Solved Slow booting, 45 minutes + GMER shows rootkit activity

[Broni]

For now continue with other steps.

 

[steveu]

Slooow booting, 45 minutes + GMER shows rootkit activity

No, No, say it isn't so! Not the LAST scans. And just when I was getting really good at running them...

Updated Java then javaRa'd and did TFC (all in the order given).


Securitycheck.exe

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
Duplicate Cleaner 2.0.6
Java(TM) 6 Update 31
Out of date Java installed!
Adobe Flash Player ( 10.3.183.7) Flash Player Out of Date!
Adobe Reader X (10.1.2)
Mozilla Firefox (3.6.26) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````


xxxxxxxxxx
FSS

Farbar Service Scanner Version: 14-02-2012
Ran by Owner (administrator) on 21-02-2012 at 11:31:17
Running from "C:\Documents and Settings\Owner\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0C0000000400000001000000020000000300000008000000090000000C0000000500000006000000070000000A0000000B000000
IpSec Tag value is correct.

**** End of log ****

xxxxxxxxxx

ESET - had to run twice it was taking so long and I had to use the machine.

Scan 1


C:\Documents and Settings\Owner\DoctorWeb\Quarantine\BootVis.exe MSIL/Solimba.A application deleted - quarantined
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\cnet_AutoHotkey110300_Install_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\cnet_converts word to excel fwiz111_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\cnet_cpu-z_1_58-setup-en_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\cnet_disk-defrag-setup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\cnet_ExcelCalendar_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\cnet_favseek21_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\cnet_gnucash-2_4_7-setup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\cnet_Great Budget Time Tracker Elite_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\cnet_hookanlz_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\cnet_myBilling2007_v_91_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\cnet_WinParrot_EN_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\cnet_xlcal_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1195\A0291212.exe MSIL/Solimba.A application deleted - quarantined
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1195\A0291213.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1195\A0291214.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1195\A0291215.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1195\A0291216.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1195\A0291217.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1195\A0291218.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1195\A0291219.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1195\A0291220.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1195\A0291221.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1195\A0291222.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1195\A0291223.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1195\A0291224.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\WINDOWS\FixCamera.exe a variant of Win32/KillProc.A application cleaned by deleting - quarantined

xxxxxxxxxx

ESET Scan 2

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1195\A0291229.exe a variant of Win32/KillProc.A application cleaned by deleting - quarantined
Z:\Documents\Downloads\cnet2_PDFill_PDF_Tools_FREE_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

 

[Broni]

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

 

[steveu]

Hey Broni, thanks so much for all your help. It's been fun working with you. Still have the slow booting issue, I expect I'll have to reinstall xp. I'll let you know if I ever discover what the issue was.

Final question: some dear friends of ours are named Przedpelski. But it's pronounced Cha pell ski. Given your Polishness, any idea how Przed gets to sound like Cha? They have no earthly idea!

Take care.

steveu

 

[Broni]

Go here: http://translate.google.com/?hl=en&sl=pl&tl=en&q=uzupelniac#en|pl|Przedpelski
On the right hand side click on "Polski" and click on speaker icon to hear the sound

Good luck and stay safe

 

[steveu]

Slooow booting, 45 minutes + GMER shows rootkit activity

I'll inform my Polish friend that he's been pronouncing his name wrong all these years!

And we thought we were done...

I've been working with the good folk at Windows Sysinternals about the slow booting issue. I ran a Process Monitor boot log, and this was his response after reviewing the logs:

You have so many RSPHOOKANALYZER entries (over 40000!!!!!!) under HKLM\System\CurrentControlSet\Services. This reading of thousands of registry entries and trying to start the services generates the high CPU usage of services.exe and causes the extreme delay.

Have you checked your PC for malware? Run Hijackthis, Malwarebyte Anti-Malware and other tools to check this. Also update Avira AntiVir to the latest version and run a full scan.

XXXXXXXX


The only thing that caught these buggers was the TDSS log from OTL, but you hadn't asked for that one and the TDSS said they were all ok.

What to do? Here's a sample from the TDSS log. If you want the whole thing I'll have to compress it or something because it's about ten times too big for posting.


