TechSpot

No MBAM or DDS allowed to run? Infected

By vaguy1
Nov 13, 2011
  1. I suspect my machine is infected. Tried to follow malwarebytes suggestions but...
    MBAM will install, won't run. DDS installs, wont run. Don't know if this is a rkit, virus,
    or what? HJack this will run. AVAST is installed and running, but after the fact of the infection. Help!?
     
  2. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. vaguy1

    vaguy1 TS Rookie Topic Starter Posts: 25

    Thanks, Broni... running now. aswMBR taking awhile, though...
     
  4. vaguy1

    vaguy1 TS Rookie Topic Starter Posts: 25

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-14 19:12:08
    -----------------------------
    19:12:08.843 OS Version: Windows 5.1.2600 Service Pack 3
    19:12:08.843 Number of processors: 1 586 0x209
    19:12:08.843 ComputerName: WOWE-4EE6DA760C UserName: lois
    19:12:09.281 Initialize success
    19:12:09.406 AVAST engine defs: 11111401
    19:12:13.078 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    19:12:13.078 Disk 0 Vendor: IC35L090AVV207-0 V23OA66A Size: 76293MB BusType: 3
    19:12:13.093 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
    19:12:13.109 Disk 1 Vendor: IOMEGA_ZIP_250 42.S Size: 76293MB BusType: 2
    19:12:13.125 Disk 1 MBR read successfully
    19:12:13.125 Disk 1 MBR scan
    19:12:13.140 Disk 1 unknown MBR code
    19:12:13.140 Disk 1 MBR hidden
    19:12:13.187 Disk 1 scanning F:\WINDOWS\system32\drivers
    19:12:32.750 Service scanning
    19:12:33.734 Modules scanning
    19:13:03.828 Disk 1 trace - called modules:
    19:13:03.843 ntoskrnl.exe CLASSPNP.SYS disk.sys hal.dll
    19:13:04.421 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x863a5ab8]
    19:13:05.000 AVAST engine scan F:\WINDOWS
    19:13:38.171 AVAST engine scan F:\WINDOWS\system32
    19:16:56.796 AVAST engine scan F:\WINDOWS\system32\drivers
    19:17:36.968 AVAST engine scan F:\Documents and Settings\lois
    19:47:46.203 AVAST engine scan F:\Documents and Settings\All Users
    19:49:20.312 Scan finished successfully
    21:25:19.921 Disk 1 MBR has been saved successfully to "F:\Documents and Settings\lois\My Documents\MBR.dat"
    21:25:19.921 The log file has been saved successfully to "F:\Documents and Settings\lois\My Documents\aswMBR.txt"
     
  5. vaguy1

    vaguy1 TS Rookie Topic Starter Posts: 25

    rkill log:

    This log file is located at F:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 11/17/2011 at 14:07:43.
    Operating System: Microsoft Windows XP


    Processes terminated by Rkill or while it was running:

    F:\WINDOWS\explorer.exe
    F:\WINDOWS\System32\rundll32.exe


    Rkill completed on 11/17/2011 at 14:07:52.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Go on...........
     
  7. vaguy1

    vaguy1 TS Rookie Topic Starter Posts: 25

    ... and just to add to the confusion: I remote control a user session at this machine via a web based application so I'm not physically there, have to connect via the net. I remote control it, try the various combinations to run combofix - it starts and gets to a point where explorer errors and does the send/nosend thing to MS then hangs (for hours). It disconnects my remote control session so I have to ask the person at the location to reboot and then I reconnect and see there is no output .txt generated.
     
  8. vaguy1

    vaguy1 TS Rookie Topic Starter Posts: 25

    following you on several other posts...

    Dr.Web Cure IT says trojan muldrop3.6866 infection on the dds.scr and
    "your_name".com rename of dds.exe - i think. Can't be cured, I selected to move it
    yes.

    Log is 888 kb. Too large for upload.
     
  9. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Did you?
     
  10. vaguy1

    vaguy1 TS Rookie Topic Starter Posts: 25

    Duh!?

    I'll zip it up and attach it...
     
  11. vaguy1

    vaguy1 TS Rookie Topic Starter Posts: 25

    ... and still trying to get into it remotely via RDP or whatever in safe mode to follow the directions already given.
     
  12. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    I'm not sure what you're saying...
     
  13. vaguy1

    vaguy1 TS Rookie Topic Starter Posts: 25

    ... so started in safe mode. Combofix ran all night long with no luck. It never gets to say "Finisehed State 1".Combofix seems to be hanging. I am not co-located w/ the machine so can't tell if there is disk activity or not. Again, I remote control this PC. I do see that the BOOT.INI sections are not showing in msconfig. Seems weird.

    I did the rkill, then the combofix w/ the renamed combofix as yourname.exe.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Restart computer
    When you reboot you will see an option to boot into the Recovery Console or the normal Windows installation.
    You have to use the up/down arrows to choose the Recovery Console. Then press Enter but you only have 2 seconds by default.
    If you find this hard to do then you can go into Control Panel, System, Advanced, Startup and Recovery, Settings. Where it says Time to Display List of Operating Systems, change it to 10 or more seconds. OK Then reboot.

