TechSpot

Boot malware?

By kenobi575
Dec 30, 2011
  1. For days now, I have only been able to get into my computer via the Administrator profile in safe mode. Any attempts to get into normal mode only gives me a few minutes before whatever this is kicks in and says there is a potential hdd failure.

    Once a profile is affected - its useless - even safe mode reflects that.
    I managed to create one and run Hijack This! (renamed as Dabo) before the infection stopped me and then returned to safe mode to retrieve the log.

    I couldn't attach the log so I copy / pasted:

    [HJT log removed by Broni]



    I hope someone can help me, otherwise I face a format and lengthy reinstall.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,891   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. kenobi575

    kenobi575 TS Rookie Topic Starter Posts: 55

    Can't access normal mode except for a few minutes

    As I posted earlier, I can only get into normal mode for a few minutes under a new profile until the infection damages it. I then have to create a new one. That is how I managed to get the Hijack This log.

    Thank you for the clear rules - I will follow them.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,891   +344

    Same issue in Safe Mode?
     
  5. kenobi575

    kenobi575 TS Rookie Topic Starter Posts: 55

    Safe mode is ok but limited

    I can accesss Administrator and any undamaged profile in safe mode. The infection is only active in normal mode. I log in with networking but my nic card is disabled.

    This one has me stumped - all the protection software I run and it still got in.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,891   +344

    Do you have another working computer and USB flash drive?
    If so, download necessary tools on good computer, transfer them to bad computer and run them from SAFE MODE, for now.
     
  7. kenobi575

    kenobi575 TS Rookie Topic Starter Posts: 55

    Safe mode is fine

    I can do anything in safe mode - the infection appears only to be active in normal mode.

    However, safe mode with networking doesn't give me internet access - so I can't update anything..
     
  8. Broni

    Broni Malware Annihilator Posts: 52,891   +344

  9. kenobi575

    kenobi575 TS Rookie Topic Starter Posts: 55

    Sorry about the duplicate reply - for some reason, the first wasn't showing.

    I am on my laptop and have several jump drives. What do you want me to do first?
     
  10. Broni

    Broni Malware Annihilator Posts: 52,891   +344

    Download DDS, GMER, MBAM (plus MBAM manual updates - see my previous message), transfer them to bad computer and run them from safe mode.
     
  11. kenobi575

    kenobi575 TS Rookie Topic Starter Posts: 55

    2 out of 3 ran fine

    Malwarebytes and dds ran without incident - Gmer ran for 5 hours and when finally done- there was no save button so I am letting it run overnight again.

    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2011.12.24.05

    Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 8.0.6001.18702
    Administrator :: ALBERT [administrator]

    12/30/2011 5:51:06 PM
    mbam-log-2011-12-30 (17-51-06).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 280434
    Time elapsed: 14 minute(s), 23 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|jdiNQqhyasYS.exe (Rogue.FakeHDD) -> Data: C:\Documents and Settings\All Users\Application Data\jdiNQqhyasYS.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Documents and Settings\All Users\Application Data\jdiNQqhyasYS.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\4muVHThpnI2nz3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    (end)



    .
    DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
    Run by Administrator at 1:47:22 on 2011-12-31
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1550 [GMT -5:00]
    .
    AV: Norton AntiVirus 2005 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Worm Protection *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\WINDOWS\Explorer.EXE
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = hxxp://www.google.com/ie
    uStart Page = hxxp://www.emachines.com/
    BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: bho2gr Class: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dll
    BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\documents and settings\owner\my documents\norton antivirus\NAVShExt.dll
    BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: BhoMisc Class: {e3578b37-6346-4ec1-a82b-38273a100dcf} - c:\program files\trend micro\trendprotect\msie\wrs.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\documents and settings\owner\my documents\norton antivirus\NAVShExt.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: TrendProtect: {f83be649-1cc3-48ee-b2e2-0826cef3822a} - c:\program files\trend micro\trendprotect\msie\wrs.dll
    TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRunOnce: [NeroHomeFirstStart] "c:\program files\common files\ahead\lib\NMFirstStart.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [vptray] c:\program files\navnt\vptray.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
    mRun: [boinctray] "c:\program files\boinc\boinctray.exe"
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\documents and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
    dPolicies-explorer: NoDesktop = 1 (0x1)
    dPolicies-system: DISABLETASKMGR = 1 (0x1)
    IE: {09EA1F80-F40A-11D1-B792-444553540001} - c:\progra~1\flashs~1\save.htm
    IE: {09EA1F80-F40A-11D1-B792-444553540001}\SOFTWARE
    IE: {09EA1F80-F40A-11D1-B792-444553540001}\SOFTWARE\Classes
    IE: {09EA1F80-F40A-11D1-B792-444553540001}\SOFTWARE\Classes\CLSID
    IE: {09EA1F80-F40A-11D1-B792-444553540001}
    IE: {09EA1F80-F40A-11D1-B792-444553540001}\ProgID
    IE: {722FE9B2-6895-42D9-9984-F4CB26616023}\SOFTWARE
    IE: {722FE9B2-6895-42D9-9984-F4CB26616023}\SOFTWARE\Classes
    IE: {722FE9B2-6895-42D9-9984-F4CB26616023}\SOFTWARE\Classes\CLSID
    IE: {722FE9B2-6895-42D9-9984-F4CB26616023}
    IE: {722FE9B2-6895-42D9-9984-F4CB26616023}\ProgID
    IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - c:\program files\amazon\add to wish list ie extension\run.htm
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\SOFTWARE
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\SOFTWARE\Classes
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\SOFTWARE\Classes\CLSID
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ProgID
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}\SOFTWARE
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}\SOFTWARE\Classes
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}\SOFTWARE\Classes\CLSID
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}\ProgID
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {722FE9B2-6895-42D9-9984-F4CB26616023} - {722FE9B2-6895-42D9-9984-F4CB26616023} - c:\program files\cosmi\perfect pdf creator essentials\pdfshell.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1325033240453
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{8A48CAB4-5DA2-4C89-98E5-C2D712B952E7} : DhcpNameServer = 192.168.1.254
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - c:\program files\trend micro\trendprotect\msie\WRS.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: NavLogon - c:\windows\system32\NavLogon.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    SEH: Internet Shortcut: {fbf23b40-e3f0-101b-8488-00aa003e56f8} - c:\windows\system32\ieframe.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-8-18 116608]
    S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-2-17 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 67664]
    S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-8-13 197752]
    S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-8-13 164984]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-8 136176]
    S2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe -service --> c:\windows\system32\lxeecoms.exe -service [?]
    S2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeeserv.exe [2010-1-24 193192]
    S2 NAVAPEL;NAVAPEL;c:\program files\navnt\Navapel.sys [2001-10-29 9296]
    S2 navapsvc;Norton AntiVirus Auto-Protect Service;"c:\program files\norton antivirus\navapsvc.exe" --> c:\program files\norton antivirus\navapsvc.exe [?]
    S2 Norton AntiVirus Server;Norton AntiVirus Client;c:\program files\navnt\rtvscan.exe [2001-10-29 466944]
    S2 SAVRTPEL;SAVRTPEL;\??\c:\program files\norton antivirus\savrtpel.sys --> c:\program files\norton antivirus\SAVRTPEL.SYS [?]
    S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2004-8-18 66688]
    S2 SnapTHN;SnapTHN;c:\windows\system32\drivers\SNAPTHN.SYS [1998-2-23 31104]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
    S2 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-8-3 177696]
    S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-5-6 191752]
    S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\bw2ndis5.sys --> c:\windows\system32\drivers\BW2NDIS5.sys [?]
    S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-8-13 78968]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-8 136176]
    S3 NAVAP;NAVAP;c:\program files\navnt\navap.sys [2001-10-29 178304]
    S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101013.002\NAVENG.sys [2010-10-15 86064]
    S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101013.002\NAVEX15.sys [2010-10-15 1371184]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-26 14336]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 12872]
    S3 SAVRT;SAVRT;\??\c:\program files\norton antivirus\savrt.sys --> c:\program files\norton antivirus\SAVRT.SYS [?]
    S3 WPEServ;soft Xpansion Print2Document;c:\program files\common files\wpe\wpeserv.exe [2010-11-17 323584]
    S4 SAVScan;SAVScan;"c:\program files\norton antivirus\savscan.exe" --> c:\program files\norton antivirus\SAVScan.exe [?]
    .
    =============== File Associations ===============
    .
    inffile=c:\windows\system32\NOTEPAD.EXE "%1"
    .
    =============== Created Last 30 ================
    .
    2011-12-30 18:06:47 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-12-29 00:41:23 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2011-12-29 00:41:22 94208 ----a-w- c:\windows\system32\GTW32N50.dll
    2011-12-29 00:41:22 31930 ----a-w- c:\windows\system32\GTNDIS3.VXD
    2011-12-29 00:41:22 17992 ----a-w- c:\windows\system32\bcm42rly.sys
    2011-12-29 00:41:22 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
    2011-12-29 00:41:16 -------- d-----w- c:\program files\Linksys
    2011-12-29 00:04:52 -------- d-----w- C:\Wallpaper Master
    2011-12-28 19:40:20 -------- d--h--w- c:\documents and settings\administrator\local settings\application data\Temp
    2011-12-28 19:40:20 -------- d--h--w- c:\documents and settings\administrator\local settings\application data\Adobe
    2011-12-28 18:54:12 -------- d--h--w- c:\documents and settings\administrator\local settings\application data\Symantec
    2011-12-28 08:22:15 -------- d--h--w- c:\documents and settings\administrator\local settings\application data\Identities
    2011-12-28 08:20:46 -------- d--h--w- c:\documents and settings\administrator\application data\Windows Search
    2011-12-28 07:32:56 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
    2011-12-28 07:31:57 -------- d--h--w- c:\documents and settings\administrator\local settings\application data\Opera
    2011-12-27 23:10:44 3038 ----a-w- C:\fix_svchost.bat
    2011-12-27 23:08:26 1266056 ----a-w- C:\WindowsXP-KB927891-v3-x86-ENU.exe
    2011-12-27 23:06:37 6216032 ----a-w- C:\windowsupdateagent30-x86.exe
    2011-12-27 20:01:54 -------- d-----w- c:\windows\system32\GroupPolicy
    2011-12-27 20:01:54 -------- d-----w- c:\program files\Windows Desktop Search
    2011-12-27 20:00:34 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
    2011-12-27 20:00:34 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
    .
    ==================== Find3M ====================
    .
    2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-04 22:58:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2007-03-09 07:12:32 27648 -csha-w- c:\windows\system32\AVSredirect.dll
    .
    ============= FINISH: 1:47:47.17 ===============
     