16:26:01.0171 1336 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
16:26:01.0611 1336 ============================================================
16:26:01.0611 1336 Current date / time: 2012/01/21 16:26:01.0611
16:26:01.0611 1336 SystemInfo:
16:26:01.0611 1336
16:26:01.0611 1336 OS Version: 5.1.2600 ServicePack: 3.0
16:26:01.0611 1336 Product type: Workstation
16:26:01.0611 1336 ComputerName: HOME
16:26:01.0611 1336 UserName: Owner
16:26:01.0611 1336 Windows directory: C:\WINDOWS
16:26:01.0611 1336 System windows directory: C:\WINDOWS
16:26:01.0611 1336 Processor architecture: Intel x86
16:26:01.0611 1336 Number of processors: 1
16:26:01.0611 1336 Page size: 0x1000
16:26:01.0611 1336 Boot type: Normal boot
16:26:01.0611 1336 ============================================================
16:26:02.0583 1336 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:26:02.0773 1336 Initialize success
16:26:30.0403 4592 ============================================================
16:26:30.0403 4592 Scan started
16:26:30.0403 4592 Mode: Manual; SigCheck; TDLFS;
16:26:30.0403 4592 ============================================================
16:26:31.0675 4592 Abiosdsk - ok
16:26:31.0785 4592 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:26:32.0075 4592 abp480n5 - ok
16:26:32.0195 4592 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:26:32.0326 4592 ACPI - ok
16:26:32.0466 4592 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:26:32.0636 4592 ACPIEC - ok
16:26:32.0746 4592 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:26:32.0876 4592 adpu160m - ok
16:26:32.0976 4592 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:26:33.0097 4592 aec - ok
16:26:33.0197 4592 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:26:33.0217 4592 AFD - ok
16:26:33.0307 4592 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:26:33.0427 4592 agp440 - ok
16:26:33.0517 4592 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:26:33.0627 4592 agpCPQ - ok
16:26:33.0718 4592 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:26:33.0768 4592 Aha154x - ok
16:26:33.0888 4592 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:26:34.0008 4592 aic78u2 - ok
16:26:34.0108 4592 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:26:34.0218 4592 aic78xx - ok
16:26:34.0379 4592 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
16:26:34.0509 4592 AliIde - ok
16:26:34.0609 4592 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:26:34.0719 4592 alim1541 - ok
16:26:34.0889 4592 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
16:26:35.0009 4592 Ambfilt - ok
16:26:35.0130 4592 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:26:35.0250 4592 amdagp - ok
16:26:35.0350 4592 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
16:26:35.0410 4592 amsint - ok
16:26:35.0530 4592 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
16:26:35.0670 4592 asc - ok
16:26:35.0771 4592 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:26:35.0821 4592 asc3350p - ok
16:26:35.0941 4592 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:26:36.0081 4592 asc3550 - ok
16:26:36.0211 4592 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:26:36.0331 4592 AsyncMac - ok
16:26:36.0421 4592 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:26:36.0532 4592 atapi - ok
16:26:36.0632 4592 Atdisk - ok
16:26:36.0742 4592 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:26:36.0852 4592 Atmarpc - ok
16:26:36.0962 4592 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:26:37.0102 4592 audstub - ok
16:26:37.0223 4592 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
16:26:37.0223 4592 avgio - ok
16:26:37.0333 4592 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
16:26:37.0333 4592 avgntflt - ok
16:26:37.0473 4592 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
16:26:37.0493 4592 avipbb - ok
16:26:37.0583 4592 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
16:26:37.0593 4592 BANTExt ( UnsignedFile.Multi.Generic ) - warning
16:26:37.0593 4592 BANTExt - detected UnsignedFile.Multi.Generic (1)
16:26:37.0693 4592 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:26:37.0843 4592 Beep - ok
16:26:37.0864 4592 BVRPMPR5 - ok
16:26:38.0344 4592 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:26:38.0484 4592 cbidf - ok