    You should get a black screen with a C:\> prompt. Type with an Enter after each line:

    fixmbr

    (If it asks you if you are sure then say "Y".)

    exit

    Reboot computer.

    Post fresh aswMBR log.
     
  15. vaguy1

    vaguy1 TS Rookie Topic Starter Posts: 25

    Thanks Broni, will do.

    Does it make any difference to combofix that the "C" drive on this box is actually the "F" drive and the "C" drive is the CD? Maybe that's why combofix seems to hang...
     
  16. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    It shouldn't matter.
     
  17. vaguy1

    vaguy1 TS Rookie Topic Starter Posts: 25

    ... so I ran fixmbr.
    Downloaded new aswMBR and ran it. Output:

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-06 15:29:08
    -----------------------------
    15:29:08.390 OS Version: Windows 5.1.2600 Service Pack 3
    15:29:08.390 Number of processors: 1 586 0x209
    15:29:08.390 ComputerName: WOWE-4EE6DA760C UserName: lois
    15:29:08.687 Initialize success
    15:29:08.968 AVAST engine defs: 11110601
    15:29:32.828 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    15:29:32.828 Disk 0 Vendor: IC35L090AVV207-0 V23OA66A Size: 76293MB BusType: 3
    15:29:32.875 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
    15:29:32.875 Disk 1 Vendor: IOMEGA_ZIP_250 42.S Size: 76293MB BusType: 2
    15:29:32.906 Disk 1 MBR read successfully
    15:29:32.906 Disk 1 MBR scan
    15:29:32.906 Disk 1 unknown MBR code
    15:29:32.906 Disk 1 MBR hidden
    15:29:32.953 Disk 1 scanning F:\WINDOWS\system32\drivers
    15:29:44.093 Service scanning
    15:29:44.968 Modules scanning
    15:30:03.656 Disk 1 trace - called modules:
    15:30:03.671 ntoskrnl.exe CLASSPNP.SYS disk.sys hal.dll
    15:30:03.671 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x86342030]
    15:30:04.390 AVAST engine scan F:\WINDOWS
    15:30:22.359 AVAST engine scan F:\WINDOWS\system32
    15:32:16.390 AVAST engine scan F:\WINDOWS\system32\drivers
    15:32:32.234 AVAST engine scan F:\Documents and Settings\lois
    15:39:46.390 AVAST engine scan F:\Documents and Settings\All Users
    15:40:31.812 Scan finished successfully
    15:46:48.000 Disk 1 MBR has been saved successfully to "f:\MBR.dat"
    15:46:48.031 The log file has been saved successfully to "f:\aswMBR.txt"


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-22 13:44:13
    -----------------------------
    13:44:13.437 OS Version: Windows 5.1.2600 Service Pack 3
    13:44:13.437 Number of processors: 1 586 0x209
    13:44:13.453 ComputerName: WOWE-4EE6DA760C UserName: lois
    13:44:14.593 Initialize success
    13:44:14.812 AVAST engine defs: 11112200
    13:44:39.421 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    13:44:39.437 Disk 0 Vendor: IC35L090AVV207-0 V23OA66A Size: 76293MB BusType: 3
    13:44:39.453 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
    13:44:39.453 Disk 1 Vendor: IOMEGA_ZIP_250 42.S Size: 76293MB BusType: 2
    13:44:39.484 Disk 1 MBR read successfully
    13:44:39.484 Disk 1 MBR scan
    13:44:39.484 Disk 1 unknown MBR code
    13:44:39.500 Disk 1 MBR hidden
    13:44:39.562 Disk 1 scanning F:\WINDOWS\system32\drivers
    13:44:57.203 Service scanning
    13:44:58.281 Modules scanning
    13:45:07.375 Disk 1 trace - called modules:
    13:45:07.390 ntoskrnl.exe CLASSPNP.SYS disk.sys hal.dll
    13:45:07.968 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x863a7030]
    13:45:08.265 AVAST engine scan F:\WINDOWS
    13:45:23.812 AVAST engine scan F:\WINDOWS\system32
    13:47:17.578 AVAST engine scan F:\WINDOWS\system32\drivers
    13:47:31.906 AVAST engine scan F:\Documents and Settings\lois
    14:00:19.015 AVAST engine scan F:\Documents and Settings\All Users
    14:01:11.453 Scan finished successfully
    14:08:29.468 Disk 1 MBR has been saved successfully to "F:\MBR.dat"
    14:08:29.484 The log file has been saved successfully to "F:\aswMBR.txt"
     