  12. kenobi575

    kenobi575 TS Rookie Topic Starter Posts: 55

    attach txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/16/2005 6:22:08 PM
    System Uptime: 12/30/2011 6:07:04 PM (7 hours ago)
    .
    Motherboard: First International Computer, Inc. | | K7MNF-64
    Processor: AMD Sempron(tm) 3000+ | Socket A | 1991/166mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 108 GiB total, 64.458 GiB free.
    D: is FIXED (FAT32) - 4 GiB total, 1.673 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is CDROM (CDFS)
    H: is Removable
    I: is Removable
    J: is Removable
    K: is Removable
    L: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    100 Happy Money Screen Saver 3.0
    7-Zip 4.57
    ABBYY FineReader 5.0 Sprint
    ABBYY FineReader 6.0 Sprint
    Absolute Uninstaller 2.5
    Access Drivers
    Acrobat.com
    Active Disk
    Ad-Aware SE Personal
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.0.1)
    Adobe Shockwave Player
    AM-DeadLink 3.1
    Amazon Add to Wish List IE Extension 1.1
    AOL You've Got Pictures Screensaver
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Collage Creator
    ArcSoft PhotoImpression 5
    Asteroids
    Atomic Clock Sync
    Autorun Eater v2.3
    Belarc Advisor 7.2
    BigFix
    Bing Bar
    BOINC
    Bonjour
    Camera Driver
    ccCommon
    CCleaner
    Checkmate
    ClassMaster 4.0
    CleanUp!
    Clock Screen Saver
    Clue
    Combat
    Compact Wireless-G USB Network Adapter with SpeedBooster
    Compatibility Pack for the 2007 Office system
    Coupon Printer for Windows
    D-Fend v2
    Dancing Pagans Screensaver
    Destiny of the Doctors
    Digital Media Reader
    DirectX Media Runtime 5.1
    doPDF 6.2 printer
    Drivers Install For Linksys Easylink Advisor
    DVD Audio Ripper 4
    Easy Video Downloader v. 2.1
    EnGraph QuickTimeKiller
    ESET Online Scanner v3
    ETCR
    FaxTools
    Flash Capture 1.20
    Flash saver
    getPlus(R) for Adobe
    GetRight
    Ghoul's Delight Screen Saver
    GIF Construction Set Professional
    Glarysoft Registry Repair 2.7
    Gliding Balls Screensaver
    Google Earth Plug-in
    Google Toolbar for Internet Explorer
    Google Update Helper
    Graphic Converter 2003
    Halloween Haunting 2003 Screen Saver
    Hampster Dance
    Hieroglyphs Screen Saver
    HijackThis 2.0.2
    HostsMan 3.2.70 Beta6
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    hp deskjet 3600 series
    Icon Snatcher Version 3.6.1
    Icon Viewer 3.5
    Image Eye v7.1
    Innovatools Add/Remove Plus! 5.0
    Internet Worm Protection
    IomegaWare 4.0.2
    iTunes
    Java 2 Runtime Environment, SE v1.4.2
    Java 3D 1.5.2
    Java Auto Updater
    Java(TM) 6 Update 23
    Java(TM) 6 Update 26
    Java(TM) 6 Update 7
    JMV Sorbet
    KC Softwares KCleaner
    Kidware.Net Photo Color
    Kodak EasyShare software
    Korean Language Support
    Lexmark Printable Web
    Lexmark Pro700 Series
    Lexmark Toolbar
    Lexmark X1100 Series
    Linksys EasyLink Advisor 1.6 (0044)
    LiveReg (Symantec Corporation)
    LiveUpdate 2.5 (Symantec Corporation)
    Make-Your-Own-Opoly
    Malwarebytes Anti-Malware version 1.60.0.1800
    Mavericks Casino
    McDougal Littell Test Generator
    MediaFACE II
    Microangelo 98
    Micrografx Picture Publisher 7
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Digital Image Library 10
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Digital Image Pro 10
    Microsoft Digital Image Suite 10
    Microsoft Global IME for Office XP (Korean)
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Money 2004
    Microsoft Money 2004 System Pack
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Publisher 2003
    Microsoft Office XP Professional
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Works
    Microsoft XML Parser
    Missile Command
    Mozilla Firefox 8.0 (x86 en-US)
    Mozilla Thunderbird (2.0.0.17)
    MSConfig CleanUp 1.2
    MyDSC2
    NCR Label Formats for MS Word Setup
    Nero 7 Essentials
    Nero BurnRights
    neroxml
    Netscape Navigator (9.0.0.5)
    Norton AntiVirus Corporate Edition
    Norton AntiVirus Help
    Norton AntiVirus Parent MSI
    Norton WMI Update
    OE-Mail Recovery 1.7.6
    OpenOffice.org 3.1
    Opera 11.51
    Pagan Daybook II
    Pagan Heart Balls Screensaver Screensaver
    Pagan Heart Balls2 Screensaver
    Pagan Heart Faces Screensaver
    PaqRat
    Perfect PDF Creator Essentials
    Picasa 2
    PL-2303 USB-to-Serial
    PlanetDextersLab Screen Saver
    Pop-Up Stopper
    PowerDVD
    Project1 Screensaver
    Quick StartUp 2.3
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Runes the Ancient Oracle
    Safari
    sd_gs_saver1 Screen Saver
    SeaMonkey (1.1.11)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Serandom Screensaver v2
    SereneScreen Aquarium
    She Screen Saver
    SinkSub Pro
    Skype web features
    Skype™ 4.1
    Snappy Video Snapshot 4.0
    SoftV92 Data Fax Modem with SmartCP
    Space Invaders
    SPBBC
    Speccy
    Spellbound
    Spybot - Search & Destroy
    SpywareBlaster 4.5
    SpywareGuard v2.2
    Star Trek: The Game Show
    SUPERAntiSpyware Free Edition
    Symantec
    Symantec Script Blocking Installer
    SymNet
    TomTom HOME 2.8.2.2264
    TomTom HOME Visual Studio Merge Modules
    Trend Micro TrendProtect for Firefox
    Trend Micro TrendProtect for Internet Explorer
    Tweak UI
    Undersea Screensaver
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB971180)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB953356)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    USA Flag
    USB-Flash Disk
    VBGold TurboSplit V.1.2
    VDMSound 2.0.4
    Viewpoint Media Player
    Wallpaper Master Pro v1.51
    WebFldrs XP
    WetLook
    Windows Backup Utility
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Search 4.0
    Windows XP Service Pack 3
    www.UselessCreations.com - Doctor Who 3D Screensaver v1.5
    www.UselessCreations.com - Enterprise 3D Screensaver v1.0
    XP Icon Wars Screensaver
    Xtreme Sound PCI
    Yahoo! Install Manager
    Yahoo! Toolbar
    ZoneAlarm
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/30/2011 6:16:19 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    12/30/2011 6:09:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp AmdK7 amsint asc asc3350p asc3550 BANTExt cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o Fips hpn i2omp ini910u IntelIde mraid35x NetworkX perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 SASDIFSV SASKUTIL sisagp Sparrow symc810 symc8xx SYMTDI sym_hi sym_u3 TosIde ultra viaagp ViaIde
    12/28/2011 7:45:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    12/28/2011 3:29:36 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    12/28/2011 1:58:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    12/27/2011 9:57:12 PM, error: System Error [1003] - Error code 100000d1, parameter1 00006d5b, parameter2 00000002, parameter3 00000000, parameter4 f74ae447.
    12/27/2011 9:11:46 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
    12/27/2011 7:42:50 PM, error: SideBySide [36] - The assembly x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a has missing or invalid files; recovery of this assembly failed.
    12/27/2011 7:42:22 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    12/27/2011 7:23:08 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    12/27/2011 6:27:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ql12160
    12/27/2011 6:27:02 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxeeCATSCustConnectService service to connect.
    12/27/2011 6:27:02 PM, error: Service Control Manager [7000] - The SAVRTPEL service failed to start due to the following error: The system cannot find the path specified.
    12/27/2011 6:27:02 PM, error: Service Control Manager [7000] - The Norton AntiVirus Auto-Protect Service service failed to start due to the following error: The system cannot find the path specified.
    12/27/2011 6:27:02 PM, error: Service Control Manager [7000] - The lxeeCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/27/2011 6:24:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/27/2011 6:18:32 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    12/27/2011 6:17:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 BANTExt Fips IPSec MRxSmb NetBIOS NetBT NetworkX ql12160 RasAcd Rdbss SASDIFSV SASKUTIL SYMTDI Tcpip WS2IFSL
    12/27/2011 6:17:33 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    12/27/2011 6:17:33 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    12/27/2011 6:17:33 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/27/2011 6:17:33 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/27/2011 6:17:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    12/27/2011 2:59:16 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
    12/27/2011 2:54:40 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. .
    12/27/2011 2:54:40 PM, error: SideBySide [59] - Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll. Reference error message: The operation completed successfully. .
    12/27/2011 2:54:40 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.
    12/27/2011 12:53:15 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
    12/27/2011 12:03:41 AM, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified.
    12/27/2011 11:36:33 AM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
    12/27/2011 11:06:39 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK7 BANTExt Fips NetworkX ql12160 SASDIFSV SASKUTIL SYMTDI
    .
    ==== End Of File ===========================
     
  13. kenobi575

    kenobi575 TS Rookie Topic Starter Posts: 55

    Played a hunch - paid off

    I must have run this program six times and somehow got it to run in normal mode - the infection didn't interfere with it, The only thing different is that I wasn't connected to the internet.

    The results were always the same:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-31 02:39:51
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1200BB-00GUA0 rev.08.02D08
    Running: 033ziusx.exe; Driver: C:\DOCUME~1\Admiral\LOCALS~1\Temp\kgtdrpow.sys


    ---- System - GMER 1.0.15 ----

    SSDT 8A3E2700 ZwConnectPort

    ---- Kernel code sections - GMER 1.0.15 ----

    init C:\WINDOWS\System32\Drivers\sunkfilt.sys entry point in "init" section [0xF780F300]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\SearchIndexer.exe[1328] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

    Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
    Device \Driver\AFD \Device\Afd vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

    AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@start 1
    Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@type 1
    Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmhxt.sys
    Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@group file system
    Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSserv
    Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSl
    Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssservers
    Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssmain
    Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
    Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSScfum.dll
    Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssinit
    Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
    Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsbhc.dll
    Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
    Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdv.log
    Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@start 1
    Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@type 1
    Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmhxt.sys
    Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@group file system
    Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSserv
    Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSl
    Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssservers
    Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssmain
    Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
    Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSScfum.dll
    Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssinit
    Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
    Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsbhc.dll
    Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
    Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdv.log
    Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@start 1
    Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@type 1
    Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmhxt.sys
    Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@group file system
    Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmhxt.sys
    Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSofxh.dll
    Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
    Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSnrsr.dll
    Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
    Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSScfum.dll
    Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSfxmp.dll
    Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
    Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsbhc.dll
    Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
    Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdv.log
    Reg HKLM\SOFTWARE\Classes\CLSID\{248FCFB3-5914-AF2C-CCBA-9BB5E3C749D5}\InprocServer32@ C:\Program Files\Common Files\System\ado\msadox.dll
    Reg HKLM\SOFTWARE\Classes\CLSID\{248FCFB3-5914-AF2C-CCBA-9BB5E3C749D5}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{248FCFB3-5914-AF2C-CCBA-9BB5E3C749D5}\ProgID@ ADOX.Catalog.2.8
    Reg HKLM\SOFTWARE\Classes\CLSID\{248FCFB3-5914-AF2C-CCBA-9BB5E3C749D5}\VersionIndependentProgID@ ADOX.Catalog.2.8
    Reg HKLM\SOFTWARE\Classes\CLSID\{A295A4EA-01EC-C1AE-EEC8-26B829332F0C}\MiscStatus@ 512
    Reg HKLM\SOFTWARE\Classes\CLSID\{A295A4EA-01EC-C1AE-EEC8-26B829332F0C}\MiscStatus\1
    Reg HKLM\SOFTWARE\Classes\CLSID\{A295A4EA-01EC-C1AE-EEC8-26B829332F0C}\MiscStatus\1@ 513
    Reg HKLM\SOFTWARE\Classes\CLSID\{A295A4EA-01EC-C1AE-EEC8-26B829332F0C}\Ole1Class@ WordArt
    Reg HKLM\SOFTWARE\Classes\CLSID\{A295A4EA-01EC-C1AE-EEC8-26B829332F0C}\ProgID@ WordArt
    Reg HKLM\SOFTWARE\Classes\CLSID\{A98AF614-3BBB-EE5C-CE93-46851CEC56CF}\InprocServer32@ C:\WINDOWS\system32\OGACheckControl.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{A98AF614-3BBB-EE5C-CE93-46851CEC56CF}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{A98AF614-3BBB-EE5C-CE93-46851CEC56CF}\ProgID@ OGACheckControl.LegitCheck.1
    Reg HKLM\SOFTWARE\Classes\CLSID\{A98AF614-3BBB-EE5C-CE93-46851CEC56CF}\TypeLib@ {3F97F3B0-20C4-4fa9-B081-D5A57718CD42}
    Reg HKLM\SOFTWARE\Classes\CLSID\{A98AF614-3BBB-EE5C-CE93-46851CEC56CF}\VersionIndependentProgID@ OGACheckControl.LegitCheck
    Reg HKLM\SOFTWARE\Classes\CLSID\{B18C4474-3FE3-17F2-B9D7-4BF0A509DA9C}\AutoConvertTo@ {64818D10-4F9B-11CF-86EA-00AA00B929E8}
    Reg HKLM\SOFTWARE\Classes\CLSID\{B18C4474-3FE3-17F2-B9D7-4BF0A509DA9C}\NotInsertable@
    Reg HKLM\SOFTWARE\Classes\CLSID\{B18C4474-3FE3-17F2-B9D7-4BF0A509DA9C}\Ole1Class@ MSPowerPoint
    Reg HKLM\SOFTWARE\Classes\CLSID\{B18C4474-3FE3-17F2-B9D7-4BF0A509DA9C}\ProgID@ MSPowerPoint