16:26:38.0705 4592 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:26:38.0835 4592 cbidf2k - ok
16:26:38.0955 4592 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:26:39.0075 4592 CCDECODE - ok
16:26:39.0246 4592 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:26:39.0296 4592 cd20xrnt - ok
16:26:39.0506 4592 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:26:39.0636 4592 Cdaudio - ok
16:26:40.0167 4592 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:26:40.0297 4592 Cdfs - ok
16:26:40.0497 4592 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:26:40.0627 4592 Cdrom - ok
16:26:40.0838 4592 Changer - ok
16:26:40.0958 4592 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:26:41.0138 4592 CmdIde - ok
16:26:41.0328 4592 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:26:41.0469 4592 Cpqarray - ok
16:26:41.0559 4592 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
16:26:41.0569 4592 cpuz135 - ok
16:26:41.0669 4592 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:26:41.0819 4592 dac2w2k - ok
16:26:41.0919 4592 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:26:42.0060 4592 dac960nt - ok
16:26:42.0160 4592 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:26:42.0270 4592 Disk - ok
16:26:42.0400 4592 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:26:42.0540 4592 dmboot - ok
16:26:42.0660 4592 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:26:42.0781 4592 dmio - ok
16:26:42.0881 4592 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:26:43.0011 4592 dmload - ok
16:26:43.0131 4592 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:26:43.0251 4592 DMusic - ok
16:26:43.0371 4592 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:26:43.0502 4592 dpti2o - ok
16:26:43.0592 4592 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:26:43.0692 4592 drmkaud - ok
16:26:43.0762 4592 EagleNT - ok
16:26:43.0842 4592 EagleXNt - ok
16:26:43.0962 4592 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:26:44.0082 4592 Fastfat - ok
16:26:44.0213 4592 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:26:44.0323 4592 Fdc - ok
16:26:44.0433 4592 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:26:44.0553 4592 Fips - ok
16:26:44.0653 4592 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:26:44.0763 4592 Flpydisk - ok
16:26:44.0864 4592 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:26:45.0014 4592 FltMgr - ok
16:26:45.0114 4592 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:26:45.0244 4592 Fs_Rec - ok
16:26:45.0354 4592 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:26:45.0494 4592 Ftdisk - ok
16:26:45.0595 4592 GBDevice (be7c27c825fe7e533cf3e6dadd8f0657) C:\WINDOWS\system32\drivers\GBDevice.sys
16:26:45.0595 4592 GBDevice ( UnsignedFile.Multi.Generic ) - warning
16:26:45.0595 4592 GBDevice - detected UnsignedFile.Multi.Generic (1)
16:26:45.0685 4592 GBFSHook (211d6b560f70c6c10a9f546c14aa26ac) C:\WINDOWS\system32\drivers\GBFSHook.sys
16:26:45.0705 4592 GBFSHook ( UnsignedFile.Multi.Generic ) - warning
16:26:45.0705 4592 GBFSHook - detected UnsignedFile.Multi.Generic (1)
16:26:45.0825 4592 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:26:45.0845 4592 GEARAspiWDM - ok
16:26:45.0955 4592 GoBack2K (09fa0557162b73b6f0ec48682b0abfc8) C:\WINDOWS\system32\drivers\GoBack2K.sys
16:26:45.0975 4592 GoBack2K ( UnsignedFile.Multi.Generic ) - warning
16:26:45.0975 4592 GoBack2K - detected UnsignedFile.Multi.Generic (1)
16:26:46.0075 4592 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:26:46.0175 4592 Gpc - ok
16:26:46.0286 4592 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
16:26:46.0306 4592 HdAudAddService - ok
16:26:46.0416 4592 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:26:46.0536 4592 HDAudBus - ok
16:26:46.0636 4592 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:26:46.0746 4592 HidUsb - ok
16:26:46.0846 4592 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
16:26:46.0987 4592 hpn - ok
16:26:47.0087 4592 HSFHWBS2 (c02dc9d4358e43d088f2061c2b2bf30e) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
16:26:47.0107 4592 HSFHWBS2 - ok
16:26:47.0237 4592 HSF_DPV (cbf6831420a97e8fbb91e5f52b707ef7) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
16:26:47.0297 4592 HSF_DPV - ok
16:26:47.0397 4592 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:26:47.0417 4592 HTTP - ok
16:26:47.0527 4592 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
16:26:47.0628 4592 i2omgmt - ok
16:26:47.0738 4592 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:26:47.0868 4592 i2omp - ok
16:26:47.0968 4592 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:26:48.0088 4592 i8042prt - ok
16:26:48.0198 4592 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:26:48.0329 4592 Imapi - ok
16:26:48.0449 4592 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:26:48.0579 4592 ini910u - ok
16:26:48.0839 4592 IntcAzAudAddService (7ca3217ec4650ecfb8c499fda10d65ae) C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:26:49.0110 4592 IntcAzAudAddService - ok
16:26:49.0220 4592 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:26:49.0330 4592 IntelIde - ok
16:26:49.0440 4592 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:26:49.0550 4592 Ip6Fw - ok
16:26:49.0640 4592 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:26:49.0781 4592 IpFilterDriver - ok
16:26:49.0881 4592 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:26:49.0971 4592 IpInIp - ok
16:26:50.0071 4592 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:26:50.0181 4592 IpNat - ok
16:26:50.0311 4592 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:26:50.0432 4592 IPSec - ok
16:26:50.0542 4592 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:26:50.0672 4592 IRENUM - ok
16:26:50.0762 4592 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:26:50.0862 4592 isapnp - ok
16:26:50.0962 4592 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:26:51.0073 4592 Kbdclass - ok
16:26:51.0163 4592 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:26:51.0263 4592 kbdhid - ok
16:26:51.0403 4592 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:26:51.0513 4592 kmixer - ok
16:26:51.0603 4592 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:26:51.0623 4592 KSecDD - ok
16:26:51.0703 4592 lbrtfdc - ok
16:26:51.0824 4592 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
16:26:51.0834 4592 MBAMSwissArmy - ok
16:26:51.0894 4592 MCSTRM - ok
16:26:51.0994 4592 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:26:52.0014 4592 mdmxsdk - ok
16:26:52.0134 4592 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:26:52.0264 4592 mnmdd - ok
16:26:52.0364 4592 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:26:52.0475 4592 Modem - ok
16:26:52.0615 4592 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
16:26:52.0685 4592 Monfilt - ok
16:26:52.0775 4592 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:26:52.0915 4592 Mouclass - ok
16:26:53.0015 4592 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:26:53.0156 4592 MountMgr - ok
16:26:53.0266 4592 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:26:53.0396 4592 mraid35x - ok
16:26:53.0506 4592 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:26:53.0606 4592 MRxDAV - ok
16:26:53.0716 4592 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:26:53.0756 4592 MRxSmb - ok
16:26:53.0877 4592 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:26:53.0987 4592 Msfs - ok
16:26:54.0107 4592 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:26:54.0217 4592 MSKSSRV - ok
16:26:54.0337 4592 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:26:54.0447 4592 MSPCLOCK - ok
16:26:54.0548 4592 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:26:54.0658 4592 MSPQM - ok
16:26:54.0758 4592 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:26:54.0858 4592 mssmbios - ok
16:26:54.0948 4592 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:26:55.0058 4592 MSTEE - ok
16:26:55.0158 4592 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:26:55.0188 4592 Mup - ok
16:26:55.0299 4592 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
16:26:55.0439 4592 mxnic - ok
16:26:55.0549 4592 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:26:55.0669 4592 NABTSFEC - ok
16:26:55.0769 4592 NBSPortDriver (fc2239aab7b5f4011a092940b7270759) C:\WINDOWS\system32\DRIVERS\NBSPortDriver.sys
16:26:55.0779 4592 NBSPortDriver - ok
16:26:55.0889 4592 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:26:55.0990 4592 NDIS - ok
16:26:56.0090 4592 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:26:56.0200 4592 NdisIP - ok
16:26:56.0340 4592 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:26:56.0360 4592 NdisTapi - ok
16:26:56.0480 4592 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:26:56.0580 4592 Ndisuio - ok
16:26:56.0681 4592 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:26:56.0791 4592 NdisWan - ok
16:26:56.0911 4592 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:26:56.0941 4592 NDProxy - ok
16:26:57.0031 4592 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:26:57.0141 4592 NetBIOS - ok
16:26:57.0231 4592 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:26:57.0392 4592 NetBT - ok
16:26:57.0532 4592 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:26:57.0642 4592 Npfs - ok
16:26:57.0752 4592 ntcdrdrv (afb79c66eb3ed52a4ea02f4a7bbc268d) C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys
16:26:57.0762 4592 ntcdrdrv ( UnsignedFile.Multi.Generic ) - warning
16:26:57.0762 4592 ntcdrdrv - detected UnsignedFile.Multi.Generic (1)
16:26:57.0882 4592 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:26:58.0023 4592 Ntfs - ok
16:26:58.0143 4592 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:26:58.0283 4592 Null - ok
16:26:58.0533 4592 nv (90a2fe4b6e558e05e88e4517001a33ea) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:26:58.0744 4592 nv - ok
16:26:58.0844 4592 nvata (11d1ad7e946538e02f9ef6a6e1792061) C:\WINDOWS\system32\DRIVERS\nvata.sys
16:26:58.0884 4592 nvata - ok
16:26:58.0994 4592 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
16:26:59.0014 4592 NVENETFD - ok
16:26:59.0134 4592 nvgts (75e2e77c5497f34e60491d27bf03f1cb) C:\WINDOWS\system32\DRIVERS\nvgts.sys
16:26:59.0144 4592 nvgts - ok
16:26:59.0244 4592 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
16:26:59.0264 4592 nvnetbus - ok
16:26:59.0374 4592 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:26:59.0525 4592 NwlnkFlt - ok
16:26:59.0625 4592 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:26:59.0765 4592 NwlnkFwd - ok
16:26:59.0875 4592 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
16:26:59.0975 4592 P3 - ok
16:27:00.0095 4592 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:27:00.0206 4592 Parport - ok
16:27:00.0326 4592 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:27:00.0426 4592 PartMgr - ok
16:27:00.0526 4592 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:27:00.0666 4592 ParVdm - ok
16:27:00.0776 4592 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:27:00.0877 4592 PCI - ok
16:27:00.0957 4592 PCIDump - ok
16:27:01.0077 4592 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:27:01.0227 4592 PCIIde - ok
16:27:01.0337 4592 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:27:01.0437 4592 Pcmcia - ok
16:27:01.0508 4592 PDCOMP - ok
16:27:01.0588 4592 PDFRAME - ok
16:27:01.0678 4592 PDRELI - ok
16:27:01.0758 4592 PDRFRAME - ok
16:27:01.0858 4592 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
16:27:01.0998 4592 perc2 - ok
16:27:02.0108 4592 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:27:02.0259 4592 perc2hib - ok
16:27:02.0389 4592 pnarp (36fcac4fa28b462ca867742dea59b0d0) C:\WINDOWS\system32\DRIVERS\pnarp.sys
16:27:02.0399 4592 pnarp - ok
16:27:02.0489 4592 Point32 (273afc65fabf97326aa78ffe38b1e071) C:\WINDOWS\system32\DRIVERS\point32.sys
16:27:02.0499 4592 Point32 - ok
16:27:02.0619 4592 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:27:02.0719 4592 PptpMiniport - ok
16:27:02.0829 4592 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
16:27:02.0940 4592 Processor - ok
16:27:03.0050 4592 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:27:03.0150 4592 PSched - ok
16:27:03.0260 4592 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:27:03.0410 4592 Ptilink - ok
16:27:03.0510 4592 purendis (d8ac00388262b1a4878a7ee12f31d376) C:\WINDOWS\system32\DRIVERS\purendis.sys
16:27:03.0520 4592 purendis - ok
16:27:03.0621 4592 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:27:03.0761 4592 ql1080 - ok
16:27:03.0851 4592 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:27:04.0001 4592 Ql10wnt - ok
16:27:04.0101 4592 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:27:04.0251 4592 ql12160 - ok