  18. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  19. vaguy1

    vaguy1 TS Rookie Topic Starter Posts: 25

    17:56:50.0468 3704 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
    17:56:51.0234 3704 ============================================================
    17:56:51.0234 3704 Current date / time: 2011/11/22 17:56:51.0234
    17:56:51.0234 3704 SystemInfo:
    17:56:51.0234 3704
    17:56:51.0234 3704 OS Version: 5.1.2600 ServicePack: 3.0
    17:56:51.0234 3704 Product type: Workstation
    17:56:51.0234 3704 ComputerName: WOWE-4EE6DA760C
    17:56:51.0234 3704 UserName: lois
    17:56:51.0234 3704 Windows directory: F:\WINDOWS
    17:56:51.0234 3704 System windows directory: F:\WINDOWS
    17:56:51.0234 3704 Processor architecture: Intel x86
    17:56:51.0234 3704 Number of processors: 1
    17:56:51.0234 3704 Page size: 0x1000
    17:56:51.0234 3704 Boot type: Normal boot
    17:56:51.0234 3704 ============================================================
    17:56:52.0703 3704 Initialize success
    17:56:59.0562 3160 ============================================================
    17:56:59.0562 3160 Scan started
    17:56:59.0562 3160 Mode: Manual;
    17:56:59.0562 3160 ============================================================
    17:56:59.0953 3160 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) F:\WINDOWS\system32\drivers\Aavmker4.sys
    17:56:59.0953 3160 Aavmker4 - ok
    17:57:00.0031 3160 Abiosdsk - ok
    17:57:00.0062 3160 abp480n5 - ok
    17:57:00.0156 3160 ACPI (8fd99680a539792a30e97944fdaecf17) F:\WINDOWS\system32\DRIVERS\ACPI.sys
    17:57:00.0156 3160 ACPI - ok
    17:57:00.0265 3160 ACPIEC (9859c0f6936e723e4892d7141b1327d5) F:\WINDOWS\system32\drivers\ACPIEC.sys
    17:57:00.0265 3160 ACPIEC - ok
    17:57:00.0328 3160 adpu160m - ok
    17:57:00.0406 3160 aeaudio (11c04b17ed2abbb4833694bcd644ac90) F:\WINDOWS\system32\drivers\aeaudio.sys
    17:57:00.0406 3160 aeaudio - ok
    17:57:00.0531 3160 aec (8bed39e3c35d6a489438b8141717a557) F:\WINDOWS\system32\drivers\aec.sys
    17:57:00.0531 3160 aec - ok
    17:57:00.0640 3160 AFD (1e44bc1e83d8fd2305f8d452db109cf9) F:\WINDOWS\System32\drivers\afd.sys
    17:57:00.0640 3160 AFD - ok
    17:57:00.0750 3160 agp440 (08fd04aa961bdc77fb983f328334e3d7) F:\WINDOWS\system32\DRIVERS\agp440.sys
    17:57:00.0750 3160 agp440 - ok
    17:57:00.0828 3160 Aha154x - ok
    17:57:00.0859 3160 aic78u2 - ok
    17:57:00.0890 3160 aic78xx - ok
    17:57:00.0937 3160 AliIde - ok
    17:57:00.0968 3160 amsint - ok
    17:57:01.0015 3160 asc - ok
    17:57:01.0046 3160 asc3350p - ok
    17:57:01.0078 3160 asc3550 - ok
    17:57:01.0171 3160 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) F:\WINDOWS\system32\drivers\aswFsBlk.sys
    17:57:01.0171 3160 aswFsBlk - ok
    17:57:01.0281 3160 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) F:\WINDOWS\system32\drivers\aswMon2.sys
    17:57:01.0281 3160 aswMon2 - ok
    17:57:01.0390 3160 aswRdr (36239e24470a3dd81fae37510953cc6c) F:\WINDOWS\system32\drivers\aswRdr.sys
    17:57:01.0406 3160 aswRdr - ok
    17:57:01.0531 3160 aswSnx (caa846e9c83836bdc3d2d700c678db65) F:\WINDOWS\system32\drivers\aswSnx.sys
    17:57:01.0546 3160 aswSnx - ok
    17:57:01.0656 3160 aswSP (748ae7f2d7da33adb063fe05704a9969) F:\WINDOWS\system32\drivers\aswSP.sys
    17:57:01.0671 3160 aswSP - ok
    17:57:01.0781 3160 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) F:\WINDOWS\system32\drivers\aswTdi.sys
    17:57:01.0781 3160 aswTdi - ok
    17:57:01.0890 3160 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) F:\WINDOWS\system32\DRIVERS\asyncmac.sys
    17:57:01.0890 3160 AsyncMac - ok
    17:57:02.0015 3160 atapi (9f3a2f5aa6875c72bf062c712cfa2674) F:\WINDOWS\system32\DRIVERS\atapi.sys
    17:57:02.0015 3160 atapi - ok
    17:57:02.0078 3160 Atdisk - ok
    17:57:02.0156 3160 Atmarpc (9916c1225104ba14794209cfa8012159) F:\WINDOWS\system32\DRIVERS\atmarpc.sys
    17:57:02.0156 3160 Atmarpc - ok
    17:57:02.0281 3160 audstub (d9f724aa26c010a217c97606b160ed68) F:\WINDOWS\system32\DRIVERS\audstub.sys
    17:57:02.0296 3160 audstub - ok
    17:57:02.0421 3160 Beep (da1f27d85e0d1525f6621372e7b685e9) F:\WINDOWS\system32\drivers\Beep.sys
    17:57:02.0421 3160 Beep - ok
