MVP
I think we can clean up now.

We need to clean up System Restore.

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]
Run OTL. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You probably do not have the latest Java (Java™ 6 Update 29 or 7 update 1). Get the latest at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Note on Java and Firefox. For some reason Java does not remove old consoles from Firefox. Any time you update Java you should do Firefox, Add-ons, Extensions and disable any old Java Consoles

They will look like: Java Console 6.xx. The xx corresponds to the update number. When they switch to 7 update 0 then it will be Java Console 7.

Multiple Java Consoles will slow down the Firefox boot. After any change to Firefox or its extension you should run Speedyfox. (Mentioned later.)



Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#9
gopher669
Posted 01 January 2012 - 03:11 PM

gopher669

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
OTL still won't run. I deleted the old file, rebooted, downloaded it again, paused Avast and tried running. Still getting the box that says "OTL has encountered an error and needs to close"
  • 0

#10
RKinner
Posted 01 January 2012 - 03:34 PM

RKinner

    Malware Expert

  • Expert
  • 24,638 posts
  • MVP
Perhaps there is something wrong with System Restore.

Follow Jim's procedure here:
http://aumha.net/vie...581099691bf108f

That way if System Restore has been disabled or is broken you will probably notice.
  • 0

Advertisements

#11
gopher669
Posted 01 January 2012 - 09:18 PM

gopher669

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I was able to delete the old restore points though the disk cleanup, but don't think that was the problem. OTL won't even open.
  • 0

#12
RKinner
Posted 01 January 2012 - 09:32 PM

RKinner

    Malware Expert

  • Expert
  • 24,638 posts
  • MVP
Following assumes OTL.exe is on your desktop. If not or if it is one of the alternative downloads, please adjust the path in the code box as appropriate.

Please download GrantPerms.zip http://download.blee.../GrantPerms.zip and save it to your desktop.
Unzip the file and run GrantPerms.exe
Copy and paste the following in the edit box:


    c:\documents and settings\Kel\Desktop\OTL.exe

Click Unlock. When it is done click "OK".
Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.
  • 0

#13
gopher669
Posted 01 January 2012 - 09:50 PM

gopher669

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
GrantPerms by Farbar
Ran by Kel (administrator) at 2012-01-01 22:01:05

===============================================
\\?\c:\documents and settings\Kel\Desktop\OTL.exe

Owner: BUILTIN\Administrators

DACL(NP)(AI):
BUILTIN\Users READ/EXECUTE ALLOW (NI)
KELLY\Kel FULL ALLOW (I)
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (I)
  • 0

#14
RKinner
Posted 01 January 2012 - 10:16 PM

RKinner

    Malware Expert

  • Expert
  • 24,638 posts
  • MVP
Right click on OTL and select Properties and make sure it is not blocked. Then see if it will start now.
  • 0

#15
gopher669
Posted 01 January 2012 - 10:33 PM

gopher669

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Looked like it was blocked; however, even after hitting 'unblock', I'm still getting the same error message.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP