TechSpot

Hard drive cluster/system check virus

Solved
By MONALOVE80
Jan 19, 2012
  1. I Did a system restore on my computer on the Jan. 16th ended up with a virus I assume is called system check. I used my anti-virus software called CA Security System, which detected about 9 virus. Then I started getting error messages such as the hard drive cluster error message and how my ram memory was extremely low.

    Today I googled what exactly this type of error message was because I thought I needed new ram memory. I found out it was a virus through this website. I already had Malwarebytes installed on my computer and was in the process of running a full scan when I came across the the five step removal. After the scan finished i began removing the virus and immediately had to shut down and system check started popping up as well. When I restarted my computer my background was blue with no icons. So, i immediately shut down and went into safe mode. I hope you can help me walk through this removal process because I don't want to damage my computer in the process.
  2. MONALOVE80

    MONALOVE80 TS Member Topic Starter Posts: 38

    MBAM-log

    This is what I got from malware:

    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.19.03

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Mona :: MONIQUE [administrator]

    1/19/2012 11:26:23 AM
    mbam-log-2012-01-19 (11-26-23).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 334177
    Time elapsed: 1 hour(s), 43 minute(s), 55 second(s)

    Memory Processes Detected: 3
    C:\Documents and Settings\All Users\Application Data\gfUomFNvRQL.exe (Trojan.FakeAV) -> 2112 -> Delete on reboot.
    C:\Documents and Settings\All Users\Application Data\gfUomFNvRQL.exe (Trojan.FakeAV) -> 5944 -> Delete on reboot.
    C:\Documents and Settings\All Users\Application Data\EX45vFk6aoeoSF.exe (Rogue.FakeAlert) -> 5320 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|gfUomFNvRQL.exe (Trojan.FakeAV) -> Data: C:\Documents and Settings\All Users\Application Data\gfUomFNvRQL.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Documents and Settings\All Users\Application Data\gfUomFNvRQL.exe (Trojan.FakeAV) -> Delete on reboot.
    C:\Documents and Settings\All Users\Application Data\EX45vFk6aoeoSF.exe (Rogue.FakeAlert) -> Delete on reboot.

    (end)
  3. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  4. MONALOVE80

    MONALOVE80 TS Member Topic Starter Posts: 38

    Hi Broni,

    This is the results from GMER:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-01-19 15:06:00
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD5000AAKS-75V0A0 rev.05.01D05
    Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kfldypog.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A7E32C6
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A7E32C6
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A7E32C6
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8A7E32C6
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8A7E32C6

    ---- EOF - GMER 1.0.15 ----
  5. MONALOVE80

    MONALOVE80 TS Member Topic Starter Posts: 38

    In step 4 it states After downloading the tool, disable any script blocking protection.

    How would I find and do this?
  6. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Do you run Spybot or Windows Defender?
  7. MONALOVE80

    MONALOVE80 TS Member Topic Starter Posts: 38

    Nope. So I can just continue then?
  8. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Yes.............
  9. MONALOVE80

    MONALOVE80 TS Member Topic Starter Posts: 38

    DDS-log

    .
    DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
    Internet Explorer: 8.0.6001.18702
    Run by Administrator at 15:28:35 on 2012-01-19
    .
    ============== Running Processes ===============
    .
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.dell.com/
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: CA Anti-Phishing Toolbar Helper: {45011cf5-e4a9-4f13-9093-f30a784eb9b2} - c:\program files\ca\ca internet security suite\ca anti-phishing\toolbar\caIEToolbar.dll
    BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\prxtbZyn2.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\prxtbZyn2.dll
    TB: CA Anti-Phishing Toolbar: {0123b506-0ad9-43aa-b0cf-916c122ad4c5} - c:\program files\ca\ca internet security suite\ca anti-phishing\toolbar\caIEToolbar.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [PMX Daemon] ICO.EXE
    mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [Optimum Online net guide] "c:\program files\optimum online\Netsurf.exe" -trayicon
    mRun: [lxdumon.exe] "c:\program files\lexmark 5600-6600 series\lxdumon.exe"
    mRun: [lxduamon] "c:\program files\lexmark 5600-6600 series\lxduamon.exe"
    mRun: [Lexmark 5600-6600 Series Fax Server] "c:\program files\lexmark 5600-6600 series\fm3032.exe" /s
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
    mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
    mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
    mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
    mRun: [LoadMSvcmm] "c:\program files\blockbuster\blockbustermovielink\Movielink User.exe"
    mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\documents and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    dPolicies-system: DisableTaskMgr = 1 (0x1)
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: c:\windows\system32\winsflt.dll
    LSP: c:\windows\system32\VetRedir.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
    TCP: Interfaces\{EFEF9639-8120-46E7-BD1A-AEF26EF609D2} : DhcpNameServer = 167.206.254.1 167.206.254.2
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
    AppInit_DLLs: UmxSbxExw.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\x69pucg2.default\
    .
    ============= SERVICES / DRIVERS ===============
    .
    .
    =============== Created Last 30 ================
    .
    2012-01-19 16:20:51 -------- d-----w- c:\documents and settings\all users\application data\PCDr
    2012-01-19 16:18:23 -------- d-----w- c:\program files\Dell Support Center
    2012-01-16 20:33:41 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-16 19:17:05 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2012-01-16 19:17:05 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-01-16 16:42:52 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Mozilla
    .
    ==================== Find3M ====================
    .
    2011-12-25 00:19:30 9072 ----a-w- c:\windows\system32\drivers\28046
    2011-11-23 13:29:56 1868544 ----a-w- c:\windows\system32\win32k.sys
    2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
    2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD5000AAKS-75V0A0 rev.05.01D05 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A7E349F]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a7ea738]; MOV EAX, [0x8a7ea8ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8ADF0AB8]
    3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\0000006f[0x8AE37DF8]
    5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E13B9] -> [0x8ADF3940]
    \Driver\atapi[0x8ADC5380] -> IRP_MJ_CREATE -> 0x8A7E349F
    error: Read A device attached to the system is not functioning.
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
    detected disk devices:
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x8A7E32C6
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 15:29:33.75 ===============
  10. MONALOVE80