    17:57:02.0593 3160 catchme - ok
    17:57:02.0703 3160 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) F:\WINDOWS\system32\drivers\cbidf2k.sys
    17:57:02.0703 3160 cbidf2k - ok
    17:57:02.0812 3160 CCDECODE (0be5aef125be881c4f854c554f2b025c) F:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    17:57:02.0828 3160 CCDECODE - ok
    17:57:02.0906 3160 cd20xrnt - ok
    17:57:02.0968 3160 Cdaudio (c1b486a7658353d33a10cc15211a873b) F:\WINDOWS\system32\drivers\Cdaudio.sys
    17:57:02.0968 3160 Cdaudio - ok
    17:57:03.0093 3160 Cdfs (c885b02847f5d2fd45a24e219ed93b32) F:\WINDOWS\system32\drivers\Cdfs.sys
    17:57:03.0109 3160 Cdfs - ok
    17:57:03.0203 3160 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) F:\WINDOWS\system32\DRIVERS\cdrom.sys
    17:57:03.0218 3160 Cdrom - ok
    17:57:03.0328 3160 CmdIde - ok
    17:57:03.0390 3160 Cpqarray - ok
    17:57:03.0437 3160 dac2w2k - ok
    17:57:03.0468 3160 dac960nt - ok
    17:57:03.0578 3160 Disk (044452051f3e02e7963599fc8f4f3e25) F:\WINDOWS\system32\DRIVERS\disk.sys
    17:57:03.0578 3160 Disk - ok
    17:57:03.0718 3160 dmboot (d992fe1274bde0f84ad826acae022a41) F:\WINDOWS\system32\drivers\dmboot.sys
    17:57:03.0750 3160 dmboot - ok
    17:57:03.0875 3160 dmio (7c824cf7bbde77d95c08005717a95f6f) F:\WINDOWS\system32\drivers\dmio.sys
    17:57:03.0875 3160 dmio - ok
    17:57:03.0968 3160 dmload (e9317282a63ca4d188c0df5e09c6ac5f) F:\WINDOWS\system32\drivers\dmload.sys
    17:57:03.0984 3160 dmload - ok
    17:57:04.0046 3160 DMusic (8a208dfcf89792a484e76c40e5f50b45) F:\WINDOWS\system32\drivers\DMusic.sys
    17:57:04.0046 3160 DMusic - ok
    17:57:04.0156 3160 dpti2o - ok
    17:57:04.0234 3160 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) F:\WINDOWS\system32\drivers\drmkaud.sys
    17:57:04.0234 3160 drmkaud - ok
    17:57:04.0328 3160 E1000 (854293999e91bf2eb9e786166de4a35f) F:\WINDOWS\system32\DRIVERS\e1000325.sys
    17:57:04.0343 3160 E1000 - ok
    17:57:04.0500 3160 Fastfat (38d332a6d56af32635675f132548343e) F:\WINDOWS\system32\drivers\Fastfat.sys
    17:57:04.0500 3160 Fastfat - ok
    17:57:04.0625 3160 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) F:\WINDOWS\system32\DRIVERS\fdc.sys
    17:57:04.0625 3160 Fdc - ok
    17:57:04.0734 3160 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) F:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
    17:57:04.0750 3160 FilterService - ok
    17:57:04.0843 3160 Fips (d45926117eb9fa946a6af572fbe1caa3) F:\WINDOWS\system32\drivers\Fips.sys
    17:57:04.0843 3160 Fips - ok
    17:57:04.0953 3160 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) F:\WINDOWS\system32\DRIVERS\flpydisk.sys
    17:57:04.0953 3160 Flpydisk - ok
    17:57:05.0125 3160 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) F:\WINDOWS\system32\drivers\fltmgr.sys
    17:57:05.0125 3160 FltMgr - ok
    17:57:05.0250 3160 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) F:\WINDOWS\system32\drivers\Fs_Rec.sys
    17:57:05.0250 3160 Fs_Rec - ok
    17:57:05.0359 3160 Ftdisk (6ac26732762483366c3969c9e4d2259d) F:\WINDOWS\system32\DRIVERS\ftdisk.sys
    17:57:05.0375 3160 Ftdisk - ok
    17:57:05.0484 3160 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) F:\WINDOWS\system32\DRIVERS\msgpc.sys
    17:57:05.0484 3160 Gpc - ok
    17:57:05.0656 3160 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) F:\WINDOWS\system32\DRIVERS\hidusb.sys
    17:57:05.0656 3160 HidUsb - ok
    17:57:05.0750 3160 hpn - ok
    17:57:05.0812 3160 HTTP (f80a415ef82cd06ffaf0d971528ead38) F:\WINDOWS\system32\Drivers\HTTP.sys
    17:57:05.0828 3160 HTTP - ok
    17:57:05.0921 3160 i2omp - ok
    17:57:06.0000 3160 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) F:\WINDOWS\system32\DRIVERS\i8042prt.sys
    17:57:06.0000 3160 i8042prt - ok
    17:57:06.0140 3160 Imapi (083a052659f5310dd8b6a6cb05edcf8e) F:\WINDOWS\system32\DRIVERS\imapi.sys
    17:57:06.0140 3160 Imapi - ok
    17:57:06.0234 3160 ini910u - ok
    17:57:06.0312 3160 IntelIde (b5466a9250342a7aa0cd1fba13420678) F:\WINDOWS\system32\DRIVERS\intelide.sys
    17:57:06.0328 3160 IntelIde - ok
    17:57:06.0453 3160 intelppm (8c953733d8f36eb2133f5bb58808b66b) F:\WINDOWS\system32\DRIVERS\intelppm.sys