    ---- EOF - GMER 1.0.15 ----
     
  14. Broni

    Broni Malware Annihilator Posts: 52,891   +344

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  15. kenobi575

    kenobi575 TS Rookie Topic Starter Posts: 55

    Ran in normal mode

    13:58:20.0984 3444 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
    13:58:21.0015 3444 ============================================================
    13:58:21.0015 3444 Current date / time: 2011/12/31 13:58:21.0015
    13:58:21.0015 3444 SystemInfo:
    13:58:21.0015 3444
    13:58:21.0015 3444 OS Version: 5.1.2600 ServicePack: 3.0
    13:58:21.0015 3444 Product type: Workstation
    13:58:21.0015 3444 ComputerName: ALBERT
    13:58:21.0015 3444 UserName: Admiral
    13:58:21.0015 3444 Windows directory: C:\WINDOWS
    13:58:21.0015 3444 System windows directory: C:\WINDOWS
    13:58:21.0015 3444 Processor architecture: Intel x86
    13:58:21.0015 3444 Number of processors: 1
    13:58:21.0015 3444 Page size: 0x1000
    13:58:21.0015 3444 Boot type: Normal boot
    13:58:21.0015 3444 ============================================================
    13:58:39.0171 3444 Initialize success
    13:58:43.0453 3748 ============================================================
    13:58:43.0453 3748 Scan started
    13:58:43.0453 3748 Mode: Manual;
    13:58:43.0453 3748 ============================================================
    13:58:45.0562 3748 Abiosdsk - ok
    13:58:46.0328 3748 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    13:58:46.0531 3748 abp480n5 - ok
    13:58:47.0343 3748 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    13:58:47.0484 3748 ACPI - ok
    13:58:48.0281 3748 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    13:58:48.0328 3748 ACPIEC - ok
    13:58:49.0015 3748 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    13:58:49.0140 3748 adpu160m - ok
    13:58:49.0968 3748 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    13:58:50.0093 3748 aec - ok
    13:58:50.0734 3748 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    13:58:50.0781 3748 AegisP - ok
    13:58:51.0468 3748 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
    13:58:51.0484 3748 Afc - ok
    13:58:52.0296 3748 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    13:58:52.0546 3748 AFD - ok
    13:58:53.0421 3748 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    13:58:53.0921 3748 agp440 - ok
    13:58:54.0968 3748 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    13:58:55.0031 3748 agpCPQ - ok
    13:58:55.0718 3748 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    13:58:55.0796 3748 Aha154x - ok
    13:58:56.0375 3748 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    13:58:56.0609 3748 aic78u2 - ok
    13:58:57.0421 3748 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    13:58:57.0656 3748 aic78xx - ok
    13:58:58.0468 3748 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    13:58:58.0515 3748 AliIde - ok
    13:58:59.0187 3748 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    13:58:59.0234 3748 alim1541 - ok
    13:58:59.0828 3748 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    13:58:59.0906 3748 amdagp - ok
    13:59:00.0609 3748 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
    13:59:00.0734 3748 AmdK7 - ok
    13:59:01.0531 3748 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    13:59:01.0578 3748 amsint - ok
    13:59:02.0218 3748 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    13:59:02.0390 3748 asc - ok
    13:59:03.0593 3748 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    13:59:03.0859 3748 asc3350p - ok
    13:59:05.0171 3748 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    13:59:05.0625 3748 asc3550 - ok
    13:59:08.0968 3748 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
    13:59:09.0328 3748 Aspi32 - ok
    13:59:10.0125 3748 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    13:59:10.0203 3748 AsyncMac - ok
    13:59:12.0171 3748 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    13:59:12.0171 3748 atapi - ok
    13:59:12.0812 3748 Atdisk - ok
    13:59:13.0578 3748 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    13:59:13.0640 3748 Atmarpc - ok
    13:59:14.0437 3748 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    13:59:14.0453 3748 audstub - ok
    13:59:15.0140 3748 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
    13:59:15.0187 3748 BANTExt - ok
    13:59:15.0875 3748 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    13:59:15.0968 3748 Beep - ok
    13:59:16.0734 3748 BW2NDIS5 - ok
    13:59:17.0375 3748 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    13:59:17.0468 3748 cbidf - ok
    13:59:18.0125 3748 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    13:59:18.0125 3748 cbidf2k - ok
    13:59:18.0781 3748 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    13:59:18.0828 3748 CCDECODE - ok
    13:59:19.0468 3748 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    13:59:19.0531 3748 cd20xrnt - ok
    13:59:20.0328 3748 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    13:59:20.0390 3748 Cdaudio - ok
    13:59:21.0312 3748 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    13:59:21.0406 3748 Cdfs - ok
    13:59:22.0125 3748 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    13:59:22.0203 3748 Cdrom - ok
    13:59:22.0671 3748 Changer - ok
    13:59:23.0687 3748 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    13:59:23.0703 3748 CmdIde - ok
    13:59:24.0968 3748 cmuda3 (e02e0ebbed23d6efbf1300d08d57d7aa) C:\WINDOWS\system32\drivers\cmuda3.sys
    13:59:25.0859 3748 cmuda3 - ok
    13:59:27.0109 3748 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    13:59:27.0140 3748 Cpqarray - ok
    13:59:27.0812 3748 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    13:59:28.0109 3748 dac2w2k - ok
    13:59:28.0750 3748 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    13:59:28.0828 3748 dac960nt - ok
    13:59:30.0078 3748 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    13:59:30.0468 3748 Disk - ok
    13:59:31.0765 3748 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    13:59:32.0093 3748 dmboot - ok
    13:59:32.0781 3748 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    13:59:32.0859 3748 dmio - ok
    13:59:33.0343 3748 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    13:59:33.0375 3748 dmload - ok
    13:59:33.0968 3748 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    13:59:34.0000 3748 DMusic - ok
    13:59:34.0515 3748 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    13:59:34.0578 3748 dpti2o - ok
    13:59:35.0062 3748 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    13:59:35.0078 3748 drmkaud - ok
    13:59:35.0562 3748 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\WINDOWS\system32\DRIVERS\elagopro.sys
    13:59:35.0593 3748 elagopro - ok
    13:59:36.0046 3748 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\elaunidr.sys
    13:59:36.0078 3748 elaunidr - ok
    13:59:36.0640 3748 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    13:59:36.0718 3748 Fastfat - ok
    13:59:37.0218 3748 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    13:59:37.0265 3748 Fdc - ok
    13:59:37.0812 3748 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    13:59:37.0828 3748 Fips - ok
    13:59:38.0296 3748 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    13:59:38.0328 3748 Flpydisk - ok
    13:59:38.0921 3748 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    13:59:38.0984 3748 FltMgr - ok
    13:59:39.0437 3748 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    13:59:39.0468 3748 Fs_Rec - ok
    13:59:39.0968 3748 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    13:59:40.0343 3748 Ftdisk - ok
    13:59:40.0937 3748 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    13:59:40.0953 3748 GEARAspiWDM - ok
    13:59:41.0500 3748 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    13:59:41.0531 3748 Gpc - ok
    13:59:42.0031 3748 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    13:59:42.0062 3748 HidUsb - ok
    13:59:42.0500 3748 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    13:59:42.0562 3748 hpn - ok
    13:59:43.0093 3748 HSFHWBS2 (33dfc0afa95f9a2c753ff2adb7d4a21f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
    13:59:43.0171 3748 HSFHWBS2 - ok
    13:59:44.0000 3748 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
    13:59:44.0343 3748 HSF_DP - ok
    13:59:44.0890 3748 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    13:59:45.0000 3748 HTTP - ok
    13:59:45.0484 3748 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    13:59:45.0500 3748 i2omgmt - ok
    13:59:45.0968 3748 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    13:59:45.0984 3748 i2omp - ok
    13:59:46.0484 3748 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    13:59:46.0531 3748 i8042prt - ok
    13:59:47.0000 3748 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    13:59:47.0031 3748 Imapi - ok
    13:59:47.0468 3748 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    13:59:47.0515 3748 ini910u - ok
    13:59:48.0000 3748 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    13:59:48.0031 3748 IntelIde - ok
    13:59:48.0500 3748 iomdisk (9d7069d72c0c72952f05e1688a5ae89d) C:\WINDOWS\system32\DRIVERS\iomdisk.sys
    13:59:48.0593 3748 iomdisk - ok
    13:59:49.0093 3748 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    13:59:49.0125 3748 Ip6Fw - ok
    13:59:49.0562 3748 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    13:59:49.0656 3748 IpFilterDriver - ok
    13:59:50.0109 3748 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    13:59:50.0140 3748 IpInIp - ok
    13:59:50.0656 3748 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    13:59:50.0671 3748 IpNat - ok
    13:59:51.0171 3748 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    13:59:51.0203 3748 IPSec - ok
    13:59:51.0671 3748 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    13:59:51.0687 3748 IRENUM - ok
    13:59:52.0171 3748 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    13:59:52.0203 3748 isapnp - ok
    13:59:52.0687 3748 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    13:59:52.0718 3748 Kbdclass - ok
    13:59:53.0234 3748 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    13:59:53.0312 3748 kmixer - ok
    13:59:53.0796 3748 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    13:59:53.0843 3748 KSecDD - ok
    13:59:54.0281 3748 lbrtfdc - ok
    13:59:54.0796 3748 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    13:59:54.0812 3748 mdmxsdk - ok
    13:59:55.0250 3748 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    13:59:55.0265 3748 mnmdd - ok
    13:59:55.0765 3748 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    13:59:55.0765 3748 Modem - ok
    13:59:56.0234 3748 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    13:59:56.0250 3748 Mouclass - ok
    13:59:56.0734 3748 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    13:59:56.0750 3748 mouhid - ok
    13:59:57.0234 3748 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    13:59:57.0281 3748 MountMgr - ok
    13:59:57.0812 3748 MR97310_USB_DUAL_CAMERA (d2edba04df4d3e428e1e5dbd217e242a) C:\WINDOWS\system32\DRIVERS\mr97310c.sys
    13:59:57.0875 3748 MR97310_USB_DUAL_CAMERA - ok
    13:59:58.0312 3748 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    13:59:58.0359 3748 mraid35x - ok
    13:59:58.0562 3748 MREMP50 (80b2ec735495823ae5771a5f603e73bd) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
    13:59:58.0593 3748 MREMP50 - ok
    13:59:58.0796 3748 MRESP50 (37d7c22f7e26da90e2d2d260e5d27846) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
    13:59:58.0828 3748 MRESP50 - ok
    13:59:59.0328 3748 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    13:59:59.0406 3748 MRxDAV - ok
    14:00:00.0015 3748 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    14:00:00.0187 3748 MRxSmb - ok
    14:00:00.0671 3748 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    14:00:00.0703 3748 Msfs - ok
    14:00:01.0171 3748 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    14:00:01.0187 3748 MSKSSRV - ok
    14:00:01.0640 3748 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    14:00:01.0656 3748 MSPCLOCK - ok
    14:00:02.0093 3748 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    14:00:02.0125 3748 MSPQM - ok
    14:00:02.0593 3748 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    14:00:02.0593 3748 mssmbios - ok
    14:00:03.0062 3748 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    14:00:03.0078 3748 MSTEE - ok
    14:00:03.0593 3748 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    14:00:03.0640 3748 Mup - ok
    14:00:04.0390 3748 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
    14:00:04.0437 3748 mxnic - ok
    14:00:04.0906 3748 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    14:00:04.0953 3748 NABTSFEC - ok
    14:00:05.0156 3748 NAVAP (511fcccf134f7afc420c041cf1121277) C:\Program Files\NavNT\NAVAP.sys
    14:00:05.0187 3748 NAVAP - ok
    14:00:05.0234 3748 NAVAPEL (299bc2115d8899b89fab5042f3baf466) C:\Program Files\NavNT\NAVAPEL.SYS
    14:00:05.0250 3748 NAVAPEL - ok
    14:00:05.0500 3748 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101013.002\NAVENG.sys
    14:00:05.0515 3748 NAVENG - ok
    14:00:06.0187 3748 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101013.002\NAVEX15.sys
    14:00:06.0218 3748 NAVEX15 - ok
    14:00:06.0750 3748 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    14:00:06.0843 3748 NDIS - ok
    14:00:07.0296 3748 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    14:00:07.0312 3748 NdisIP - ok
    14:00:07.0781 3748 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    14:00:07.0812 3748 NdisTapi - ok
    14:00:08.0281 3748 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    14:00:08.0296 3748 Ndisuio - ok
    14:00:08.0828 3748 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    14:00:08.0890 3748 NdisWan - ok
    14:00:09.0328 3748 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    14:00:09.0359 3748 NDProxy - ok
    14:00:09.0843 3748 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    14:00:09.0875 3748 NetBIOS - ok
    14:00:10.0390 3748 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    14:00:10.0484 3748 NetBT - ok
    14:00:11.0000 3748 NetworkX (50adfab00ed479a87d7964a89578002e) C:\WINDOWS\system32\ckldrv.sys
    14:00:11.0015 3748 NetworkX - ok
    14:00:11.0578 3748 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    14:00:11.0625 3748 Npfs - ok
    14:00:12.0281 3748 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    14:00:12.0500 3748 Ntfs - ok
    14:00:12.0968 3748 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    14:00:12.0984 3748 Null - ok
    14:00:14.0312 3748 nv (c43d9d777d53d668d1fe683947c9ffe1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    14:00:15.0234 3748 nv - ok
    14:00:15.0718 3748 NVENETFD (23297b3c2ff3510e2e760714fc6f094e) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    14:00:15.0750 3748 NVENETFD - ok
    14:00:16.0265 3748 nvnetbus (bcc3722a2db99ad6f367344997c26654) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
    14:00:16.0281 3748 nvnetbus - ok
    14:00:16.0765 3748 nv_agp (3194e2f6c9000c39dcf9d0580754f714) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
    14:00:16.0828 3748 nv_agp - ok
    14:00:17.0296 3748 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    14:00:17.0328 3748 NwlnkFlt - ok
    14:00:17.0781 3748 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    14:00:17.0859 3748 NwlnkFwd - ok
    14:00:18.0343 3748 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
    14:00:18.0375 3748 P3 - ok
    14:00:18.0906 3748 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    14:00:18.0937 3748 Parport - ok
    14:00:19.0421 3748 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    14:00:19.0437 3748 PartMgr - ok
    14:00:19.0921 3748 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    14:00:19.0937 3748 ParVdm - ok
    14:00:20.0421 3748 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    14:00:20.0468 3748 PCI - ok
    14:00:20.0890 3748 PCIDump - ok
    14:00:21.0328 3748 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    14:00:21.0359 3748 PCIIde - ok
    14:00:21.0859 3748 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    14:00:21.0906 3748 Pcmcia - ok
    14:00:22.0343 3748 PDCOMP - ok
    14:00:22.0765 3748 PDFRAME - ok
    14:00:23.0171 3748 PDRELI - ok
    14:00:23.0609 3748 PDRFRAME - ok
    14:00:24.0062 3748 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    14:00:24.0125 3748 perc2 - ok
    14:00:24.0609 3748 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    14:00:24.0625 3748 perc2hib - ok
    14:00:25.0187 3748 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    14:00:25.0218 3748 PptpMiniport - ok
    14:00:25.0718 3748 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    14:00:25.0765 3748 PSched - ok
    14:00:26.0265 3748 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    14:00:26.0296 3748 Ptilink - ok
    14:00:26.0765 3748 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    14:00:26.0812 3748 PxHelp20 - ok
    14:00:27.0296 3748 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    14:00:27.0421 3748 ql1080 - ok
    14:00:27.0890 3748 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    14:00:28.0000 3748 Ql10wnt - ok
    14:00:28.0468 3748 ql12160 (91f5782d2ba3710a227582a3cf3df68c) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    14:00:28.0531 3748 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ql12160.sys. Real md5: 91f5782d2ba3710a227582a3cf3df68c, Fake md5: c33e458143092a9a982666acbcc55ebc
    14:00:28.0531 3748 ql12160 ( ForgedFile.Multi.Generic ) - warning
    14:00:28.0531 3748 ql12160 - detected ForgedFile.Multi.Generic (1)
    14:00:29.0031 3748 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    14:00:29.0140 3748 ql1240 - ok
    14:00:29.0625 3748 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    14:00:29.0796 3748 ql1280 - ok
    14:00:30.0281 3748 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    14:00:30.0296 3748 RasAcd - ok
    14:00:30.0781 3748 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    14:00:30.0828 3748 Rasl2tp - ok
    14:00:31.0312 3748 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    14:00:31.0359 3748 RasPppoe - ok
    14:00:31.0828 3748 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    14:00:31.0859 3748 Raspti - ok
    14:00:32.0390 3748 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    14:00:32.0468 3748 Rdbss - ok
    14:00:32.0953 3748 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    14:00:32.0968 3748 RDPCDD - ok
    14:00:33.0484 3748 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    14:00:33.0562 3748 rdpdr - ok
    14:00:34.0078 3748 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    14:00:34.0140 3748 RDPWD - ok
    14:00:34.0625 3748 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    14:00:34.0671 3748 redbook - ok
    14:00:34.0859 3748 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    14:00:34.0875 3748 SASDIFSV - ok
    14:00:34.0953 3748 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
    14:00:34.0984 3748 SASENUM - ok
    14:00:35.0109 3748 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    14:00:35.0125 3748 SASKUTIL - ok
    14:00:35.0171 3748 SAVRT - ok
    14:00:35.0203 3748 SAVRTPEL - ok
    14:00:35.0703 3748 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    14:00:35.0734 3748 Secdrv - ok
    14:00:36.0203 3748 Ser2pl (6ce397c482bede91a38e56a8c4a0dc6d) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
    14:00:36.0234 3748 Ser2pl - ok
    14:00:36.0703 3748 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    14:00:36.0718 3748 serenum - ok
    14:00:37.0187 3748 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    14:00:37.0234 3748 Serial - ok
    14:00:37.0734 3748 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
    14:00:37.0750 3748 Sfloppy - ok
    14:00:38.0171 3748 Simbad - ok
    14:00:38.0656 3748 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32
     