    MONALOVE80 TS Member Topic Starter Posts: 38

    Attach-log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    .
    ==== Disk Partitions =========================
    .
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    .
    ABBYY FineReader 6.0 Sprint
    Accidental Damage Services Agreement
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.5
    AntiPhishing
    APH placeholder
    ATI Catalyst Control Center
    ATI Display Driver
    AudibleManager
    BlackBerry Desktop Software 6.0.1
    BlackBerry Device Software v5.0.0 for the BlackBerry 9550 smartphone
    BlackBerry USB Drivers
    BLOCKBUSTER Movielink
    CA Anti-Virus Plus
    CA Backup and Migration
    CA Internet Security Suite
    CA Parental Controls
    CA Personal Firewall
    Carbonite Online Backup Setup
    CDDRV_Installer
    Conexant D850 PCI V.92 Modem
    Creative MediaSource 5
    Creative Removable Disk Manager
    Creative System Information
    Creative ZEN Vision M Series
    Dell Driver Reset Tool
    Dell Support Center
    Digital Line Detect
    DNAMigrator
    GoToAssist Corporate
    GPS Image Tracker
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB953955)
    Hotfix for Windows XP (KB954434)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB958347)
    Hotfix for Windows XP (KB959252)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB968764)
    Hotfix for Windows XP (KB969084)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) PRO Network Connections Drivers
    Java Auto Updater
    Java(TM) 6 Update 20
    K-Lite Codec Pack 4.7.0 (Full)
    KhalInstallWrapper
    Lexmark 5600-6600 Series
    Lexmark Printable Web
    Lexmark Toolbar
    Lexmark Tools for Office
    Logitech SetPoint
    Malwarebytes Anti-Malware version 1.60.0.1800
    McAfee SiteAdvisor
    MegaStat 9.1
    MegaStat Excel 2007
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Modem Diagnostic Tool
    Mouse Suite for Desktop Computers
    Mozilla Firefox 8.0.1 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser (KB973685)
    MSXML 6.0 Parser (KB927977)
    muvee Reveal Seagate Edition
    Netwaiting
    Optimum Online net guide
    Picture Package Music Transfer
    Professor Answers
    Professor Teaches Access 2007
    Professor Teaches Accounting Fundamentals
    Professor Teaches Business Planning
    Professor Teaches Excel 2007
    Professor Teaches Excel 2007 Advanced
    Professor Teaches Outlook 2007
    Professor Teaches PowerPoint 2007
    Professor Teaches PowerPoint 2007 Advanced
    Professor Teaches QuickBooks 2010
    Professor Teaches Word 2007
    Professor Teaches Word 2007 Advanced
    Qurb
    Realtek High Definition Audio Driver
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    SAMSUNG USB Driver for Mobile Phones
    Seagate Manager Installer
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB2497640)
    Security Update for Windows Internet Explorer 7 (KB2530548)
    Security Update for Windows Internet Explorer 7 (KB2544521)
    Security Update for Windows Internet Explorer 7 (KB2559049)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2483614)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Sony Picture Utility
    Sony USB Driver
    Times Reader
    Typing Quick & Easy
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951618-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB980182)
    V CAST Music with Rhapsody
    WebEx
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 10 Hotfix - KB895316
    Windows Media Player 11
    Windows Presentation Foundation
    XML Paper Specification Shared Components Pack 1.0
    ZENcast Organizer
    Zynga Toolbar
    .
    ==== End Of File ===========================
  11. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Run the tool listed below and then restart in normal mode and see how things are.

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  12. MONALOVE80

    MONALOVE80 TS Member Topic Starter Posts: 38

    TDSSKILLER-log

    In normal mode my computer background is still blue, my desktop has no icons, and my start up menu is missing features. Took me a moment to figure out how to access my computer since there's no icon and it wasn't in the start menu.