    17:57:06.0453 3160 intelppm - ok
    17:57:06.0562 3160 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) F:\WINDOWS\system32\drivers\ip6fw.sys
    17:57:06.0578 3160 Ip6Fw - ok
    17:57:06.0687 3160 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) F:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    17:57:06.0687 3160 IpFilterDriver - ok
    17:57:06.0796 3160 IpInIp (b87ab476dcf76e72010632b5550955f5) F:\WINDOWS\system32\DRIVERS\ipinip.sys
    17:57:06.0796 3160 IpInIp - ok
    17:57:06.0906 3160 IpNat (cc748ea12c6effde940ee98098bf96bb) F:\WINDOWS\system32\DRIVERS\ipnat.sys
    17:57:06.0906 3160 IpNat - ok
    17:57:07.0140 3160 IPSec (23c74d75e36e7158768dd63d92789a91) F:\WINDOWS\system32\DRIVERS\ipsec.sys
    17:57:07.0156 3160 IPSec - ok
    17:57:07.0265 3160 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) F:\WINDOWS\system32\DRIVERS\irenum.sys
    17:57:07.0265 3160 IRENUM - ok
    17:57:07.0375 3160 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) F:\WINDOWS\system32\DRIVERS\isapnp.sys
    17:57:07.0390 3160 isapnp - ok
    17:57:07.0500 3160 Kbdclass (463c1ec80cd17420a542b7f36a36f128) F:\WINDOWS\system32\DRIVERS\kbdclass.sys
    17:57:07.0500 3160 Kbdclass - ok
    17:57:07.0625 3160 kmixer (692bcf44383d056aed41b045a323d378) F:\WINDOWS\system32\drivers\kmixer.sys
    17:57:07.0625 3160 kmixer - ok
    17:57:07.0734 3160 KSecDD (b467646c54cc746128904e1654c750c1) F:\WINDOWS\system32\drivers\KSecDD.sys
    17:57:07.0734 3160 KSecDD - ok
    17:57:07.0968 3160 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) F:\Program Files\LogMeIn\x86\RaInfo.sys
    17:57:07.0968 3160 LMIInfo - ok
    17:57:08.0078 3160 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) F:\WINDOWS\system32\DRIVERS\lmimirr.sys
    17:57:08.0093 3160 lmimirr - ok
    17:57:08.0156 3160 LMIRfsClientNP - ok
    17:57:08.0234 3160 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) F:\WINDOWS\system32\drivers\LMIRfsDriver.sys
    17:57:08.0234 3160 LMIRfsDriver - ok
    17:57:08.0359 3160 lvpopflt (9fb982de1c8dd769f8ed681dd878b12f) F:\WINDOWS\system32\DRIVERS\lvpopflt.sys
    17:57:08.0359 3160 lvpopflt - ok
    17:57:08.0484 3160 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) F:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
    17:57:08.0484 3160 LVPr2Mon - ok
    17:57:08.0609 3160 LVRS (37072ec9299e825f4335cc554b6fac6a) F:\WINDOWS\system32\DRIVERS\lvrs.sys
    17:57:08.0609 3160 LVRS - ok
    17:57:08.0906 3160 LVUVC (a240e42a7402e927a71b6e8aa4629b13) F:\WINDOWS\system32\DRIVERS\lvuvc.sys
    17:57:09.0125 3160 LVUVC - ok
    17:57:09.0281 3160 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) F:\WINDOWS\system32\drivers\mnmdd.sys
    17:57:09.0281 3160 mnmdd - ok
    17:57:09.0390 3160 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) F:\WINDOWS\system32\drivers\Modem.sys
    17:57:09.0390 3160 Modem - ok
    17:57:09.0500 3160 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) F:\WINDOWS\system32\DRIVERS\mouclass.sys
    17:57:09.0515 3160 Mouclass - ok
    17:57:09.0609 3160 mouhid (b1c303e17fb9d46e87a98e4ba6769685) F:\WINDOWS\system32\DRIVERS\mouhid.sys
    17:57:09.0609 3160 mouhid - ok
    17:57:09.0718 3160 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) F:\WINDOWS\system32\drivers\MountMgr.sys
    17:57:09.0718 3160 MountMgr - ok
    17:57:09.0828 3160 MpFilter (fee0baded54222e9f1dae9541212aab1) F:\WINDOWS\system32\DRIVERS\MpFilter.sys
    17:57:09.0828 3160 MpFilter - ok
    17:57:09.0906 3160 mraid35x - ok
    17:57:10.0015 3160 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) F:\WINDOWS\system32\DRIVERS\mrxdav.sys
    17:57:10.0015 3160 MRxDAV - ok
    17:57:10.0171 3160 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) F:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    17:57:10.0171 3160 MRxSmb - ok
    17:57:10.0312 3160 Msfs (c941ea2454ba8350021d774daf0f1027) F:\WINDOWS\system32\drivers\Msfs.sys
    17:57:10.0312 3160 Msfs - ok
    17:57:10.0437 3160 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) F:\WINDOWS\system32\drivers\MSKSSRV.sys
    17:57:10.0437 3160 MSKSSRV - ok
    17:57:10.0546 3160 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) F:\WINDOWS\system32\drivers\MSPCLOCK.sys