  16. kenobi575

    kenobi575 TS Rookie Topic Starter Posts: 55

    The rest

    \DRIVERS\sisagp.sys
    14:00:38.0703 3748 sisagp - ok
    14:00:39.0171 3748 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    14:00:39.0203 3748 SLIP - ok
    14:00:39.0671 3748 SnapTHN (95bedff5ee400640cd4347103c764e60) C:\WINDOWS\system32\drivers\SnapTHN.sys
    14:00:39.0687 3748 SnapTHN - ok
    14:00:40.0171 3748 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    14:00:40.0218 3748 Sparrow - ok
    14:00:40.0500 3748 SPBBCDrv (924e82d6dec26f82036e69b8d3f04216) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    14:00:40.0921 3748 SPBBCDrv - ok
    14:00:41.0390 3748 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    14:00:41.0421 3748 splitter - ok
    14:00:41.0906 3748 SQTECH905C (6f6a0307c30b33e65aaf52c46cea2ecd) C:\WINDOWS\system32\Drivers\Capt905c.sys
    14:00:41.0937 3748 SQTECH905C - ok
    14:00:42.0437 3748 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    14:00:42.0484 3748 sr - ok
    14:00:43.0078 3748 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    14:00:43.0203 3748 Srv - ok
    14:00:43.0671 3748 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    14:00:43.0687 3748 streamip - ok
    14:00:44.0171 3748 SunkFilt (9152dc78005a58a17e79390aa0853bb1) C:\WINDOWS\System32\Drivers\sunkfilt.sys
    14:00:44.0171 3748 SunkFilt - ok
    14:00:44.0640 3748 SunkFilt39 (ed67900e1553b2fc56daa64aab4b304f) C:\WINDOWS\System32\Drivers\sunkfilt39.sys
    14:00:44.0765 3748 SunkFilt39 - ok
    14:00:45.0171 3748 Sunkfiltp - ok
    14:00:45.0640 3748 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    14:00:45.0656 3748 swenum - ok
    14:00:46.0156 3748 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    14:00:46.0203 3748 swmidi - ok
    14:00:46.0687 3748 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    14:00:46.0718 3748 symc810 - ok
    14:00:47.0171 3748 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    14:00:47.0265 3748 symc8xx - ok
    14:00:47.0421 3748 SymEvent (9f69e39b58377be1d085a66f3580e58e) C:\Program Files\Symantec\SYMEVENT.SYS
    14:00:47.0453 3748 SymEvent - ok
    14:00:47.0906 3748 SYMREDRV (281f3398b1fd6d9a6bc7c1aed19fce3e) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
    14:00:47.0968 3748 SYMREDRV - ok
    14:00:48.0515 3748 SYMTDI (2d7b6c9da22f54b38843e5a9f99775fc) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
    14:00:48.0546 3748 SYMTDI - ok
    14:00:49.0046 3748 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    14:00:49.0109 3748 sym_hi - ok
    14:00:49.0593 3748 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    14:00:49.0671 3748 sym_u3 - ok
    14:00:50.0171 3748 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    14:00:50.0203 3748 sysaudio - ok
    14:00:50.0812 3748 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    14:00:50.0953 3748 Tcpip - ok
    14:00:51.0437 3748 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    14:00:51.0453 3748 TDPIPE - ok
    14:00:51.0906 3748 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    14:00:51.0937 3748 TDTCP - ok
    14:00:52.0421 3748 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    14:00:52.0453 3748 TermDD - ok
    14:00:52.0968 3748 tmcomm (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys
    14:00:52.0984 3748 tmcomm - ok
    14:00:53.0453 3748 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    14:00:53.0484 3748 TosIde - ok
    14:00:53.0984 3748 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    14:00:54.0015 3748 Udfs - ok
    14:00:54.0515 3748 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    14:00:54.0593 3748 ultra - ok
    14:00:55.0187 3748 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    14:00:55.0328 3748 Update - ok
    14:00:55.0812 3748 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
    14:00:55.0843 3748 USBAAPL - ok
    14:00:56.0328 3748 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    14:00:56.0359 3748 usbccgp - ok
    14:00:56.0843 3748 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    14:00:56.0859 3748 usbehci - ok
    14:00:57.0359 3748 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    14:00:57.0390 3748 usbhub - ok
    14:00:57.0859 3748 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    14:00:57.0890 3748 usbohci - ok
    14:00:58.0359 3748 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    14:00:58.0375 3748 usbprint - ok
    14:00:58.0859 3748 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    14:00:58.0890 3748 usbscan - ok
    14:00:59.0343 3748 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    14:00:59.0343 3748 USBSTOR - ok
    14:00:59.0796 3748 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    14:00:59.0812 3748 usbuhci - ok
    14:01:00.0281 3748 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    14:01:00.0312 3748 VgaSave - ok
    14:01:00.0750 3748 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    14:01:00.0781 3748 viaagp - ok
    14:01:01.0265 3748 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    14:01:01.0281 3748 ViaIde - ok
    14:01:01.0765 3748 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    14:01:01.0796 3748 VolSnap - ok
    14:01:02.0250 3748 vsdatant (319a93514159ab3257c99e77cc7c4310) C:\WINDOWS\system32\vsdatant.sys
    14:01:02.0312 3748 vsdatant - ok
    14:01:02.0781 3748 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    14:01:02.0812 3748 Wanarp - ok
    14:01:03.0234 3748 wanatw - ok
    14:01:03.0671 3748 WDICA - ok
    14:01:04.0171 3748 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    14:01:04.0234 3748 wdmaud - ok
    14:01:04.0921 3748 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    14:01:05.0156 3748 winachsf - ok
    14:01:05.0718 3748 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    14:01:05.0734 3748 WS2IFSL - ok
    14:01:06.0234 3748 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    14:01:06.0265 3748 WSTCODEC - ok
    14:01:06.0734 3748 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    14:01:06.0765 3748 WudfPf - ok
    14:01:07.0250 3748 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    14:01:07.0296 3748 WudfRd - ok
    14:01:07.0375 3748 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0
    14:01:07.0406 3748 \Device\Harddisk0\DR0 - ok
    14:01:07.0437 3748 Boot (0x1200) (0cc2a757558676b7810b24ad6c5242fa) \Device\Harddisk0\DR0\Partition0
    14:01:07.0437 3748 \Device\Harddisk0\DR0\Partition0 - ok
    14:01:07.0453 3748 Boot (0x1200) (8bee8e4b85cc51fa189c2aba7b16fc2a) \Device\Harddisk0\DR0\Partition1
    14:01:07.0453 3748 \Device\Harddisk0\DR0\Partition1 - ok
    14:01:07.0453 3748 ============================================================
    14:01:07.0453 3748 Scan finished
    14:01:07.0453 3748 ============================================================
    14:01:07.0484 3740 Detected object count: 1
    14:01:07.0484 3740 Actual detected object count: 1
    14:01:11.0750 3740 ql12160 ( ForgedFile.Multi.Generic ) - skipped by user
    14:01:11.0750 3740 ql12160 ( ForgedFile.Multi.Generic ) - User select action: Skip
    14:01:53.0781 0152 ============================================================
    14:01:53.0781 0152 Scan started
    14:01:53.0781 0152 Mode: Manual;
    14:01:53.0781 0152 ============================================================
    14:01:54.0296 0152 Abiosdsk - ok
    14:01:54.0750 0152 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    14:01:54.0750 0152 abp480n5 - ok
    14:01:55.0265 0152 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    14:01:55.0265 0152 ACPI - ok
    14:01:55.0718 0152 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    14:01:55.0718 0152 ACPIEC - ok
    14:01:56.0265 0152 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    14:01:56.0281 0152 adpu160m - ok
    14:01:56.0812 0152 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    14:01:56.0828 0152 aec - ok
    14:01:57.0312 0152 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    14:01:57.0312 0152 AegisP - ok
    14:01:57.0812 0152 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
    14:01:57.0828 0152 Afc - ok
    14:01:58.0703 0152 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    14:01:58.0703 0152 AFD - ok
    14:01:59.0484 0152 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    14:01:59.0484 0152 agp440 - ok
    14:02:00.0375 0152 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    14:02:00.0375 0152 agpCPQ - ok
    14:02:01.0125 0152 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    14:02:01.0125 0152 Aha154x - ok
    14:02:01.0859 0152 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    14:02:01.0859 0152 aic78u2 - ok
    14:02:02.0593 0152 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    14:02:02.0593 0152 aic78xx - ok
    14:02:03.0234 0152 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    14:02:03.0234 0152 AliIde - ok
    14:02:04.0421 0152 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    14:02:04.0421 0152 alim1541 - ok
    14:02:05.0656 0152 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    14:02:05.0656 0152 amdagp - ok
    14:02:06.0343 0152 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
    14:02:06.0343 0152 AmdK7 - ok
    14:02:07.0171 0152 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    14:02:07.0171 0152 amsint - ok
    14:02:07.0890 0152 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    14:02:07.0906 0152 asc - ok
    14:02:08.0812 0152 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    14:02:08.0812 0152 asc3350p - ok
    14:02:09.0765 0152 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    14:02:09.0765 0152 asc3550 - ok
    14:02:10.0625 0152 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
    14:02:10.0640 0152 Aspi32 - ok
    14:02:11.0312 0152 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    14:02:11.0312 0152 AsyncMac - ok
    14:02:12.0140 0152 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    14:02:12.0140 0152 atapi - ok
    14:02:12.0734 0152 Atdisk - ok
    14:02:13.0484 0152 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    14:02:13.0484 0152 Atmarpc - ok
    14:02:14.0046 0152 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    14:02:14.0046 0152 audstub - ok
    14:02:14.0593 0152 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
    14:02:14.0593 0152 BANTExt - ok
    14:02:15.0171 0152 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    14:02:15.0171 0152 Beep - ok
    14:02:15.0640 0152 BW2NDIS5 - ok
    14:02:16.0171 0152 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    14:02:16.0171 0152 cbidf - ok
    14:02:16.0593 0152 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    14:02:16.0609 0152 cbidf2k - ok
    14:02:17.0062 0152 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    14:02:17.0062 0152 CCDECODE - ok
    14:02:17.0500 0152 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    14:02:17.0500 0152 cd20xrnt - ok
    14:02:17.0953 0152 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    14:02:17.0968 0152 Cdaudio - ok