    Here's the log info:
    17:04:01.0562 1928 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
    17:04:01.0734 1928 ============================================================
    17:04:01.0734 1928 Current date / time: 2012/01/19 17:04:01.0734
    17:04:01.0734 1928 SystemInfo:
    17:04:01.0734 1928
    17:04:01.0734 1928 OS Version: 5.1.2600 ServicePack: 3.0
    17:04:01.0734 1928 Product type: Workstation
    17:04:01.0734 1928 ComputerName: MONIQUE
    17:04:01.0734 1928 UserName: Administrator
    17:04:01.0734 1928 Windows directory: C:\WINDOWS
    17:04:01.0734 1928 System windows directory: C:\WINDOWS
    17:04:01.0734 1928 Processor architecture: Intel x86
    17:04:01.0734 1928 Number of processors: 2
    17:04:01.0734 1928 Page size: 0x1000
    17:04:01.0734 1928 Boot type: Safe boot with network
    17:04:01.0734 1928 ============================================================
    17:04:03.0750 1928 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    17:04:03.0906 1928 Initialize success
    17:04:13.0390 1248 ============================================================
    17:04:13.0390 1248 Scan started
    17:04:13.0390 1248 Mode: Manual;
    17:04:13.0390 1248 ============================================================
    17:04:14.0406 1248 23084 (34804da52276661c31422b5b98edbeb7) C:\WINDOWS\system32\DRIVERS\23084
    17:04:14.0406 1248 23084 - ok
    17:04:14.0421 1248 23236 (34804da52276661c31422b5b98edbeb7) C:\WINDOWS\system32\DRIVERS\23236
    17:04:14.0421 1248 23236 - ok
    17:04:14.0453 1248 28046 (34804da52276661c31422b5b98edbeb7) C:\WINDOWS\system32\DRIVERS\28046
    17:04:14.0453 1248 28046 - ok
    17:04:14.0468 1248 4135 (34804da52276661c31422b5b98edbeb7) C:\WINDOWS\system32\DRIVERS\4135
    17:04:14.0468 1248 4135 - ok
    17:04:14.0484 1248 Abiosdsk - ok
    17:04:14.0500 1248 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    17:04:14.0500 1248 abp480n5 - ok
    17:04:14.0531 1248 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    17:04:14.0546 1248 ACPI - ok
    17:04:14.0546 1248 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    17:04:14.0546 1248 ACPIEC - ok
    17:04:14.0562 1248 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    17:04:14.0562 1248 adpu160m - ok
    17:04:14.0609 1248 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    17:04:14.0609 1248 aec - ok
    17:04:14.0640 1248 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    17:04:14.0640 1248 AFD - ok
    17:04:14.0656 1248 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    17:04:14.0656 1248 agp440 - ok
    17:04:14.0671 1248 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    17:04:14.0671 1248 agpCPQ - ok
    17:04:14.0687 1248 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    17:04:14.0687 1248 Aha154x - ok
    17:04:14.0703 1248 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    17:04:14.0703 1248 aic78u2 - ok
    17:04:14.0718 1248 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    17:04:14.0718 1248 aic78xx - ok
    17:04:14.0750 1248 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    17:04:14.0750 1248 AliIde - ok
    17:04:14.0765 1248 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    17:04:14.0765 1248 alim1541 - ok
    17:04:14.0796 1248 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    17:04:14.0796 1248 amdagp - ok
    17:04:14.0828 1248 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    17:04:14.0828 1248 amsint - ok
    17:04:14.0843 1248 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    17:04:14.0843 1248 asc - ok
    17:04:14.0859 1248 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    17:04:14.0859 1248 asc3350p - ok
    17:04:14.0875 1248 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    17:04:14.0875 1248 asc3550 - ok
    17:04:14.0921 1248 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    17:04:14.0921 1248 AsyncMac - ok
    17:04:14.0937 1248 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    17:04:14.0937 1248 atapi - ok
    17:04:14.0953 1248 Atdisk - ok
    17:04:15.0031 1248 ati2mtag (b63516824da0d8b9ad136e6e044a795f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    17:04:15.0078 1248 ati2mtag - ok
    17:04:15.0125 1248 AtiHdmiService (eaece4a0d90d6e1fbe068cce9efd73a0) C:\WINDOWS\system32\drivers\AtiHdmi.sys
    17:04:15.0125 1248 AtiHdmiService - ok
    17:04:15.0140 1248 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    17:04:15.0140 1248 Atmarpc - ok
    17:04:15.0171 1248 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    17:04:15.0171 1248 audstub - ok
    17:04:15.0203 1248 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    17:04:15.0203 1248 Beep - ok
    17:04:15.0250 1248 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    17:04:15.0250 1248 cbidf - ok
    17:04:15.0265 1248 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    17:04:15.0265 1248 cbidf2k - ok
    17:04:15.0281 1248 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    17:04:15.0281 1248 cd20xrnt - ok
    17:04:15.0312 1248 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    17:04:15.0328 1248 Cdaudio - ok
    17:04:15.0343 1248 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    17:04:15.0343 1248 Cdfs - ok
    17:04:15.0359 1248 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    17:04:15.0359 1248 Cdrom - ok
    17:04:15.0359 1248 Changer - ok
    17:04:15.0406 1248 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    17:04:15.0406 1248 CmdIde - ok
    17:04:15.0437 1248 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    17:04:15.0437 1248 Cpqarray - ok
    17:04:15.0500 1248 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    17:04:15.0500 1248 dac2w2k - ok
    17:04:15.0500 1248 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    17:04:15.0500 1248 dac960nt - ok
    17:04:15.0531 1248 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    17:04:15.0531 1248 Disk - ok
    17:04:15.0578 1248 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    17:04:15.0578 1248 dmboot - ok
    17:04:15.0593 1248 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    17:04:15.0593 1248 dmio - ok
    17:04:15.0609 1248 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    17:04:15.0609 1248 dmload - ok
    17:04:15.0671 1248 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    17:04:15.0671 1248 DMusic - ok
    17:04:15.0687 1248 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    17:04:15.0687 1248 dpti2o - ok
    17:04:15.0718 1248 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    17:04:15.0718 1248 drmkaud - ok
    17:04:15.0750 1248 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
    17:04:15.0765 1248 e1express - ok
    17:04:15.0812 1248 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    17:04:15.0812 1248 Fastfat - ok
    17:04:15.0843 1248 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    17:04:15.0843 1248 Fdc - ok
    17:04:15.0875 1248 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    17:04:15.0875 1248 Fips - ok
    17:04:15.0890 1248 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    17:04:15.0890 1248 Flpydisk - ok
    17:04:15.0906 1248 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    17:04:15.0906 1248 FltMgr - ok
    17:04:15.0937 1248 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    17:04:15.0937 1248 Fs_Rec - ok
    17:04:15.0953 1248 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    17:04:15.0953 1248 Ftdisk - ok
    17:04:16.0000 1248 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    17:04:16.0000 1248 Gpc - ok
    17:04:16.0015 1248 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    17:04:16.0015 1248 HDAudBus - ok
    17:04:16.0062 1248 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    17:04:16.0062 1248 hidusb - ok
    17:04:16.0093 1248 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    17:04:16.0093 1248 hpn - ok
    17:04:16.0125 1248 HSFHWBS2 (ac04fc91b57b27086ccf02086fd3f4cb) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
    17:04:16.0125 1248 HSFHWBS2 - ok
    17:04:16.0156 1248 HSF_DPV (f362c0b442337da8ab0608dfaa4ca076) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
    17:04:16.0156 1248 HSF_DPV - ok
    17:04:16.0187 1248 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    17:04:16.0187 1248 HTTP - ok
    17:04:16.0203 1248 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    17:04:16.0203 1248 i2omgmt - ok
    17:04:16.0234 1248 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    17:04:16.0234 1248 i2omp - ok
    17:04:16.0250 1248 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys
    17:04:16.0250 1248 iaStor - ok
    17:04:16.0296 1248 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    17:04:16.0296 1248 Imapi - ok
    17:04:16.0343 1248 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    17:04:16.0343 1248 ini910u - ok
    17:04:16.0453 1248 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    17:04:16.0500 1248 IntcAzAudAddService - ok
    17:04:16.0531 1248 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    17:04:16.0531 1248 IntelIde - ok
    17:04:16.0546 1248 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    17:04:16.0546 1248 intelppm - ok
    17:04:16.0578 1248 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    17:04:16.0578 1248 Ip6Fw - ok
    17:04:16.0578 1248 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    17:04:16.0578 1248 IpFilterDriver - ok
    17:04:16.0625 1248 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    17:04:16.0625 1248 IpInIp - ok
    17:04:16.0656 1248 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    17:04:16.0656 1248 IpNat - ok
    17:04:16.0671 1248 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    17:04:16.0671 1248 IPSec - ok
    17:04:16.0703 1248 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    17:04:16.0703 1248 IRENUM - ok
    17:04:16.0734 1248 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    17:04:16.0734 1248 isapnp - ok
    17:04:16.0796 1248 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    17:04:16.0796 1248 Kbdclass - ok
    17:04:16.0812 1248 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    17:04:16.0812 1248 kbdhid - ok
    17:04:16.0859 1248 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    17:04:16.0859 1248 kmixer - ok
    17:04:16.0890 1248 KmxAgent (3fdcb245744b046e7f5bd4b15c71025d) C:\WINDOWS\system32\DRIVERS\kmxagent.sys
    17:04:16.0890 1248 KmxAgent - ok
    17:04:16.0906 1248 KmxAMRT (eadf1e9d9b766a8d18ddf5896fbc7541) C:\WINDOWS\system32\DRIVERS\KmxAMRT.sys
    17:04:16.0906 1248 KmxAMRT - ok
    17:04:16.0937 1248 KmxCF (eca0d72d15841a7ac721189fb2bbb6c8) C:\WINDOWS\system32\DRIVERS\KmxCF.sys
    17:04:16.0937 1248 KmxCF - ok
    17:04:16.0953 1248 KmxCfg (06ae46da804a9986c7bcb4c172d6f5fb) C:\WINDOWS\system32\DRIVERS\kmxcfg.sys
    17:04:16.0968 1248 KmxCfg - ok
    17:04:16.0968 1248 KmxFile (0df04c9968510eeef3b3cf0df31c3b64) C:\WINDOWS\system32\DRIVERS\KmxFile.sys
    17:04:16.0968 1248 KmxFile - ok
    17:04:17.0000 1248 KmxFw (251a2f47e13a48aa95d8514a71b46306) C:\WINDOWS\system32\DRIVERS\kmxfw.sys
    17:04:17.0000 1248 KmxFw - ok
    17:04:17.0031 1248 KmxSbx (4717df0f6bcab33009d4034be2245642) C:\WINDOWS\system32\DRIVERS\KmxSbx.sys
    17:04:17.0031 1248 KmxSbx - ok
    17:04:17.0046 1248 KmxStart (3b4cf5b51d3f3e594aa96d6931e0b372) C:\WINDOWS\system32\DRIVERS\kmxstart.sys
    17:04:17.0046 1248 KmxStart - ok
    17:04:17.0078 1248 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    17:04:17.0078 1248 KSecDD - ok
    17:04:17.0109 1248 LBeepKE (6a61ba203ba8de6d5f9ca4fe5aecf0a1) C:\WINDOWS\system32\Drivers\LBeepKE.sys
    17:04:17.0109 1248 LBeepKE - ok
    17:04:17.0125 1248 lbrtfdc - ok
    17:04:17.0171 1248 LHidFilt (3fa98339e8d9e007726be62f231e2015) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
    17:04:17.0171 1248 LHidFilt - ok
    17:04:17.0203 1248 LMouFilt (f259f758e04d8fb8d48c6cdbe45223e8) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
    17:04:17.0203 1248 LMouFilt - ok
    17:04:17.0234 1248 MCSTRM - ok
    17:04:17.0281 1248 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    17:04:17.0281 1248 mdmxsdk - ok
    17:04:17.0296 1248 mnegmu - ok
    17:04:17.0328 1248 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    17:04:17.0328 1248 mnmdd - ok
    17:04:17.0343 1248 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    17:04:17.0343 1248 Modem - ok
    17:04:17.0359 1248 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    17:04:17.0359 1248 Mouclass - ok