    17:57:10.0546 3160 MSPCLOCK - ok
    17:57:10.0625 3160 MSPQM (bad59648ba099da4a17680b39730cb3d) F:\WINDOWS\system32\drivers\MSPQM.sys
    17:57:10.0640 3160 MSPQM - ok
    17:57:10.0734 3160 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) F:\WINDOWS\system32\DRIVERS\mssmbios.sys
    17:57:10.0734 3160 mssmbios - ok
    17:57:10.0828 3160 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) F:\WINDOWS\system32\drivers\MSTEE.sys
    17:57:10.0828 3160 MSTEE - ok
    17:57:10.0921 3160 Mup (de6a75f5c270e756c5508d94b6cf68f5) F:\WINDOWS\system32\drivers\Mup.sys
    17:57:10.0937 3160 Mup - ok
    17:57:11.0062 3160 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) F:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    17:57:11.0062 3160 NABTSFEC - ok
    17:57:11.0187 3160 NDIS (1df7f42665c94b825322fae71721130d) F:\WINDOWS\system32\drivers\NDIS.sys
    17:57:11.0187 3160 NDIS - ok
    17:57:11.0281 3160 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) F:\WINDOWS\system32\DRIVERS\NdisIP.sys
    17:57:11.0296 3160 NdisIP - ok
    17:57:11.0406 3160 NdisTapi (0109c4f3850dfbab279542515386ae22) F:\WINDOWS\system32\DRIVERS\ndistapi.sys
    17:57:11.0406 3160 NdisTapi - ok
    17:57:11.0531 3160 Ndisuio (f927a4434c5028758a842943ef1a3849) F:\WINDOWS\system32\DRIVERS\ndisuio.sys
    17:57:11.0531 3160 Ndisuio - ok
    17:57:11.0625 3160 NdisWan (edc1531a49c80614b2cfda43ca8659ab) F:\WINDOWS\system32\DRIVERS\ndiswan.sys
    17:57:11.0640 3160 NdisWan - ok
    17:57:11.0734 3160 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) F:\WINDOWS\system32\drivers\NDProxy.sys
    17:57:11.0734 3160 NDProxy - ok
    17:57:11.0859 3160 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) F:\WINDOWS\system32\DRIVERS\netbios.sys
    17:57:11.0859 3160 NetBIOS - ok
    17:57:11.0968 3160 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) F:\WINDOWS\system32\DRIVERS\netbt.sys
    17:57:11.0984 3160 NetBT - ok
    17:57:12.0156 3160 Npfs (3182d64ae053d6fb034f44b6def8034a) F:\WINDOWS\system32\drivers\Npfs.sys
    17:57:12.0156 3160 Npfs - ok
    17:57:12.0281 3160 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) F:\WINDOWS\system32\drivers\Ntfs.sys
    17:57:12.0296 3160 Ntfs - ok
    17:57:12.0421 3160 Null (73c1e1f395918bc2c6dd67af7591a3ad) F:\WINDOWS\system32\drivers\Null.sys
    17:57:12.0421 3160 Null - ok
    17:57:12.0578 3160 nv (2b298519edbfcf451d43e0f1e8f1006d) F:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    17:57:12.0640 3160 nv - ok
    17:57:12.0750 3160 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) F:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    17:57:12.0750 3160 NwlnkFlt - ok
    17:57:12.0843 3160 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) F:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    17:57:12.0843 3160 NwlnkFwd - ok
    17:57:12.0953 3160 Parport (5575faf8f97ce5e713d108c2a58d7c7c) F:\WINDOWS\system32\DRIVERS\parport.sys
    17:57:12.0953 3160 Parport - ok
    17:57:13.0062 3160 PartMgr (beb3ba25197665d82ec7065b724171c6) F:\WINDOWS\system32\drivers\PartMgr.sys
    17:57:13.0062 3160 PartMgr - ok
    17:57:13.0156 3160 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) F:\WINDOWS\system32\drivers\ParVdm.sys
    17:57:13.0171 3160 ParVdm - ok
    17:57:13.0281 3160 PCI (a219903ccf74233761d92bef471a07b1) F:\WINDOWS\system32\DRIVERS\pci.sys
    17:57:13.0281 3160 PCI - ok
    17:57:13.0359 3160 PCIDump - ok
    17:57:13.0421 3160 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) F:\WINDOWS\system32\drivers\PCIIde.sys
    17:57:13.0421 3160 PCIIde - ok
    17:57:13.0578 3160 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) F:\WINDOWS\system32\drivers\Pcmcia.sys
    17:57:13.0578 3160 Pcmcia - ok
    17:57:13.0656 3160 perc2 - ok
    17:57:13.0687 3160 perc2hib - ok
    17:57:13.0828 3160 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) F:\WINDOWS\system32\DRIVERS\raspptp.sys
    17:57:13.0843 3160 PptpMiniport - ok
    17:57:13.0953 3160 PSched (09298ec810b07e5d582cb3a3f9255424) F:\WINDOWS\system32\DRIVERS\psched.sys
    17:57:13.0968 3160 PSched - ok
    17:57:14.0078 3160 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) F:\WINDOWS\system32\DRIVERS\ptilink.sys
    17:57:14.0078 3160 Ptilink - ok