16:27:04.0362 4592 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:27:04.0512 4592 ql1240 - ok
16:27:04.0612 4592 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:27:04.0752 4592 ql1280 - ok
16:27:04.0852 4592 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:27:05.0003 4592 RasAcd - ok
16:27:05.0103 4592 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:27:05.0213 4592 Rasl2tp - ok
16:27:05.0343 4592 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:27:05.0443 4592 RasPppoe - ok
16:27:05.0543 4592 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:27:05.0754 4592 Raspti - ok
16:27:05.0854 4592 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:27:05.0964 4592 Rdbss - ok
16:27:06.0064 4592 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:27:06.0184 4592 RDPCDD - ok
16:27:06.0294 4592 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:27:06.0405 4592 rdpdr - ok
16:27:06.0515 4592 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:27:06.0535 4592 RDPWD - ok
16:27:06.0635 4592 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:27:06.0735 4592 redbook - ok
16:27:06.0845 4592 RSPHOOKANALYZER - ok
16:27:06.0935 4592 RSPHOOKANALYZER1 - ok
16:27:07.0035 4592 RSPHOOKANALYZER10 - ok
16:27:07.0116 4592 RSPHOOKANALYZER100 - ok
16:27:07.0196 4592 RSPHOOKANALYZER1000 - ok
16:27:07.0286 4592 RSPHOOKANALYZER10000 - ok
16:27:07.0386 4592 RSPHOOKANALYZER10001 - ok
16:27:07.0486 4592 RSPHOOKANALYZER10002 - ok
16:27:07.0576 4592 RSPHOOKANALYZER10003 - ok
16:27:07.0666 4592 RSPHOOKANALYZER10004 - ok
16:27:07.0767 4592 RSPHOOKANALYZER10005 - ok
16:27:07.0877 4592 RSPHOOKANALYZER10006 - ok
16:27:07.0967 4592 RSPHOOKANALYZER10007 - ok
16:27:08.0077 4592 RSPHOOKANALYZER10008 - ok
16:27:08.0167 4592 RSPHOOKANALYZER10009 - ok
16:27:08.0267 4592 RSPHOOKANALYZER1001 - ok
16:27:08.0357 4592 RSPHOOKANALYZER10010 - ok
16:27:08.0447 4592 RSPHOOKANALYZER10011 - ok
16:27:08.0558 4592 RSPHOOKANALYZER10012 - ok
16:27:08.0648 4592 RSPHOOKANALYZER10013 - ok
16:27:08.0748 4592 RSPHOOKANALYZER10014 - ok
16:27:08.0848 4592 RSPHOOKANALYZER10015 - ok
16:27:08.0938 4592 RSPHOOKANALYZER10016 - ok
16:27:09.0048 4592 RSPHOOKANALYZER10017 - ok
16:27:09.0138 4592 RSPHOOKANALYZER10018 - ok
16:27:09.0239 4592 RSPHOOKANALYZER10019 - ok
16:27:09.0339 4592 RSPHOOKANALYZER1002 - ok
16:27:09.0429 4592 RSPHOOKANALYZER10020 - ok
16:27:09.0529 4592 RSPHOOKANALYZER10021 - ok
16:27:09.0619 4592 RSPHOOKANALYZER10022 - ok
16:27:09.0709 4592 RSPHOOKANALYZER10023 - ok
16:27:09.0799 4592 RSPHOOKANALYZER10024 - ok
16:27:09.0890 4592 RSPHOOKANALYZER10025 - ok
16:27:09.0990 4592 RSPHOOKANALYZER10026 - ok
16:27:10.0080 4592 RSPHOOKANALYZER10027 - ok
16:27:10.0170 4592 RSPHOOKANALYZER10028 - ok
16:27:10.0270 4592 RSPHOOKANALYZER10029 - ok
16:27:10.0370 4592 RSPHOOKANALYZER1003 - ok
16:27:10.0460 4592 RSPHOOKANALYZER10030 - ok
16:27:10.0561 4592 RSPHOOKANALYZER10031 - ok
16:27:10.0651 4592 RSPHOOKANALYZER10032 - ok
16:27:10.0751 4592 RSPHOOKANALYZER10033 - ok
16:27:10.0821 4592 RSPHOOKANALYZER10034 - ok
16:27:10.0911 4592 RSPHOOKANALYZER10035 - ok
16:27:10.0991 4592 RSPHOOKANALYZER10036 - ok
16:27:11.0091 4592 RSPHOOKANALYZER10037 - ok
16:27:11.0191 4592 RSPHOOKANALYZER10038 - ok
16:27:11.0282 4592 RSPHOOKANALYZER10039 - ok
16:27:11.0382 4592 RSPHOOKANALYZER1004 - ok
16:27:11.0472 4592 RSPHOOKANALYZER10040 - ok
16:27:11.0562 4592 RSPHOOKANALYZER10041 - ok
16:27:11.0652 4592 RSPHOOKANALYZER10042 - ok
16:27:11.0742 4592 RSPHOOKANALYZER10043 - ok
16:27:11.0842 4592 RSPHOOKANALYZER10044 - ok
16:27:11.0933 4592 RSPHOOKANALYZER10045 - ok
16:27:12.0023 4592 RSPHOOKANALYZER10046 - ok
16:27:12.0113 4592 RSPHOOKANALYZER10047 - ok
16:27:12.0203 4592 RSPHOOKANALYZER10048 - ok
16:27:12.0283 4592 RSPHOOKANALYZER10049 - ok
16:27:12.0373 4592 RSPHOOKANALYZER1005 - ok
16:27:12.0463 4592 RSPHOOKANALYZER10050 - ok
16:27:12.0553 4592 RSPHOOKANALYZER10051 - ok
16:27:12.0654 4592 RSPHOOKANALYZER10052 - ok
16:27:12.0744 4592 RSPHOOKANALYZER10053 - ok
16:27:12.0834 4592 RSPHOOKANALYZER10054 - ok
16:27:12.0924 4592 RSPHOOKANALYZER10055 - ok
16:27:13.0024 4592 RSPHOOKANALYZER10056 - ok
16:27:13.0164 4592 RSPHOOKANALYZER10057 - ok
16:27:13.0264 4592 RSPHOOKANALYZER10058 - ok
16:27:13.0365 4592 RSPHOOKANALYZER10059 - ok
16:27:13.0455 4592 RSPHOOKANALYZER1006 - ok