    17:04:17.0390 1248 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    17:04:17.0390 1248 mouhid - ok
    17:04:17.0406 1248 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    17:04:17.0406 1248 MountMgr - ok
    17:04:17.0437 1248 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    17:04:17.0437 1248 mraid35x - ok
    17:04:17.0453 1248 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    17:04:17.0453 1248 MRxDAV - ok
    17:04:17.0484 1248 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    17:04:17.0484 1248 MRxSmb - ok
    17:04:17.0515 1248 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    17:04:17.0515 1248 Msfs - ok
    17:04:17.0546 1248 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    17:04:17.0546 1248 MSKSSRV - ok
    17:04:17.0546 1248 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    17:04:17.0546 1248 MSPCLOCK - ok
    17:04:17.0562 1248 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    17:04:17.0562 1248 MSPQM - ok
    17:04:17.0593 1248 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    17:04:17.0593 1248 mssmbios - ok
    17:04:17.0625 1248 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    17:04:17.0625 1248 Mup - ok
    17:04:17.0640 1248 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    17:04:17.0656 1248 NDIS - ok
    17:04:17.0687 1248 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    17:04:17.0703 1248 NdisTapi - ok
    17:04:17.0703 1248 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    17:04:17.0703 1248 Ndisuio - ok
    17:04:17.0718 1248 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    17:04:17.0718 1248 NdisWan - ok
    17:04:17.0750 1248 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    17:04:17.0750 1248 NDProxy - ok
    17:04:17.0765 1248 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    17:04:17.0765 1248 NetBIOS - ok
    17:04:17.0796 1248 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    17:04:17.0796 1248 NetBT - ok
    17:04:17.0859 1248 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    17:04:17.0859 1248 Npfs - ok
    17:04:17.0875 1248 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    17:04:17.0890 1248 Ntfs - ok
    17:04:17.0906 1248 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    17:04:17.0906 1248 Null - ok
    17:04:17.0937 1248 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    17:04:17.0937 1248 NwlnkFlt - ok
    17:04:17.0968 1248 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    17:04:17.0968 1248 NwlnkFwd - ok
    17:04:18.0031 1248 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    17:04:18.0031 1248 Parport - ok
    17:04:18.0031 1248 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    17:04:18.0031 1248 PartMgr - ok
    17:04:18.0062 1248 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    17:04:18.0062 1248 ParVdm - ok
    17:04:18.0375 1248 PCDSRVC{E9D79540-57D5953E-06020101}_0 (92fddbed716bf5c3cb766101563cfce5) c:\program files\dell support center\pcdsrvc.pkms
    17:04:18.0406 1248 PCDSRVC{E9D79540-57D5953E-06020101}_0 - ok
    17:04:18.0406 1248 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    17:04:18.0406 1248 PCI - ok
    17:04:18.0421 1248 PCIDump - ok
    17:04:18.0453 1248 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    17:04:18.0453 1248 PCIIde - ok
    17:04:18.0484 1248 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    17:04:18.0484 1248 Pcmcia - ok
    17:04:18.0484 1248 PDCOMP - ok
    17:04:18.0500 1248 PDFRAME - ok
    17:04:18.0515 1248 PDRELI - ok
    17:04:18.0531 1248 PDRFRAME - ok
    17:04:18.0546 1248 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    17:04:18.0562 1248 perc2 - ok
    17:04:18.0578 1248 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    17:04:18.0578 1248 perc2hib - ok
    17:04:18.0640 1248 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    17:04:18.0640 1248 PptpMiniport - ok
    17:04:18.0656 1248 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    17:04:18.0671 1248 PSched - ok
    17:04:18.0687 1248 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    17:04:18.0687 1248 Ptilink - ok
    17:04:18.0703 1248 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    17:04:18.0703 1248 PxHelp20 - ok
    17:04:18.0718 1248 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    17:04:18.0718 1248 ql1080 - ok
    17:04:18.0734 1248 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    17:04:18.0734 1248 Ql10wnt - ok
    17:04:18.0750 1248 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    17:04:18.0750 1248 ql12160 - ok
    17:04:18.0765 1248 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    17:04:18.0781 1248 ql1240 - ok
    17:04:18.0781 1248 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    17:04:18.0796 1248 ql1280 - ok
    17:04:18.0828 1248 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    17:04:18.0828 1248 RasAcd - ok
    17:04:18.0843 1248 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    17:04:18.0843 1248 Rasl2tp - ok
    17:04:18.0859 1248 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    17:04:18.0859 1248 RasPppoe - ok
    17:04:18.0875 1248 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    17:04:18.0875 1248 Raspti - ok
    17:04:18.0906 1248 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    17:04:18.0906 1248 Rdbss - ok
    17:04:18.0921 1248 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    17:04:18.0921 1248 RDPCDD - ok
    17:04:18.0937 1248 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    17:04:18.0937 1248 rdpdr - ok
    17:04:19.0000 1248 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    17:04:19.0000 1248 RDPWD - ok
    17:04:19.0046 1248 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    17:04:19.0046 1248 redbook - ok
    17:04:19.0078 1248 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\WINDOWS\system32\Drivers\RimUsb.sys
    17:04:19.0093 1248 RimUsb - ok
    17:04:19.0093 1248 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
    17:04:19.0109 1248 RimVSerPort - ok
    17:04:19.0125 1248 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    17:04:19.0125 1248 ROOTMODEM - ok
    17:04:19.0187 1248 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    17:04:19.0187 1248 Secdrv - ok
    17:04:19.0234 1248 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    17:04:19.0234 1248 Serial - ok
    17:04:19.0265 1248 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    17:04:19.0265 1248 Sfloppy - ok
    17:04:19.0296 1248 Simbad - ok
    17:04:19.0328 1248 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    17:04:19.0328 1248 sisagp - ok
    17:04:19.0343 1248 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    17:04:19.0343 1248 Sparrow - ok
    17:04:19.0390 1248 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    17:04:19.0390 1248 splitter - ok
    17:04:19.0421 1248 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    17:04:19.0421 1248 sr - ok
    17:04:19.0453 1248 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    17:04:19.0468 1248 Srv - ok
    17:04:19.0468 1248 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
    17:04:19.0468 1248 sscdbus - ok
    17:04:19.0515 1248 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
    17:04:19.0515 1248 sscdmdfl - ok
    17:04:19.0531 1248 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
    17:04:19.0531 1248 sscdmdm - ok
    17:04:19.0546 1248 sscdserd (d04bd59f28c78e2e66632092cafc0a2b) C:\WINDOWS\system32\DRIVERS\sscdserd.sys
    17:04:19.0546 1248 sscdserd - ok
    17:04:19.0593 1248 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    17:04:19.0593 1248 swenum - ok
    17:04:19.0640 1248 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    17:04:19.0640 1248 swmidi - ok
    17:04:19.0671 1248 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    17:04:19.0671 1248 symc810 - ok
    17:04:19.0687 1248 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    17:04:19.0687 1248 symc8xx - ok
    17:04:19.0703 1248 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    17:04:19.0703 1248 sym_hi - ok
    17:04:19.0718 1248 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    17:04:19.0718 1248 sym_u3 - ok
    17:04:19.0750 1248 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    17:04:19.0750 1248 sysaudio - ok
    17:04:19.0812 1248 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    17:04:19.0828 1248 Tcpip - ok
    17:04:19.0843 1248 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    17:04:19.0843 1248 TDPIPE - ok
    17:04:19.0875 1248 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    17:04:19.0875 1248 TDTCP - ok
    17:04:19.0906 1248 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    17:04:19.0906 1248 TermDD - ok
    17:04:19.0953 1248 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    17:04:19.0953 1248 TosIde - ok
    17:04:19.0984 1248 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    17:04:19.0984 1248 Udfs - ok
    17:04:19.0984 1248 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    17:04:19.0984 1248 ultra - ok
    17:04:20.0015 1248 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    17:04:20.0015 1248 Update - ok
    17:04:20.0078 1248 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    17:04:20.0078 1248 usbccgp - ok
    17:04:20.0109 1248 usbehci (4bac8df07f1d8434fc640e677a62204e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    17:04:20.0109 1248 usbehci - ok
    17:04:20.0156 1248 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    17:04:20.0156 1248 usbhub - ok
    17:04:20.0187 1248 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    17:04:20.0187 1248 usbprint - ok
    17:04:20.0234 1248 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    17:04:20.0234 1248 usbscan - ok
    17:04:20.0250 1248 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    17:04:20.0250 1248 USBSTOR - ok
    17:04:20.0265 1248 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    17:04:20.0265 1248 usbuhci - ok
    17:04:20.0281 1248 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    17:04:20.0281 1248 VgaSave - ok
    17:04:20.0312 1248 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    17:04:20.0312 1248 viaagp - ok
    17:04:20.0312 1248 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    17:04:20.0312 1248 ViaIde - ok
    17:04:20.0343 1248 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    17:04:20.0343 1248 VolSnap - ok
    17:04:20.0375 1248 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    17:04:20.0375 1248 Wanarp - ok
    17:04:20.0406 1248 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    17:04:20.0421 1248 Wdf01000 - ok
    17:04:20.0421 1248 WDICA - ok
    17:04:20.0468 1248 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    17:04:20.0468 1248 wdmaud - ok
    17:04:20.0500 1248 winachsf (92ce6497076eac3083185c44157b3a46) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    17:04:20.0500 1248 winachsf - ok
    17:04:20.0578 1248 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    17:04:20.0578 1248 WmiAcpi - ok
    17:04:20.0656 1248 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
    17:04:20.0656 1248 WpdUsb - ok
    17:04:20.0671 1248 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    17:04:20.0671 1248 WS2IFSL - ok
    17:04:20.0718 1248 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    17:04:20.0718 1248 WudfPf - ok
    17:04:20.0734 1248 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    17:04:20.0734 1248 WudfRd - ok
    17:04:20.0781 1248 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0
    17:04:20.0812 1248 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    17:04:20.0812 1248 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    17:04:20.0843 1248 Boot (0x1200) (7a1d682dad0954d9a5cb001a1654805a) \Device\Harddisk0\DR0\Partition0
    17:04:20.0843 1248 \Device\Harddisk0\DR0\Partition0 - ok
    17:04:20.0843 1248 ============================================================
    17:04:20.0843 1248 Scan finished
    17:04:20.0843 1248 ============================================================
    17:04:20.0875 1100 Detected object count: 1
    17:04:20.0875 1100 Actual detected object count: 1
    17:04:49.0734 1100 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    17:04:49.0734 1100 \Device\Harddisk0\DR0 - ok
    17:04:49.0734 1100 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
    17:05:34.0296 2496 Deinitialize success
  13. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    See if you can change background manually.