    14:02:18.0453 0152 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    14:02:18.0453 0152 Cdfs - ok
    14:02:18.0937 0152 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    14:02:18.0953 0152 Cdrom - ok
    14:02:19.0375 0152 Changer - ok
    14:02:19.0828 0152 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    14:02:19.0828 0152 CmdIde - ok
    14:02:20.0890 0152 cmuda3 (e02e0ebbed23d6efbf1300d08d57d7aa) C:\WINDOWS\system32\drivers\cmuda3.sys
    14:02:20.0921 0152 cmuda3 - ok
    14:02:21.0390 0152 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    14:02:21.0390 0152 Cpqarray - ok
    14:02:21.0843 0152 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    14:02:21.0843 0152 dac2w2k - ok
    14:02:22.0281 0152 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    14:02:22.0281 0152 dac960nt - ok
    14:02:22.0781 0152 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    14:02:22.0781 0152 Disk - ok
    14:02:23.0500 0152 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    14:02:23.0500 0152 dmboot - ok
    14:02:24.0015 0152 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    14:02:24.0015 0152 dmio - ok
    14:02:24.0468 0152 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    14:02:24.0468 0152 dmload - ok
    14:02:24.0937 0152 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    14:02:24.0937 0152 DMusic - ok
    14:02:25.0375 0152 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    14:02:25.0375 0152 dpti2o - ok
    14:02:25.0875 0152 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    14:02:25.0875 0152 drmkaud - ok
    14:02:26.0359 0152 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\WINDOWS\system32\DRIVERS\elagopro.sys
    14:02:26.0359 0152 elagopro - ok
    14:02:26.0843 0152 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\elaunidr.sys
    14:02:26.0843 0152 elaunidr - ok
    14:02:27.0359 0152 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    14:02:27.0359 0152 Fastfat - ok
    14:02:27.0859 0152 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    14:02:27.0859 0152 Fdc - ok
    14:02:28.0328 0152 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    14:02:28.0328 0152 Fips - ok
    14:02:28.0796 0152 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    14:02:28.0796 0152 Flpydisk - ok
    14:02:29.0328 0152 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    14:02:29.0328 0152 FltMgr - ok
    14:02:29.0765 0152 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    14:02:29.0765 0152 Fs_Rec - ok
    14:02:30.0218 0152 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    14:02:30.0218 0152 Ftdisk - ok
    14:02:30.0687 0152 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    14:02:30.0687 0152 GEARAspiWDM - ok
    14:02:31.0171 0152 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    14:02:31.0171 0152 Gpc - ok
    14:02:31.0671 0152 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    14:02:31.0671 0152 HidUsb - ok
    14:02:32.0125 0152 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    14:02:32.0125 0152 hpn - ok
    14:02:32.0656 0152 HSFHWBS2 (33dfc0afa95f9a2c753ff2adb7d4a21f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
    14:02:32.0656 0152 HSFHWBS2 - ok
    14:02:33.0500 0152 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
    14:02:33.0515 0152 HSF_DP - ok
    14:02:34.0062 0152 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    14:02:34.0062 0152 HTTP - ok
    14:02:34.0531 0152 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    14:02:34.0531 0152 i2omgmt - ok
    14:02:35.0000 0152 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    14:02:35.0000 0152 i2omp - ok
    14:02:35.0500 0152 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    14:02:35.0500 0152 i8042prt - ok
    14:02:35.0984 0152 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    14:02:35.0984 0152 Imapi - ok
    14:02:36.0437 0152 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    14:02:36.0437 0152 ini910u - ok
    14:02:36.0906 0152 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    14:02:36.0906 0152 IntelIde - ok
    14:02:37.0375 0152 iomdisk (9d7069d72c0c72952f05e1688a5ae89d) C:\WINDOWS\system32\DRIVERS\iomdisk.sys
    14:02:37.0375 0152 iomdisk - ok
    14:02:37.0859 0152 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    14:02:37.0859 0152 Ip6Fw - ok
    14:02:38.0328 0152 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    14:02:38.0328 0152 IpFilterDriver - ok
    14:02:38.0781 0152 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    14:02:38.0781 0152 IpInIp - ok
    14:02:39.0265 0152 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    14:02:39.0265 0152 IpNat - ok
    14:02:39.0765 0152 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    14:02:39.0765 0152 IPSec - ok
    14:02:40.0234 0152 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    14:02:40.0234 0152 IRENUM - ok
    14:02:40.0703 0152 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    14:02:40.0703 0152 isapnp - ok
    14:02:41.0203 0152 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    14:02:41.0203 0152 Kbdclass - ok
    14:02:41.0734 0152 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    14:02:41.0734 0152 kmixer - ok
    14:02:42.0250 0152 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    14:02:42.0250 0152 KSecDD - ok
    14:02:42.0671 0152 lbrtfdc - ok
    14:02:43.0171 0152 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    14:02:43.0171 0152 mdmxsdk - ok
    14:02:43.0625 0152 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    14:02:43.0625 0152 mnmdd - ok
    14:02:44.0125 0152 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    14:02:44.0125 0152 Modem - ok
    14:02:44.0609 0152 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    14:02:44.0609 0152 Mouclass - ok
    14:02:45.0078 0152 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    14:02:45.0078 0152 mouhid - ok
    14:02:45.0562 0152 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    14:02:45.0562 0152 MountMgr - ok
    14:02:46.0078 0152 MR97310_USB_DUAL_CAMERA (d2edba04df4d3e428e1e5dbd217e242a) C:\WINDOWS\system32\DRIVERS\mr97310c.sys
    14:02:46.0078 0152 MR97310_USB_DUAL_CAMERA - ok
    14:02:46.0515 0152 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    14:02:46.0515 0152 mraid35x - ok
    14:02:46.0687 0152 MREMP50 (80b2ec735495823ae5771a5f603e73bd) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
    14:02:46.0703 0152 MREMP50 - ok
    14:02:46.0765 0152 MRESP50 (37d7c22f7e26da90e2d2d260e5d27846) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
    14:02:46.0765 0152 MRESP50 - ok
    14:02:47.0265 0152 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    14:02:47.0265 0152 MRxDAV - ok
    14:02:47.0875 0152 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    14:02:47.0890 0152 MRxSmb - ok
    14:02:48.0375 0152 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    14:02:48.0375 0152 Msfs - ok
    14:02:48.0843 0152 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    14:02:48.0843 0152 MSKSSRV - ok
    14:02:49.0296 0152 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    14:02:49.0296 0152 MSPCLOCK - ok
    14:02:49.0750 0152 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    14:02:49.0750 0152 MSPQM - ok
    14:02:50.0203 0152 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    14:02:50.0203 0152 mssmbios - ok
    14:02:50.0656 0152 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    14:02:50.0656 0152 MSTEE - ok
    14:02:51.0156 0152 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    14:02:51.0156 0152 Mup - ok
    14:02:51.0609 0152 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
    14:02:51.0609 0152 mxnic - ok
    14:02:52.0093 0152 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    14:02:52.0093 0152 NABTSFEC - ok
    14:02:52.0281 0152 NAVAP (511fcccf134f7afc420c041cf1121277) C:\Program Files\NavNT\NAVAP.sys
    14:02:52.0296 0152 NAVAP - ok
    14:02:52.0343 0152 NAVAPEL (299bc2115d8899b89fab5042f3baf466) C:\Program Files\NavNT\NAVAPEL.SYS
    14:02:52.0343 0152 NAVAPEL - ok
    14:02:52.0578 0152 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101013.002\NAVENG.sys
    14:02:52.0578 0152 NAVENG - ok
    14:02:53.0265 0152 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101013.002\NAVEX15.sys
    14:02:53.0281 0152 NAVEX15 - ok
    14:02:53.0812 0152 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    14:02:53.0828 0152 NDIS - ok
    14:02:54.0281 0152 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    14:02:54.0281 0152 NdisIP - ok
    14:02:54.0750 0152 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    14:02:54.0750 0152 NdisTapi - ok
    14:02:55.0234 0152 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    14:02:55.0234 0152 Ndisuio - ok
    14:02:55.0734 0152 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    14:02:55.0734 0152 NdisWan - ok
    14:02:56.0203 0152 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    14:02:56.0203 0152 NDProxy - ok
    14:02:56.0687 0152 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    14:02:56.0687 0152 NetBIOS - ok
    14:02:57.0203 0152 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    14:02:57.0203 0152 NetBT - ok
    14:02:57.0640 0152 NetworkX (50adfab00ed479a87d7964a89578002e) C:\WINDOWS\system32\ckldrv.sys
    14:02:57.0640 0152 NetworkX - ok
    14:02:58.0156 0152 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    14:02:58.0156 0152 Npfs - ok
    14:02:58.0781 0152 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    14:02:58.0796 0152 Ntfs - ok
    14:02:59.0296 0152 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    14:02:59.0296 0152 Null - ok
    14:03:00.0609 0152 nv (c43d9d777d53d668d1fe683947c9ffe1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    14:03:00.0640 0152 nv - ok
    14:03:01.0125 0152 NVENETFD (23297b3c2ff3510e2e760714fc6f094e) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    14:03:01.0125 0152 NVENETFD - ok
    14:03:01.0593 0152 nvnetbus (bcc3722a2db99ad6f367344997c26654) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
    14:03:01.0593 0152 nvnetbus - ok
    14:03:02.0078 0152 nv_agp (3194e2f6c9000c39dcf9d0580754f714) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
    14:03:02.0078 0152 nv_agp - ok
    14:03:02.0562 0152 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    14:03:02.0562 0152 NwlnkFlt - ok
    14:03:03.0015 0152 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    14:03:03.0015 0152 NwlnkFwd - ok
    14:03:03.0500 0152 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
    14:03:03.0500 0152 P3 - ok
    14:03:04.0000 0152 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    14:03:04.0000 0152 Parport - ok
    14:03:04.0500 0152 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    14:03:04.0500 0152 PartMgr - ok
    14:03:04.0953 0152 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    14:03:04.0953 0152 ParVdm - ok
    14:03:05.0453 0152 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    14:03:05.0453 0152 PCI - ok