GOES ON LIKE THIS FOR 40,000 ROWS AND FINISHES WITH:


18:44:06.0825 4592 RSPHOOKANALYZER9994 - ok
18:44:07.0266 4592 RSPHOOKANALYZER9995 - ok
18:44:07.0706 4592 RSPHOOKANALYZER9996 - ok
18:44:08.0157 4592 RSPHOOKANALYZER9997 - ok
18:44:08.0608 4592 RSPHOOKANALYZER9998 - ok
18:44:09.0098 4592 RSPHOOKANALYZER9999 - ok
18:44:10.0630 4592 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys
18:44:10.0831 4592 SCDEmu ( UnsignedFile.Multi.Generic ) - warning
18:44:10.0831 4592 SCDEmu - detected UnsignedFile.Multi.Generic (1)
18:44:12.0032 4592 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:44:12.0523 4592 Secdrv - ok
18:44:13.0755 4592 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:44:13.0875 4592 serenum - ok
18:44:14.0326 4592 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:44:14.0506 4592 Serial - ok
18:44:17.0080 4592 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:44:17.0210 4592 Sfloppy - ok
18:44:18.0422 4592 Simbad - ok
18:44:18.0882 4592 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:44:19.0002 4592 sisagp - ok
18:44:19.0463 4592 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:44:19.0583 4592 SLIP - ok
18:44:21.0095 4592 SNPSTD3 (a37e84eb12c39d36eddeb7966429e75f) C:\WINDOWS\system32\DRIVERS\snpstd3.sys
18:44:21.0716 4592 SNPSTD3 - ok
18:44:22.0177 4592 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:44:22.0227 4592 Sparrow - ok
18:44:22.0668 4592 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:44:22.0798 4592 splitter - ok
18:44:23.0599 4592 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:44:23.0709 4592 sr - ok
18:44:24.0861 4592 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
18:44:24.0891 4592 ssmdrv - ok
18:44:25.0712 4592 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:44:25.0872 4592 streamip - ok
18:44:26.0333 4592 SWDUMon (2ef42fc902c206c3faa5e5656e2f1a43) C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
18:44:26.0393 4592 SWDUMon - ok
18:44:26.0874 4592 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:44:26.0984 4592 swenum - ok
18:44:27.0425 4592 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:44:27.0555 4592 swmidi - ok
18:44:29.0167 4592 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:44:29.0297 4592 symc810 - ok
18:44:29.0778 4592 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:44:29.0918 4592 symc8xx - ok
18:44:30.0369 4592 SymEvent (c9b8f325b2a22cda1bda7b25181b1389) C:\Program Files\Symantec\SYMEVENT.SYS
18:44:30.0409 4592 SymEvent - ok
18:44:30.0859 4592 symlcbrd (6596892dd5abbe48f5876a551867a166) C:\WINDOWS\system32\drivers\symlcbrd.sys
18:44:30.0870 4592 symlcbrd ( UnsignedFile.Multi.Generic ) - warning
18:44:30.0870 4592 symlcbrd - detected UnsignedFile.Multi.Generic (1)
18:44:31.0310 4592 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:44:31.0450 4592 sym_hi - ok
18:44:31.0971 4592 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:44:32.0111 4592 sym_u3 - ok
18:44:32.0562 4592 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:44:32.0682 4592 sysaudio - ok
18:44:33.0874 4592 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:44:34.0014 4592 Tcpip - ok
18:44:34.0465 4592 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:44:34.0585 4592 TDPIPE - ok
18:44:35.0025 4592 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:44:35.0156 4592 TDTCP - ok
18:44:35.0616 4592 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:44:35.0777 4592 TermDD - ok
18:44:37.0779 4592 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
18:44:37.0920 4592 TosIde - ok
18:44:39.0111 4592 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:44:39.0252 4592 Udfs - ok
18:44:39.0702 4592 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
18:44:39.0752 4592 ultra - ok
18:44:40.0203 4592 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:44:40.0413 4592 Update - ok
18:44:41.0555 4592 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:44:41.0595 4592 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
18:44:41.0595 4592 USBAAPL - detected UnsignedFile.Multi.Generic (1)
18:44:42.0066 4592 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:44:42.0176 4592 usbaudio - ok
18:44:42.0616 4592 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:44:42.0737 4592 usbccgp - ok
18:44:43.0257 4592 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:44:43.0377 4592 usbehci - ok
18:44:43.0858 4592 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:44:43.0988 4592 usbhub - ok
18:44:44.0439 4592 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:44:44.0569 4592 usbohci - ok
18:44:45.0050 4592 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:44:45.0250 4592 USBSTOR - ok