    17:57:14.0187 3160 PxHelp20 (d86b4a68565e444d76457f14172c875a) F:\WINDOWS\system32\Drivers\PxHelp20.sys
    17:57:14.0187 3160 PxHelp20 - ok
    17:57:14.0265 3160 ql1080 - ok
    17:57:14.0296 3160 Ql10wnt - ok
    17:57:14.0328 3160 ql12160 - ok
    17:57:14.0359 3160 ql1240 - ok
    17:57:14.0390 3160 ql1280 - ok
    17:57:14.0453 3160 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) F:\WINDOWS\system32\DRIVERS\rasacd.sys
    17:57:14.0453 3160 RasAcd - ok
    17:57:14.0578 3160 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) F:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    17:57:14.0578 3160 Rasl2tp - ok
    17:57:14.0703 3160 RasPppoe (5bc962f2654137c9909c3d4603587dee) F:\WINDOWS\system32\DRIVERS\raspppoe.sys
    17:57:14.0703 3160 RasPppoe - ok
    17:57:14.0781 3160 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) F:\WINDOWS\system32\DRIVERS\raspti.sys
    17:57:14.0812 3160 Raspti - ok
    17:57:14.0859 3160 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) F:\WINDOWS\system32\DRIVERS\rdbss.sys
    17:57:14.0875 3160 Rdbss - ok
    17:57:15.0000 3160 RDPCDD (4912d5b403614ce99c28420f75353332) F:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    17:57:15.0000 3160 RDPCDD - ok
    17:57:15.0125 3160 rdpdr (15cabd0f7c00c47c70124907916af3f1) F:\WINDOWS\system32\DRIVERS\rdpdr.sys
    17:57:15.0140 3160 rdpdr - ok
    17:57:15.0265 3160 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) F:\WINDOWS\system32\drivers\RDPWD.sys
    17:57:15.0265 3160 RDPWD - ok
    17:57:15.0406 3160 redbook (f828dd7e1419b6653894a8f97a0094c5) F:\WINDOWS\system32\DRIVERS\redbook.sys
    17:57:15.0406 3160 redbook - ok
    17:57:15.0593 3160 SASDIFSV (39763504067962108505bff25f024345) F:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    17:57:15.0593 3160 SASDIFSV - ok
    17:57:15.0625 3160 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) F:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    17:57:15.0625 3160 SASKUTIL - ok
    17:57:15.0765 3160 Secdrv (90a3935d05b494a5a39d37e71f09a677) F:\WINDOWS\system32\DRIVERS\secdrv.sys
    17:57:15.0765 3160 Secdrv - ok
    17:57:15.0921 3160 serenum (0f29512ccd6bead730039fb4bd2c85ce) F:\WINDOWS\system32\DRIVERS\serenum.sys
    17:57:15.0921 3160 serenum - ok
    17:57:16.0078 3160 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) F:\WINDOWS\system32\DRIVERS\serial.sys
    17:57:16.0078 3160 Serial - ok
    17:57:16.0218 3160 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) F:\WINDOWS\system32\drivers\Sfloppy.sys
    17:57:16.0218 3160 Sfloppy - ok
    17:57:16.0312 3160 Simbad - ok
    17:57:16.0390 3160 SLIP (866d538ebe33709a5c9f5c62b73b7d14) F:\WINDOWS\system32\DRIVERS\SLIP.sys
    17:57:16.0390 3160 SLIP - ok
    17:57:16.0500 3160 smwdm (31fd0707c7dbe715234f2823b27214fe) F:\WINDOWS\system32\drivers\smwdm.sys
    17:57:16.0515 3160 smwdm - ok
    17:57:16.0578 3160 Sparrow - ok
    17:57:16.0656 3160 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) F:\WINDOWS\system32\drivers\splitter.sys
    17:57:16.0656 3160 splitter - ok
    17:57:16.0750 3160 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) F:\WINDOWS\system32\DRIVERS\sr.sys
    17:57:16.0765 3160 sr - ok
    17:57:16.0875 3160 Srv (47ddfc2f003f7f9f0592c6874962a2e7) F:\WINDOWS\system32\DRIVERS\srv.sys
    17:57:16.0890 3160 Srv - ok
    17:57:17.0078 3160 streamip (77813007ba6265c4b6098187e6ed79d2) F:\WINDOWS\system32\DRIVERS\StreamIP.sys
    17:57:17.0078 3160 streamip - ok
    17:57:17.0171 3160 swenum (3941d127aef12e93addf6fe6ee027e0f) F:\WINDOWS\system32\DRIVERS\swenum.sys
    17:57:17.0187 3160 swenum - ok
    17:57:17.0281 3160 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) F:\WINDOWS\system32\drivers\swmidi.sys
    17:57:17.0281 3160 swmidi - ok
    17:57:17.0390 3160 symc810 - ok
    17:57:17.0421 3160 symc8xx - ok
    17:57:17.0453 3160 sym_hi - ok
    17:57:17.0468 3160 sym_u3 - ok
    17:57:17.0546 3160 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) F:\WINDOWS\system32\drivers\sysaudio.sys
    17:57:17.0546 3160 sysaudio - ok
    17:57:17.0687 3160 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) F:\WINDOWS\system32\DRIVERS\tcpip.sys
    17:57:17.0703 3160 Tcpip - ok