    Then....

    Let's see, if we can recover your missing features.
    Download and run UnHide
    Let me know, if it worked.

    =============================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ============================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  14. MONALOVE80

    MONALOVE80 TS Member Topic Starter Posts: 38

    I was able to manually change my background. However, I tried unhide twice and it didn't work. The first time it asked me to disable antivirus protection which can interfere with the process. I disabled it and ran it again, nothing. I did the next two steps.

    aswMBR log:

    aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-19 18:05:19
    -----------------------------
    18:05:19.494 OS Version: Windows 5.1.2600 Service Pack 3
    18:05:19.494 Number of processors: 2 586 0x1706
    18:05:19.494 ComputerName: MONIQUE UserName: Mona
    18:05:21.588 Initialize success
    18:07:13.719 AVAST engine defs: 12011902
    18:07:25.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    18:07:25.000 Disk 0 Vendor: WDC_WD5000AAKS-75V0A0 05.01D05 Size: 476940MB BusType: 3
    18:07:25.000 Device \Driver\atapi -> DriverStartIo 8a70a2c6
    18:07:25.000 Disk 0 MBR read successfully
    18:07:25.000 Disk 0 MBR scan
    18:07:25.047 Disk 0 MBR:pihar-C [Rtk]
    18:07:25.047 Disk 0 TDL4@MBR code has been found
    18:07:25.047 Disk 0 MBR hidden
    18:07:25.047 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
    18:07:25.063 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 476890 MB offset 96390
    18:07:25.079 Disk 0 MBR [TDL4] **ROOTKIT**
    18:07:25.079 Disk 0 trace - called modules:
    18:07:25.079 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a70a49f]<<
    18:07:25.094 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af7aab8]
    18:07:25.094 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000071[0x8afb5258]
    18:07:25.094 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> [0x8af65940]
    18:07:25.110 \Driver\atapi[0x89915938] -> IRP_MJ_CREATE -> 0x8a70a49f
    18:07:26.047 AVAST engine scan C:\WINDOWS
    18:07:36.282 AVAST engine scan C:\WINDOWS\system32
    18:08:36.223 AVAST engine scan C:\WINDOWS\system32\drivers
    18:08:43.567 AVAST engine scan C:\Documents and Settings\Mona
    18:14:07.568 AVAST engine scan C:\Documents and Settings\All Users
    18:14:44.851 Scan finished successfully
    18:15:23.884 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
    18:15:23.884 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR-log.txt"


    bootkit_remover log:

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
  15. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  16. MONALOVE80