    14:03:05.0875 0152 PCIDump - ok
    14:03:06.0343 0152 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    14:03:06.0343 0152 PCIIde - ok
    14:03:06.0843 0152 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    14:03:06.0843 0152 Pcmcia - ok
    14:03:07.0250 0152 PDCOMP - ok
    14:03:07.0671 0152 PDFRAME - ok
    14:03:08.0093 0152 PDRELI - ok
    14:03:08.0531 0152 PDRFRAME - ok
    14:03:09.0015 0152 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    14:03:09.0015 0152 perc2 - ok
    14:03:09.0546 0152 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    14:03:09.0546 0152 perc2hib - ok
    14:03:10.0109 0152 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    14:03:10.0109 0152 PptpMiniport - ok
    14:03:10.0625 0152 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    14:03:10.0640 0152 PSched - ok
    14:03:11.0109 0152 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    14:03:11.0109 0152 Ptilink - ok
    14:03:11.0609 0152 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    14:03:11.0609 0152 PxHelp20 - ok
    14:03:12.0078 0152 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    14:03:12.0093 0152 ql1080 - ok
    14:03:12.0578 0152 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    14:03:12.0578 0152 Ql10wnt - ok
    14:03:13.0062 0152 ql12160 (91f5782d2ba3710a227582a3cf3df68c) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    14:03:13.0062 0152 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ql12160.sys. Real md5: 91f5782d2ba3710a227582a3cf3df68c, Fake md5: c33e458143092a9a982666acbcc55ebc
    14:03:13.0062 0152 ql12160 ( ForgedFile.Multi.Generic ) - warning
    14:03:13.0062 0152 ql12160 - detected ForgedFile.Multi.Generic (1)
    14:03:13.0531 0152 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    14:03:13.0531 0152 ql1240 - ok
    14:03:14.0015 0152 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    14:03:14.0015 0152 ql1280 - ok
    14:03:14.0500 0152 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    14:03:14.0500 0152 RasAcd - ok
    14:03:14.0984 0152 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    14:03:14.0984 0152 Rasl2tp - ok
    14:03:15.0484 0152 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    14:03:15.0484 0152 RasPppoe - ok
    14:03:15.0968 0152 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    14:03:15.0968 0152 Raspti - ok
    14:03:16.0515 0152 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    14:03:16.0515 0152 Rdbss - ok
    14:03:16.0984 0152 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    14:03:16.0984 0152 RDPCDD - ok
    14:03:17.0515 0152 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    14:03:17.0531 0152 rdpdr - ok
    14:03:18.0015 0152 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    14:03:18.0015 0152 RDPWD - ok
    14:03:18.0484 0152 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    14:03:18.0484 0152 redbook - ok
    14:03:18.0687 0152 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    14:03:18.0687 0152 SASDIFSV - ok
    14:03:18.0765 0152 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
    14:03:18.0765 0152 SASENUM - ok
    14:03:18.0859 0152 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    14:03:18.0859 0152 SASKUTIL - ok
    14:03:18.0890 0152 SAVRT - ok
    14:03:18.0921 0152 SAVRTPEL - ok
    14:03:19.0406 0152 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    14:03:19.0406 0152 Secdrv - ok
    14:03:19.0875 0152 Ser2pl (6ce397c482bede91a38e56a8c4a0dc6d) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
    14:03:19.0875 0152 Ser2pl - ok
    14:03:20.0343 0152 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    14:03:20.0343 0152 serenum - ok
    14:03:20.0828 0152 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    14:03:20.0843 0152 Serial - ok
    14:03:21.0312 0152 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
    14:03:21.0312 0152 Sfloppy - ok
    14:03:21.0750 0152 Simbad - ok
    14:03:22.0218 0152 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    14:03:22.0218 0152 sisagp - ok
    14:03:22.0703 0152 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    14:03:22.0703 0152 SLIP - ok
    14:03:23.0171 0152 SnapTHN (95bedff5ee400640cd4347103c764e60) C:\WINDOWS\system32\drivers\SnapTHN.sys
    14:03:23.0171 0152 SnapTHN - ok
    14:03:23.0656 0152 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    14:03:23.0656 0152 Sparrow - ok
    14:03:23.0937 0152 SPBBCDrv (924e82d6dec26f82036e69b8d3f04216) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    14:03:23.0953 0152 SPBBCDrv - ok
    14:03:24.0406 0152 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    14:03:24.0406 0152 splitter - ok
    14:03:24.0890 0152 SQTECH905C (6f6a0307c30b33e65aaf52c46cea2ecd) C:\WINDOWS\system32\Drivers\Capt905c.sys
    14:03:24.0890 0152 SQTECH905C - ok
    14:03:25.0375 0152 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    14:03:25.0375 0152 sr - ok
    14:03:25.0953 0152 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    14:03:25.0953 0152 Srv - ok
    14:03:26.0437 0152 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    14:03:26.0437 0152 streamip - ok
    14:03:26.0906 0152 SunkFilt (9152dc78005a58a17e79390aa0853bb1) C:\WINDOWS\System32\Drivers\sunkfilt.sys
    14:03:26.0906 0152 SunkFilt - ok
    14:03:27.0375 0152 SunkFilt39 (ed67900e1553b2fc56daa64aab4b304f) C:\WINDOWS\System32\Drivers\sunkfilt39.sys
    14:03:27.0375 0152 SunkFilt39 - ok
    14:03:27.0781 0152 Sunkfiltp - ok
    14:03:28.0250 0152 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    14:03:28.0250 0152 swenum - ok
    14:03:28.0750 0152 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    14:03:28.0750 0152 swmidi - ok
    14:03:29.0218 0152 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    14:03:29.0218 0152 symc810 - ok
    14:03:29.0734 0152 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    14:03:29.0734 0152 symc8xx - ok
    14:03:29.0890 0152 SymEvent (9f69e39b58377be1d085a66f3580e58e) C:\Program Files\Symantec\SYMEVENT.SYS
    14:03:29.0890 0152 SymEvent - ok
    14:03:30.0343 0152 SYMREDRV (281f3398b1fd6d9a6bc7c1aed19fce3e) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
    14:03:30.0343 0152 SYMREDRV - ok
    14:03:30.0875 0152 SYMTDI (2d7b6c9da22f54b38843e5a9f99775fc) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
    14:03:30.0890 0152 SYMTDI - ok
    14:03:31.0359 0152 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    14:03:31.0359 0152 sym_hi - ok
    14:03:31.0843 0152 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    14:03:31.0843 0152 sym_u3 - ok
    14:03:32.0328 0152 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    14:03:32.0328 0152 sysaudio - ok
    14:03:32.0906 0152 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    14:03:32.0921 0152 Tcpip - ok
    14:03:33.0390 0152 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    14:03:33.0390 0152 TDPIPE - ok
    14:03:33.0843 0152 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    14:03:33.0843 0152 TDTCP - ok
    14:03:34.0312 0152 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    14:03:34.0312 0152 TermDD - ok
    14:03:34.0828 0152 tmcomm (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys
    14:03:34.0828 0152 tmcomm - ok
    14:03:35.0296 0152 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    14:03:35.0296 0152 TosIde - ok
    14:03:35.0828 0152 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    14:03:35.0828 0152 Udfs - ok
    14:03:36.0312 0152 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    14:03:36.0328 0152 ultra - ok
    14:03:36.0921 0152 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    14:03:36.0937 0152 Update - ok
    14:03:37.0421 0152 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
    14:03:37.0421 0152 USBAAPL - ok
    14:03:37.0875 0152 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    14:03:37.0875 0152 usbccgp - ok
    14:03:38.0359 0152 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    14:03:38.0359 0152 usbehci - ok
    14:03:38.0843 0152 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    14:03:38.0859 0152 usbhub - ok
    14:03:39.0312 0152 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    14:03:39.0312 0152 usbohci - ok
    14:03:39.0796 0152 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    14:03:39.0796 0152 usbprint - ok
    14:03:40.0265 0152 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    14:03:40.0265 0152 usbscan - ok
    14:03:40.0750 0152 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    14:03:40.0750 0152 USBSTOR - ok
    14:03:41.0203 0152 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    14:03:41.0203 0152 usbuhci - ok
    14:03:41.0656 0152 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    14:03:41.0656 0152 VgaSave - ok
    14:03:42.0140 0152 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    14:03:42.0140 0152 viaagp - ok
    14:03:42.0625 0152 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    14:03:42.0625 0152 ViaIde - ok
    14:03:43.0109 0152 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    14:03:43.0109 0152 VolSnap - ok
    14:03:43.0562 0152 vsdatant (319a93514159ab3257c99e77cc7c4310) C:\WINDOWS\system32\vsdatant.sys
    14:03:43.0562 0152 vsdatant - ok
    14:03:44.0062 0152 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    14:03:44.0062 0152 Wanarp - ok
    14:03:44.0500 0152 wanatw - ok
    14:03:44.0921 0152 WDICA - ok
    14:03:45.0390 0152 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    14:03:45.0390 0152 wdmaud - ok
    14:03:46.0109 0152 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    14:03:46.0125 0152 winachsf - ok
    14:03:46.0671 0152 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    14:03:46.0671 0152 WS2IFSL - ok
    14:03:47.0140 0152 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    14:03:47.0156 0152 WSTCODEC - ok
    14:03:47.0640 0152 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    14:03:47.0640 0152 WudfPf - ok
    14:03:48.0125 0152 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    14:03:48.0125 0152 WudfRd - ok
    14:03:48.0203 0152 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0
    14:03:48.0234 0152 \Device\Harddisk0\DR0 - ok
    14:03:48.0265 0152 Boot (0x1200) (0cc2a757558676b7810b24ad6c5242fa) \Device\Harddisk0\DR0\Partition0
    14:03:48.0265 0152 \Device\Harddisk0\DR0\Partition0 - ok
    14:03:48.0265 0152 Boot (0x1200) (8bee8e4b85cc51fa189c2aba7b16fc2a) \Device\Harddisk0\DR0\Partition1
    14:03:48.0265 0152 \Device\Harddisk0\DR0\Partition1 - ok
    14:03:48.0281 0152 ============================================================
    14:03:48.0281 0152 Scan finished
    14:03:48.0281 0152 ============================================================
    14:03:48.0312 2020 Detected object count: 1
    14:03:48.0312 2020 Actual detected object count: 1
    14:03:57.0515 2020 ql12160 ( ForgedFile.Multi.Generic ) - skipped by user
    14:03:57.0515 2020 ql12160 ( ForgedFile.Multi.Generic ) - User select action: Skip
    14:04:38.0187 3376 Deinitialize success
     