    17:57:17.0796 3160 TDPIPE (6471a66807f5e104e4885f5b67349397) F:\WINDOWS\system32\drivers\TDPIPE.sys
    17:57:17.0796 3160 TDPIPE - ok
    17:57:17.0906 3160 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) F:\WINDOWS\system32\drivers\TDTCP.sys
    17:57:17.0906 3160 TDTCP - ok
    17:57:18.0046 3160 TermDD (88155247177638048422893737429d9e) F:\WINDOWS\system32\DRIVERS\termdd.sys
    17:57:18.0062 3160 TermDD - ok
    17:57:18.0171 3160 TosIde - ok
    17:57:18.0265 3160 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) F:\WINDOWS\system32\drivers\Udfs.sys
    17:57:18.0281 3160 Udfs - ok
    17:57:18.0359 3160 ultra - ok
    17:57:18.0437 3160 Update (402ddc88356b1bac0ee3dd1580c76a31) F:\WINDOWS\system32\DRIVERS\update.sys
    17:57:18.0437 3160 Update - ok
    17:57:18.0593 3160 usbaudio (e919708db44ed8543a7c017953148330) F:\WINDOWS\system32\drivers\usbaudio.sys
    17:57:18.0609 3160 usbaudio - ok
    17:57:18.0718 3160 usbccgp (173f317ce0db8e21322e71b7e60a27e8) F:\WINDOWS\system32\DRIVERS\usbccgp.sys
    17:57:18.0718 3160 usbccgp - ok
    17:57:18.0812 3160 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) F:\WINDOWS\system32\DRIVERS\usbehci.sys
    17:57:18.0828 3160 usbehci - ok
    17:57:18.0937 3160 usbhub (1ab3cdde553b6e064d2e754efe20285c) F:\WINDOWS\system32\DRIVERS\usbhub.sys
    17:57:18.0937 3160 usbhub - ok
    17:57:19.0015 3160 usbprint (a717c8721046828520c9edf31288fc00) F:\WINDOWS\system32\DRIVERS\usbprint.sys
    17:57:19.0015 3160 usbprint - ok
    17:57:19.0140 3160 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) F:\WINDOWS\system32\DRIVERS\usbscan.sys
    17:57:19.0140 3160 usbscan - ok
    17:57:19.0250 3160 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    17:57:19.0250 3160 USBSTOR - ok
    17:57:19.0359 3160 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) F:\WINDOWS\system32\DRIVERS\usbuhci.sys
    17:57:19.0375 3160 usbuhci - ok
    17:57:19.0500 3160 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) F:\WINDOWS\system32\Drivers\usbvideo.sys
    17:57:19.0515 3160 usbvideo - ok
    17:57:19.0625 3160 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) F:\WINDOWS\System32\drivers\vga.sys
    17:57:19.0640 3160 VgaSave - ok
    17:57:19.0703 3160 ViaIde - ok
    17:57:19.0765 3160 VolSnap (4c8fcb5cc53aab716d810740fe59d025) F:\WINDOWS\system32\drivers\VolSnap.sys
    17:57:19.0781 3160 VolSnap - ok
    17:57:19.0906 3160 Wanarp (e20b95baedb550f32dd489265c1da1f6) F:\WINDOWS\system32\DRIVERS\wanarp.sys
    17:57:19.0921 3160 Wanarp - ok
    17:57:20.0000 3160 wdmaud (6768acf64b18196494413695f0c3a00f) F:\WINDOWS\system32\drivers\wdmaud.sys
    17:57:20.0000 3160 wdmaud - ok
    17:57:20.0234 3160 WSTCODEC (c98b39829c2bbd34e454150633c62c78) F:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    17:57:20.0250 3160 WSTCODEC - ok
    17:57:20.0343 3160 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    17:57:20.0500 3160 \Device\Harddisk0\DR0 - ok
    17:57:20.0531 3160 Boot (0x1200) (bb697ee0e33a335598aeec991bf5a161) \Device\Harddisk0\DR0\Partition0
    17:57:20.0531 3160 \Device\Harddisk0\DR0\Partition0 - ok
    17:57:20.0531 3160 ============================================================
    17:57:20.0531 3160 Scan finished
    17:57:20.0546 3160 ============================================================
    17:57:20.0578 2176 Detected object count: 0
    17:57:20.0578 2176 Actual detected object count: 0
    17:57:34.0921 0844 Deinitialize success
     
  20. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  21. vaguy1

    vaguy1 TS Rookie Topic Starter Posts: 25

    Thanks again Broni:

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\F:
    \\.\F: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
     
  22. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  23. vaguy1

    vaguy1 TS Rookie Topic Starter Posts: 25

    Attached are the two files. Gzipped...
     

    Attached Files:

  24. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Please observe forum rules.
    All logs have to be pasted not attached.
     
  25. vaguy1

    vaguy1 TS Rookie Topic Starter Posts: 25

    Told me the logs exceeded the upper limit allowed...
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...