    MONALOVE80 TS Member Topic Starter Posts: 38

    18:54:19.0128 5920 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
    18:54:19.0456 5920 ============================================================
    18:54:19.0456 5920 Current date / time: 2012/01/19 18:54:19.0456
    18:54:19.0456 5920 SystemInfo:
    18:54:19.0456 5920
    18:54:19.0456 5920 OS Version: 5.1.2600 ServicePack: 3.0
    18:54:19.0456 5920 Product type: Workstation
    18:54:19.0456 5920 ComputerName: MONIQUE
    18:54:19.0456 5920 UserName: Mona
    18:54:19.0456 5920 Windows directory: C:\WINDOWS
    18:54:19.0456 5920 System windows directory: C:\WINDOWS
    18:54:19.0456 5920 Processor architecture: Intel x86
    18:54:19.0456 5920 Number of processors: 2
    18:54:19.0456 5920 Page size: 0x1000
    18:54:19.0456 5920 Boot type: Normal boot
    18:54:19.0456 5920 ============================================================
    18:54:21.0675 5920 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    18:54:21.0847 5920 Initialize success
    18:54:52.0785 8076 ============================================================
    18:54:52.0785 8076 Scan started
    18:54:52.0785 8076 Mode: Manual;
    18:54:52.0785 8076 ============================================================
    18:54:53.0597 8076 Scan interrupted by user!
    18:54:53.0597 8076 Scan interrupted by user!
    18:54:53.0597 8076 Scan interrupted by user!
    18:54:53.0597 8076 ============================================================
    18:54:53.0597 8076 Scan finished
    18:54:53.0597 8076 ============================================================
    18:54:53.0613 8068 Detected object count: 0
    18:54:53.0613 8068 Actual detected object count: 0
    18:55:23.0926 8160 ============================================================
    18:55:23.0926 8160 Scan started
    18:55:23.0926 8160 Mode: Manual;
    18:55:23.0926 8160 ============================================================
    18:55:24.0426 8160 23084 (34804da52276661c31422b5b98edbeb7) C:\WINDOWS\system32\DRIVERS\23084
    18:55:24.0426 8160 23084 - ok
    18:55:24.0458 8160 23236 (34804da52276661c31422b5b98edbeb7) C:\WINDOWS\system32\DRIVERS\23236
    18:55:24.0458 8160 23236 - ok
    18:55:24.0473 8160 28046 (34804da52276661c31422b5b98edbeb7) C:\WINDOWS\system32\DRIVERS\28046
    18:55:24.0473 8160 28046 - ok
    18:55:24.0489 8160 4135 (34804da52276661c31422b5b98edbeb7) C:\WINDOWS\system32\DRIVERS\4135
    18:55:24.0489 8160 4135 - ok
    18:55:24.0504 8160 Abiosdsk - ok
    18:55:24.0551 8160 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    18:55:24.0551 8160 abp480n5 - ok
    18:55:24.0567 8160 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    18:55:24.0583 8160 ACPI - ok
    18:55:24.0583 8160 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    18:55:24.0583 8160 ACPIEC - ok
    18:55:24.0598 8160 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    18:55:24.0598 8160 adpu160m - ok
    18:55:24.0645 8160 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    18:55:24.0645 8160 aec - ok
    18:55:24.0692 8160 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    18:55:24.0692 8160 AFD - ok
    18:55:24.0692 8160 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    18:55:24.0708 8160 agp440 - ok
    18:55:24.0708 8160 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    18:55:24.0708 8160 agpCPQ - ok
    18:55:24.0723 8160 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    18:55:24.0723 8160 Aha154x - ok
    18:55:24.0739 8160 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    18:55:24.0739 8160 aic78u2 - ok
    18:55:24.0739 8160 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    18:55:24.0739 8160 aic78xx - ok
    18:55:24.0770 8160 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    18:55:24.0770 8160 AliIde - ok
    18:55:24.0786 8160 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    18:55:24.0786 8160 alim1541 - ok
    18:55:24.0786 8160 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    18:55:24.0786 8160 amdagp - ok
    18:55:24.0801 8160 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    18:55:24.0801 8160 amsint - ok
    18:55:24.0801 8160 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    18:55:24.0817 8160 asc - ok
    18:55:24.0817 8160 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    18:55:24.0817 8160 asc3350p - ok
    18:55:24.0833 8160 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    18:55:24.0833 8160 asc3550 - ok
    18:55:24.0864 8160 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    18:55:24.0864 8160 AsyncMac - ok
    18:55:24.0879 8160 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    18:55:24.0879 8160 atapi - ok
    18:55:24.0879 8160 Atdisk - ok
    18:55:24.0958 8160 ati2mtag (b63516824da0d8b9ad136e6e044a795f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    18:55:25.0004 8160 ati2mtag - ok
    18:55:25.0067 8160 AtiHdmiService (eaece4a0d90d6e1fbe068cce9efd73a0) C:\WINDOWS\system32\drivers\AtiHdmi.sys
    18:55:25.0083 8160 AtiHdmiService - ok
    18:55:25.0083 8160 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    18:55:25.0098 8160 Atmarpc - ok
    18:55:25.0098 8160 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    18:55:25.0114 8160 audstub - ok
    18:55:25.0129 8160 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    18:55:25.0129 8160 Beep - ok
    18:55:25.0161 8160 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    18:55:25.0161 8160 cbidf - ok
    18:55:25.0176 8160 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    18:55:25.0176 8160 cbidf2k - ok
    18:55:25.0192 8160 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    18:55:25.0192 8160 cd20xrnt - ok
    18:55:25.0208 8160 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    18:55:25.0208 8160 Cdaudio - ok
    18:55:25.0223 8160 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    18:55:25.0223 8160 Cdfs - ok
    18:55:25.0239 8160 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    18:55:25.0239 8160 Cdrom - ok
    18:55:25.0254 8160 Changer - ok
    18:55:25.0286 8160 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    18:55:25.0286 8160 CmdIde - ok
    18:55:25.0301 8160 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    18:55:25.0317 8160 Cpqarray - ok
    18:55:25.0348 8160 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    18:55:25.0348 8160 dac2w2k - ok
    18:55:25.0364 8160 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    18:55:25.0364 8160 dac960nt - ok
    18:55:25.0379 8160 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    18:55:25.0379 8160 Disk - ok
    18:55:25.0395 8160 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    18:55:25.0411 8160 dmboot - ok
    18:55:25.0426 8160 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    18:55:25.0442 8160 dmio - ok
    18:55:25.0442 8160 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    18:55:25.0442 8160 dmload - ok
    18:55:25.0473 8160 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    18:55:25.0473 8160 DMusic - ok
    18:55:25.0489 8160 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    18:55:25.0489 8160 dpti2o - ok
    18:55:25.0504 8160 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    18:55:25.0504 8160 drmkaud - ok
    18:55:25.0520 8160 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
    18:55:25.0520 8160 e1express - ok
    18:55:25.0551 8160 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    18:55:25.0567 8160 Fastfat - ok
    18:55:25.0583 8160 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    18:55:25.0583 8160 Fdc - ok
    18:55:25.0645 8160 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    18:55:25.0645 8160 Fips - ok
    18:55:25.0661 8160 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    18:55:25.0661 8160 Flpydisk - ok
    18:55:25.0676 8160 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    18:55:25.0676 8160 FltMgr - ok
    18:55:25.0692 8160 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    18:55:25.0708 8160 Fs_Rec - ok
    18:55:25.0708 8160 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    18:55:25.0723 8160 Ftdisk - ok
    18:55:25.0723 8160 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    18:55:25.0739 8160 Gpc - ok
    18:55:25.0754 8160 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    18:55:25.0754 8160 HDAudBus - ok
    18:55:25.0786 8160 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    18:55:25.0801 8160 hidusb - ok
    18:55:25.0817 8160 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    18:55:25.0833 8160 hpn - ok
    18:55:25.0848 8160 HSFHWBS2 (ac04fc91b57b27086ccf02086fd3f4cb) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
    18:55:25.0848 8160 HSFHWBS2 - ok
    18:55:25.0864 8160 HSF_DPV (f362c0b442337da8ab0608dfaa4ca076) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
    18:55:25.0895 8160 HSF_DPV - ok
    18:55:25.0942 8160 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    18:55:25.0958 8160 HTTP - ok
    18:55:25.0958 8160 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    18:55:25.0973 8160 i2omgmt - ok
    18:55:25.0989 8160 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    18:55:26.0004 8160 i2omp - ok
    18:55:26.0020 8160 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys
    18:55:26.0020 8160 iaStor - ok
    18:55:26.0051 8160 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    18:55:26.0067 8160 Imapi - ok
    18:55:26.0098 8160 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    18:55:26.0098 8160 ini910u - ok
    18:55:26.0192 8160 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    18:55:26.0286 8160 IntcAzAudAddService - ok
    18:55:26.0301 8160 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    18:55:26.0317 8160 IntelIde - ok
    18:55:26.0333 8160 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    18:55:26.0348 8160 intelppm - ok
    18:55:26.0364 8160 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    18:55:26.0380 8160 Ip6Fw - ok
    18:55:26.0380 8160 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    18:55:26.0395 8160 IpFilterDriver - ok
    18:55:26.0442 8160 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    18:55:26.0442 8160 IpInIp - ok
    18:55:26.0473 8160 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    18:55:26.0473 8160 IpNat - ok
    18:55:26.0505 8160 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    18:55:26.0505 8160 IPSec - ok
    18:55:26.0536 8160 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    18:55:26.0536 8160 IRENUM - ok
    18:55:26.0551 8160 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    18:55:26.0567 8160 isapnp - ok
    18:55:26.0614 8160 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    18:55:26.0630 8160 Kbdclass - ok
    18:55:26.0661 8160 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    18:55:26.0661 8160 kbdhid - ok
    18:55:26.0708 8160 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    18:55:26.0708 8160 kmixer - ok
    18:55:26.0739 8160 KmxAgent (3fdcb245744b046e7f5bd4b15c71025d) C:\WINDOWS\system32\DRIVERS\kmxagent.sys
    18:55:26.0739 8160 KmxAgent - ok
    18:55:26.0755 8160 KmxAMRT (eadf1e9d9b766a8d18ddf5896fbc7541) C:\WINDOWS\system32\DRIVERS\KmxAMRT.sys
    18:55:26.0755 8160 KmxAMRT - ok
    18:55:26.0786 8160 KmxCF (eca0d72d15841a7ac721189fb2bbb6c8) C:\WINDOWS\system32\DRIVERS\KmxCF.sys
    18:55:26.0801 8160 KmxCF - ok
    18:55:26.0817 8160 KmxCfg (06ae46da804a9986c7bcb4c172d6f5fb) C:\WINDOWS\system32\DRIVERS\kmxcfg.sys
    18:55:26.0817 8160 KmxCfg - ok
    18:55:26.0833 8160 KmxFile (0df04c9968510eeef3b3cf0df31c3b64) C:\WINDOWS\system32\DRIVERS\KmxFile.sys
    18:55:26.0833 8160 KmxFile - ok
    18:55:26.0848 8160 KmxFw (251a2f47e13a48aa95d8514a71b46306) C:\WINDOWS\system32\DRIVERS\kmxfw.sys
    18:55:26.0848 8160 KmxFw - ok
    18:55:26.0864 8160 KmxSbx (4717df0f6bcab33009d4034be2245642) C:\WINDOWS\system32\DRIVERS\KmxSbx.sys
    18:55:26.0880 8160 KmxSbx - ok
    18:55:26.0880 8160 KmxStart (3b4cf5b51d3f3e594aa96d6931e0b372) C:\WINDOWS\system32\DRIVERS\kmxstart.sys
    18:55:26.0895 8160 KmxStart - ok
    18:55:26.0911 8160 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    18:55:26.0926 8160 KSecDD - ok
    18:55:26.0942 8160 LBeepKE (6a61ba203ba8de6d5f9ca4fe5aecf0a1) C:\WINDOWS\system32\Drivers\LBeepKE.sys
    18:55:26.0942 8160 LBeepKE - ok
    18:55:26.0958 8160 lbrtfdc - ok
    18:55:26.0989 8160 LHidFilt (3fa98339e8d9e007726be62f231e2015) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
    18:55:27.0005 8160 LHidFilt - ok
    18:55:27.0020 8160 LMouFilt (f259f758e04d8fb8d48c6cdbe45223e8) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
    18:55:27.0036 8160 LMouFilt - ok
    18:55:27.0051 8160 MCSTRM - ok
    18:55:27.0067 8160 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    18:55:27.0083 8160 mdmxsdk - ok