  17. Broni

    Broni Malware Annihilator Posts: 52,891   +344

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.

    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  18. kenobi575

    kenobi575 TS Rookie Topic Starter Posts: 55

    What about Spybot and Spywareblaster? they are not in the list.
     
  19. Broni

    Broni Malware Annihilator Posts: 52,891   +344

    If you're running Spybot...

    Disable TeaTimer, as it'll interfere with the cleaning process:
    Right click Spybot's TeaTimer System Tray Icon.
    Click Exit Spybot-S&D Resident.
    TeaTimer closes.
    NOTE. If on re-boot, Spybot inquires about registry change(s), allow it.

    Alternatively, I suggest, you uninstall Spybot since it's a tool of the past.
     
  20. kenobi575

    kenobi575 TS Rookie Topic Starter Posts: 55

    Norton Antivirus 2005 remnant

    I've run into an old problem; when I replaced Norton Antivirus 2005 - it stubbornly refused to go. I had gotten most of it out but a last bit remained and would not allow me to remove it. It did not bother the new antivirus so I left it.

    Now combofix sees it and wants me to disable it - issue is there is nothing to disable that I can get at. I tried add/remove programs and ccleaner's uninstaller.

    It says I must go through that program's msi or setup but none of that remains.I can run it at my own risk but thought to ask first.
     
  21. Broni

    Broni Malware Annihilator Posts: 52,891   +344

    Go ahead with Combofix anyway.

    I still need aswMBR log first.
     
  22. kenobi575

    kenobi575 TS Rookie Topic Starter Posts: 55

    Played another hunch

    That remnant has been there for years and I remember a previous occasion where combofix was used to fix an infection without incident.
    here is the log:
    ComboFix 11-12-31.03 - Admiral 12/31/2011 18:54:47.4.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1475 [GMT -5:00]
    Running from: c:\documents and settings\Admiral\Desktop\ComboFix.exe
    AV: Norton AntiVirus 2005 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Worm Protection *Enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\Favorites\Thumbs.db
    c:\documents and settings\Administrator\WINDOWS
    c:\documents and settings\Admiral\Favorites\Thumbs.db
    c:\documents and settings\Admiral\WINDOWS
    c:\documents and settings\All Users\Application Data\4muVHThpnI2nz3
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\SPL33F.tmp
    c:\documents and settings\Corina.ALBERT\Favorites\Thumbs.db
    c:\documents and settings\Corina.ALBERT\WINDOWS
    c:\documents and settings\Corina\Favorites\Thumbs.db
    c:\documents and settings\Corina\WINDOWS
    c:\documents and settings\Default User\WINDOWS
    c:\documents and settings\Guest\Favorites\Thumbs.db
    c:\documents and settings\Guest\WINDOWS
    c:\program files\CouponAlert_2pEI
    c:\windows\desktop
    c:\windows\system32\config\systemprofile\WINDOWS
    c:\windows\system32\SET101.tmp
    c:\windows\system32\SET6B.tmp
    c:\windows\system32\SET6D.tmp
    c:\windows\system32\SET6F.tmp
    c:\windows\system32\SET71.tmp
    c:\windows\system32\SET74.tmp
    c:\windows\system32\SET80.tmp
    c:\windows\system32\SET82.tmp
    c:\windows\system32\SETEA.tmp
    c:\windows\system32\SETF0.tmp
    c:\windows\system32\SETF3.tmp
    c:\windows\system32\SETFF.tmp
    c:\windows\system32\SYSTem~1.dll
    c:\windows\system32\systemhook.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-01 to 2012-01-01 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-30 18:59 . 2012-01-01 00:12 -------- d-----w- c:\documents and settings\Admiral
    2011-12-30 18:06 . 2011-12-30 18:06 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-12-29 00:41 . 2011-12-29 00:41 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2011-12-29 00:41 . 2005-02-01 23:18 17992 ----a-w- c:\windows\system32\bcm42rly.sys
    2011-12-29 00:41 . 2003-10-13 20:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll
    2011-12-29 00:41 . 2003-09-26 04:28 31930 ----a-w- c:\windows\system32\GTNDIS3.VXD
    2011-12-29 00:41 . 2003-09-26 03:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
    2011-12-29 00:41 . 2011-12-29 00:41 -------- d-----w- c:\program files\Linksys
    2011-12-29 00:41 . 2011-12-29 00:41 -------- d--h--w- c:\documents and settings\Administrator\Application Data\InstallShield
    2011-12-29 00:04 . 2011-12-29 00:04 -------- d-----w- C:\Wallpaper Master
    2011-12-28 19:40 . 2011-12-28 19:40 -------- d--h--w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
    2011-12-28 19:40 . 2011-12-28 19:40 -------- d--h--w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
    2011-12-28 18:54 . 2011-12-28 18:54 -------- d--h--w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
    2011-12-28 08:22 . 2011-12-28 08:22 -------- d--h--w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
    2011-12-28 08:20 . 2011-12-28 08:20 -------- d--h--w- c:\documents and settings\Administrator\Application Data\Windows Search
    2011-12-28 07:32 . 2011-12-28 07:32 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2011-12-28 07:31 . 2011-12-28 07:31 -------- d--h--w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera
    2011-12-27 23:10 . 2011-12-27 23:10 3038 ----a-w- C:\fix_svchost.bat
    2011-12-27 23:08 . 2011-12-27 23:08 1266056 ----a-w- C:\WindowsXP-KB927891-v3-x86-ENU.exe
    2011-12-27 23:06 . 2011-12-27 23:06 6216032 ----a-w- C:\windowsupdateagent30-x86.exe
    2011-12-27 20:01 . 2011-12-27 20:01 -------- d-----w- c:\program files\Windows Desktop Search
    2011-12-27 20:01 . 2011-12-27 20:01 -------- d-----w- c:\windows\system32\GroupPolicy
    2011-12-27 20:00 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
    2011-12-27 20:00 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
    2011-12-27 19:41 . 2011-12-27 19:41 -------- d--h--w- c:\documents and settings\LocalService\Local Settings\Application Data\Identities
    2011-12-27 19:04 . 2011-12-27 19:04 -------- d--h--w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-10 20:24 . 2009-03-15 21:27 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-04 22:58 . 2011-05-15 17:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-23 13:25 . 2004-08-26 16:12 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-04 19:20 . 2004-08-26 16:12 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2004-08-26 16:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2004-08-26 16:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23 . 2004-08-26 16:11 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-01 16:07 . 2004-08-26 16:12 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2004-08-26 16:11 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:33 . 2004-08-26 16:12 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52 . 2004-08-04 05:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-18 11:13 . 2004-08-26 16:11 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-10-10 14:22 . 2004-08-26 18:01 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-11-11 14:24 . 2011-09-18 13:04 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2007-03-26 18:17 . 2008-07-04 18:05 149008 ----a-w- c:\program files\mozilla firefox\components\WRSForFireFox.dll
    2007-03-09 07:12 27648 -csha-w- c:\windows\system32\AVSredirect.dll
    .
    Code:
    <pre>
    c:\program files\Misc Programs\ELFBOW .exe
    </pre>
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-12 4112384]
    "vptray"="c:\program files\NavNT\vptray.exe" [2001-10-31 73728]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "boincmgr"="c:\program files\BOINC\boincmgr.exe" [2011-07-28 4514992]
    "boinctray"="c:\program files\BOINC\boinctray.exe" [2011-07-28 70832]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-12-27 113024]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2010-08-18 23:28 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /r \??\J:\0autocheck autochk *
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
    2007-03-15 21:16 454784 ----a-w- c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "Deskup"=c:\program files\Iomega\DriveIcons\deskup.exe /IMGSTART
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\WINDOWS\\system32\\lxeecoms.exe"=
    "c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Opera\\opera.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 0 (0x0)
    .
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2009 10:43 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 10:43 AM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/18/2010 6:28 PM 116608]
    R2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe -service --> c:\windows\system32\lxeecoms.exe -service [?]
    R2 SnapTHN;SnapTHN;c:\windows\system32\drivers\SNAPTHN.SYS [2/23/1998 5:56 PM 31104]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/22/2011 7:21 AM 92592]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/8/2010 10:17 PM 136176]
    S2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeeserv.exe [1/24/2010 3:40 PM 193192]
    S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [5/6/2011 10:03 AM 191752]
    S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/8/2010 10:17 PM 136176]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/26/2004 11:12 AM 14336]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 10:43 AM 12872]
    S3 WPEServ;soft Xpansion Print2Document;c:\program files\Common Files\WPE\wpeserv.exe [11/17/2010 1:16 PM 323584]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - PROCEXP100
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
    .
    2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 03:17]
    .
    2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 03:17]
    .
    2011-12-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2287679051-2000395447-3454571231-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
    .
    2011-12-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2287679051-2000395447-3454571231-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
    .
    2005-01-20 c:\windows\Tasks\Symantec NetDetect.job
    - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-01-20 01:26]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.emachines.com/
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{8A48CAB4-5DA2-4C89-98E5-C2D712B952E7}: DhcpNameServer = 192.168.1.254
    FF - ProfilePath -
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-31 19:24
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet006\Services\Iomega Activity Disk2]
    "ImagePath"="\"\""
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(644)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\NavLogon.dll
    .
    Completion time: 2011-12-31 19:35:58
    ComboFix-quarantined-files.txt 2012-01-01 00:35
    .
    Pre-Run: 66,883,989,504 bytes free
    Post-Run: 67,768,606,720 bytes free
    .
    - - End Of File - - CFC38660B5FAB1D9ADCEE9E76E7D7C9C
     