18:44:45.0841 4592 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:44:45.0991 4592 usbuhci - ok
18:44:46.0432 4592 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:44:46.0562 4592 VgaSave - ok
18:44:47.0023 4592 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:44:47.0123 4592 viaagp - ok
18:44:47.0574 4592 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:44:47.0674 4592 ViaIde - ok
18:44:48.0094 4592 VMnetAdapter - ok
18:44:48.0585 4592 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:44:48.0685 4592 VolSnap - ok
18:44:51.0619 4592 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:44:51.0780 4592 Wanarp - ok
18:44:52.0220 4592 WDICA - ok
18:44:52.0711 4592 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:44:52.0841 4592 wdmaud - ok
18:44:53.0752 4592 winachsf (59d043485a6eda2ed2685c81489ae5bd) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
18:44:53.0873 4592 winachsf - ok
18:44:57.0958 4592 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
18:44:58.0019 4592 WpdUsb - ok
18:44:58.0880 4592 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:44:59.0050 4592 WS2IFSL - ok
18:44:59.0921 4592 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:45:00.0041 4592 WSTCODEC - ok
18:45:00.0883 4592 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:45:00.0933 4592 WudfPf - ok
18:45:01.0383 4592 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:45:01.0423 4592 WudfRd - ok
18:45:02.0625 4592 XDva385 - ok
18:45:04.0077 4592 MBR (0x1B8) (e9b468d3dccbc07254f1f04d03465df2) \Device\Harddisk0\DR0
18:45:04.0358 4592 \Device\Harddisk0\DR0 - ok
18:45:04.0388 4592 Boot (0x1200) (944f4720a7e15a1fdbb12f41f5943242) \Device\Harddisk0\DR0\Partition0
18:45:04.0388 4592 \Device\Harddisk0\DR0\Partition0 - ok
18:45:04.0418 4592 Boot (0x1200) (94c3e184b654ad9bd6b707ae8c3be201) \Device\Harddisk0\DR0\Partition1
18:45:04.0418 4592 \Device\Harddisk0\DR0\Partition1 - ok
18:45:04.0448 4592 Boot (0x1200) (3f126bc592f3dbd376cb7a7d770eecbf) \Device\Harddisk0\DR0\Partition2
18:45:04.0448 4592 \Device\Harddisk0\DR0\Partition2 - ok
18:45:04.0448 4592 ============================================================
18:45:04.0448 4592 Scan finished
18:45:04.0448 4592 ============================================================
18:45:04.0568 5704 Detected object count: 8
18:45:04.0568 5704 Actual detected object count: 8
18:46:08.0380 5704 BANTExt ( UnsignedFile.Multi.Generic ) - skipped by user
18:46:08.0380 5704 BANTExt ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:46:08.0390 5704 GBDevice ( UnsignedFile.Multi.Generic ) - skipped by user
18:46:08.0390 5704 GBDevice ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:46:08.0390 5704 GBFSHook ( UnsignedFile.Multi.Generic ) - skipped by user
18:46:08.0390 5704 GBFSHook ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:46:08.0390 5704 GoBack2K ( UnsignedFile.Multi.Generic ) - skipped by user
18:46:08.0390 5704 GoBack2K ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:46:08.0400 5704 ntcdrdrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:46:08.0400 5704 ntcdrdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:46:08.0400 5704 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
18:46:08.0400 5704 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:46:08.0410 5704 symlcbrd ( UnsignedFile.Multi.Generic ) - skipped by user
18:46:08.0410 5704 symlcbrd ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:46:08.0410 5704 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
18:46:08.0410 5704 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:13:06.0917 0804 Deinitialize success

 

[steveu]

Actually, I hideously misspoke! OTL didn't call TDSS Killer, it just observed the log. I had run that Kazpersky product before I got the wisdom to work with you. I hadn't mentioned it because it said they were all OK and it never occured to me that they could be the boot issue.

Can't wait to hear your thoughts on this one.

 

[Broni]

I don't see anything malicious in your TDSSKiller log.

 

[steveu]

Thanks for looking Broni.

It's not that they're malicious as in stealing information or trying to control the computer. But, 40,000 service calls for non existent services at start up are what's causing the 45 minute boot. How do I get rid of these useless registry items?

 

[Broni]

Those lines seems to be created by Rootkit Hook Analyzer, possibly a part of some other program.

Unfortunately I don't have enough time in this forum to go beyond malware subject.
I suggest you create new topic in Windows forum.

 

[steveu]

Right you are, will do, thanks!

 

[Broni]

You're very welcome