    18:55:27.0083 8160 mnegmu - ok
    18:55:27.0098 8160 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    18:55:27.0098 8160 mnmdd - ok
    18:55:27.0114 8160 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    18:55:27.0130 8160 Modem - ok
    18:55:27.0145 8160 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    18:55:27.0145 8160 Mouclass - ok
    18:55:27.0161 8160 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    18:55:27.0176 8160 mouhid - ok
    18:55:27.0176 8160 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    18:55:27.0192 8160 MountMgr - ok
    18:55:27.0223 8160 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    18:55:27.0223 8160 mraid35x - ok
    18:55:27.0223 8160 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    18:55:27.0239 8160 MRxDAV - ok
    18:55:27.0255 8160 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    18:55:27.0270 8160 MRxSmb - ok
    18:55:27.0301 8160 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    18:55:27.0317 8160 Msfs - ok
    18:55:27.0333 8160 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    18:55:27.0348 8160 MSKSSRV - ok
    18:55:27.0348 8160 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    18:55:27.0364 8160 MSPCLOCK - ok
    18:55:27.0364 8160 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    18:55:27.0380 8160 MSPQM - ok
    18:55:27.0395 8160 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    18:55:27.0411 8160 mssmbios - ok
    18:55:27.0426 8160 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    18:55:27.0442 8160 Mup - ok
    18:55:27.0442 8160 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    18:55:27.0458 8160 NDIS - ok
    18:55:27.0473 8160 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    18:55:27.0473 8160 NdisTapi - ok
    18:55:27.0505 8160 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    18:55:27.0505 8160 Ndisuio - ok
    18:55:27.0520 8160 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    18:55:27.0520 8160 NdisWan - ok
    18:55:27.0551 8160 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    18:55:27.0551 8160 NDProxy - ok
    18:55:27.0567 8160 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    18:55:27.0567 8160 NetBIOS - ok
    18:55:27.0583 8160 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    18:55:27.0598 8160 NetBT - ok
    18:55:27.0645 8160 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    18:55:27.0661 8160 Npfs - ok
    18:55:27.0676 8160 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    18:55:27.0692 8160 Ntfs - ok
    18:55:27.0723 8160 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    18:55:27.0739 8160 Null - ok
    18:55:27.0755 8160 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    18:55:27.0770 8160 NwlnkFlt - ok
    18:55:27.0786 8160 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    18:55:27.0801 8160 NwlnkFwd - ok
    18:55:27.0833 8160 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    18:55:27.0833 8160 Parport - ok
    18:55:27.0848 8160 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    18:55:27.0848 8160 PartMgr - ok
    18:55:27.0864 8160 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    18:55:27.0880 8160 ParVdm - ok
    18:55:28.0176 8160 PCDSRVC{E9D79540-57D5953E-06020101}_0 (92fddbed716bf5c3cb766101563cfce5) c:\program files\dell support center\pcdsrvc.pkms
    18:55:28.0192 8160 PCDSRVC{E9D79540-57D5953E-06020101}_0 - ok
    18:55:28.0208 8160 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    18:55:28.0223 8160 PCI - ok
    18:55:28.0223 8160 PCIDump - ok
    18:55:28.0255 8160 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    18:55:28.0270 8160 PCIIde - ok
    18:55:28.0286 8160 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    18:55:28.0286 8160 Pcmcia - ok
    18:55:28.0301 8160 PDCOMP - ok
    18:55:28.0301 8160 PDFRAME - ok
    18:55:28.0317 8160 PDRELI - ok
    18:55:28.0333 8160 PDRFRAME - ok
    18:55:28.0348 8160 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    18:55:28.0364 8160 perc2 - ok
    18:55:28.0364 8160 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    18:55:28.0380 8160 perc2hib - ok
    18:55:28.0426 8160 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    18:55:28.0442 8160 PptpMiniport - ok
    18:55:28.0442 8160 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    18:55:28.0458 8160 PSched - ok
    18:55:28.0473 8160 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    18:55:28.0489 8160 Ptilink - ok
    18:55:28.0505 8160 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    18:55:28.0520 8160 PxHelp20 - ok
    18:55:28.0536 8160 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    18:55:28.0551 8160 ql1080 - ok
    18:55:28.0583 8160 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    18:55:28.0583 8160 Ql10wnt - ok
    18:55:28.0598 8160 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    18:55:28.0614 8160 ql12160 - ok
    18:55:28.0614 8160 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    18:55:28.0630 8160 ql1240 - ok
    18:55:28.0661 8160 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    18:55:28.0676 8160 ql1280 - ok
    18:55:28.0708 8160 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    18:55:28.0723 8160 RasAcd - ok
    18:55:28.0739 8160 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    18:55:28.0755 8160 Rasl2tp - ok
    18:55:28.0770 8160 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    18:55:28.0786 8160 RasPppoe - ok
    18:55:28.0786 8160 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    18:55:28.0801 8160 Raspti - ok
    18:55:28.0817 8160 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    18:55:28.0833 8160 Rdbss - ok
    18:55:28.0864 8160 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    18:55:28.0864 8160 RDPCDD - ok
    18:55:28.0880 8160 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    18:55:28.0895 8160 rdpdr - ok
    18:55:28.0942 8160 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    18:55:28.0942 8160 RDPWD - ok
    18:55:28.0973 8160 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    18:55:28.0989 8160 redbook - ok
    18:55:29.0005 8160 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\WINDOWS\system32\Drivers\RimUsb.sys
    18:55:29.0020 8160 RimUsb - ok
    18:55:29.0020 8160 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
    18:55:29.0036 8160 RimVSerPort - ok
    18:55:29.0036 8160 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    18:55:29.0051 8160 ROOTMODEM - ok
    18:55:29.0114 8160 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    18:55:29.0114 8160 Secdrv - ok
    18:55:29.0145 8160 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    18:55:29.0145 8160 Serial - ok
    18:55:29.0176 8160 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    18:55:29.0176 8160 Sfloppy - ok
    18:55:29.0192 8160 Simbad - ok
    18:55:29.0223 8160 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    18:55:29.0223 8160 sisagp - ok
    18:55:29.0255 8160 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    18:55:29.0255 8160 Sparrow - ok
    18:55:29.0301 8160 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    18:55:29.0317 8160 splitter - ok
    18:55:29.0333 8160 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    18:55:29.0333 8160 sr - ok
    18:55:29.0364 8160 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    18:55:29.0380 8160 Srv - ok
    18:55:29.0395 8160 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
    18:55:29.0411 8160 sscdbus - ok
    18:55:29.0426 8160 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
    18:55:29.0442 8160 sscdmdfl - ok
    18:55:29.0458 8160 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
    18:55:29.0473 8160 sscdmdm - ok
    18:55:29.0489 8160 sscdserd (d04bd59f28c78e2e66632092cafc0a2b) C:\WINDOWS\system32\DRIVERS\sscdserd.sys
    18:55:29.0489 8160 sscdserd - ok
    18:55:29.0520 8160 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    18:55:29.0520 8160 swenum - ok
    18:55:29.0551 8160 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    18:55:29.0567 8160 swmidi - ok
    18:55:29.0583 8160 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    18:55:29.0598 8160 symc810 - ok
    18:55:29.0598 8160 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    18:55:29.0614 8160 symc8xx - ok
    18:55:29.0614 8160 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    18:55:29.0630 8160 sym_hi - ok
    18:55:29.0630 8160 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    18:55:29.0645 8160 sym_u3 - ok
    18:55:29.0676 8160 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    18:55:29.0692 8160 sysaudio - ok
    18:55:29.0755 8160 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    18:55:29.0770 8160 Tcpip - ok
    18:55:29.0786 8160 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    18:55:29.0801 8160 TDPIPE - ok
    18:55:29.0833 8160 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    18:55:29.0848 8160 TDTCP - ok
    18:55:29.0848 8160 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    18:55:29.0864 8160 TermDD - ok
    18:55:29.0895 8160 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    18:55:29.0895 8160 TosIde - ok
    18:55:29.0926 8160 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    18:55:29.0942 8160 Udfs - ok
    18:55:29.0958 8160 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    18:55:29.0958 8160 ultra - ok
    18:55:29.0973 8160 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    18:55:29.0989 8160 Update - ok
    18:55:30.0020 8160 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    18:55:30.0036 8160 usbccgp - ok
    18:55:30.0083 8160 usbehci (4bac8df07f1d8434fc640e677a62204e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    18:55:30.0083 8160 usbehci - ok
    18:55:30.0114 8160 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    18:55:30.0130 8160 usbhub - ok
    18:55:30.0161 8160 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    18:55:30.0161 8160 usbprint - ok
    18:55:30.0208 8160 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    18:55:30.0223 8160 usbscan - ok
    18:55:30.0255 8160 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    18:55:30.0270 8160 USBSTOR - ok
    18:55:30.0317 8160 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    18:55:30.0333 8160 usbuhci - ok
    18:55:30.0364 8160 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    18:55:30.0364 8160 VgaSave - ok
    18:55:30.0395 8160 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    18:55:30.0411 8160 viaagp - ok
    18:55:30.0411 8160 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    18:55:30.0426 8160 ViaIde - ok
    18:55:30.0442 8160 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    18:55:30.0458 8160 VolSnap - ok
    18:55:30.0473 8160 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    18:55:30.0489 8160 Wanarp - ok
    18:55:30.0520 8160 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    18:55:30.0536 8160 Wdf01000 - ok
    18:55:30.0551 8160 WDICA - ok
    18:55:30.0583 8160 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    18:55:30.0598 8160 wdmaud - ok
    18:55:30.0614 8160 winachsf (92ce6497076eac3083185c44157b3a46) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    18:55:30.0630 8160 winachsf - ok
    18:55:30.0692 8160 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    18:55:30.0708 8160 WmiAcpi - ok
    18:55:30.0739 8160 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
    18:55:30.0755 8160 WpdUsb - ok
    18:55:30.0770 8160 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    18:55:30.0770 8160 WS2IFSL - ok
    18:55:30.0801 8160 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    18:55:30.0817 8160 WudfPf - ok
    18:55:30.0817 8160 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    18:55:30.0833 8160 WudfRd - ok
    18:55:30.0848 8160 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0
    18:55:30.0880 8160 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    18:55:30.0880 8160 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    18:55:30.0911 8160 Boot (0x1200) (7a1d682dad0954d9a5cb001a1654805a) \Device\Harddisk0\DR0\Partition0
    18:55:30.0911 8160 \Device\Harddisk0\DR0\Partition0 - ok
    18:55:30.0911 8160 ============================================================
    18:55:30.0911 8160 Scan finished
    18:55:30.0911 8160 ============================================================
    18:55:30.0926 8152 Detected object count: 1
    18:55:30.0926 8152 Actual detected object count: 1
    18:55:42.0146 8152 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    18:55:42.0146 8152 \Device\Harddisk0\DR0 - ok
    18:55:42.0146 8152 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
    18:55:49.0271 7536 Deinitialize success
  17. MONALOVE80