  23. kenobi575

    kenobi575 TS Rookie Topic Starter Posts: 55

    MBR log

    aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-31 15:10:20
    -----------------------------
    15:10:20.796 OS Version: Windows 5.1.2600 Service Pack 3
    15:10:20.796 Number of processors: 1 586 0xA00
    15:10:20.796 ComputerName: ALBERT UserName:
    15:10:23.406 Initialize success
    15:10:42.203 AVAST engine download error: 0
    15:10:45.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    15:10:45.062 Disk 0 Vendor: WDC_WD1200BB-00GUA0 08.02D08 Size: 114473MB BusType: 3
    15:10:45.093 Disk 0 MBR read successfully
    15:10:45.093 Disk 0 MBR scan
    15:10:45.109 Disk 0 unknown MBR code
    15:10:45.125 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 110658 MB offset 7791525
    15:10:45.140 Disk 0 Partition 2 00 0B FAT32 RECOVERY 3804 MB offset 63
    15:10:45.171 Disk 0 scanning sectors +234420480
    15:10:45.265 Disk 0 scanning C:\WINDOWS\system32\drivers
    15:11:31.828 Service scanning
    15:11:37.890 Service vsdatant C:\WINDOWS\system32\vsdatant.sys **LOCKED** 32
    15:11:38.484 Modules scanning
    15:12:17.031 Disk 0 trace - called modules:
    15:12:17.453 ntoskrnl.exe CLASSPNP.SYS disk.sys iomdisk.sys hal.dll ACPI.sys atapi.sys pciide.sys
    15:12:17.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa94ab8]
    15:12:17.484 3 CLASSPNP.SYS[f76a7fd7] -> nt!IofCallDriver -> [0x8aaf8d78]
    15:12:17.515 5 iomdisk.sys[f777fbc3] -> nt!IofCallDriver -> \Device\00000091[0x8ab241f8]
    15:12:17.531 7 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aaa1d98]
    15:12:17.546 Scan finished successfully
    15:12:53.828 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
    15:12:53.859 The log file has been saved successfully to "C:\aswMBR.txt"


    aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-31 19:45:27
    -----------------------------
    19:45:27.937 OS Version: Windows 5.1.2600 Service Pack 3
    19:45:27.937 Number of processors: 1 586 0xA00
    19:45:27.937 ComputerName: ALBERT UserName:
    19:45:29.609 Initialize success
    19:45:40.921 AVAST engine download error: 0
    19:46:10.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    19:46:10.796 Disk 0 Vendor: WDC_WD1200BB-00GUA0 08.02D08 Size: 114473MB BusType: 3
    19:46:10.828 Disk 0 MBR read successfully
    19:46:10.843 Disk 0 MBR scan
    19:46:10.843 Disk 0 unknown MBR code
    19:46:10.859 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 110658 MB offset 7791525
    19:46:10.875 Disk 0 Partition 2 00 0B FAT32 RECOVERY 3804 MB offset 63
    19:46:10.890 Disk 0 scanning sectors +234420480
    19:46:11.000 Disk 0 scanning C:\WINDOWS\system32\drivers
    19:46:32.625 Service scanning
    19:46:37.265 Service vsdatant C:\WINDOWS\system32\vsdatant.sys **LOCKED** 32
    19:46:37.796 Modules scanning
    19:47:10.046 Disk 0 trace - called modules:
    19:47:10.093 ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys iomdisk.sys hal.dll ACPI.sys atapi.sys pciide.sys
    19:47:10.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aacfab8]
    19:47:10.125 3 CLASSPNP.SYS[f76a7fd7] -> nt!IofCallDriver -> [0x8aa92d78]
    19:47:10.156 5 iomdisk.sys[f777fbc3] -> nt!IofCallDriver -> \Device\0000008e[0x8ab1ef18]
    19:47:10.171 7 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ab05d98]
    19:47:10.187 Scan finished successfully
    19:47:31.468 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
    19:47:31.500 The log file has been saved successfully to "C:\aswMBR.txt"
     
  24. Broni

    Broni Malware Annihilator Posts: 52,891   +344

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    SecCenter::
    {E10A9785-9598-4754-B552-92431C1C35F8}
    {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
    
    RenV::
    c:\program files\Misc Programs\ELFBOW .exe
    
    
    Folder::
    c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  25. kenobi575

    kenobi575 TS Rookie Topic Starter Posts: 55

    Here is is

    ComboFix 11-12-31.03 - Admiral 12/31/2011 20:14:52.5.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1334 [GMT -5:00]
    Running from: c:\documents and settings\Admiral\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Admiral\Desktop\CFScript.txt
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
    c:\documents and settings\Administrator\Local Settings\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Logs\12282011.Log
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-01 to 2012-01-01 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-30 18:59 . 2012-01-01 00:12 -------- d-----w- c:\documents and settings\Admiral
    2011-12-30 18:06 . 2011-12-30 18:06 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-12-29 00:41 . 2011-12-29 00:41 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2011-12-29 00:41 . 2005-02-01 23:18 17992 ----a-w- c:\windows\system32\bcm42rly.sys
    2011-12-29 00:41 . 2003-10-13 20:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll
    2011-12-29 00:41 . 2003-09-26 04:28 31930 ----a-w- c:\windows\system32\GTNDIS3.VXD
    2011-12-29 00:41 . 2003-09-26 03:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
    2011-12-29 00:41 . 2011-12-29 00:41 -------- d-----w- c:\program files\Linksys
    2011-12-29 00:41 . 2011-12-29 00:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
    2011-12-29 00:04 . 2011-12-29 00:04 -------- d-----w- C:\Wallpaper Master
    2011-12-28 19:40 . 2011-12-28 19:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
    2011-12-28 19:40 . 2011-12-28 19:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
    2011-12-28 08:22 . 2011-12-28 08:22 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
    2011-12-28 08:20 . 2011-12-28 08:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
    2011-12-28 07:32 . 2011-12-28 07:32 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2011-12-28 07:31 . 2011-12-28 07:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera
    2011-12-27 23:10 . 2011-12-27 23:10 3038 ----a-w- C:\fix_svchost.bat
    2011-12-27 23:08 . 2011-12-27 23:08 1266056 ----a-w- C:\WindowsXP-KB927891-v3-x86-ENU.exe
    2011-12-27 23:06 . 2011-12-27 23:06 6216032 ----a-w- C:\windowsupdateagent30-x86.exe
    2011-12-27 20:01 . 2011-12-27 20:01 -------- d-----w- c:\program files\Windows Desktop Search
    2011-12-27 20:01 . 2011-12-27 20:01 -------- d-----w- c:\windows\system32\GroupPolicy
    2011-12-27 20:00 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
    2011-12-27 20:00 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
    2011-12-27 19:41 . 2011-12-27 19:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Identities
    2011-12-27 19:04 . 2011-12-27 19:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-10 20:24 . 2009-03-15 21:27 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-04 22:58 . 2011-05-15 17:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-23 13:25 . 2004-08-26 16:12 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-04 19:20 . 2004-08-26 16:12 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2004-08-26 16:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2004-08-26 16:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23 . 2004-08-26 16:11 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-01 16:07 . 2004-08-26 16:12 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2004-08-26 16:11 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:33 . 2004-08-26 16:12 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52 . 2004-08-04 05:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-18 11:13 . 2004-08-26 16:11 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-10-10 14:22 . 2004-08-26 18:01 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-11-11 14:24 . 2011-09-18 13:04 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2007-03-26 18:17 . 2008-07-04 18:05 149008 ----a-w- c:\program files\mozilla firefox\components\WRSForFireFox.dll
    2007-03-09 07:12 27648 -csha-w- c:\windows\system32\AVSredirect.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-12 4112384]
    "vptray"="c:\program files\NavNT\vptray.exe" [2001-10-31 73728]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "boincmgr"="c:\program files\BOINC\boincmgr.exe" [2011-07-28 4514992]
    "boinctray"="c:\program files\BOINC\boinctray.exe" [2011-07-28 70832]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-12-27 113024]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2010-08-18 23:28 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /r \??\J:\0autocheck autochk *
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
    2007-03-15 21:16 454784 ----a-w- c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "Deskup"=c:\program files\Iomega\DriveIcons\deskup.exe /IMGSTART
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\WINDOWS\\system32\\lxeecoms.exe"=
    "c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Opera\\opera.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 0 (0x0)
    .
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2009 10:43 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 10:43 AM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/18/2010 6:28 PM 116608]
    R2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe -service --> c:\windows\system32\lxeecoms.exe -service [?]
    R2 SnapTHN;SnapTHN;c:\windows\system32\drivers\SNAPTHN.SYS [2/23/1998 5:56 PM 31104]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/22/2011 7:21 AM 92592]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/8/2010 10:17 PM 136176]
    S2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeeserv.exe [1/24/2010 3:40 PM 193192]
    S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [5/6/2011 10:03 AM 191752]
    S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/8/2010 10:17 PM 136176]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/26/2004 11:12 AM 14336]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 10:43 AM 12872]
    S3 WPEServ;soft Xpansion Print2Document;c:\program files\Common Files\WPE\wpeserv.exe [11/17/2010 1:16 PM 323584]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - aswMBR
    *Deregistered* - PROCEXP100
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
    .
    2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 03:17]
    .
    2012-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 03:17]
    .
    2011-12-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2287679051-2000395447-3454571231-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
    .
    2011-12-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2287679051-2000395447-3454571231-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
    .
    2005-01-20 c:\windows\Tasks\Symantec NetDetect.job
    - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-01-20 01:26]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.emachines.com/
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{8A48CAB4-5DA2-4C89-98E5-C2D712B952E7}: DhcpNameServer = 192.168.1.254
    FF - ProfilePath -
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-31 20:25
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet006\Services\Iomega Activity Disk2]
    "ImagePath"="\"\""
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(644)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\NavLogon.dll
    .
    Completion time: 2011-12-31 20:30:15
    ComboFix-quarantined-files.txt 2012-01-01 01:30
    ComboFix2.txt 2012-01-01 00:35
    .
    Pre-Run: 67,793,670,144 bytes free
    Post-Run: 67,765,325,824 bytes free
    .
    - - End Of File - - F87BD0D6D4A784802D0E99571E2FEC98
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...