    MONALOVE80 TS Member Topic Starter Posts: 38

    Should I do aswMBR and bootkit remover over as well?
  18. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Post fresh aswMBR and Bootkit Remover logs.
  19. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    We posted at the same time.
  20. MONALOVE80

    MONALOVE80 TS Member Topic Starter Posts: 38

    Lol

    aswMBR:

    aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-19 19:28:57
    -----------------------------
    19:28:57.156 OS Version: Windows 5.1.2600 Service Pack 3
    19:28:57.156 Number of processors: 2 586 0x1706
    19:28:57.156 ComputerName: MONIQUE UserName: Mona
    19:28:58.906 Initialize success
    19:29:05.468 AVAST engine defs: 12011902
    19:29:42.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    19:29:42.953 Disk 0 Vendor: WDC_WD5000AAKS-75V0A0 05.01D05 Size: 476940MB BusType: 3
    19:29:42.968 Disk 0 MBR read successfully
    19:29:42.968 Disk 0 MBR scan
    19:29:43.015 Disk 0 Windows VISTA default MBR code
    19:29:43.015 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
    19:29:43.046 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 476890 MB offset 96390
    19:29:43.046 Disk 0 scanning sectors +976768065
    19:29:43.125 Disk 0 scanning C:\WINDOWS\system32\drivers
    19:29:49.578 Service scanning
    19:29:50.968 Modules scanning
    19:30:23.421 Disk 0 trace - called modules:
    19:30:23.421 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
    19:30:23.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af79ab8]
    19:30:23.453 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006f[0x8af951e0]
    19:30:23.468 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8af4ed98]
    19:30:24.093 AVAST engine scan C:\WINDOWS
    19:30:34.859 AVAST engine scan C:\WINDOWS\system32
    19:31:51.703 AVAST engine scan C:\WINDOWS\system32\drivers
    19:32:08.218 AVAST engine scan C:\Documents and Settings\Mona
    19:40:28.671 AVAST engine scan C:\Documents and Settings\All Users
    19:41:43.062 Scan finished successfully
    19:43:17.140 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
    19:43:17.156 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR-log2.txt"


    bootkit remover:

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00
    Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
  21. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Very good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  22. MONALOVE80

    MONALOVE80 TS Member Topic Starter Posts: 38

    It states to close/disable anti virus and anti malware before running. I disabled my anti virus but I'm not sure how to disable malwarebytes or if it's ok to leave alone.
  23. MONALOVE80

    MONALOVE80 TS Member Topic Starter Posts: 38

    nevermind i saw the link
  24. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    If you have free version don't worry about it.
    It doesn't run in real time.

    If you have free trial or paid version see HERE
  25. MONALOVE80

    MONALOVE80 TS Member Topic Starter Posts: 38

    Before I start combo fix it says I need to remove CA internet security. My anti virus protection says CA security center. Is this the same?


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.